Show HN: Lockify – developer-friendly CLI for managing encrypted env variables

4 pointsposted 8 hours ago
by ahmedabdelgawad
(github.com)

1 Comments

alsetmusic

2 hours ago

Neat tool. I could see myself using this for some low-risk things that I currently store in plaintext. Some thoughts…

- The github page doesn't give me a good sense of how it works / what it looks like to use. You list supported commands, but there's no indication of what running them spits out. I'd suggest including the output of commands. For example, I wondered if I would be prompted for multiple lines of text or if I would be expected to input something in a key=val pair, etc. I would usually write off something unclear like this, but I was curious and downloaded the binary to find out. (Answer for others: multiple prompts for text input.)

- Initializing an environment asked me to set a password but didn't test the password for typos. If I had a mistake in my password, I wouldn't know it and everything that I committed would become irretrievable.

- In ~90 sec of testing, I see that my lockify env directory was created in the directory where I fired the binary. I don't see a config file in the first level of the repo and I didn't go hunting, nor did I test the behavior under varied conditions. Why wasn't it stored at the root of my home dir? Will lockify remember the path to the env file(s) after I change dirs and call it again? How do I specify a path that matches my expectations regardless of where I am within the filesystem when I call the tool? It's really unclear what behavior to expect and it shouldn't be up to me to figure it out.

- When I ran the command to retrieve a key, I wasn't asked for my env password. Why not? What's the value of using this tool if anyone can just walk up to my workstation and output my secrets without getting challenged? And what are the conditions that would change the result? When will it need a password and when will it not? Again, not my job to figure out how the tool behaves for me to decide if it's right for me.

As I mentioned, I could see myself using this once it's a bit more mature. I hope you're not discouraged by this feedback. It's really easy to make assumptions and not imagine a stranger's workflow. Congrats on shipping and good luck!