Security●●Solid
Stop Pasting Credentials in Slack
AES-256-GCM with key in URL fragment—clever crypto choice, but Teleport and 1Password Vaults already exist.
Solve My ProblemSlick
ankurbhugra
303mo ago
Back to browse
GitHub Repository
Secure, ephemeral secret sharing for developers.
5 starsRust
Enseal – Stop pasting secrets into Slack .env sharing from the terminal
by ops_mechanic·Feb 24, 2026·3 points·1 comment
AI Analysis
●●●BangerSolve My ProblemSlick
Makes secure path faster than Slack for sharing secrets—age encryption, SPAKE2, self-hostable.
Strengths
- •Solves real pain: insecure Slack sharing is ubiquitous; this removes friction from secure alternative
- •End-to-end encryption with relay that never sees plaintext (age + SPAKE2)—crypto is sound
- •Multi-mode: anonymous codes, identity-based keys, process injection (secrets never touch disk)
Weaknesses
- •Requires both parties online simultaneously for anonymous mode—async file drops solve this, but adds friction
- •Relay trust model not fully elaborated—self-hosting is an option but not default
Category
Target Audience
DevOps engineers, development teams, freelancers sharing credentials securely
Similar To
1Password Connect · HashiCorp Vault · AGE encryption
Post Description
We've all done it — "hey can you DM me the staging .env?" Secrets end up in Slack history, email threads, shared notes — all searchable, all persistent. The secure path (1Password, GPG, etc.) always had more friction than the insecure one, so people took the shortcut.
enseal makes the secure path faster than the insecure one:
# sender
$ enseal share .env
Share code: 7-guitarist-revenge
Expires: 5 minutes or first receive
# recipient $ enseal receive 7-guitarist-revenge ok: 14 secrets written to .env Zero setup, no accounts, no keys needed for basic use. Channels are single-use and time-limited. The relay never sees plaintext (age encryption + SPAKE2 key exchange). For teams that want more: identity mode with public key encryption, process injection (secrets never touch disk), schema validation, at-rest encryption for git, and a self-hostable relay. Written in Rust. MIT licensed. Available via cargo install, prebuilt binaries, or Docker. Looking for feedback on the UX and security model especially. What would make you actually reach for this instead of the Slack DM?
Detailed documentation here: https://enseal.docsyard.com/
Similar Projects
Security●●Solid
Secret-keystore – KMS-encrypted .env that never touches process.env
KMS encryption that keeps secrets out of process.env entirely.
Big BrainSolve My Problem
faiz_ahmed
105d ago
Security●●●Banger
Passwd.page – give agents secrets without pasting them into prompts
Typed secret schemas for agents beat pasting API keys into LLM prompts.
Solve My ProblemBig Brain
davidfeldi
105d ago
Security●●Solid
SecretDrop – Open-source encrypted secret sharing (MIT)
Drop-in Slack alternative with verifiable crypto, but one-time secret sharing exists.
Ship ItSolve My Problem
vigo
303mo ago
Security●●Solid
I Built Zero-Knowledge .env Sharing
Client-side AES-256-GCM for .env sharing, but Wire, OnePassword, and Bitwarden vaults already solve this.
Solve My ProblemSlick
AleksDoesCode
323mo ago
Developer Tools●●Solid
Sigyn – OSS native macOS secrets manager to replace .env (GUI+CLI)
Touch ID auth and Keychain integration beat 1Password's env tool on local-first workflow.
SlickSolve My Problem
conguy
223mo ago