Hey everyone,

I spent this weekend transforming an old project of mine into a TUI application, and I wanted to share the idea with you to see if it’s worth exploring – or if it’s solving a problem that doesn’t really exist.

The problem I’m trying to solve: avoiding API keys scattered across .env files, tokens copy-pasted into config files, and that nagging feeling every time you run git add . wondering if you’re about to commit something sensitive.

At some point I was thinking: what would feel easy? And the answer was something like dotenv... but without the .env file. A self-hosted encrypted vault that injects secrets at runtime.

Full transparency: I am a sys admin but also learning dev aside in full course. I’m still a junior and not fully comfortable with Rust yet (I mostly work in js/ts). I love the language but the learning curve is steep – still haven’t reached even half of "Rust for Rustaceans". I used Claude Opus 4.5 extensively while building this, mostly to implement the solutions I had in mind. So take the code quality with a grain of salt.

That said, I’m genuinely curious: do you also feel the need for a simple, self-hosted secrets manager that integrates easily into your apps without ever writing passphrases in plain text?

If there’s interest, I might get more serious about it and refactor it properly. For now it’s just a weekend project.

Here’s the repo if you want to take a look: https://github.com/WillIsback/lazy-locker

I also "made" a small CLI tool to scan codebases for exposed secrets. : https://github.com/WillIsback/token-analyzer

Cheers,

William