I spent 3 months building a tool that solves the most annoying part of working on a dev team.
You know the drill:
→ New dev joins
→ "hey check your DMs"
→ Someone pastes the .env in Slack
→ That message sits there forever
→ 6 months later someone screenshots it by accident
or worse —
→ git add .
→ git commit -m "added env"
→ git push
→ you just leaked your prod database URL to the internet
I got tired of it. So I built DotSync.
───────────────────────────────────
Here's what it looks like in practice:
$ dotsync push
🔒 Encrypting 10 secrets for team access...
📤 Uploading... ✅
Version : v7
Secrets : 10 keys encrypted
Teammates can now run: dotsync pull
That's it. New dev joins? They run dotsync pull. Secrets updated? dotsync push. Moving between your laptop and work machine? dotsync pull.
───────────────────────────────────
The part I actually care about — security:
Everything is encrypted ON your machine before it hits the network. The server stores a blob it literally cannot read. I'm not asking you to trust my infrastructure. You don't have to.
Stack if you're curious:
• Argon2id key derivation (64MB memory cost — brute force isn't happening)
• AES-256-GCM encryption
• Zero-knowledge server (stores ciphertext only)
• Single Go binary, no runtime deps
───────────────────────────────────
Other things it does that I use daily:
dotsync diff → shows exactly which keys changed vs remote (never shows values)
dotsync history → full version history, who pushed what and when
dotsync rollback → restore any previous version in one command
dotsync run -- node server.js → injects secrets as env vars, nothing written to disk
dotsync scan → scans your codebase for accidentally committed secrets
───────────────────────────────────
Free tier covers:
• 1 project
• 3 team members
• 7 days history
That handles most small teams completely free.
───────────────────────────────────
Now the part where I need your help:
I'm looking for 100 engineers to actually stress test this. Not "give it a star and forget" — I mean:
→ Try to break the encryption
→ Find edge cases in the CLI
→ Open PRs if you spot something stupid
→ Tell me what's missing
In return: Free Lifetime Premium. Every paid feature, forever. No credit card, no catch.
I'm hand-picking testers so drop a comment or DM me if you're in.
───────────────────────────────────
GitHub: github.com/Pruthviraj36/dotsync
Install:
go install github.com/Pruthviraj36/dotsync@latest
or just grab the binary from releases (Linux, macOS, Windows).
───────────────────────────────────
Built this because I was genuinely annoyed. Turns out a lot of people are too.
If you've ever typed "check your DMs" to share a .env file — this is for you.
Top comments (1)
Hey if you want to be part of it, just contact me.