DEV Community: Chauhan Pruthviraj The latest articles on DEV Community by Chauhan Pruthviraj (@death_wolf). https://dev.to/death_wolf https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4003380%2Fa22f4529-9025-4b5e-a938-cdaecf0c1e78.png DEV Community: Chauhan Pruthviraj https://dev.to/death_wolf en Dotsync – A zero-knowledge CLI to sync dotfiles and secrets in Go Chauhan Pruthviraj Fri, 26 Jun 2026 06:42:45 +0000 https://dev.to/death_wolf/dotsync-a-zero-knowledge-cli-to-sync-dotfiles-and-secrets-in-go-49jf https://dev.to/death_wolf/dotsync-a-zero-knowledge-cli-to-sync-dotfiles-and-secrets-in-go-49jf <p>I spent 3 months building a tool that solves the most annoying part of working on a dev team.</p> <p>You know the drill:</p> <p>→ New dev joins<br> → "hey check your DMs"<br> → Someone pastes the .env in Slack<br> → That message sits there forever<br> → 6 months later someone screenshots it by accident</p> <p>or worse —</p> <p>→ git add .<br> → git commit -m "added env"<br> → git push<br> → you just leaked your prod database URL to the internet</p> <p>I got tired of it. So I built DotSync.</p> <p>───────────────────────────────────</p> <p>Here's what it looks like in practice:</p> <p>$ dotsync push<br> 🔒 Encrypting 10 secrets for team access...<br> 📤 Uploading... ✅<br> Version : v7<br> Secrets : 10 keys encrypted<br> Teammates can now run: dotsync pull</p> <p>That's it. New dev joins? They run dotsync pull. Secrets updated? dotsync push. Moving between your laptop and work machine? dotsync pull.</p> <p>───────────────────────────────────</p> <p>The part I actually care about — security:</p> <p>Everything is encrypted ON your machine before it hits the network. The server stores a blob it literally cannot read. I'm not asking you to trust my infrastructure. You don't have to.</p> <p>Stack if you're curious:<br> • Argon2id key derivation (64MB memory cost — brute force isn't happening)<br> • AES-256-GCM encryption<br> • Zero-knowledge server (stores ciphertext only)<br> • Single Go binary, no runtime deps</p> <p>───────────────────────────────────</p> <p>Other things it does that I use daily:</p> <p>dotsync diff → shows exactly which keys changed vs remote (never shows values)<br> dotsync history → full version history, who pushed what and when<br> dotsync rollback → restore any previous version in one command<br> dotsync run -- node server.js → injects secrets as env vars, nothing written to disk<br> dotsync scan → scans your codebase for accidentally committed secrets</p> <p>───────────────────────────────────</p> <p>Free tier covers:<br> • 1 project<br> • 3 team members<br> • 7 days history</p> <p>That handles most small teams completely free.</p> <p>───────────────────────────────────</p> <p>Now the part where I need your help:</p> <p>I'm looking for 100 engineers to actually stress test this. Not "give it a star and forget" — I mean:</p> <p>→ Try to break the encryption<br> → Find edge cases in the CLI<br> → Open PRs if you spot something stupid<br> → Tell me what's missing</p> <p>In return: Free Lifetime Premium. Every paid feature, forever. No credit card, no catch.</p> <p>I'm hand-picking testers so drop a comment or DM me if you're in.</p> <p>───────────────────────────────────</p> <p>GitHub: <a href="http://github.com/Pruthviraj36/dotsync.git" rel="noopener noreferrer">github.com/Pruthviraj36/dotsync</a></p> <p>Install:<br> <code>go install github.com/Pruthviraj36/dotsync@latest</code></p> <p>or just grab the binary from releases (Linux, macOS, Windows).</p> <p>───────────────────────────────────</p> <p>Built this because I was genuinely annoyed. Turns out a lot of people are too.</p> <p>If you've ever typed "check your DMs" to share a .env file — this is for you.</p> go opensource security terminal