Stop developers from DMing .env files.

Kshitij Raj — Wed, 27 May 2026 10:58:05 +0000

I’m building VaultLite —a lightweight, zero-knowledge secrets manager designed specifically for small teams and dev shops where enterprise tools (like HashiCorp Vault or Azure Key Vault) are just massive overkill.

I kept seeing small teams fall back to terrible security habits (like pinning unencrypted database strings in Slack or Notion), so I wanted to build a CLI workflow with zero infrastructure bloat.

The Architecture:

🔒 Zero-Knowledge Security: It uses the browser-native Web Crypto API to encrypt variables (AES-GCM) on the client side before they are sent to the Cloud Firestore backend. We literally cannot see your keys.

⚡ Frictionless Developer Experience: Developers just run a Node CLI command (vaultlite pull --project my-app) to securely fetch, decrypt, and drop the .env file locally.

🔄 Pipeline Ready: Currently building out serverless Azure Function webhooks to inject these variables directly into GitHub Actions or Vercel pipelines at runtime.

If you manage a small team and are tired of the "it works on my machine" debugging loops caused by mismatched config files, I'd love for you to check it out.

Currently offering a highly discounted Lifetime Founder's license (no monthly subscriptions) while we are in early beta.

Link: https://www.getvaultlite.com

Would love any brutal feedback on the client-side encryption architecture!

DEV Community: Kshitij Raj

Stop developers from DMing .env files.