I’m building VaultLite —a lightweight, zero-knowledge secrets manager designed specifically for small teams and dev shops where enterprise tools (like HashiCorp Vault or Azure Key Vault) are just massive overkill.
I kept seeing small teams fall back to terrible security habits (like pinning unencrypted database strings in Slack or Notion), so I wanted to build a CLI workflow with zero infrastructure bloat.
The Architecture:
🔒 Zero-Knowledge Security: It uses the browser-native Web Crypto API to encrypt variables (AES-GCM) on the client side before they are sent to the Cloud Firestore backend. We literally cannot see your keys.
⚡ Frictionless Developer Experience: Developers just run a Node CLI command (vaultlite pull --project my-app) to securely fetch, decrypt, and drop the .env file locally.
🔄 Pipeline Ready: Currently building out serverless Azure Function webhooks to inject these variables directly into GitHub Actions or Vercel pipelines at runtime.
If you manage a small team and are tired of the "it works on my machine" debugging loops caused by mismatched config files, I'd love for you to check it out.
Currently offering a highly discounted Lifetime Founder's license (no monthly subscriptions) while we are in early beta.
Link: https://www.getvaultlite.com
Would love any brutal feedback on the client-side encryption architecture!
Top comments (0)