DEV Community

Valentin
Valentin

Posted on

Cao, take and share easily your toolbox !

#devops #programming #productivity #opensource

I started building cao to solve a very personal problem.

Not just “sync my dotfiles”, but rebuild the right local environment on any machine without mixing personal setup, work setup, and sensitive access.

In practice, my local setup is not only ~/.gitconfig or ~/.zshrc.
It is also kubeconfigs, .env files, kubectl wrappers, aliases, small scripts, and config files that need to exist in the right place.

And I kept running into the same awkward trade-off:

  • one big repo that mixes everything together,
  • bootstrap scripts that drift over time,
  • or secrets managed completely separately from the rest of the setup.

So I built cao.

The idea is simple:
instead of having one repo or one source of truth for the whole machine, I split my setup into compartmentalized workspaces.

One personal workspace.
One work workspace.
And potentially one workspace per team, client, or project.

Each workspace can contain:

  • files,
  • encrypted secrets,
  • locally published commands,
  • wrappers and aliases.

On a new machine, I clone only the workspaces I want to use, run cao plan, then cao apply, and rebuild only the environment I actually need.

What I like about this approach is that the value is not just multi-device sync.
It is context separation.

Even inside a team, not everyone needs the same .env, kubeconfig, or internal commands.
Being able to partition that setup by workspace feels healthier than defaulting to one shared setup for everyone.

I like tools like chezmoi, but I was looking for something slightly different.
chezmoi is great when you want a single source of truth for dotfiles across multiple machines.
With cao, I wanted to compose local state from smaller clonable workspaces that become active locally, with encrypted secrets living next to the rest of the config.

cao is not trying to replace IAM or an enterprise secret manager.
The goal is simpler:
make the local state you are already allowed to have portable, reviewable, and reproducible.

If you already solve this with chezmoi, nix, or custom bootstrap scripts, I’d love to compare approaches.

GitHub logo ValentinAUCLERC / cao

Caisse à Outils

cao

cao is a workspace-first home-state composer for dotfiles, configs, secrets, and user scripts.

It helps you build a clean local setup from small, reviewable workspaces instead of one giant machine-specific repo. Put your personal setup in one workspace, your work setup in another, keep secrets encrypted, and let cao materialize the right files on demand.

Why cao

  • Workspace-first by design: every workspace present in workspaces/ is active by default.
  • Friendly CLI for common cases: add files, secrets, and commands without hand-writing manifests.
  • Safe local workflow: plan, diff, apply, and prune always operate from the workspaces you already have locally.
  • Secrets live next to the rest of your setup: use sops and age without bolting on a separate system.
  • Intentionally strict YAML: unknown fields, anchors, merge keys, and custom tags are rejected to keep things explicit and reviewable.

Install

Homebrew:

brew install ValentinAUCLERC/tap/cao
Enter fullscreen mode Exit fullscreen mode

Prebuilt binaries are also…

View on GitHub

DISCLAIMER : This project has been vibecoded. I'm a webdev, i don't know go sadly. But the philosophy and architecture is human !

Top comments (0)