I got tired of: - .env files committed to Git (seen it happen 100+ times) - API keys shared in Slack - Wondering who has access to what secrets
So I built Liberty - a CLI tool that replaces .env files with hardware-bound encryption.
How it works:
$ pip install liberty-secrets $ liberty add DATABASE_URL postgresql://... $ liberty add STRIPE_KEY sk-... $ liberty exec npm start
Secrets are encrypted with a key derived from your machine's hardware (CPU ID + machine ID + disk serial). If someone steals your .liberty vault file, it's useless on their machine.
Features:
- Hardware-bound AES-256-GCM encryption - Complete audit trail (compliance-ready) - Works offline (no servers, no accounts) - Global vault (~/.liberty/ works from any directory) - MIT licensed, free for individual use
PyPI: https://pypi.org/project/liberty-secrets/
Team features (secret sharing) coming soon as paid tier.
Feedback welcome!