enveil
Hide .env secrets from prAIng eyes.
AI coding tools like Claude Code, Copilot, Cursor, and others can read files in your project directory, which means a plaintext .env file is an accidental secret dump waiting to happen. This isn’t theoretical. It is a known issue that has happened to me several times (even after explicitly telling Claude not to peek in Claude Code’s settings.json file). enveil solves this by ensuring plaintext secrets never exist on disk at all. Your .env file contains only symbolic references; the real values live in an encrypted local store and are injected directly into your subprocess at launch.
This project is inspired by Filip Hric’s solution/blog post, which uses a similar concept leveraging 1Password. I wanted a self-contained solution that didn’t rely on a third party services giving rise to this solution. And yes, this project was built almost entirely with Claude Code with a bunch of manual verification and testing.
How it works
Your .env file looks like this:
DATABASE_URL=ev://database_url STRIPE_KEY=ev://stripe_key PORT=3000
Technically it is safe to commit (maybe don’t do that, though), and more importantly: safe for any AI tools accidentally (or perhaps not-so-accidentally) snooping in on it.
When you run enveil run -- npm start , it:
Prompts for your master password (never echoed, never in shell history) Derives a 256-bit AES key from your password using Argon2id (64 MB memory, 3 iterations) Decrypts the local store with AES-256-GCM — the store file is a 12-byte random nonce followed by authenticated ciphertext Resolves every ev:// reference against the decrypted map Zeroizes the key and password bytes from memory Spawns your subprocess with the resolved values injected into its environment
... continue reading