All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

enject: Securing .env Secrets from AI Coding Tools with Encrypted Runtime Injection

By

parkaboy

3mo ago· 7 min readenCode
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Fresh out the oven, still warm. Top of the tray.

Score100TypenewsSentimentpositive

Summary

enject is a security tool that protects .env secrets from AI coding assistants like Claude Code, Copilot, and Cursor by storing secrets in local encrypted stores and injecting them directly into applications at runtime. The tool prevents plaintext secrets from existing on disk, addressing a real security vulnerability where AI tools can accidentally read and expose sensitive environment variables from .env files. The project was previously called enveil and has been renamed to enject.

Key quotes

· 4 pulled
AI coding tools like Claude Code, Copilot, Cursor, and others can read files in your project directory, which means a plaintext .env file is an accidental secret dump waiting to happen.
enject solves this by ensuring plaintext secrets never exist on disk at all. Your .env file contains only symbolic references;
This isn't theoretical. It is a known issue that has happened to me several times (even after explicitly telling Claude not to peek in Claude Code's settings.json file).
secrets live in local encrypted stores (per project) and are injected directly into apps at runtime, never touching disk as plaintext.
Snippet from the RSS feed
enject: Hide .env secrets from prAIng eyes: secrets live in local encrypted stores (per project) and are injected directly into apps at runtime, never touching disk as plaintext. - GreatScott/enject

You might also wanna read

Sieve Secret Scanner: Local Security Tool for AI Coding Assistant Chat Histories

Sieve is a macOS app that scans AI coding assistant chat histories (Claude Code, Cursor, VS Code Copilot, Windsurf, Codex) for accidentally

apps.apple.com·13d ago

AGG Labs launches streamlined OIDC/OAuth2 identity provider for developers

AGG Labs introduces AGG Labs SSO, a lightweight, secure OIDC (OpenID Connect) and OAuth2 identity provider designed for developers. The tool

Product Hunt·14d ago

Keycard: Local-First Secret Management Tool for Developers and AI Teams

Keycard is a local-first secret management tool for developers and AI teams that stores API keys and secrets in a local SQLite database on m

keycard.studio·1mo ago

scrt: Command-Line Secret Manager for Developers and DevOps

The article describes scrt, a command-line secret manager tool for developers, sysadmins, and devops professionals. It appears to be a GitHu

github.com·2mo ago

Fence: Lightweight Sandbox Tool for Secure Command Execution with Network and Filesystem Restrictions

Fence is a lightweight, container-free sandbox tool that wraps commands to restrict network access and filesystem operations by default. It'

github.com·4mo ago

Proximity Lock System: CLI Tool Automatically Locks Computer When Bluetooth Device Moves Out of Range

Proximity Lock System is an open-source Python CLI tool that automatically locks your computer when your paired Bluetooth device (like a pho

Product Hunt·6mo ago