Telli (YC F24) Is Hiring Engineers [On-Site Berlin] (hi.telli.com)

I’m wondering if you have any clever productivity hacks for switching between different projects, managing infrastructure services, secrets, tools, versions etc.

Comments (9)

thisdougb · 8h ago

Earlier this year I made this https://doocot.sh/ for securely sharing secrets between people.

It's written in Go with no dependencies (or database). My intention was for an AWS image or something companies could run inhouse air-gapped from the Internet. Something like $10/m or so.

The cli is pretty easy to integrate with scripts: https://github.com/thisdougb/doocot

Longer term secrets were something I was looking at too. Pretty easy to extend this, but encroaches on Vault products and I felt that a harder sell to CTOs.

I've worked in infra/systems dev for years, and this sort of thing was bread and butter stuff.

Maybe I'll resurect it as an active project. What sort of feature/tool would get you to stop using Discord/Slack/etc for secrets?

sebst · 8h ago

> What sort of feature/tool would get you to stop using Discord/Slack/etc for secrets?

An integrated solution for the whole environment. I pick a project, it opens the IDE, sets environment variables, fires up other services/infrastructure, lets me select secrets (that might be shared between projects), lets me share secrets (with other people)... Probably something like tilt, but simpler, integrated into an IDE, and with support for secrets.

thisdougb · 6h ago

Yeah, that's a lot of work. And developers would probably expect it for free give most things like that are also free(1) :)

There's a VSCode extension for Hashi Vault: https://marketplace.visualstudio.com/items?itemName=owenfarr... for secrets management, but it's complicated because Vault is complicated.

A secrets extensions for my backend app would be quite easy though, I think. It's just re-implementing the cli tool.

From the IDE command palatte you could:

- Settings.backend_host = private Doocot backend || public backend

- Settings.username = (automatic)

- Settings.identity = (automatic) something like ssh key data

- Share.Individual = "select from list of identities on backend"

- Share.Group = "select from list of groups I am in"

- Share.Link = "store secret and return a valid one-time url for a non-dev"

- Read.SharedSecrets = "list secrets shared to me or my groups"

Then it'd just be some thought into the simplest way to setup and maintain groups.

You've piqued my interest in it again though, as it doesn't seem much extra work to do the above. Given the backend more or less does most of it already.

Although it's not the full environment integrated solution you're looking for, I think one step forward in terms of how we share secrets is still useful.

Thanks

(1) someone always pays

twalla · 6h ago

https://mise.jdx.dev/ and https://developer.1password.com/docs/cli/secrets-environment... + IaC tool of choice (terraform/ansible)

brudgers · 4h ago

managing infrastructure services

Immediately reminded me of this (which I am no where near clever enough to use):

https://www.youtube.com/watch?v=dljNabciEGg

bobbyraduloff · 9h ago

I’m ashamed to admit we have a discord channel for each project and we dump secrets there with access control to the channels based on who works on the project.

It’s peak startup opsec.

sebst · 8h ago

tbh, that's one reason I asked this question ;)

viraptor · 6h ago

Nothing fancy. Direnv with mise can handle most environment differences. Direnv with 1password integration adds secrets. Infrastructure lives as code in the `infrastructure/` directory of the project. Nix manages all tooling and native library requirements.

anttiharju · 6h ago

https://flox.dev is pretty great