Thanks for sharing this. secret looks really well thought out, the three-layer key hierarchy is impressive. And using `age` is a solid choice. once considered it.
Different trade-offs though, Keeper is library first embedded. secret does per version keys with symlink switching - nice, Keeper does per-bucket DEK isolation + audit chains. Both solve "encrypted local storage" but for different workflows.
I'll definitely be looking through your code for ideas
alt Hacker News
Thanks for sharing this. secret looks really well thought out, the three-layer key hierarchy is impressive. And using `age` is a solid choice. once considered it.
Different trade-offs though, Keeper is library first embedded. secret does per version keys with symlink switching - nice, Keeper does per-bucket DEK isolation + audit chains. Both solve "encrypted local storage" but for different workflows.
I'll definitely be looking through your code for ideas