I built a tokenless secrets manager that runs entirely on Git and KMS (No Vault required)

If you've ever had to manage secrets for a production application, you know the pain of the "Secret Zero" problem: How do you securely deliver a secret to a workload without giving it a static .env file or password first? Today, the industry standard way to solve this is to use HashiCorp Vault or Infisical tied to your cloud's machine identity (like AWS IAM Auth or Kubernetes Service Accounts). That works beautifully, but the infrastructure cost is massive. You have to run an HA cluster, manage unseal keys, configure storage backends, and maintain a dedicated secrets server just to securely pass an API key. The alternative is raw Mozilla SOPS + Git, which gives an amazing developer experience but leaves you writing messy custom KMS-decryption bash scripts in your CI pipelines to get those secrets into production. I wanted the developer experience of Git, but the enterprise security of a tokenless, zero-trust architecture—without running a server. So, I built Clef . What is Clef? Clef (

I built a tokenless secrets manager that runs entirely on Git and KMS (No Vault required)

Related Articles

5 Campfire Songs Anyone Can Play on Guitar (Free Chord Charts)

Bybit vs HTX — Which Crypto Exchange Is Better? (2026)

Stop Posting Noise: Building in Public Needs Real Value

We got an audience with the "Lunar Viceroy" to talk how NASA will build a Moon base

Greatings

Related Articles

How-To
5 Campfire Songs Anyone Can Play on Guitar (Free Chord Charts)
Dev.to Beginners • 2h ago

How-To
Bybit vs HTX — Which Crypto Exchange Is Better? (2026)
Dev.to Beginners • 2h ago

How-To
Stop Posting Noise: Building in Public Needs Real Value
Dev.to Beginners • 3h ago

How-To
We got an audience with the "Lunar Viceroy" to talk how NASA will build a Moon base
Ars Technica • 3h ago

How-To
Greatings
Dev.to Tutorial • 4h ago