npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

lazy-vault

v2.0.0

Published

A simple CLI for encrypting and syncing .env files safely in Git

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ghost8ghost8

Keywords

envdotenvenvironmentsecretsencryptioncligitnodejstypescript

Readme

lazy-vault

npm version license status

Security for the lazy developer. Stop worrying about sharing .env files. lazy-vault encrypts your secrets so you can safely commit them to Git.

Now with Smart Profiles and Project Configuration.

What is lazy-vault?

lazy-vault is a CLI tool for secure environment variable management:

  • Encrypt .env files
  • Commit encrypted secrets to Git
  • Sync secrets across machines safely
  • Manage multiple environments (dev, prod, staging)
  • Use strong cryptography without complexity

No cloud. No accounts. No vendor lock-in. Your password never leaves your machine.

Core Features

  • Strong Encryption AES-256-GCM + Argon2id (memory-hard key derivation)

  • Git-Safe Workflow Commit .env.enc, never .env

  • Smart Profiles (v2) Security modes for speed vs paranoia

  • Project Configuration (v2) Multi-environment support via config file

  • Merge-Safe Syncing Remote secrets override conflicts, local-only keys are preserved

  • Automation Ready Headless mode for CI/CD and deployments

Installation

npm install -g lazy-vault

Or without installing:

npx lazy-vault

Quick Start

Initialize (Optional)

Create a project config for multi-environment setups:

lazy-vault init

Creates:

lazy.config.json

Lock (Encrypt)

When you add new secrets:

lazy-vault lock

What it does:

  • Encrypts .env.env.enc
  • Uses AES-256-GCM + Argon2id
  • Adds .env to .gitignore
  • Safe to commit .env.enc

Sync (Decrypt & Merge)

When pulling code or deploying:

lazy-vault sync

What it does:

  • Decrypts .env.enc
  • Merges into .env

Smart Merge Logic:

  • Remote keys overwrite local conflicts
  • Local-only keys are preserved

Configuration & Profiles (v2)

Project Configuration

lazy.config.json

{
  "default": {
    "source": ".env",
    "output": ".env.enc",
    "security": "light"
  },
  "production": {
    "source": ".env.prod",
    "output": ".env.prod.enc",
    "security": "heavy"
  }
}

Now you can run:

lazy-vault lock production
lazy-vault sync production

Security Profiles

Trade speed for paranoia.

Light (default)

  • Fast (~0.5s)
  • Optimized for frequent dev usage

Heavy

  • Slow (~1s+)
  • Uses ~256MB RAM
  • GPU-resistant
  • Designed for production secrets
lazy-vault lock --profile heavy

Automation & CI (Headless Mode)

For scripts, pipelines, and deployments:

export LAZY_VAULT_PASSWORD="your-secure-password"
lazy-vault sync

PowerShell:

$env:LAZY_VAULT_PASSWORD="your-secure-password"
lazy-vault sync

No interactive prompts. Safe for CI/CD.

🛠 CLI Reference

| Command | Description | | ------------ | --------------------------- | | init | Create lazy.config.json | | lock [env] | Encrypt environment | | sync [env] | Decrypt & merge environment |

Flags

| Flag | Description | | ---------------------- | ------------------------------------ | | -p, --profile <mode> | Security profile (light / heavy) | | -i, --input <path> | Input file override | | -o, --output <path> | Output file override |

Security Model

  • Zero-knowledge encryption
  • Local-only cryptography
  • Authenticated encryption (tamper detection)
  • No password storage
  • No recovery backdoors

If you lose your password, your secrets cannot be recovered.

This is by design.

🤝 Contributing

Contributions are welcome.

  1. Fork the repo
  2. Create a feature branch
  3. Open a PR

Security issues should be reported responsibly.

📄 License

MIT License © ghost