January 14, 2026
Keys to the kingdom… or to a brick?
Show HN: Liberty – Hardware-bound secret manager (no more .env files)
Ditch .env files with Liberty—fans cheer, skeptics fear “forever lockout”
TLDR: Liberty ties app secrets to your computer’s hardware to replace messy .env files. Commenters are split: some love the offline simplicity, while others warn of lockouts after hardware changes and recommend using standard OS keychains instead—turning convenience versus risk into the day’s big debate.
A dev dropped Liberty, a command-line tool that binds your app secrets (think passwords and API keys) to your computer’s hardware, promising no more .env files, offline use, and a compliance-friendly audit trail. It’s free for individuals under MIT, and lives at GitLab with a PyPI install. Cue the crowd drama: on one side, folks thrilled to stop leaking secrets into Git and Slack; on the other, alarms blaring about a vault welded to your motherboard. The top fear? Getting locked out the moment you upgrade your laptop or a drive dies. User nosuchthing sounded the siren: lose the machine, lose the secrets—full stop. Meanwhile, hackingonempty questioned whether those hardware IDs have enough randomness to be safe, and pushed a simpler fix: just use your operating system’s keychain and a proper random key.
Jokes flew: memes of laptops as padlocks, “upgrade day = doomsday,” and the classic “Boss: new MacBook! Dev: new company, I guess.” The vibe is split down the middle—some love the no servers, no accounts simplicity, others see a ticking time bomb. The spicy debate turns on whether hardware-bound magic is brilliant or brittle, and if Liberty’s promise outweighs its potential “oops, new CPU” nightmare.
Key Points
- •Liberty is a CLI tool to replace .env files with hardware-bound encrypted secret storage.
- •Secrets are encrypted using AES-256-GCM with keys derived from CPU ID, machine ID, and disk serial.
- •The tool works offline, requires no servers or accounts, and provides a compliance-ready audit trail.
- •Liberty uses a global vault at ~/.liberty and is MIT licensed, free for individual use.
- •Source and package are available on GitLab and PyPI, with team sharing features planned as a paid tier.