Show HN: Oneseal – Secrets, configs, and platform outputs as code
github.comI kept hitting the same problem: teams pass secrets/configs/IDs via .env files, Slack, or CI glue; Terraform (or Pulumi) knows the truth, but apps don’t. Things drift.
I built Oneseal: a small CLI that turns platform outputs (Terraform state, etc.) into a typed, versioned SDK you can install and import. The goal is to make consumption predictable and diffable, not to replace your vault.
What it does - Reads outputs (secrets, URLs, flags, IDs, connection strings)
- Generates a package (TypeScript today) with types + multi-env selection
- Deterministic artifacts, safe to commit or publish to your internal registry.
If this solves your env-drift pain, tell me where it breaks in your stack !