I can't believe Emily is managing secrets with a sheet of paper. Jack had to type it all in to start the project on his first day 😂🤦🏽

One of the most essential things vibe coders need is a Store or Vault. A secure and efficient way to store and retrieve secrets. A straightforward API providing an encrypted key-value store for your customers’ secrets. Use Cases 1️⃣ API keys - Secure your customer API keys. 2️⃣ JWT tokens - Store your JSON Web Tokens and refresh tokens securely. 3️⃣ License keys - Protect your customer license keys for product activation. 4️⃣ Domain names - Need to build a custom domain feature? Store them securely. 5️⃣Passwords - Store your salted passwords securely. @onboardbase we launched Store a while ago. onboardbase.com/blog/store @WorkOS launched Vault yesterday x.com/grinich/status/1902020… @unkeydev has a Vault as well engineering.unkey.com/archit… Take your pick, but no excuses for not balancing security with speed as you vibe code to success.

So Cursor uploads .env file with secrets despite .gitignore and .cursorignore. This is one of the biggest concerns I've seen with Cursor. I'm not sure using Cursor with repositories with secrets or personal information is safe. It's easy to fix this by using something like onboardbase.com. It removes the .env files from your project, so it's no longer a concern. Join the discussion here. news.ycombinator.com/item?id…

Vibe Code all you want. Onboardbase Securelog keep it safe. 30 mins to bulletproof your SaaS. Go to onboardbase.com & securelog.com—then show us your app. Million Kids, Million Wins. 🚀 8/8

A million vibes, a million shots. Don’t let yours crash. Try this, build that wild idea, and flex it. What’s your project? Drop it below—let’s hype it up! 7/8

Real talk: Let's zoom out for a bit. Zoom got roasted for weak security, fixed it, and won. You can, too—without the drama. onboardbase.com securelog.com = free trials, no excuses. Protect your summer hit now. 6/8

How to lock it down: 1️⃣ Deploy to Vercel (you’re already a pro) 2️⃣ Onboardbase for keys (10 mins) 3️⃣ Securelog for sanitization (10 mins) 30 mins total—back to vibing, but untouchable. 5/8

@secureloghq = your growth bouncer. 1️⃣ Drop the SDK in NextJS 2️⃣ Spot and sanitize sketchy logins, secrets, agents, conversations 3️⃣ Scale from 50 to 5k users It’s your audit vibe—keeps the app tight when it blows up. 4/8

@onboardbase = your key management wingman. 1️⃣ npm i -g @onboardbase/cli 2️⃣ onboardbase setup 3️⃣ Pull keys, done. 5 mins, Multilayer encrypted, Vercel-ready. Keep coding, stay safe. 3/8

Why care? Your app’s a banger—meme generator, chat tool, flight simulator, boat cruise, whatever. But unprotected Supabase/Stripe keys = hacked in 5 mins. Trust gone, vibes dead. Security’s not a buzzkill—it’s your shield. 2/8

A million kids are building a million SaaS ideas with v0,bolt,cursor,replit,etc. Vibe coding in the purest sense. But here’s the tea: your weekend project’s a sitting duck without security Don’t kill the vibe—save it with Onboardbase & Securelog. Let’s break it down. 🧵👇 1/8

Envkit - Auth or SSO for Env is coming along nicely. Here are some of the things to expect from it. ✅ EnvKit—An <Env/> component to replace your default project/repo start page. ✅ Missing envs—If you don't know the required envs, you will see this page, where you can add them or connect with an env provider. ✅ Dev Only—Dev-only component and stays in git so others would know which env values to even ask for. No more creating env.txt files with dummy values. ✅ Other possible use case—Allow apps to easily collect user's env variables, with the ability to connect to Onboardbase or a secret manager of choice (which stores the env variables)

I have been thinking about this a lot. 😅 An <env /> component to replace your default project start page. ✅ If you don't know the required envs, you see this page where you can put the env or connect with an env provider. ✅ Customize the page's look, no more default starter page of the framework.

✨ Securelog is very good for AI agents. It's a plug-and-play "security brain" that agents can call upon. It can handle everything from sanitizing training data to securing runtime interactions. Apply or create "Custom Rules," and it works; no code changes are needed.

Terraform stands out as one of the most reliable Infrastructure as Code (IaC) tools to provision and manage cloud resources: just write a few lines in a Terraform configuration file and spin up cloud services in minutes in any cloud provider. But this ease of use also brings security challenges: a leak of your Terraform state files could reveal sensitive information, bring your infrastructure down, and ultimately hurt your reputation as a company. All it takes is an overworked colleague and a single bad `git commit`. Let me tell you how to protect your Terraform state files at rest and in transit using Onboardbase’s command line interface tool in five minutes without compromising the developer experience for your entire devops team. But why should I download another tool, Dante?? you might ask. I already use Hashicorp Vault. As I’ll explain in a minute, Hashicorp Vault only solves a part of the problem. @onboardbase is a 360° solution that goes beyond the devops team to integrate requirements from your entire IT department. Just read on, and you’ll understand right away. Read the full article here onboardbase.com/blog/terrafo…

🔥 Custom Rules on Securelog. Rules can be anything from SSN, Credit Card, Phone number, DNA sequence, and API Token. Basically, anything you consider a secret. You can parse this directly into Securelog, and it will redact it quickly. ☺️ Link to try it out below 👇🏽

TIL onboardbase.com/. dope.

I think onboardbase.com works well here—especially the yaml file. You can add your secrets but still be able to override them for local use cases specific to you.

even with the cold, still a fun turnout for devtools toronto #2 we had toolsmiths & hackers last night from @Stellate @github @Tempo_Labs @onboardbase @ShopifyEng @vltpkg @SST_dev @getsentry @wearedmno @noti_api and more 🙏 big thanks to our sponsors @rootlyhq and @getsentry