Nobalmako - Secure Environment Variable Manager

Nobalmako is a full-stack MVP designed to help developers and teams securely store, manage, and share secrets. It features end-to-end encryption for sensitive values and robust role-based access control.

Features

- End-to-End Security: All environment variable values are encrypted using AES-256-CBC before storage.
- Projects & Environments: Organize secrets by project and categorize them into development, staging, or production.
- Role-Based Access Control (RBAC):
- Owner: Full control over the project and members.
- Admin: Manage members and secrets.
- Developer: View and manage secrets.
- Viewer: Read-only access to secrets.
- Audit Logs: Track every action performed on your secrets for compliance and security.
- API Keys: Secure programmatic access for CI/CD and CLI integrations.
- Variable History: View and compare previous versions of any secret.

Nobalmako CLI

Manage your secrets directly from your terminal or CI/CD pipeline.

$3

Install the CLI globally from NPM:
``bash npm install -g nobalmako-cli`

Alternatively, run without installing using npx:`bash npx nobalmako --help`

`$3`

You can also use Nobalmako directly in your code to fetch and inject secrets at runtime.

#### Installation

`bash npm install nobalmako-cli`

#### Usage

`typescript import { nobalmako } from 'nobalmako-cli';

// Automatically loads variables into process.env from nobalmako.json await nobalmako.load();

// Or with explicit options await nobalmako.load({ project: 'my-service', environment: 'production', token: process.env.NOBALMAKO_TOKEN });

console.log(process.env.DATABASE_URL);`

`$3`

1. Local Authentication: Authenticate your CLI once and it will remember your session:`bash nobalmako login`

Alternatively, use an API Token for CI/CD:`bash export NOBALMAKO_TOKEN="nm_your_api_key_here"`

2. Initialize Project: Create anobalmako.jsonto store project defaults:`bash nobalmako init`

3. Pull Secrets: Download secrets to a local file:`bash nobalmako pull -p "My Project" -e "production"`

4. Push Secrets: Upload local variables to the cloud (auto-creates project/env if missing):`bash nobalmako push`

5. Sync & Merge: Synchronize local and remote variables automatically:`bash nobalmako sync`

6. Run with Secrets: Execute a command with secrets injected into memory:`bash nobalmako run -- npm start`

`Tech Stack`

- Frontend: Next.js 15, React, Tailwind CSS, Lucide Icons, Radix UI. - Backend: Node.js, Express (custom server), Next.js API Routes. - Database: PostgreSQL (using Drizzle ORM). - Authentication: JWT (JSON Web Tokens).

`Setup Instructions`

`$3`


- Node.js 18+ 
- PostgreSQL database (or a Neon/Supabase project)
$3

Copy

.env.example to .env

 and fill in the values:
\

bash
cp .env.example .env
\


$3

\

bash
npm install
\


$3

\

bash

Push schema to database

npx drizzle-kit push
\


$3

\

bash

Development mode

npm run dev

Build and Start

npm run build
npm start
\


Security Model

1. At-Rest: Secrets are encrypted using AES-256-CBC. Even if the database is compromised, the values remain unreadable without the ENCRYPTION_KEY`.
2. In-Transit: All requests are handled via HTTPS (recommended for production).
3. RBAC: Hierarchical Role-Based Access Control is enforced:
- Owner/Admin: Full control over project and members.
- Developer: Read/Write access to secrets (push/pull/sync).
- Viewer: Read-only access to secrets (pull only).

License

MIT

Nobalmako - Secure Environment Variable Manager

Features

Nobalmako CLI

Manage your secrets directly from your terminal or CI/CD pipeline.

$3

Install the CLI globally from NPM:
``bash npm install -g nobalmako-cli`

Alternatively, run without installing using npx:`bash npx nobalmako --help`

`$3`

You can also use Nobalmako directly in your code to fetch and inject secrets at runtime.

#### Installation

`bash npm install nobalmako-cli`

#### Usage

`typescript import { nobalmako } from 'nobalmako-cli';

// Automatically loads variables into process.env from nobalmako.json await nobalmako.load();

// Or with explicit options await nobalmako.load({ project: 'my-service', environment: 'production', token: process.env.NOBALMAKO_TOKEN });

console.log(process.env.DATABASE_URL);`

`$3`

1. Local Authentication: Authenticate your CLI once and it will remember your session:`bash nobalmako login`

Alternatively, use an API Token for CI/CD:`bash export NOBALMAKO_TOKEN="nm_your_api_key_here"`

2. Initialize Project: Create anobalmako.jsonto store project defaults:`bash nobalmako init`

3. Pull Secrets: Download secrets to a local file:`bash nobalmako pull -p "My Project" -e "production"`

4. Push Secrets: Upload local variables to the cloud (auto-creates project/env if missing):`bash nobalmako push`

5. Sync & Merge: Synchronize local and remote variables automatically:`bash nobalmako sync`

6. Run with Secrets: Execute a command with secrets injected into memory:`bash nobalmako run -- npm start`

`Tech Stack`

`Setup Instructions`

`$3`


- Node.js 18+ 
- PostgreSQL database (or a Neon/Supabase project)
$3

Copy

.env.example to .env

 and fill in the values:
\

bash
cp .env.example .env
\


$3

\

bash
npm install
\


$3

\

bash

Push schema to database

npx drizzle-kit push
\


$3

\

bash

Development mode

npm run dev

Build and Start

npm run build
npm start
\


Security Model

License

MIT