For months, I have sought better ways to automate reinstalling my work tools when switching to a new laptop. Years ago, I began using dotfiles. Initially, I used some tooling I wasn’t entirely happy with, but given the options at the time, it was what I had. After a few months, I simplified my approach, adopting only Stow and a Bash Script for managing my dotfiles. This made the setup process much faster and easier, significantly reducing overhead. However, I was concerned about the security of my secrets — they were stored in plain text in the config files. Although my repository was private and I used a password manager via a Bash Script, I didn’t feel comfortable with unencrypted passwords in the configs.

  • Mise (or “mise-en-place”) is an open-source development environment setup tool designed to make local dev environments easy, consistent, and reproducible across projects and languages.

  • Fnox is a developer-focused secret management CLI tool that helps you securely manage and use sensitive configuration values (like API keys, database passwords, tokens) across development, CI/CD, and production workflows. It combines encrypted storage in version control with support for remote secret providers into a single workflow.

I don’t like giving other apps permission to integrate with my password manager, and that is non-negotiable. This was one of the main problems in integrating my secrets with my old workflow. With Fnox and Mise, I can pull the secrets from my password manager during the setup script, encrypt them with a disposable key, and that is it. No secrets exposed in the config files.

Maintaining my Bash scripts became much easier thanks to Mise Tasks. It reminded me of Makefiles, but easier to use. Additionally, with support for managing versions of Node.js, Rust, Ruby, and many other packages—since it also functions as a package manager—along with integration for idiomatic version files like .ruby-version, Gemfile, .nvmrc, environment variable management, and CI/CD integration, it fulfilled all my needs.

As a result, my dotfiles are now easier to maintain, more secure, and quicker to install. I might consider making my dotfiles public at some point. Yeah… maybe. 🤔

And, Yes! I rotated all my secrets while refactoring my dotfiles and recreated my repo from scratch. 😎