Secret management for local development environments remains a painful thorn in my side.

There's some promising solutions on the market... I really like 1Password's CLI, for example. It has this great little template engine that let's you bulk-replace values in config files from your personal or shared vaults.

But there's always some tool or another that forces you to break from your nice solutions. A private key on disk with no password here, and a DB password in a command-line argument there.

I poke around every now-and-then to see what the latest "best practice" is. The best-in-class tools get better, but the fringes remain problematic.

Anyone used something they really liked lately, for local secrets management?