> Revoke Access

> To remove a team member:

> memevault access remove bob

> This immediately re-encrypts the vault with the remaining keys, locking Bob out.

Unless you rewrite the git history, force-push every branch, then do the same on every developers' computer (and ask Github support to garbage-collect your repo too), this actually does not "lock the Bob out", it just removes it from latest commit, but the Bob can still access every older commit.

Was thinking about how to make leaking keys less of an issue, especially as ai loves to just commit stuff. And why not store them in memes.

Memevault is a zero-dependency, single-binary secret manager that lets you keep encrypted project secrets anywhere by storing them inside a meme image. Instead of sharing `.env` files or relying on ad hoc workflows, teams can grant and revoke access per user, and the vault is re-encrypted accordingly. It works consistently across Windows, Linux, and macOS, injects secrets only into the environment of the command you run (`memevault run -- ...`), and includes key rotation plus a `scan` command to catch secrets referenced in code but missing from the vault.

Man- I am noticing so many people are writing and ruminating on the defense of the .env file right now!

I can't tell if the project name ("memevault") implies that this is a real tool or a jab at us ruminating weirdos X'D