Clever approach to securing .env files, especially in shared repos or CI environments where accidental exposure is a real risk. I like how it balances usability with security reminds me of tools like sops but more lightweight. One suggestion: adding support for automatic rotation or integration with secret managers like AWS SSM could make it even more robust for teams.