Show HN: Machine – One VM per Project
A developer created a CLI tool called machine to improve security by running coding projects in isolated Lima VMs. The tool uses declarative profiles to define development environments and supports secure handling of SSH keys and secrets. It allows teams to share and replicate development setups easily while keeping sensitive data on the host machine.
- ▪The machine CLI starts a Lima VM for each project to enhance security.
- ▪It uses declarative profiles to configure VMs with tools like Node.js, Docker, and git.
- ▪SSH signatures can be forwarded from the host using MacOS Keychain or 1Password.
- ▪Environment variables and secrets are injected at startup and never stored in the VM.
- ▪Teams can share a projects.toml file to standardize development environments.
Opening excerpt (first ~120 words) tap to expand
Hi all!I realized it’s really not secure to run coding projects directly on my Mac. All the NPM hacks recently, especially with agentic coding — you’re always one npm install away from a disaster.So I’ve built a small CLI called machine that starts a Lima VM for each of your projects. It supports declarative “profiles” which are like package.json for your VM. The default profile comes with standard stuff like Node.js, git, Docker, Claude Code and Codex.If you share your projects.toml with your team, every developer can spin up your team’s entire dev environment with one command. No need to install dev tools, clone repos, npm install anything manually.Another cool thing is that you can use the native MacOS keychain or 1password to forward SSH signatures to the VM.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Ycombinator.