Quickstart   •   Homepage   •   Login   •   Community   •   Twitter

envsecrets is an open-source free-forever cloud account to store your environment secrets and synchronize them with third-party services.

This tool is for you if you:

• Are currently hardcoding your secrets in your code.
• Are sharing .env files over Slack or WhatsApp.
• Are consuming the same set of secrets in multiple services/locations.
• Do not have any access control setup for your secrets.
• Need to version your secrets.

Read our detailed data model to understand how we keep your secrets secure.

• End-to-End Encryption
  You are protected with public-key cryptography. Secrets are encrypted and decrypted on client side only. Never on our servers.
• Zero-Knowledge Architecture
  No one can see your secrets. Not even us. If our database gets hacked/leaked, attackers will never be able to decrypt your secrets.
• Multi-Factor Authentication
  You can enable Temporal One Time Passwords on the platform and scan the QR in any authenticator app like Google Authenticator or Authy.

• Open Source Codebase
  Feel free to scan our code to establish trust.

Amongst many hidden gems, the platform's core features include:

• Role-Based Access Control
  Never let your interns get access to production secrets.
• Deployment Platform Integrations - Vercel, Docker, etc.
  Push your secrets to the third-partry services where you consume them.
• Versioning
  Want to bring back a previous value? Rollback to an older version of your secret.
• Services Tokens / API Keys
  Securely export and consume your secrets in places where you cannot authenticate with your account password.
• CI/CD Integrations - Github Actions, Circle CI, etc.
  Push your secrets to the third-partry services where you are consuming them.
• Multi-Factor Authentication
  Activate TOTP based MFA in your account. Prevent attackers from accessing your secrets just because they got your password.

It is recommended you go through the quickstart guide for more detailed explaination.

Install the CLI in your system.

MacOS

brew install envsecrets/tap/envs

Linux

snap install envs

Windows Or Any Other OS Download the release binary from here.

• Change directory to the root of your project.

  cd project_root/
  

• Set your first secret locally.

  envs set first=first
  

  This will save your key-value pair locally without encrypting it.

• Get the value of a particular key.

  envs get first
  

  This should ideally print the value of first.

• List your locally available keys.

  envs ls
  

1. Login to your envsecrets cloud account.
2. Create a new project from your dashboard.
3. Now simply using the --env flag will run the get/set/ls commands on remote environments instead of your local one. To list your keys in a remote environment called prod, simply run:

   envs ls -e prod
   

4. Similarly, to get the value for key FIRST in the second version of your prod environment secret, simply run:

   envs get FIRST -v 2 -e prod
   

1. Go to the integrations catalog on the platform.
2. Choose any integration and go through the setup procedure described on the platform.
3. Activate your connected integration on the prod environment of any project in your organisation from the integrations page.
4. Run the following command on your terminal:

   envs sync -e prod
   

5. Out of the options presented to you by the CLI, select the preferred service you want to push your secrets to.
6. That's it! Go and check your service to see if the latest values have been updated.

Here is the detailed documentation on how to connect and activate every individual integration.

• Read the official documentation for tutorials and specifications.
• Go through the questions asked by others in this respository.
• Scan the issues in this repository.
• If you are stuck anywhere, ask our team in the community.

To request enhancements or new features, you can do either of the following:

• Open a new discussion under the "features" category. Properly decribe your requirements.
• Text us in the community.