Stop losing your .env files.
Encrypted vault. Git sync. One command.
// Sound familiar?
Every developer has been here.
Clone a repo. Spend 30 minutes hunting for API keys.
Share .env files over Slack DMs. Hope nobody screenshots it.
.env.local? .env.production? .env.development.local? Which one?
How it works
Three commands. That's it.
envs initScans your .env files, encrypts them with AES-256-GCM, stores in a local vault.
envs pushPushes encrypted vault to a private Git repo. Your secrets never leave the encryption envelope.
envs pullOn any machine, one command restores all your env files. Merge or overwrite — you choose.
Everything you need
AES-256-GCM Encryption
Military-grade encryption. Your password never touches disk. Zero-knowledge architecture.
Git Sync
Syncs via private Git repo. Works with GitHub, GitLab, Bitbucket. No server needed.
Smart Diff
envs diff shows what’s missing, what’s different, what’s out of sync. Debug in seconds.
Multi-Environment
Handles .env, .env.production, .env.staging automatically. Maps files to environments.
Team Ready
Share access via Git repo collaborators. Each person uses their own master password.
Works Everywhere
Windows, macOS, Linux. Any project. Any framework. Just needs Node.js.
Quick Start
Up and running in 60 seconds.
# Installnpm install -g envs-cli# Initialize in your projectcd my-projectenvs init# Push to vaultenvs push# Enable remote sync (optional)envs sync# On another machineenvs pullCommands
envs init—Initialize vault for current projectenvs push—Encrypt and push env files to vaultenvs pull—Pull and decrypt env files from vaultenvs diff—Compare local vs vault (--reveal for plaintext)envs list—List all vaulted projectsenvs env list—Show environment mappingsenvs env add <name>—Add new environmentenvs sync—Enable or run remote syncenvs sync status—Check sync stateenvs sync disable—Turn off auto-syncHow it flows
Your secrets stay encrypted end-to-end.
Your Machine
Private Git Repo
Another Machine
Security first
Built for paranoid developers.