Quickstart • Homepage • Login • Community • Twitter
envsecrets is an open-source free-forever cloud account to store your environment secrets and synchronize them with third-party services.
This tool is for you if you:
- Are currently hardcoding your secrets in your code.
- Are sharing
.env
files over Slack or WhatsApp. - Are consuming the same set of secrets in multiple services/locations.
- Do not have any access control setup for your secrets.
- Need to version your secrets.
Read our detailed data model to understand how we keep your secrets secure.
- End-to-End Encryption
You are protected with public-key cryptography. Secrets are encrypted and decrypted on client side only. Never on our servers. - Zero-Knowledge Architecture
No one can see your secrets. Not even us. If our database gets hacked/leaked, attackers will never be able to decrypt your secrets. - Multi-Factor Authentication
You can enable Temporal One Time Passwords on the platform and scan the QR in any authenticator app like Google Authenticator or Authy.
- Open Source Codebase
Feel free to scan our code to establish trust.
Amongst many hidden gems, the platform's core features include:
- Role-Based Access Control
Never let your interns get access to production secrets. - Deployment Platform Integrations - Vercel, Docker, etc.
Push your secrets to the third-partry services where you consume them. - Versioning
Want to bring back a previous value? Rollback to an older version of your secret. - Services Tokens / API Keys
Securely export and consume your secrets in places where you cannot authenticate with your account password. - CI/CD Integrations - Github Actions, Circle CI, etc.
Push your secrets to the third-partry services where you are consuming them. - Multi-Factor Authentication
Activate TOTP based MFA in your account. Prevent attackers from accessing your secrets just because they got your password.
It is recommended you go through the quickstart guide for more detailed explaination.
Install the CLI in your system.
MacOS
brew install envsecrets/tap/envs
Linux
snap install envs
Windows Or Any Other OS Download the release binary from here.
-
Change directory to the root of your project.
cd project_root/
-
Set your first secret locally.
envs set first=first
This will save your key-value pair locally without encrypting it.
-
Get the value of a particular key.
envs get first
This should ideally print the value of
first
. -
List your locally available keys.
envs ls
- Login to your envsecrets cloud account.
- Create a new project from your dashboard.
- Now simply using the
--env
flag will run theget/set/ls
commands on remote environments instead of your local one. To list your keys in a remote environment calledprod
, simply run:envs ls -e prod
- Similarly, to get the value for key
FIRST
in the second version of yourprod
environment secret, simply run:envs get FIRST -v 2 -e prod
- Go to the integrations catalog on the platform.
- Choose any integration and go through the setup procedure described on the platform.
- Activate your connected integration on the
prod
environment of any project in your organisation from the integrations page. - Run the following command on your terminal:
envs sync -e prod
- Out of the options presented to you by the CLI, select the preferred service you want to push your secrets to.
- That's it! Go and check your service to see if the latest values have been updated.
Here is the detailed documentation on how to connect and activate every individual integration.
- Read the official documentation for tutorials and specifications.
- Go through the questions asked by others in this respository.
- Scan the issues in this repository.
- If you are stuck anywhere, ask our team in the community.
To request enhancements or new features, you can do either of the following:
- Open a new discussion under the "features" category. Properly decribe your requirements.
- Text us in the community.