End-to-end encrypted environment variable management for teams. Push and pull .env files like you push and pull code — with full version history, rollback support, and team access control.
The server never sees your secrets. All encryption happens locally using libsodium before anything leaves your machine. Each team member’s public key seals the project encryption key, so access can be granted and revoked without re-encrypting every secret.
Features
- CLI-first workflow —
ev pushandev pull, just like git - End-to-end encryption — libsodium crypto, zero-knowledge server
- Version history — Every change tracked, rollback to any release
- Team access control — Public key-based, granular per-project
- Multiple environments — Dev, staging, production with promotion support
- Pluggable backends — AWS Secrets Manager, HashiCorp Vault, GCP Secret Manager, 1Password