New — share a secret that self-destructs after one view

Stop pasting secrets in Slack & Teams.

Give your whole team one secure home for every .env file — with Figma-style sharing, CLI sync, version history and audit logs. It's all end-to-end encrypted in your browser, so your secrets never reach our servers in plain text.

Zero-knowledge · no credit card required

envdot — ~/app

Trusted by engineers migrating off Doppler, Infisical & shared 1Password vaults

acmenorthwindhooliinitechpiedpiperumbrella
The zero-knowledge difference

Why teams switch from Doppler & Infisical

Other managers encrypt secrets on their servers. envdotweb encrypts them on your device — so a breach on our side leaks nothing but ciphertext.

CapabilityenvdotwebDopplerInfisical
Secrets encrypted in your browser (zero-knowledge)
Figma-style per-member key sharing
One-click import from a GitHub repo
Free one-time secret sharing tool
Version history on the free plan
Dependency-light CLI (pull / push / run)
Export a decrypted .env anytime — no lock-in
Starts free, no credit card

full  partial / optional  not available. Based on publicly documented features as of 2026; products evolve — check their sites for the latest.

Everything you need to manage secrets safely

Built for developers who care about security without the enterprise bloat.

Zero-knowledge encryption

Secrets are encrypted in your browser with AES-256-GCM before they ever reach our servers. We literally cannot read them.

CLI sync

Pull secrets into any environment with one command. envdot pull writes your .env; envdot run injects them without a file.

Team workspaces

Invite teammates like Figma. Project keys are envelope-encrypted to each member's public key — no shared passwords.

Version history

Every change is an append-only version. See who changed what, when, and roll back with full history on Pro.

Audit logs

A filterable record of every action across your team — created, updated, deleted, invited, revoked.

Environments

dev, staging, production and custom environments per project. Compare them side-by-side to catch drift.

Zero-knowledge architecture

We couldn't read your secrets if we tried.

Every value is encrypted with AES-256-GCM in your browser. Project keys are envelope-encrypted to each member's RSA public key — exactly like Figma shares a file, but the server only ever stores ciphertext.

  • AES-256-GCM encryption before anything leaves your device
  • RSA-OAEP envelope encryption for team sharing
  • PBKDF2 passphrase key derivation (600k iterations)
  • Downloadable recovery code — you hold the keys, not us
# what the server stores
DATABASE_URL = "U2FsdGVkX1+9v...c8fA=="
STRIPE_KEY = "9mQ0pL2k...xY7z"
# what you see
DATABASE_URL = postgres://user:••••@host/db
STRIPE_KEY = sk_live_••••••••

Simple, per-seat pricing

Start free. Upgrade when your team grows. Cancel anytime.

Free

For solo devs and small side projects.

$0forever

 

Start free
  • 1 project
  • Up to 2 members
  • 3 environments
  • 7-day version history
  • Zero-knowledge encryption
  • One-time secret sharing
Most popular

Pro

For growing teams shipping to production.

$6.67/user/mo

billed annually

Upgrade to Pro
  • Unlimited projects
  • Unlimited members
  • Unlimited environments
  • Unlimited version history
  • CLI tokens & sync
  • Integrations
  • Priority email support

Team

For organizations that need governance.

$15/user/mo

billed annually

Upgrade to Team
  • Everything in Pro
  • Audit logs
  • Role-based access control
  • SSO-ready
  • Invite-link controls
  • Advanced environment policies

Your .env deserves better than a DM.

Set up your first encrypted project in under two minutes.

Get started free