Give your whole team one secure home for every .env file — with Figma-style sharing, CLI sync, version history and audit logs. It's all end-to-end encrypted in your browser, so your secrets never reach our servers in plain text.
Zero-knowledge · no credit card required
Trusted by engineers migrating off Doppler, Infisical & shared 1Password vaults
Other managers encrypt secrets on their servers. envdotweb encrypts them on your device — so a breach on our side leaks nothing but ciphertext.
full partial / optional not available. Based on publicly documented features as of 2026; products evolve — check their sites for the latest.
Built for developers who care about security without the enterprise bloat.
Secrets are encrypted in your browser with AES-256-GCM before they ever reach our servers. We literally cannot read them.
Pull secrets into any environment with one command. envdot pull writes your .env; envdot run injects them without a file.
Invite teammates like Figma. Project keys are envelope-encrypted to each member's public key — no shared passwords.
Every change is an append-only version. See who changed what, when, and roll back with full history on Pro.
A filterable record of every action across your team — created, updated, deleted, invited, revoked.
dev, staging, production and custom environments per project. Compare them side-by-side to catch drift.
Every value is encrypted with AES-256-GCM in your browser. Project keys are envelope-encrypted to each member's RSA public key — exactly like Figma shares a file, but the server only ever stores ciphertext.
Start free. Upgrade when your team grows. Cancel anytime.
For solo devs and small side projects.
Start free
For growing teams shipping to production.
billed annually
Upgrade to ProFor organizations that need governance.
billed annually
Upgrade to TeamSet up your first encrypted project in under two minutes.
Get started free