Simplify Your Secrets

Manage your secrets using dotenv-vault's all-in-one toolkit. Say goodbye to scattered secrets across multiple platforms and tools.

Try dotenv-vault for free

No credit card required. Free plan as well.

dotenv-vault product screenshot

The #1 secrets manager for .env files

Trusted by thousands of dev teams worldwide

Ticketmaster + Dotenv
Happymoney + Dotenv
Hackclub + Dotenv
Zengaming + Dotenv
Honeylove + Dotenv
Firstvet + Dotenv
J.D. Power + Dotenv
Mooncard + Dotenv
Vio + Dotenv
Hey Data + Dotenv
LEAD + Dotenv
Spectrum + Dotenv

Managing your secrets sucks

We took a look at the state of secrets management, and it should be better!

Manual Management of Secrets screenshot

Sharing .env files by hand gets messy

From sharing over Slack, to Email, to copying and pasting across multiple environments, manually managing your secrets is chaotic.

× Out of Sync
× Zero Access Controls

other Secrets Management Solutions screenshot

Other solutions make you abandon .env files

Proprietary solutions require a lot from you - code rewrites, lock-in, and third-party integrations that might leak your secrets – it's risky.

× Proprietary
× Risky Third-party Integrations*

*Syncing your secrets over third-party integrations increases your attack surface area by scattering them in more places, making it more likely your secrets leak. Look what happened to CircleCI. dotenv-vault removes this risk.

Fix the problem in 3 easy steps

dotenv-vault replaces setting your secrets across multiple platforms and tools with a single source of truth.


It works everywhere you work

dotenv-vault works everywhere – without third-party integrations and without having to change your development or deployment processes. That's awesome! And better than any solution on the market.

Travis CI
Google Cloud
Cloud 66
Amazon AWS
AWS Lambda

Used by thousands of developers and companies

New developers and companies get started with dotenv-vault every day. You could be next.

FirstVet + Dotenv

FirstVet trusts dotenv-vault to keep their secrets safe while helping you keep your pets healthy. With their app, you can talk to a vet online at the click of a button.
Honeylove + Dotenv

Honeylove, a YC company, makes body-shaping apparel designed to make you feel more confident and improve your posture. When it comes to their security posture, they choose dotenv-vault. / yc
Supernova + Dotenv

When it comes to SecretOps, Supernova, one of the world's premier DesignOps solutions, reaches for dotenv-vault. + Dotenv

Sound is a collaborative music discovery platform built on web3 technology and values. For their secrets, they trust dotenv-vault.
Alameda + Dotenv

Alameda County is one of the most innovative counties in the United States. Home to 1.7 million people, in cities like Berkeley and Oakland, they use and trust dotenv-vault.
Snackclub + Dotenv

Built on blockchain technology, Snackclub is a gaming community that uses dotenv-vault to keep their secrets safe.
Zengaming + Dotenv

5 Million+ users trust Zengaming's and products. dotenv-vault helps support these users by powering Zengaming's secrets.
Happymoney + Dotenv

HappyMoney is a unicorn-sized company that has raised almost $200 million dollars. For keeping their secrets safe, they chose dotenv-vault as the superior option.
Sungage Financial + Dotenv

Sungage Financial innovates in the solar space - making it so more people can have solar. To innovate on their secrets they chose dotenv-vault.
Ligonier Ministries + Dotenv

Ligonier Ministries provides content and resources for Christians. Their team coordinates securely sharing secrets using dotenv-vault.
LEAD + Dotenv

Edtech Unicorn LEAD trusts dotenv-vault with its developer secrets. Their software makes excellent education affordable and accessible to all Indians.
Vio + Dotenv

100M+ visitors per year use to get a better deal on travel and accomodation. It takes a lot of software to do this and it is dotenv-vault that powers the secrets for that software.
Joshua McKenty

I've been thinking about building EXACTLY this for ages, was doing some market research for how to do it properly and found that you had, well, NAILED it.

Joshua McKenty, Cofounder of Open Stack & CEO of Delving

I've been thinking about building EXACTLY this for ages, was doing some market research for how to do it properly and found that you had, well, NAILED it.

Joshua McKenty, Cofounder of Open Stack & CEO of Delving

It takes just 5 minutes (or less)

You don't have to spend days or even hours to keep your secrets safe. dotenv-vault has a great free plan with a great developer experience.

100% Free
Sync .env files
Unlimited projects

Get started in 5 minutes or less


Frequently Asked Questions

dotenv-vault is the only secrets manager that works with .env files instead of against them. Other secrets managers make you replace your .env files with remote API calls. This means you spend costly time rewriting code, locking yourself into proprietary software, and possibly introducing new attack vectors. (It's generally easier for attackers to snoop on web traffic than it is to gain access to your file system.)
Your secrets go through a ten-step process to split their parts, encrypt, and tokenize them into the Dotenv Vault Store. This includes using AES-GCM - trusted by governments to transport top secret information. Read more about the ten-step process on the security page.
The .env.vault file is an encrypted version of your .env file. It is paired with a decryption key called the DOTENV_KEY. The DOTENV_KEY is set on your server or cloud hosting provider and the .env.vault file is committed to code.
Yes. AES-256 GCM encryption was developed for the needs of US Government agencies like the CIA. AES-256 takes billions of years to crack using current computing technology. Your secrets are much more likely to be leaked by a third-party. This is why we are so committed to this technology while everyone else is focused on syncing secrets to third-party integrations. They are taking a risk with your secrets.
In the CircleCI breach the attacker accessed environment variables only. They could not access codebases. To steal your encrypted .env.vault secrets they would need both – the decryption key (stored as an environment variable), AND the codebase's encrypted .env.vault file.
Not officially, but our goal is towards that. We're building things in a way that a cloud service is not necessary. As long as you can generate a .env.vault file you can use the technology. It is open to all.
The .env.vault file and its encryption algorithm is language-agnostic so technically it works with any language. We've built convenience libraries for it in a handful of languages and are adding more quickly.

See the libraries page for a complete list.

If you like using .env.vault files and know a language well, create the library for it. Your library could be used by millions of developers someday.
See the install page. You can use npx, brew, and more.