From the pioneers of GitHub dotenv ★ 17.7k

Secrets for developers

A secrets manager for .env files. Sync your secrets between machines, environments, and team members with GitHub dotenv-vault .

A self-funded and profitable org ⋅ Trusted by thousands of dev teams worldwide

Try it for yourself

Works with a single command

Benefit immediately. Run the push command to back up your .env file right now.


npx dotenv-vault push

remote: Securely pushing (.env)... done Run npx dotenv-vault open to view in the ui

“I personally spent a lot of development time on the cli. There is a bit of a learning curve, but I think you will like it.”

Creator of Dotenv

Managing your secrets sucks

We took a hard look at the state of secrets management, and it should be better.

Sharing .env files by hand gets messy

From sharing over Slack, to Email, to copying and pasting across multiple environments, manually managing your secrets is chaotic.

× Out of Sync
× Zero Access Controls

Other solutions make you abandon .env files

Proprietary solutions require a lot from you - code rewrites, lock-in, and third-party integrations that might leak your secrets – it's risky.

× Proprietary
× Risky Third-party Integrations

*Syncing your secrets over third-party integrations increases your attack surface area by scattering them in more places, making it more likely your secrets leak. Look what happened to CircleCI. dotenv-vault removes this risk.

Fix the problem in 3 easy steps

Replace setting your secrets across multiple platforms and tools with a single source of truth.

Used by thousands of companies

Hundreds of companies adopt dotenv-vault each month. Yours could be next.

Joshua McKenty

“I've been thinking about building EXACTLY this for ages, was doing some market research for how to do it properly and found that you had, well, NAILED it.”

Josh McKenty
Cofounder of OpenStack

It takes just 5 minutes, or less

You don't have to spend days or even hours to keep your secrets safe. dotenv-vault has a great free plan with a great developer experience.

100% Free
Sync .env files
Unlimited projects
Create Dotenv Account

Frequently asked questions

dotenv-vault is the only secrets manager that works with .env files instead of against them.

Other secrets managers make you replace your environment variables with remote API calls. This means you must rewrite your code, lock yourself into proprietary software, and possibly introduce new attack vectors to your software (It's generally easier for attackers to intercept your web traffic than to gain access to your file system.)

Your secrets go through a ten-step process to split their parts, encrypt those parts, and tokenize them into your project's vault. This includes using AES-GCM encryption - trusted by governments to transport top secret information. Read more about the ten-step process on the security page.

The .env.vault file is an encrypted version of your .env file. It is paired with a decryption key called the DOTENV_KEY. The DOTENV_KEY is set on your server or cloud hosting provider and the .env.vault file is committed to code.

Yes. AES-256 GCM encryption was developed for the needs of US Government agencies like the CIA. AES-256 takes billions of years to crack using current computing technology. Your secrets are much more likely to be leaked by a third-party. This is why we are so committed to this technology while everyone else is focused on syncing secrets to third-party integrations. We see a better way.

In the CircleCI breach the attacker accessed environment variables only. They could not access codebases. To steal your .env.vault secrets, an attacker needs need both – the decryption key (stored as an environment variable), AND the encrypted .env.vault file.

Not officially, but our goal is towards that. We're building things in a way that a cloud service is not necessary. As long as you can generate a .env.vault file you can use the technology. It is open to all.

The .env.vault file and its encryption algorithm is language-agnostic so technically it works with any language. We've built convenience libraries for it in a handful of languages and are adding more as requested. See the docs for a complete list.

See the install page. You can use npx, brew, and more.

Can’t find the answer you’re looking for? Send us an email at [email protected] team. We'd love to hear from you.

© Dotenv


dotenv-vault is from the pioneers of dotenv, trusted by 2.5M+ developers