Invest in Your Security

764 organizations signed up last month.

Free to use for individuals and small teams.

What's free? Everything you need.

Everything you need to securely backup, sync, and deploy your secrets from one source of truth.

Sync .env files
Unlimited projects
Up to 3 teammates
Email support
Multiple environments
Encrypted deploys
GitHub add-on
VSCode extension *

* Add auto-cloaking to your .env files

Save money with dotenv-vault

The average cost of a secrets leak is $1.2 million dollars. You need a secrets manager that simplifies your secrets and prevents them from being scattered across multiple third-parties.

Team plan

50 users at $4/month

✓ Unlimited secrets
✓ Unlimited projects
✓ Custom environments
✓ Slack notifications
✓ User access controls
✓ Version history
✓ External share
✓ High availability

= $200/month

HashiCorp Vault

50 users at $1.58/hour

= $1,137.60/month


50 users at $18/month

= $900/month


50 users at $14/month

= $700/month

Developers, developers, developers

We are developers, just like you. We could probably charge more for what we've built but as developers ourselves we don't like the idea of that. We're in this for the long haul – to build the best developer-first secrets manager on the market.

Non-profit, open-source, and educational discounts

Yes, we offer discounts for non-profits, open-source 💛, and education programs. Contact us at [email protected] after creating your account to get your discount.

Cancel anytime, no lock-in

Cancel your account at anytime. Also, unlike competing solutions, dotenv-vault is designed to work on top of the open .env file format standard. This way you can stop using dotenv-vault and everything will still just work.

Incrementally grow into dotenv-vault

Unlike other secrets managers that are all-or-nothing, you can use dotenv-vault incremently. Start by using it as a way to backup your .env files, grow to using it across your team, and then adopt the encrypted deploys.

What developers are saying

This is a product every dev wishes they would make. Ha! – Michael

You are solving a real pain point here, I love how easy it is to get started in a snap. I'm using it to sync between my pc and laptop. – Faisal

dotenv-vault is a great way to manage your environment variables for your team or for your many personal projects. – Kevin

What a nice thing is 🔥 Dotenv Vault 🔥. – Jonatan

I gotta say that the introduction process and the entire vault workflow in general was absolutely divine to witness. Loved seeing every little step documented well with adequate feedback given every time. But the GitHub-like interface really put the cherry on top. – Petar

It works very well. – Hugo

Hearts out to the Dotenv team. Really great support. 10/10 would recommend. – Peipr

Great onboarding experience. I went from “not knowing what this even is” to “integrated into my project” within about 5 minutes. Having each cli command tell me the next step was super helpful. Keep up the good work! – Anthony

I'm excited to start using it and replace my instance of hashicorp vault! – Brian

The great thing about the product is the CLI, which makes it usable in any environment. – Greg

Frequently asked questions

dotenv-vault is the only secrets manager that works with .env files instead of against them.

Other secrets managers make you replace your environment variables with remote API calls. This means you must rewrite your code, lock yourself into proprietary software, and possibly introduce new attack vectors to your software (It's generally easier for attackers to intercept your web traffic than to gain access to your file system.)

Your secrets go through a ten-step process to split their parts, encrypt those parts, and tokenize them into your project's vault. This includes using AES-GCM encryption - trusted by governments to transport top secret information. Read more about the ten-step process on the security page.

The .env.vault file is an encrypted version of your .env file. It is paired with a decryption key called the DOTENV_KEY. The DOTENV_KEY is set on your server or cloud hosting provider and the .env.vault file is committed to code.

Yes. AES-256 GCM encryption was developed for the needs of US Government agencies like the CIA. AES-256 takes billions of years to crack using current computing technology. Your secrets are much more likely to be leaked by a third-party. This is why we are so committed to this technology while everyone else is focused on syncing secrets to third-party integrations. We see a better way.

In the CircleCI breach the attacker accessed environment variables only. They could not access codebases. To steal your .env.vault secrets, an attacker needs need both – the decryption key (stored as an environment variable), AND the encrypted .env.vault file.

Not officially, but our goal is towards that. We're building things in a way that a cloud service is not necessary. As long as you can generate a .env.vault file you can use the technology. It is open to all.

The .env.vault file and its encryption algorithm is language-agnostic so technically it works with any language. We've built convenience libraries for it in a handful of languages and are adding more as requested. See the docs for a complete list.

See the install page. You can use npx, brew, and more.

Can’t find the answer you’re looking for? Send us an email at [email protected] team. We'd love to hear from you.