Stop sending .env files
in Slack.
Keep project environment variables in sync without passing secrets through chat or shared notes. envcli encrypts values locally, versions changes, and syncs only ciphertext through the server.
$ curl -fsSL https://envcli.dev/install.sh | shFeatures
// e2e encrypted
Files are encrypted locally with AES-GCM 256 before upload. The server stores ciphertext only; without the project key, secrets cannot be recovered.
// versioned
Each push creates a new version, with an optional message. See what changed, who changed it, and roll back when needed.
// ci-ready
Create scoped API keys per project. Set the token and project key in CI, then run envcli pull.
// multiple envs
Manage dev, staging, and production from one project, while keeping each environment separate.
// per-project keys
Each project has its own encryption key. A leaked key affects only that project.
// github login
Use GitHub for sign-in and teammate invites. No separate envcli password to manage.
Pricing
Free for solo use. Add teammates for £2.49 per seat per month after the first user.
- For solo use, one person per project
- Unlimited projects
- Unlimited environments
- End-to-end encryption
- Unlimited CI API keys
- First user included
- £2.49 per additional teammate
- Everything in Free
- Invite by GitHub username
- Same encryption, versioning, CI
First user is free. Additional seats are billed monthly, cancel anytime.
Install
One line. Works on macOS, Linux, and WSL. Needs Node 20+. Uses whichever of bun, pnpm, or npm you already have.
$ curl -fsSL https://envcli.dev/install.sh | shPrefer to inspect first? View the script, or npm i -g envcli.
CI usage
Create a project API key, then set two secrets in your CI provider.