CLI-first secrets workflow

Encrypted env vars.
Explicit sync. Zero guesswork.

Stop pasting .env files in Slack. Env-Sync gives your team an opinionated CLI flow to encrypt, share, and version secrets safely.

AES-256-GCMArgon2id key derivationNo background sync

envsync-session

live demo

Install Script

$ curl -fsSL https://envsync.adityamer.dev/install | bash

Supports macOS, Linux, and Windows (WSL)

Open source

Free forever

Setup time

Under 5 min

Team size

Any size

Capabilities

Sync env across devices & teams

Built for teams that want project-based sync, strong encryption, and explicit operational control.

End-to-end encryption

Your secrets are encrypted before they leave your machine. Only you can read them.

Control when sync happens

Explicit push and pull. No background processes, no surprises — you decide when to sync.

Restore from any device

Lost your laptop? Onboard a new machine in seconds with your recovery phrase.

Never lose changes

Built-in conflict detection so you never accidentally overwrite your team's secrets.

Quick health checks

Run diagnostics to verify your setup, connectivity, and config in seconds.

Know who did what

Structured audit logs tell you exactly what changed, when, and by whom.

How it works

Project-based sync. Team-ready.

Three clear steps from local setup to secure team sync.

Initialize and scope

Create your encrypted local vault, select project, and choose environment.

Manage secrets safely

Set, get, list, rollback, and review history without exposing plaintext by default.

Sync with control

Push and pull to file, HTTP, or Cloudflare Worker backends with optimistic concurrency checks.

Security

No hidden plaintext paths

Phrase-derived keys, encrypted values, version history, and audit trails all designed for high-signal operations.

Security model

Argon2id key derivation from recovery phrase
AES-256-GCM encryption for secret values
Remote writes validated by optimistic `revision` checks

Remote integrations

HTTP remote backend with bearer token support
Cloudflare Worker + KV store backend
Restore command for second-machine recovery

Sync env across devices & teams.

Start with one install command and sync environment variables across your team on a project basis.

Install ENV Sync

CLI-first secrets workflow

Encrypted env vars.
Explicit sync. Zero guesswork.

Stop pasting .env files in Slack. Env-Sync gives your team an opinionated CLI flow to encrypt, share, and version secrets safely.

AES-256-GCMArgon2id key derivationNo background sync

envsync-session

live demo

Install Script

$ curl -fsSL https://envsync.adityamer.dev/install | bash

Supports macOS, Linux, and Windows (WSL)

Open source

Free forever

Setup time

Under 5 min

Team size

Any size

Capabilities

Sync env across devices & teams

Built for teams that want project-based sync, strong encryption, and explicit operational control.

End-to-end encryption

Your secrets are encrypted before they leave your machine. Only you can read them.

Control when sync happens

Explicit push and pull. No background processes, no surprises — you decide when to sync.

Restore from any device

Lost your laptop? Onboard a new machine in seconds with your recovery phrase.

Never lose changes

Built-in conflict detection so you never accidentally overwrite your team's secrets.

Quick health checks

Run diagnostics to verify your setup, connectivity, and config in seconds.

Know who did what

Structured audit logs tell you exactly what changed, when, and by whom.

How it works

Project-based sync. Team-ready.

Three clear steps from local setup to secure team sync.

Initialize and scope

Create your encrypted local vault, select project, and choose environment.

Manage secrets safely

Set, get, list, rollback, and review history without exposing plaintext by default.

Sync with control

Push and pull to file, HTTP, or Cloudflare Worker backends with optimistic concurrency checks.

Security

No hidden plaintext paths

Phrase-derived keys, encrypted values, version history, and audit trails all designed for high-signal operations.

Security model

Argon2id key derivation from recovery phrase
AES-256-GCM encryption for secret values
Remote writes validated by optimistic `revision` checks

Remote integrations

HTTP remote backend with bearer token support
Cloudflare Worker + KV store backend
Restore command for second-machine recovery

Sync env across devices & teams.

Start with one install command and sync environment variables across your team on a project basis.

Install ENV Sync

Encrypted env vars.Explicit sync. Zero guesswork.

Sync env across devices & teams

End-to-end encryption

Control when sync happens

Restore from any device

Never lose changes

Quick health checks

Know who did what

Project-based sync. Team-ready.

Initialize and scope

Manage secrets safely

Sync with control

No hidden plaintext paths

Security model

Remote integrations

Sync env across devices & teams.

Encrypted env vars.Explicit sync. Zero guesswork.

Sync env across devices & teams

End-to-end encryption

Control when sync happens

Restore from any device

Never lose changes

Quick health checks

Know who did what

Project-based sync. Team-ready.

Initialize and scope

Manage secrets safely

Sync with control

No hidden plaintext paths

Security model

Remote integrations

Sync env across devices & teams.

Encrypted env vars.
Explicit sync. Zero guesswork.

Encrypted env vars.
Explicit sync. Zero guesswork.