EnvKey v2
Magical secure app config

🔒 End-to-end encryption for API keys and other secrets.

⚡️ Live reload for environment variables and configuration.

Open Source MIT License. Cloud or self-hosted.

EnvKey is desktop-only.
Check back on desktop to download.

Step 1

From development to CI to staging to production, securely manage configuration and secrets all in one place.

Step 2

Load your config anywhere. Reload automatically after a change.


$ envkey-source -- any-shell-command$ envkey-source -- command
# That's it!# That's it! Your command runs with the latest environment variables.

$ envkey-source -w -- ./start-server
# Automatically reload.# Automatically reload with the latest environment after a change.

$ envkey-source -w --rolling -- ./start-server
# No-downtime rolling reloads.# Avoid downtime with rolling reloads across all connected processes.

$ es -- ping '$DATABASE_URL'
# Use the `es` alias to type less.
# Reference vars in commands.# Reference EnvKey variables in your commands.

$ es -r ./reload-env -- ./start-server 
# Custom reload logic.# Run custom reload logic after a change.

$ eval "$(es)"
# Set vars in current shell.# Set your EnvKey variables in the current shell.

$ echo $'\n\neval "$(es --hook bash)"\n' >> ~/.bash_profile
# Auto-load in any directory.# Auto-load the latest environment when entering a directory.
# Works just like direnv.

$ es --dot-env > .env
$ es --json > .env.json
$ es --yaml > .env.yaml
$ es --pam > /etc/environment
# Easy export to many formats.


  More ways to load ˯

The cross-platform envkey-source tool works with any language and offers the most integration options.

Language-specific wrappers are also available for Node.js, Go, Python, and Ruby.

Integration Quickstart

Accelerate development. Tighten security. Delight your team.

🛳 Ship faster by preventing config bugs and keeping environments in sync automatically, in development and across your whole infrastructure. You'll be amazed by how much time you save.

☠️ Avoid costly and embarrassing security incidents by keeping secrets away from code, email, chat, and third party services that don't deserve your trust. Sloppy secrets management is the leading cause of breaches. Don't be the next victim.

🐎 Tame your org's config. Prevent duplication and sprawl. Control access. Log everything. Rotate secrets easily.

🛠 Works with any language, host, or platform, including Docker, Kubernetes, Heroku, VMs, and every cloud vendor.

🧘 Experience configuration nirvana. Integrate your first project in 2 minutes. You'll never go back.

The first time we used EnvKey, it really felt like magic. A dev would build a feature, add the new value into EnvKey, and magically, all other devs had the value.

It has eliminated a class of problem which absolutely plagued us, especially on new fast-moving projects, where you can't afford to lose half a day debugging some cryptic error message because there just happens to be a random new env var.

Gabriel Fortuna - Founder, Zero One

EnvKey has been such a lifesaver for our team at Soundstripe. Onboarding new developers was instantly streamlinedas far as environment setups are concerned, and configuring servers has been simplified dramatically. We're hooked!

Trevor Hinesley - CTO, Soundstripe

First of all, I would like to say THANK YOU. EnvKey has solved a major problem for us, in managing our secrets really well.

We rolled it out across our dev, staging and production environments yesterday, and it was a smooth, 15 minute process.

We host everything on AWS, and I spent a week studying their key management solution. EnvKey made it ridiculously easy.

Devan Sabaratnam - Founder, HRPartner

Uncompromising security.

Audit logs

Device-based auth

Secure invitations

Easy access control

OS keyring integration

Trusted IPs

Enhanced productivity.

Version control

Powerful, scriptable CLI

Auto-reloading environments

Environment branches

Stackable environment blocks

Custom environments

Environment inheritance

Local development overrides

Data import/export

Conflict resolution

Change hooks

Account recovery keys

Flexible hosting.

Turn-key self-hosting

Multi-region redundancy

Behind-your-firewall mode

Advanced user management.

Teams

SAML SSO

SCIM directory sync

Next Level Data Security

Zero-knowledge end-to-end encryption with out-of-band verification ensures that no host, server, employee, or third party ever has access to your organization's secrets, unless it is specifically granted.

Even if an attacker takes over EnvKey Cloud or your Self-Hosted EnvKey host, your secrets will still be safe.

EnvKey's client-side end-to-end encryption is built with the NaCl cryptography library: a fast, modern, trusted standard.

Security Overview