Protect API keys and credentials.
Keep configuration in sync everywhere.

Smart, end-to-end encrypted configuration and secrets management.
Prevent insecure sharing and config sprawl.
Integrate in minutes.

Live Demo

EnvKey is desktop-only.
Check back on desktop to download.

Seen On →

Backed By →

1. Manage configuration and access levels for all your apps, environments, and teams in one place.

Available for Mac, Windows, and Linux.

2. Configure any development or server environment with just a single environment variable.

ENVKEY=p9WYzzHefy33gzgDdvPJ-EKdh4jgBsRBBNerK

Ruby On Rails


gem 'envkey'

$ bundle install

# That's it. ENV contains the latest config.

Stripe.api_key = ENV['STRIPE_SECRET_KEY']

Python


$ pip install envkey

import envkey

# That's it. os.environ contains the latest config.

stripe.api_key = os.environ['STRIPE_SECRET_KEY']

Node.js


$ npm install envkey --save

import 'envkey'

// That's it. process.env contains the latest config.

var stripe = require('stripe')(process.env.STRIPE_SECRET_KEY)

Go


$ go get github.com/envkey/envkeygo

import _ "github.com/envkey/envkeygo"

// That's it. Access the latest config with os.Getenv

stripe.Key = os.Getenv("STRIPE_SECRET_KEY")

Any language via Bash Shell or Docker


$ curl -s https://raw.githubusercontent.com/envkey/envkey-source/master/install.sh | bash

$ eval $(envkey-source)

# That's it. Access the latest config through environment variables.

$ curl https://api.stripe.com/v1/charges -u $STRIPE_SECRET_KEY

Integration Docs

Plug a security hole while making life easier.

Don't risk sharing sensitive config over email, Slack, or Google Docs in plain text. Grant access quickly without giving third parties (including EnvKey) unnecessary access. Restrict production secrets to those who really need them, remove access with one click when it's no longer needed, and make it easy to rotate secrets. EnvKey makes strong security the path of least resistance.

Stay effortlessly in sync across teams, servers, and environments.

Manage all your configuration in one place. Stay updated in real-time, and keep both development machines and servers securely, automatically in sync. Simplify developer onboarding, simplify ops, and say goodbye to missing key errors in development, production, CI, and everywhere else.

More features and benefits

Developers, managers, and sys admins love EnvKey.

EnvKey has been such a lifesaver for our team at Soundstripe. Onboarding new developers was instantly streamlined as far as environment setups are concerned, and configuring servers has been simplified dramatically. We're hooked!

Trevor Hinesley - CTO, Soundstripe

Our environment variables had been a serious headache to deal with before, but with EnvKey it's suddenly super easy to add new variables or update the values of old ones. I love that it keeps them in sync across all of our production and test servers without any effort on our part. Setting up a new machine to use it is refreshingly simple. Honestly, thank you guys for providing a great solution!

Lance Petersen - Engineer, Skip

First of all, I would like to say “THANK YOU”. EnvKey has solved a major problem for us, in managing our secrets really well.

We rolled it out across our dev, staging and production environments yesterday, and it was a smooth, 15 minute process.

We host everything on AWS, and I spent a week studying their key management solution. EnvKey made it ridiculously easy.

Devan Sabaratnam - Founder, HRPartner

This is a badass piece of software... I'm an independent contractor and this is already saving me time managing secrets on my side projects even when it's just me! I can only imagine how useful this is going to be in a team setting.

Thanks for making this!

Jarrod Spillers - Engineer, Stacktact

Zero-knowledge.
An open standard.

EnvKey's end-to-end encryption is built on OpenPGP, a secure and battle-tested standard. We never see your secrets in plain text, and your encryption passphrase is never sent to our servers. A web of trust verifies the authenticity of public keys on all encryption and decryption operations. The EnvKey App and all its client libraries are open source under the MIT License.

Apart from providing client-side encryption for your secrets, EnvKey also follows strict best practices for server, network, and data security. All data is encrypted in transit and at rest, and all connections are made over TLS. Our databases, caches, and application servers are contained within a private, hardened network.

Security Overview Our Code On Github

Highly available, multi-region, redundant.

EnvKey partnered with OpsZero to build out a high security, high availability cloud architecture on top of Kubernetes, an open source server management platform based on Google's approach to performance and fault-tolerance at scale.

Your encrypted config is delivered by a dedicated Go micro-service that makes a single indexed query and responds in milliseconds. In addition to multi-availability zone failover, multi-region failover is also offered through automatic encrypted backups to Amazon S3.

Make config one part of your system that just works.