Protect API keys and credentials.
Keep configuration in sync everywhere.

Secure, human-friendly, cross-platform secrets and config.
No server management or dealing with encryption keys.
Integrate in minutes.

Download
EnvKey is desktop-only.
Check back on desktop to download.

1. Securely store config and manage access in an end-to-end encrypted, auto-syncing desktop app.

Available for Mac, Windows, and Linux.

2. Connect your apps with an environment variable and a line or two of code.

Prevent breaches while making life easier.

Quickly share API keys, database credentials, and other sensitive config without giving third parties (including EnvKey) unnecessary access. Restrict production secrets to those who really need them, remove access with one click when it's no longer needed, and make it easy to rotate secrets so that you actually do it when you should. EnvKey makes strong security the path of least resistance.

Stay effortlessly in sync across teams, servers, and environments.

Manage all your configuration in one place. Stay updated in real-time, and keep both development machines and servers securely, automatically in sync. Simplify developer onboarding, simplify ops, and say goodbye to missing key errors in development, production, CI, and everywhere else.

I'm really blown away. The simplicity is refreshing. It's such a complex unsolved issue and you've engineered something ultra elegant.

Shamoon Siddiqui - Javascript Engineer / Javascript.NYC Organizer

No more dotenv madness or failed deploys because someone forgot they added a key, changed a key, didn't tell you about a key.

David DeParolesa - Product Manager, GiveLively

We think it can be quite revolutionary in terms of how secrets are stored and shared.

Abhi Yerra - DevOps Engineer, OpsZero

Zero-knowledge.
An open standard.

EnvKey's end-to-end encryption is built on OpenPGP, a secure and battle-tested standard. We never see your secrets in plain text, and your encryption passphrase is never sent to our servers. A web of trust verifies the authenticity of public keys on all encryption and decryption operations. The EnvKey App and all its client libraries are open source under the MIT License. 

Apart from providing client-side encryption for your secrets, EnvKey also follows strict best practices for server, network, and data security. All data is encrypted in transit and at rest, and all connections are made over TLS. Our databases, caches, and application servers are contained within a private, hardened network. 

Highly available, multi-region, redundant.

EnvKey partnered with OpsZero to build out a high security, high availability cloud architecture on top of Kubernetes, an open source server management platform based on Google's approach to performance and fault-tolerance at scale.

Your encrypted config is delivered by a dedicated Go micro-service that makes a single indexed query and responds in milliseconds. In addition to multi-availability zone failover, multi-region failover is also offered through automatic encrypted backups to Amazon S3. 

Make config one part of your system that just works.

Download
EnvKey is desktop-only.
Check back on desktop to download.