Env-Sync
Star on GitHub
v1.0 is now live

Encrypted env vars.
Explicit sync. Zero guesswork.

Stop pasting .env files in Slack. Env-Sync provides a CLI-first workflow to securely share and version environment variables across your entire team.

bash
$ curl -fsSL https://raw.githubusercontent.com/Aditya190803/envsync/main/install.sh | bash

Supports macOS, Linux, and Windows (WSL)

Encryption

AES-256-GCM

Sync model

Explicit Push/Pull

Remote safety

Revision-checked

Capabilities

Everything needed for reliable secret workflows

Built for teams that want strong cryptography, clean ergonomics, and explicit operational control.

AES-256-GCM encryption

Secrets are encrypted before local or remote writes, with phrase-derived keys using Argon2id.

Explicit push and pull

You decide exactly when synchronization happens, with no background surprises.

Machine restore

Onboard a second machine from your recovery phrase and remote encrypted state.

Conflict-aware sync

Detect conflicts, choose override behavior, and preserve deterministic outcomes.

Doctor diagnostics

Run fast health checks for config, active project state, and remote connectivity.

Structured audit logs

Every important action is append-logged in JSON for inspection and automation.

How it works

Simple flow. Strong guarantees.

Three clear steps from local setup to secure cloud backup.

01

Initialize and scope

Create your encrypted local vault, select project, and choose environment.

02

Manage secrets safely

Set, get, list, rollback, and review history without exposing plaintext by default.

03

Sync with control

Push and pull to file, HTTP, or Convex backends with optimistic concurrency checks.

Terminal demo

Built for people who live in the shell

Fast command surface, deterministic behavior, and output made for automation.

Security
No hidden plaintext paths
Phrase-derived keys, encrypted values, version history, and audit trails all designed for high-signal operations.
Security model
  • Argon2id key derivation from recovery phrase
  • AES-256-GCM encryption for secret values
  • Remote writes validated by optimistic `revision` checks
Remote integrations
  • HTTP remote backend with bearer token support
  • Convex backup transport with deploy key + API key modes
  • Restore command for second-machine recovery
Ship with confidence. Keep secret operations explicit.
Start with one install command and move to reliable encrypted sync across every environment your team touches.
Install Env-Sync