Your secrets. Your control.
The zero-trust secret manager where your data never leaves your device unencrypted. Not even we can see your secrets.
Everything you need for secret management
Built for teams who refuse to compromise on security.
Environment Variables
Store and manage environment variables with end-to-end encryption. Your secrets are encrypted before they leave your device.
Local .env File Sync
Link projects to local .env files on each device. Push local changes or pull remote updates with one click.
Project Diff & Compare
Compare configurations between projects with a visual diff. Accept, ignore, or keep changes individually or in bulk.
Teams & Collaboration
Structure secrets with organizations, teams, and projects. Each member has their own encryption keys with fine-grained access control.
Key Rotation
Rotate encryption keys with double-admin approval for organizations. Security without single points of failure.
CI/CD Integration
Inject secrets into your CI/CD pipeline with access tokens. Keep your hosting provider away from your secrets.
Your secrets never leave your device unencrypted.
Envie is built on zero-trust principles. All encryption and decryption happens locally on your device. The server stores only encrypted blobs that are meaningless without your keys.
Client-Side Encryption
All data is encrypted locally using XChaCha20-Poly1305. The server only stores ciphertext.
You Hold All the Keys
Decryption keys never leave your app. Not even Envie can access your secrets.
Secure Local Storage
Keys are stored in Stronghold, the same secure storage used by cryptocurrency wallets.
F3E8A7C1...2D4F6B8A