Envault

Introduction

Secure, collaborative, and developer-friendly environment variable management.

Welcome to Envault

Envault is a source-available, self-hostable secret management platform designed for modern development teams. It simplifies the chaos of managing .env files across multiple projects, environments, and team members, ensuring your sensitive data is always encrypted and always syncronized.

Licensed under the Functional Source License (FSL), Envault's code is public, auditable, and free to self-host-with automatic conversion to MIT after 24 months. Learn more about our licensing.

Why Envault?

Traditional secret management often involves insecurely sharing .env files over Slack or using expensive, enterprise-only SaaS solutions. Envault bridges the gap: Bank-grade security with a developer-first experience, completely under your control.

Getting Started

Install Envault locally or deploy to your infrastructure in minutes.

Architecture

Deep dive into our Envelope Encryption and security model.

CLI Reference

Master the `envault` command line interface.

API Reference

Integrate Envault programmatically into your CI/CD.

Notifications

Understand and customize in‑app and email alerts.

Core Features

Envault isn't just a database for strings. It's a complete ecosystem for secret lifecycle management.

Security First

Security isn't an afterthought; it's the foundation.

  • AES-256-GCM Encryption: Utilizing a robust envelope encryption strategy.
  • Zero-Knowledge Architecture: Secrets are decrypted only in memory when requested.
  • Automatic Key Rotation: Rotate keys seamlessly without downtime.
  • Passkey Support: Passwordless, biometric login powered by WebAuthn.

Developer Experience

Built to fit into your existing workflow, not disrupt it.

  • Unified CLI: envault pull is all you need to sync secrets.
  • Project Workspaces: Isolate secrets by project (e.g., web-app, backend-api).
  • Team Collaboration: Granular permissions (Owner, Editor, Viewer) for every member.
  • Dedicated Support Page: Integrated troubleshooting options directly within the app.

Performance & Design

  • Modern UI: A stunning, responsive dashboard built with Next.js, Tailwind CSS, and Shadcn UI.
  • Interactive Visuals: Experience 3D elements powered by React Three Fiber.
  • Keyboard Navigation: Move through your secrets as fast as you type.

How it Works

At a high level, Envault acts as the single source of truth for your environment variables.

  1. Push: Developers push encrypted secrets to a central project.
  2. Manage: Owners control access using Role-Based Access Control (RBAC).
  3. Pull: Apps and developers pull secrets into their local environments or CI/CD pipelines securely.

Tech Stack

Envault is built on the giants of the modern web.

Next.js 14

App Router & Server Actions

Supabase

PostgreSQL & Auth

Tailwind CSS

Utility-first Styling

Fumadocs

Documentation Framework

Installation

How to install and run Envault locally

On this page

Welcome to Envault
Quick Links
Core Features
Security First
Developer Experience
Performance & Design
How it Works
Tech Stack