envmaster
FeaturesPricingDocumentation
Sign inGet started
AES-256 encrypted · free Pro trial on signup · zero config

Ship without
leaking secrets.

One secure home for every environment variable across all your projects. Manage, share, and sync config — right from your terminal.

Start free — 14-day Pro trial Sign in

No credit card required

zsh — envmaster
Security

Encrypted before it ever hits the database.

Every secret is encrypted at rest using AES-256-GCM the moment you save it. Encryption keys are stored separately from your data and are never logged, cached, or exposed in responses. Your plaintext values exist only in memory during the request.

Encryption flow
Your secret sk_live_abc123
AES-256-GCM
Stored value U2FsdGVkX1+mK9pL…
Separate keystore isolated · never logged
Plaintext never persists to disk
Variable Management

Browse, edit, and copy your config in seconds.

See all your variables in one place. Secrets are masked by default and revealed only on demand. Search and filter across environments instantly — no digging through .env files scattered across machines.

production 14 variables
Search variables…
NODE_ENV = production live
API_SECRET_KEY = sk_live_•••••••• secret
DATABASE_URL = postgres://•••••• secret
STRIPE_KEY = sk_live_•••••••• secret
PORT = 3000 live
APP_URL = https://myapp.io live
CLI

Run anything with variables already injected.

envmaster run wraps your process and injects the right variables automatically — no dotenv package, no .env file, no manual exports.

Install once, use everywhere. Works across macOS, Windows, and Linux. Switch projects and environments with a single command.

macOS Windows Linux
zsh
$ envmaster project my-api
✓ Switched to project "my-api"
 
$ envmaster environment production
✓ Active environment: production · 14 variables
 
$ envmaster run -- node server.js
✓ Injected 14 variables into process
> Server listening on 0.0.0.0:3000
Audit Log

Know exactly what changed and who changed it.

Every add, update, and delete is recorded with a timestamp and the team member responsible. When something breaks in production, you'll know instantly whether a variable was the cause — and when it changed.

AX
Added REDIS_URL
production
just now
SM
Updated STRIPE_SECRET
production
12m ago
MI
Added SENTRY_DSN
staging
1h ago
AX
Deleted OLD_API_KEY
development
3h ago
SM
Updated DATABASE_URL
production
1d ago
Workspaces & Teams

One project per service. Everyone gets the right access.

Create isolated workspaces for each app or microservice — each with their own environments and variable sets. Invite teammates with per-project read or write roles so frontend devs never accidentally see backend secrets.

my-api
devstagingprod
A
S
M
T
web-frontend
devprod
A
S
M
worker
devprod
A
S
Invite team member…
readwrite
How it works

Up and running in
three steps.

No complex setup. No YAML sprawl. No scattered .env files committed to git.

01

Create a project

Group variables by project or microservice. Each project has its own isolated namespace with unlimited environments.

02

Add your variables

Paste a .env file or add variables one by one. Mark sensitive values as secrets for automatic AES-256 encryption.

03

Run instantly using our client

Use envmaster run to inject variables into any process, or export to .env and deploy to any platform.

Why EnvMaster

Built for developers,
not ops teams.

Most secret managers are overkill. EnvMaster gives you exactly what you actually need.

Feature
EnvMaster
.env files
Encrypted at rest
Multi-environment support
Team access controls
Full audit log
CLI injection
Works in CI/CD
Git-safe
No local file juggling
Pricing

Simple, transparent
pricing.

Start free. Upgrade when you need to. Pro trial included on every new account.

Payments managed by StripePro trial automatically applied on signup
Takes less than 60 seconds to set up

Take control of your
environment.

Join thousands of developers who manage their secrets with confidence. New accounts automatically get a free Pro trial.

Create free account See features