Hey hunters 👋

I built EnvManager after watching one too many teams paste production .env files into Slack, fully searchable, forever, by anyone in the workspace. And when a dev leaves? Nobody rotates the keys they have access to because nobody even knows which ones they saw.

So EnvManager gives you an encrypted, versioned vault with per-environment roles and a one-command CLI (envmanager pull). The newest piece is proxy functions, calling Stripe or OpenAI from a static site without exposing keys in the browser.

Quick note on the security model, since it always comes up:

Secrets are encrypted with XChaCha20-Poly1305 (libsodium, the same cipher family as Signal and 1Password) before they touch the database. The row only stores an opaque vault reference, never the value, so a leaked DB dump is a pile of useless pointers, not your keys.

Who can decrypt is enforced at the database level: you have to be in the org and have explicit access to that exact environment. Staging access never unlocks production. And every read, web reveal, CLI pull, and proxy call lands in an audit log with user, timestamp, and IP. So when someone leaves, you can see precisely which secrets they touched and rotate just those.

The CLI stays boring deliberately: envmanager pull authenticates with a scoped API key over TLS and writes a normal .env; nothing secret lives in your repo or ships in a client bundle. Proxy functions are the same idea: the key stays server-side in the vault; the browser only ever calls your proxy. And for the genuinely paranoid, one-time share links are end-to-end encrypted in the browser (AES-GCM); the decryption key lives in the link fragment, which never hits our servers.

Set up takes ~2 minutes, and there's a 14-day free trial (no card).

I'd love feedback on two things:

(1) does the role/permission model fit how your team splits staging vs. production, and (2) which integration should we add next? Building in public over at @pgerrits.