Env

Secrets management that developers ❤️

Manage secrets across your team and infrastructure with a fully auditable end-to-end encrypted secrets management service.

Documentation
CLI
Private key

We never see your secrets

Your data is stored fully encrypted, so we never see or generate the encryption keys. These keys are created locally on your machine with OpenSSL’s AES-256-CBC symmetric encryption cipher to keep your data fully encrypted at all times.

Integrations

Integrate with your stack

ENV Integrates with popular cloud providers, CI/CD tools and developer frameworks so that you can automatically inject secrets during the build and deployment process

No hassle multi-environment config

Manage secrets for any environment—development, production, local, or custom—with the .env files you’ve always used.

Start building for free

The first 5 users are always free and $500 in credits for 12 months. No contracts. No lock-in.

Secure and Simple Secrets Management

No Downtime Key Rotation

Update encryption keys without interrupting the functionality of your apps, ensuring both security and operational continuity

Precise Access Control

Manage access to your secrets by, user, environment, and IP address, ensuring the right people and services have the right access

Versioning and Recovery

View past versions of your secrets for any environment, making it simple to revert when needed

Log All The Things

Every access attempt, success or fail, is logged in detail, providing full visibility into who is accessing your secrets and from where

Config Inheritance

Define values once at the app level and inherit them across all environments, reducing the risk of misconfiguration

Safety Checks

We’ll warn you when you’re about to push your local changes to secrets that have been changed since you last pulled.

Environment Firewalls

Control access to your secrets by creating allow/deny firewalls by IP and subnets. You can setup progressively more strict firewalls on more production environments.

Intuitive CLI

An intuitive CLI that makes managing your app’s secrets and configurations fast and effortless.

Frequently Asked Questions

Hyphen ENV lets you manage secrets for any environment—development, staging, production, or custom—using the familiar .env file format. Secrets are end-to-end encrypted with AES-256-CBC keys generated locally on your machine, so your data is never visible to Hyphen. Config inheritance lets you define values once and override per environment, reducing misconfiguration risk.
Hyphen ENV is built for developer teams that need enterprise-grade security without the complexity of tools like HashiCorp Vault. It integrates directly with popular cloud providers, CI/CD tools, and developer frameworks to automatically inject secrets during build and deployment. Push and pull secrets with the CLI, manage access by user, environment, and IP address, and get full audit logs—all without a dedicated DevOps team.
ENV provides a secure, auditable way to share secrets across your team. Every team member pulls encrypted secrets directly to their local environment using the Hyphen CLI. All access is logged in detail—including who accessed what and from where—so you have full visibility. Environment firewalls let you restrict access by IP and subnet for sensitive environments like production.
Hyphen ENV supports no-downtime key rotation, letting you update encryption keys without interrupting your running applications. Full version history is available for every environment, making it simple to view past versions and revert when needed. Safety checks warn you before pushing local changes that conflict with updates made by other team members.
ENV integrates with popular cloud providers and CI/CD tools out of the box. Use the Hyphen CLI to pull secrets into your build pipeline, inject them at deploy time, and manage them across environments—all from the command line. Environment firewalls and precise access controls ensure only authorized services and IP addresses can access production secrets.