{"id":38037908,"url":"https://github.com/ilmari-h/envie","last_synced_at":"2026-01-16T19:51:33.857Z","repository":{"id":312426609,"uuid":"978883766","full_name":"ilmari-h/envie","owner":"ilmari-h","description":"The convenient and secure .env file replacement. Open source and self-hostable secrets manager.","archived":false,"fork":false,"pushed_at":"2025-11-11T09:56:46.000Z","size":1808,"stargazers_count":114,"open_issues_count":2,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-11-11T11:15:12.718Z","etag":null,"topics":["environment-variables","secret-management","security"],"latest_commit_sha":null,"homepage":"https://envie.cloud","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ilmari-h.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":"COPYRIGHT.md","agents":null,"dco":null,"cla":null}},"created_at":"2025-05-06T16:49:20.000Z","updated_at":"2025-11-11T09:56:46.000Z","dependencies_parsed_at":null,"dependency_job_id":"2b7e4655-be61-4a29-b694-cb05f3471ddd","html_url":"https://github.com/ilmari-h/envie","commit_stats":null,"previous_names":["ilmari-h/envie"],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/ilmari-h/envie","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ilmari-h%2Fenvie","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ilmari-h%2Fenvie/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ilmari-h%2Fenvie/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ilmari-h%2Fenvie/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ilmari-h","download_url":"https://codeload.github.com/ilmari-h/envie/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ilmari-h%2Fenvie/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28482050,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T11:59:17.896Z","status":"ssl_error","status_checked_at":"2026-01-16T11:55:55.838Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["environment-variables","secret-management","security"],"created_at":"2026-01-16T19:51:33.794Z","updated_at":"2026-01-16T19:51:33.852Z","avatar_url":"https://github.com/ilmari-h.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n\u003cimg src=\"./logo.png\" alt=\"Envie\" width=\"120\"\u003e\n\n*Keep your secrets and environment variables secure and organized.*\n\n\u003c/div\u003e\n\nEnvie is both a secret manager for production use and a developer tool for better management of environment variables. Declutter and secure your developer machine by eliminating the need for local `.env` files.\n\n### Features\n\n- **Always encrypted**  \nEnvironment variables are encrypted before transit and never visible to the server\n\n- **Fine-grained access control**  \nGrant access to specific environments on a per-user basis, optionally with time limits\n\n- **Version history**  \nTrack changes to environment configurations over time. Rollback to previous and see an audit trail of changes\n\n- **Variable groups**  \nGroup and organize environment variables together with shared access control rules. \n\n- **Multi-tenant organizations**  \nSupport for teams with role-based permissions\n\n\n### Roadmap\n\n○ [**Web UI**](https://github.com/ilmari-h/envie/discussions/7)  \n│ Manage environments through a browser interface  \n│  \n○ [**Deployment Automation**](https://github.com/ilmari-h/envie/discussions/5)  \n│ Trigger deployments when environment variables are updated  \n│  \n\nYou can suggest features and discuss the roadmap in [discussions](https://github.com/ilmari-h/envie/discussions).\n\n## 📦 Installation\n\nEnvie is available as a CLI tool on npm.\n\nTo install it globally on your machine, run:\n\n```\nnpm install -g @envie/cli\n```\n\nRequirements: Node.js (v22.0 and up) and Linux or macOS operating system\n\n## 🚀 Quick start guide\n\u003e [!IMPORTANT]  \n\u003e To use Envie, you need an Ed25519 keypair on your machine. This is because Envie uses client-side encryption to secure your environment variables.\n\u003e \n\u003e You can generate a new one using OpenSSH with the following command:\n\u003e \n\u003e ```\n\u003e ssh-keygen -t ed25519\n\u003e ```\n\nWhen using Envie for the first time, run the command `envie` without arguments to bring up a setup wizard.\n\nThis wizard will help you with the initial configuration: setting up your keypair path and terminal auto complete.\n\nOnce you have run the setup wizard you can login by running:\n\n```\nenvie login\n```\n\nNow you are ready to use Envie!\n\n### Creating a project\n\nEnvie organises different environments under projects.\n\n**Example:** Acme corporation has 2 projects: web dashboard and a REST API.\n\nFirst, Acme corporation developer creates an organization called *acme* using the command:\n\n```\nenvie organization create acme\n```\n\n\u003e [!TIP]  \n\u003e When using the free plan of Envie cloud, you can use your personal organization instead of creating one.\n\u003e \n\u003e Find the name of your personal organization by running\n\u003e \n\u003e ```\n\u003e envie organization list\n\u003e ```\n\nThen, time to create projects for the web dashboard and API:\n\n```\nenvie project create acme:web-dashboard \u0026\u0026 \\\nenvie project create acme:rest-api\n```\n\nYou can list the projects under the Acme organization by running:\n\n```\nenvie project list --organization acme\n```\n\n### Replacing your local .env files with Envie environments\n\nInstead of local *.env* files you can manage your environment variables with Envie environments.\n\nUnder the same project, you can have as many environments as you want. For example, one called `prod` for production use, `staging` for staging and one called `josh-dev` for the personal dev environment of a developer called Josh.\nAll of these can have different access control rules (more on that later).\n\nYou can create an environment from an existing *.env* file on your disk with:\n\n```bash\nenvie environment create \u003corganization\u003e:\u003cproject\u003e:\u003cenvironment-name\u003e --file \u003cpath-to-env-file\u003e\n```\n\nOr if you already have an environment and want to update it from a *.env* file on your disk\n```bash\nenvie environment update \u003corganization\u003e:\u003cproject\u003e:\u003cenvironment-name\u003e \u003cpath-to-env-file\u003e\n\n```\n\nYou can also update a single environment variable at a time with:\n\n```bash\n# Set a literal value\nenvie set \u003corganization\u003e:\u003cproject\u003e:\u003cenvironment-name\u003e KEY=value\n\n# Clone a key from another environment (same key name)\nenvie set \u003corganization\u003e:\u003cproject\u003e:\u003cenvironment-name\u003e KEY --from org:project:other-env\n\n# Clone and remap (copy SOURCE_KEY as KEY)\nenvie set \u003corganization\u003e:\u003cproject\u003e:\u003cenvironment-name\u003e KEY=SOURCE_KEY --from org:project:other-env\n\n# Clone multiple keys at once\nenvie set \u003corganization\u003e:\u003cproject\u003e:\u003cenvironment-name\u003e API_KEY DB_URL --from org:project:staging\n\n# Mix cloning and remapping\nenvie set \u003corganization\u003e:\u003cproject\u003e:\u003cenvironment-name\u003e PUBLIC_KEY=PRIVATE_KEY API_SECRET --from org:project:prod\n```\n\nTo remove an environment variable, run:\n```bash\nenvie unset \u003corg\u003e:\u003cproject\u003e:\u003cenv-name\u003e KEY\n```\n\n### Using your environments\n\nInstead of sourcing a local .env file you can run any command with Envie using your chosen environment.\n\nExecute a command with environment variables loaded:\n```bash\nenvie exec \u003corganization\u003e:\u003cproject\u003e:\u003cenvironment-name\u003e ./your-command.sh\n\n# or specify a version\nenvie exec \u003corganization\u003e:\u003cproject\u003e:\u003cenvironment-name\u003e@version ./your-command.sh\n\n# or no command to run an interactive shell\nenvie exec \u003corganization\u003e:\u003cproject\u003e:\u003cenvironment-name\u003e\n\n# use -- to pass arguments to the command\nenvie exec \u003corganization\u003e:\u003cproject\u003e:\u003cenvironment-name\u003e@version npm -- run dev\n```\n\n### Workspace configurations with `envierc.json`\n\nYou can create a project specific configuration for Envie by adding an `envierc.json` file inside your project directory.\n\nExample of an `envierc.json`\n```json\n{\n  \"organizationName\": \"acme\",\n  \"projectName\": \"acme-web-application\",\n  \"instanceUrl\": \"https://api.envie.cloud\"\n}\n```\n\nWhen running commands inside a directory with an `envierc.json` file, like `envie exec`, you don't need to specify the full path to the environment (e.g. instead of _acme:acme-web-application:dev_ you can just specify _dev_).\n\n### Different dev environments for different developers with a `.envie` file\n\nWhen you have multiple developers working on the same project, each one of them can specify their own environment using a `.envie` file.\n\nPlace the `.envie` file at the root of your project and add it to your `.gitignore`\n\nInside the file specify your dev environment e.g. `acme-corp:project-name:joshs-dev-env`.\n\nNow when using `envie exec` with `default` argument for the environment e.g. `envie exec default ./some-command.sh`\n\nEnvie will read the environment name from the developer-specific `.envie` file.\n\n### Example configuration with `package.json`\n\nYou can easily integrate envie with any development setup.\nFor example, here's how to use envie in a web development project together with scripts in your `package.json` file.\n\n1. Create an `envierc.json` file in your project root\n\n2. Specify your personal default dev environment in `.envie` file.\n\n3. Prefix your `package.json` development scripts with `envie exec` like so:\n\n```json\n{\n  \"name\": \"my-project\",\n  \"version\": \"0.1.0\",\n  \"private\": true,\n  \"type\": \"module\",\n  \"scripts\": {\n    \"build\": \"npx with-env next build\",\n    \"dev\": \"npx with-env next dev --turbo\",\n    \"start\": \"npx with-env next start\",\n    \"with-env\": \"envie exec default --\"\n  },\n  \"dependencies\": {\n    /*...*/\n  }\n}\n```\n\nNow when running e.g. `npm run dev` the command will run with your specified environment.\n\n## Configuration\n\nEnvie configuration can be managed via the CLI (see `envie config` subcommands).\n\nLocal configuration can also be managed via a `config.json` file, stored under the standard configuration directory if your operating system (`XDG_CONFIG_HOME/envie` for Linux and `~/Library/Application Support/envie` for macOS.) You can override this with the environment variable `ENVIE_CONFIG_DIRECTORY`.\n\n## Self Hosting\n\u003e [!TIP]  \n\u003e Not into self hosting? Envie Cloud offers a hosted instance that is **free forever** for individual use with affordable per-user licensing available for teams.\n\u003e\n\u003e Head over to \u003chttps://envie.cloud\u003e and sign up to get started with a forever-free plan!\n\n\nEnvie can be self-hosted using Docker. Two images are required:\n\n- **API**: [salhdev/envie-api](https://hub.docker.com/r/salhdev/envie-api)\n- **Web client**: [salhdev/envie-web](https://hub.docker.com/r/salhdev/envie-web)\n\nImage usage documented on Docker hub.\n\n## Security Practices\n\nEnvie uses public key encryption to ensure your environment variables stay private and secure:\n\n### How It Works\n- **Client-side encryption** - Your environment variables are encrypted on your device before being sent anywhere\n- **Public key encryption** - Uses modern cryptography so only people you give access to can decrypt your data\n- **Zero-knowledge server** - The server stores encrypted data but can never see your actual environment variables\n\n### Access Control\n- **Fine-grained permissions** - Grant access to individual environments, not just entire projects\n- **Role-based access** - Organization admins can manage who can create projects and environments\n- **Explicit access only** - Users must be explicitly granted access to each environment they need\n- **Time-limited access** - Automatically revoke access after a given period of time\n\n### Public Key Encryption\n\nYour environment variable values are stored encrypted on the server (that is, in the database of your Envie API instance).\nTo allow your selected team members to access and decrypt it, Envie uses X25519 Diffie–Hellman key exchange protocol.\n\nWhen you create an environment, a data encryption key (DEK) is generated on the client.\nFor each user that has access to this environment, an encrypted version of the DEK is stored on the server.\nThis encrypted DEK can only be decrypted with that user's keypair.\n\nThis approach is widely adopted in other applications.\nFor example, ***dotenvx*** is another environment variable management solution that uses this approach. You can find their whitepaper at \u003chttps://dotenvx.com/dotenvx.pdf\u003e.\n\n## Architecture\n\nThis is a TypeScript monorepo built with Turborepo containing:\n\n### Applications\n- **API Server** (`apps/api/`) - Express.js REST API with JWT authentication\n- **CLI Tool** (`apps/cli/`) - Command-line interface for managing environments\n- **Web Interface** (`apps/web/`) - Web UI\n\n\n## Development prerequisites\n- Bun \u003e= 1.2.11\n- PostgreSQL database\n- Redis instance\n- GitHub OAuth application\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Filmari-h%2Fenvie","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Filmari-h%2Fenvie","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Filmari-h%2Fenvie/lists"}