EnvKey

End-to-end encrypted config and secrets workflows for devs and CI/CD.

97 votes

Your vote:

Visit Website

envkey.com

Edit app info

Info updated on: Mar 26, 2026

Mac Informer

Discover macOS apps and get updates in one click

Start by moving every .env and API token out of spreadsheets and private chats. Create a workspace, define your app and its environments (development, staging, production), then install the desktop app and CLI. Approve your device, add variables with clear names and descriptions, and group them by service or microservice. Invite teammates with scoped roles (read, write, admin) and restrict access by environment so contractors don’t see production. Link your repos and projects so each team knows which config applies where. From there, you’ll manage all secrets and app settings in one place, with client-side encryption ensuring only approved devices can read them.

For daily development, run a single CLI command to sync values to your machine and export them into any process: local servers, Docker Compose, or language-specific runners. Bake the command into package scripts, VS Code tasks, or makefiles so the whole team stays consistent. When someone updates a key, everyone gets the change automatically without chasing messages or pulling a separate repo. Need to rotate a token? Update it once and it propagates across every device and service that relies on it. Use version history to compare diffs, add notes explaining why a value changed, and revert with certainty if something breaks. New hires get up and running in minutes—approve their device, assign permissions, and they’re ready to run the stack without touching raw secrets. more

Screenshots (3)

Review Summary

Features

End-to-end client-side encryption
Cross-platform desktop app and CLI
Granular environment and role-based access
Device approvals and SSO/2FA
Version history, diffs, and rollback
Audit logs and export
CI/CD integrations (GitHub Actions, GitLab, CircleCI, Jenkins)
Scoped, short-lived access tokens
Templating, overrides, and promotions
Docker/Kubernetes/ECS injection
Automated secret rotation workflows
Notes and metadata on variables

How It’s Used

Onboard new developers quickly without sharing raw secrets
Rotate compromised credentials across all services from one update
Inject configuration into CI jobs without storing secrets in the platform
Manage multi-environment setups for microservices with shared and overridden values
Run local development consistently across the team with one sync command
Promote configuration from staging to production with approvals and auditability
Power preview apps with derived environment values per branch
Centralize incident response by revoking devices and rolling keys
Maintain compliance with exportable audit trails and enforced access policies
Replace scattered .env files and wikis with a single source of truth

Plans & Pricing

Startup

$20.00 per month

Strengthen security
Manage development, staging, production
Eliminate duplication with inheritance
Be flexible with sub-environments
Secure invitations with strong end-to-end encryption
Simple access controls, instant revocations
Simplified secrets rotation
Real-time collaboration
Integrate quickly and flexibly
Local caching for offline work
<p> </p>

Traction

$100.00 per month

Growth

$300.00 per month

Scale

Custom