zero-knowledge .env sync
envpull
Sync environment variables across machines — encrypted locally, readable only by you.
~/projects/app
$ envpull login
✔ Logged in successfully
$ envpull init
✔Initialized project "app"
$ envpull push
✔ Uploaded encrypted .env
$ Your secrets are yours.
envpull encrypts .env files on your machine before upload. The server only stores ciphertext — we never see your plaintext secrets.
Your workflow stays simple.
login, init, push, pull. The same commands on every machine, with the same recovery key if you forget your password.
Your files stay open.
Plain .env files on disk. No proprietary vault format locking you in — just encrypted sync for what you already use.
Four commands.
Encrypted before it leaves your machine. Decrypted only with your password or recovery key.
- 01Create an account or sign in
envpull login - 02Link this project
envpull init - 03Encrypt and upload .env
envpull push - 04Download and decrypt elsewhere
envpull pull
Install
Requires Node 20+. Point the CLI at api.envpull.dev by default — or your own host.
npm i -g @colinguinane/envpull-cliThen run envpull login