envpull
zero-knowledge .env sync

envpull

Sync environment variables across machines — encrypted locally, readable only by you.

~/projects/app
$ envpull login
 Logged in successfully
$ envpull init
Initialized project "app"
$ envpull push
 Uploaded encrypted .env
$ 

Your secrets are yours.

envpull encrypts .env files on your machine before upload. The server only stores ciphertext — we never see your plaintext secrets.

Your workflow stays simple.

login, init, push, pull. The same commands on every machine, with the same recovery key if you forget your password.

Your files stay open.

Plain .env files on disk. No proprietary vault format locking you in — just encrypted sync for what you already use.

Four commands.

Encrypted before it leaves your machine. Decrypted only with your password or recovery key.

  1. 01envpull login
    Create an account or sign in
  2. 02envpull init
    Link this project
  3. 03envpull push
    Encrypt and upload .env
  4. 04envpull pull
    Download and decrypt elsewhere

Install

Requires Node 20+. Point the CLI at api.envpull.dev by default — or your own host.

npm i -g @colinguinane/envpull-cli

Then run envpull login