Zero-knowledge env file storage
Stop trusting vendors with your secrets.
Push your .env files to envstore. They're encrypted on your machine with your key before they leave. Even we can't read them. $1.99 per workspace. Unlimited members.
$ curl -fsSL https://envstore.xyz/install | sh $ envstore login $ envstore push .env
Zero-knowledge
Files are encrypted on your machine with age. The server stores ciphertext it has no way to decrypt. Lose your key — even we can't help you recover.
Open source
AGPL v3 on GitHub. Audit every line. Run your own instance if you want. Don't trust — verify.
Comically cheap
$1.99 per workspace, per month. Not per user. Invite your whole team — unlimited members. 14-day trial.
How it works
Encryption happens locally. The web dashboard shows metadata only — names, sizes, timestamps, members. There is no decrypt button to even try.
- Step 1
Install & sign in
OAuth (GitHub, Google) or a 6-digit email code. Then install the CLI.
- Step 2
Push
Run
envstore push .env. The CLI encrypts to every workspace member's public key with age, uploads the ciphertext to R2. - Step 3
Pull
On any machine,
envstore pull. Only your private key decrypts. Server never sees plaintext.
The hard rule
Your private key never enters the browser. The server never receives it. If you lose every copy of your key, your data is gone. We say this loud and we mean it.
vs. the other vaults
| envstore | Other vaults | |
|---|---|---|
| Pricing | $1.99 / workspace | $5–8 / user |
| Team members | Unlimited | Per-seat |
| Server decrypts your files? | Never. Cannot. | "Encrypted at rest" |
| Open source | AGPL v3 | Closed source |
| Key management | You own it | Vendor manages |
| CLI as a first-class citizen | Required for writes | Optional |
$1.99 a month. Your keys.
Try it free for 14 days. No card on the trial. Cancel and we keep your data readable for 30 days so you can pull it out.