
Quick Start • Configuration • Commands • Keybindings • FAQ • Documentation
A secure encrypted vault for managing API keys, secrets, and environment variables. Built for developers who live in the terminal.
I built Envy because I was tired of juggling .env files and keeping secrets scattered across password managers, sticky notes, and Slack threads. It's a single binary that gives you both a slick TUI for browsing secrets and a CLI for automation.
Here's what you get:
One command:
curl -fsSL https://raw.githubusercontent.com/XENONCYBER/envy/main/install.sh | sh
Or build from source:
git clone https://github.com/XENONCYBER/envy.git && cd envy
go build -o envy ./cmd/main.go
# Create your vault (first run only)
envy
# Import existing .env files
envy --import .env
# Set secrets via CLI
envy set myproject API_KEY=secret123
# Run commands with secrets injected
envy run myproject -- npm start
# Export project to .env file
envy --export myproject
Your secrets are encrypted with AES-256-GCM. The key is derived from your master password using Argon2id — a memory-hard function designed to resist GPU cracking attempts.
Read more about how the encryption works.
The full docs live in the docs/ folder:
# Prerequisites: Go 1.25.4+
# Clone and build
git clone https://github.com/XENONCYBER/envy.git
cd envy
go build -o envy ./cmd/main.go
# Run tests
go test ./...
# Run locally
go run ./cmd/main.go
See Development Guide for contribution guidelines.
MIT License — see LICENSE for details.