AES-256 encrypted · free Pro trial on signup · zero config
Ship without
leaking secrets.
One secure home for every environment variable across all your projects. Manage, share, and sync config — right from your terminal.
No credit card required
Security
Encrypted before it ever hits the database.
Every secret is encrypted at rest using AES-256-GCM the moment you save it. Encryption keys are stored separately from your data and are never logged, cached, or exposed in responses. Your plaintext values exist only in memory during the request.
Encryption flow
Your secret sk_live_abc123
Stored value U2FsdGVkX1+mK9pL…
Separate keystore isolated · never logged
Plaintext never persists to disk
Variable Management
Browse, edit, and copy your config in seconds.
See all your variables in one place. Secrets are masked by default and revealed only on demand. Search and filter across environments instantly — no digging through .env files scattered across machines.
CLI
Run anything with variables already injected.
envmaster run wraps your process and injects the right variables automatically — no dotenv package, no .env file, no manual exports.
Install once, use everywhere. Works across macOS, Windows, and Linux. Switch projects and environments with a single command.
macOS Windows Linux
zsh
$ envmaster project my-api
✓ Switched to project "my-api"
$ envmaster environment production
✓ Active environment: production · 14 variables
$ envmaster run -- node server.js
✓ Injected 14 variables into process
> Server listening on 0.0.0.0:3000
Audit Log
Know exactly what changed and who changed it.
Every add, update, and delete is recorded with a timestamp and the team member responsible. When something breaks in production, you'll know instantly whether a variable was the cause — and when it changed.
AX
Added REDIS_URL
production
just now
SM
Updated STRIPE_SECRET
production
12m ago
AX
Deleted OLD_API_KEY
development
3h ago
SM
Updated DATABASE_URL
production
1d ago
Workspaces & Teams
One project per service. Everyone gets the right access.
Create isolated workspaces for each app or microservice — each with their own environments and variable sets. Invite teammates with per-project read or write roles so frontend devs never accidentally see backend secrets.
Invite team member…
readwrite
How it works
Up and running in
three steps.
No complex setup. No YAML sprawl. No scattered .env files committed to git.
Why EnvMaster
Built for developers,
not ops teams.
Most secret managers are overkill. EnvMaster gives you exactly what you actually need.
Pricing
Simple, transparent
pricing.
Start free. Upgrade when you need to. Pro trial included on every new account.
Payments managed by StripePro trial automatically applied on signup
Takes less than 60 seconds to set up
Take control of your
environment.
Built for developers tired of juggling .env files. New accounts automatically get a free Pro trial.