A simple, offline CLI tool to securely encrypt, decrypt, and manage .env files across teams .
Keep your environment secrets safe, versioned, and easily shareable without ever exposing sensitive data in Git.
⚠️ Note: Do not use this tool in production systems or public repositories yet. safekeeper is currently in its early development stage. It is intended only for local development and testing purposes until it undergoes further security audits and stability improvements.
Managing .env files in a team is messy and insecure:
- 🧑💻 Device changes or migrations: Files get lost when switching machines.
⚠️ Out-of-sync environments: Developers often run outdated.envvalues.- 💬 Manual sharing hassle: Passing
.envvia chat or email is risky. - 💸 Cost constraints: Most environment managers are paid SaaS tools.
- 🔐 Maintaining a single encrypted
.envfile that can be committed to Git. - 🧩 Allowing team members to decrypt safely using stored keys.
- 💾 Keeping all encryption keys securely stored on your local machine.
- 🪶 Remaining completely free, offline, and lightweight.
- AES-256-GCM encryption with authentication tag.
- Auto-generate or provide your own encryption key.
- Named key management via
key:set,key:get,key:list, andkey:delete. - Safe key re-use - encrypt and decrypt just by referencing the key name.
- Secure local key storage (
~/.safekeeper/keys.json). - Seamless Git integration - safely commit
.env.encfiles to repos.
npm install -g safekeeper# Interactive mode (recommended)
safekeeper encryptYou’ll be prompted for:
- Path to the .env file
- Key name (used to store and reference the key later)
- Secret key (optional — auto-generated if skipped)
# Decrypt using key
safekeeper decryptYou’ll be prompted for:
- Path to the .env.enc file
- Key name (used to fetch the stored key)
Safekeeper also includes a built-in encrypted local keystore (~/.safekeeper/keys.json) for easy reuse.
safekeeper key:setsafekeeper key:getsafekeeper key:listsafekeeper key:deleteThis project is licensed under the MIT License.