A local-first .env manager for teams.
Envault stores environment variables in projects, keeps version history, shows diffs between snapshots, and encrypts secrets at rest with AES-256-GCM.
Working with shared .env files gets messy fast. Secrets get copied around, overwritten, lost in chats, or changed without anyone knowing what happened.
I built Envault to explore what a small but useful developer tool could look like if it treated .env files like something worth versioning and protecting.
- Stores variables by project and environment
- Encrypts values at rest with AES-256-GCM
- Imports and exports
.envfiles - Creates snapshots before changes
- Shows diffs between versions
- Restores older snapshots
- Keeps everything local in SQLite
- Next.js 14
- TypeScript
- Tailwind CSS + HeroUI
- SQLite via
better-sqlite3 - Node
crypto - Vitest
git clone https://github.com/IsaacOdeimor/envault.git
cd envault
npm install
npm run devOpen http://localhost:3000.
To use your own encryption secret:
ENVAULT_SECRET="your-strong-secret-key" npm run devChanging ENVAULT_SECRET means old encrypted values can no longer be decrypted, so rotate carefully.
src/
βββ app/
β βββ api/ # API routes
β βββ projects/[id]/ # Project detail UI
βββ components/ # UI components
βββ lib/
β βββ crypto.ts # encryption + .env parser
β βββ db.ts # SQLite setup
β βββ queries.ts # database operations
βββ tests/ # Vitest testsnpm testThe tests cover encryption, .env parsing, project CRUD, variable management, version snapshots, diffs, and restore.
This was built as a practical developer-tooling project. The main pieces worth reviewing are the encryption flow, snapshot/diff logic, local database design, and the project/environment UX.