EnvRelay
Sign inTalk to us
Developer-first env vault

Relay env secrets without surrendering control.

EnvRelay keeps every `.env` variant encrypted until your browser unlocks it. Sync projects across devices, relay secure shares with time-boxed tokens, and audit every access—all without leaking plaintext to the server.

Get startedTalk to a human

Variant preview

Tap a variant to inspect the encrypted export snapshot.

Dev

Ephemeral keys for local builds and feature toggles.

  • API_URL=http://localhost:3000
  • LOG_LEVEL=debug
  • FEATURE_FLAGS=beta

Each export is sealed with a one-time data key, wrapped by your master key, before leaving the browser.

Why developers trust EnvRelay

Keep solo workflows fast, stash legacy `.env` files, relay secrets to fellow developers, and share with teammates only when it’s necessary.

Versioned vaults

Organise projects and capture legacy `.env` files without drift or manual copy-paste.

End-to-end share flow

Generate browser-encrypted share bundles that burn on open without exposing plaintext.

Operational guardrails

Better Auth policies and ownership checks keep solo developers and collaborators safe.

Workflow

How EnvRelay keeps every secret on a short leash

A four-step loop that keeps encryption in the browser and access under your control.

1

Collect & encrypt

Import variants; EnvRelay encrypts payloads client-side with AES-GCM 256 and Argon2id derived keys.

2

Sync to your vault

Bundles are wrapped with a deterministic master key derived from your vault secret and user ID.

3

Relay with tokens

Issue share links with TTL, max views, and optional one-time burns—recipients decrypt in-browser.

4

Audit & rotate

Track opens, revoke access immediately, and rotate master keys without a migration fire drill.

Security

Security principles that ship with every request

EnvRelay keeps encryption in the browser and shares on a short leash. From capture to rotation you stay in control of how secrets move.

  • Secrets are encrypted in your browser before they sync.
  • You control who can open a share and for how long.
  • We log metadata only so you can see when a link was used.

What the server sees

Ciphertext blobs, wrapped keys, and audit metadata. No plaintext secrets, no master keys.

0

Secrets stored in plaintext

30d

Audit log retention

Curious how this works behind the scenes? Contact us and we’ll walk you through encryption, rotations, and access control.

Ready to relay your next stack?

Bring EnvRelay into your workspace, capture those legacy `.env` files, and share with fellow developers only when you need to.

Launch EnvRelay
EnvRelay · Manage envs securely, share secrets on your terms