EnvRelay Sharing Guide

EnvRelay lets teams relay sensitive environment variables without exposing plaintext secrets to the server. This guide walks through preparing a share, sending it securely, and helping recipients decrypt it on their device.

1. Before You Share

• Project preparation – confirm the variants you intend to share are up to date inside your vault.
• Vault encryption – only copy plaintext values to the share sheet after they have been saved and encrypted in EnvRelay.
• TTL and view limits – decide how long the share should stay active and how many times it may be opened.
• Share key expectations – every link requires the fragment after #. Without it the recipient cannot decrypt.

2. Creating a Share (Sender Workflow)

1. Open the project – navigate to /vault and select the project containing the variants you want to relay.
2. Launch “Share variants” – open the share sheet from the project toolbar.
3. Select variants – tick one or more variants to include. The "Variants included" list updates in real time.
4. Set expiry controls – choose a TTL and type a view limit. EnvRelay clamps invalid input automatically.
5. Generate the share – click Create share link; EnvRelay encrypts in the browser and returns a URL like https://envrelay.vercel.app/receive/123#share-key.
6. Copy and send – send the full link (including the fragment) through your secure channel.

3. Opening a Share (Recipient Workflow)

1. Visit the link – paste the URL in the browser. EnvRelay will prompt for the fragment if it is missing.
2. Client-side decryption – the app fetches the ciphertext, applies the share key in the browser, and renders each variant in tabs.
3. Copy values – use the copy actions to move values into your editor or environment.
4. Respect expiry – once the TTL elapses or the view counter is exhausted, the link stops working.

4. Saving to Your Vault (Optional)

1. Click Save to vault.
2. Select an existing project or choose Create a new project (EnvRelay proposes the original share name and generates a unique slug).
3. Confirm the save; EnvRelay encrypts with your device key and redirects you to the project page.

5. Security Checklist

• Fragments are critical – always include the #shareKey portion.
• Prefer short TTLs and low view limits.
• Verify links out-of-band if you suspect tampering.
• Encourage recipients to rotate secrets after they copy them into their vault.

6. FAQs

• Can I edit a share? Generate a new share if the payload changes.
• What if I lose the link? Because the key fragment never reaches the server, ask the sender to regenerate it.
• Does EnvRelay log secrets? No—only metadata such as share ID, timestamp, IP, and user agent is logged for auditing.

Need more information? Visit our documentation index or reach out to the EnvRelay team for help.