PushEnv: A New, Encrypted Way to Manage .env Files (No SaaS, No Servers) 🔐

Source: Dev.to

Environment variables run everything, but managing them is still messy, risky, and outdated.
PushEnv is a local‑first, encrypted, Git‑style workflow for .env files that eliminates the need for SaaS, servers, dashboards, or logins.

The Problem with .env Files

• Secrets get committed to Git
• Keys are pasted into Slack
• .env.example quickly becomes outdated
• Team members end up with different versions
• CI logs can leak secrets
• Docker images may ship .env files
• No history, rollback, or audit trail

Most teams rely on “just don’t commit your .env,” which is more hope than strategy and still requires trusting a server‑side service.

Introducing PushEnv

A Git for .env files that is:

• Encrypted before leaving your machine (AES‑256‑GCM)
• Zero‑knowledge: the passphrase is never stored
• Server‑less: only ciphertext is uploaded to a managed storage bucket
• No accounts, no lock‑in, no dashboards
• Full version history, diff, and rollback for secrets
• Open‑source (MIT licensed)

How PushEnv Works

1. Initialize a Project

pushenv init

• Choose environments and set a passphrase.
• Generates:
  • .pushenv/config.json — safe to commit
  • ~/.pushenv/keys.json — local keyring (never committed)

2. Push Secrets

pushenv push -m "Initial setup"

• Your .env is encrypted locally.
• Only the ciphertext is uploaded and versioned.
• No plaintext ever leaves your machine.

3. Pull Secrets Anywhere

pushenv pull

• Decrypts locally and injects the variables safely.
• Ideal for CI pipelines, Docker builds, or any ephemeral environment.

4. Run Applications Without Writing Secrets to Disk

pushenv run "npm start"

• Secrets exist only in memory and vanish when the process exits.

Supported runtimes include Node/Next/Nest, Python, Go, Docker/Kubernetes, GitHub Actions, AWS, Cloudflare, Vercel, S3/R2/MinIO, etc.

Installation & Basic Commands

npm install -g pushenv
pushenv init
pushenv push -m "First secrets"
pushenv pull
pushenv run "npm start"

Additional commands: pushenv pull, pushenv diff, pushenv rollback, etc.

Where to Find PushEnv

• GitHub:
• npm:

Conclusion

PushEnv gives developers a safer, simpler, and more transparent way to manage environment variables—without relying on SaaS, storing plaintext, or losing history. It’s not just an alternative; it’s a new approach to secret management.