Now in public beta

Stop sharing .env files over Slack

EnvShare gives your team a single source of truth for environment variables. Encrypted, versioned, and access-controlled.

Get Started Free View Features

AES-256-GCM

SOC 2 Ready

Free forever

.env.production

# Database

DATABASE_URL="postgresql://user:****@db.envshare.dev:5432/prod"

# Auth

AUTH_SECRET="sk_live_************************"

NEXTAUTH_URL="https://app.envshare.dev"

# Services

REDIS_URL="redis://****@cache.envshare.dev:6379"

RESEND_API_KEY="re_************************"

Encrypted

3 members

Features

Everything you need to manage secrets

From encryption to team collaboration, EnvShare provides every tool your team needs to securely manage environment variables.

AES-256-GCM Encryption

Military-grade encryption with unique keys per environment. Your secrets never leave our servers unencrypted.

Team Collaboration

Invite team members, assign roles — Owner, Admin, Developer — and control who can see and manage secrets.

API Key Access

Programmatic access with scoped API keys per environment. Fetch variables via a single HTTP call.

IP Allowlisting

Restrict API access to trusted IP addresses only. New IPs require admin approval before access is granted.

Audit Logging

Complete audit trail of who accessed what, when, and from where. Full transparency for compliance.

Runtime NEXT_PUBLIC_*

Set environment variables in your Vercel dashboard — they work at runtime in Client Components. No rebuild needed.

API Key Integration

Fetch your env vars with a single API call

No SDK required. Use any HTTP client to fetch your environment variables programmatically. Perfect for CI/CD pipelines, Docker builds, and custom tooling.

Create a project

Organize your variables by project. Each project gets isolated encryption.

Generate an API key

Create a scoped API key for each environment. Keys use the es_live_ prefix.

Fetch variables via HTTP

Send a request with the X-API-Key header. Variables are returned decrypted and ready to use.

Terminal

# Fetch your environment variables
curl -H "X-API-Key: es_live_your_api_key" \
  https://envshared.vercel.app/api/v1/env/my-app/production

Response

{
  "DATABASE_URL": "postgresql://user:pass@db.example.com:5432/prod",
  "REDIS_URL": "redis://cache.example.com:6379",
  "API_SECRET": "sk_live_a1b2c3d4e5f6"
}

Terminal

node --import @alvarorestrepo/envshare-sdk/preload app.js

app.ts

import { init } from '@alvarorestrepo/envshare-sdk'

await init({
  apiKey: 'es_live_...',
  project: 'my-app',
  environment: 'production',
})

// All vars are now in process.env
console.log(process.env.DATABASE_URL)

app/layout.tsx

// app/layout.tsx — Add EnvBridge to your root layout
import { EnvBridge } from '@alvarorestrepo/envshare-sdk'

export default function RootLayout({ children }) {
  return (
    <html>
      <head><EnvBridge /></head>
      <body>{children}</body>
    </html>
  )
}

components/dashboard.tsx

// Any Client Component — use env() instead of process.env
'use client'
import { env } from '@alvarorestrepo/envshare-sdk'

const apiUrl = env('NEXT_PUBLIC_API_URL') // works at runtime!

SDK Integration

One SDK, every runtime

Inject environment variables at runtime with zero config. Use the preload hook for Node.js, or EnvBridge for Next.js Client Components — no rebuild needed.

Runtime env injection

No .env files. Variables are fetched and injected into process.env at startup.

EnvBridge for Next.js

NEXT_PUBLIC_* vars work at runtime in Client Components. No rebuild needed.

Auto-cache

Smart caching with ETag support. Stale-while-revalidate built in.

Type-safe

Full TypeScript support. Use envRequired() for vars that must exist.

New in SDK

The NEXT_PUBLIC_* problem, solved

Next.js replaces NEXT_PUBLIC_* variables at build time. Change them in your Vercel dashboard? You need a full rebuild. EnvBridge fixes this — your variables work at runtime, everywhere.

Without EnvBridge

Change a var → rebuild → redeploy → wait minutes.

With EnvBridge

Change a var → it works instantly. No rebuild.

How it works: EnvBridge is a Server Component that reads your NEXT_PUBLIC_* vars at request time and injects them into a tiny inline script. Client Components read them via env() — no hydration mismatch, no network request.

app/layout.tsx

// 1. Add EnvBridge to your root layout
import { EnvBridge } from '@alvarorestrepo/envshare-sdk'

export default function RootLayout({ children }) {
  return (
    <html>
      <head><EnvBridge /></head>
      <body>{children}</body>
    </html>
  )
}

components/dashboard.tsx

// 2. Use env() in any Client Component
'use client'
import { env } from '@alvarorestrepo/envshare-sdk'

export function Dashboard() {
  const apiUrl = env('NEXT_PUBLIC_API_URL')
  const appName = env('NEXT_PUBLIC_APP_NAME')
  // works at runtime — no rebuild!
}

Ready to stop sharing secrets insecurely?

Get started in under 2 minutes. No credit card required. Free for teams up to 5 members.

Create Free Account See how it works