PushEnv
Type-safe env management and secure team sync. Drop-in dotenv replacement with Zod validation, plus zero-knowledge encrypted secret sharing—no more unsafe Slack messages.
I built PushEnv because I was tired of teams sharing secrets over Slack—unsafe, inefficient, and a security nightmare. Most solutions are either too complex (Vault) or lock you into SaaS (Doppler). I wanted something that just works: zero-knowledge encryption, zero config, zero vendor lock-in.
PushEnv does two things really well: type-safe env loading (drop-in dotenv replacement with Zod validation and auto TypeScript types) and secure team sync (encrypted secret sharing with version control). Secrets are encrypted on your machine before upload—we can't see them, only you can decrypt them.
What Makes It Different
- Zero-knowledge encryption—AES-256-GCM with client-side encryption before upload
- Type-safe by default—Zod validation + auto TypeScript type generation
- Version control for secrets—track changes, rollback safely, diff any version
- No accounts, no setup—works out of the box with PushEnv's managed cloud
- Open-source, no vendor lock-in—your secrets, your control
Built & Shipped
Full CLI workflow (init/push/pull/diff/rollback) with local key management. Backend built with NestJS + Neon/Postgres for reliability. AES-256-GCM encryption, PBKDF2 key derivation, encrypted blob storage. Available on npm with 100% open-source code.