Stop copy-pastingsecrets between dashboards
Sync env vars to Vercel, Netlify, Railway, Supabase, Fly.io, Render, and Convex from your terminal. No middleman. No servers. Your secrets never leave your machine.
Want the team dashboard? Drift alerts, audit log, sync status.
Workflow
Three commands. Every platform in sync.
The problem
You already know the pain
Secrets scattered everywhere
Vercel has some. Railway has some. Supabase has some. Netlify has the rest. Your .env has a version from two weeks ago.
Copy-paste is not a workflow
Updating one secret means opening 5 dashboards, pasting the same value, and hoping you didn't miss one.
Your secrets, someone else's server
Other tools store your secrets on their infrastructure. That's another breach surface you didn't ask for.
How it works
One config. Two env files. Done.
Define what you track
dotenvy.yaml
version: 2
secrets:
- STRIPE_SECRET_KEY
- DATABASE_URL
- RESEND_API_KEY
targets:
vercel:
type: vercel
project: my-app
mapping:
development: test
preview: test
production: liveStore values locally
.env.test / .env.live
# .env.test STRIPE_SECRET_KEY=sk_test_4eC39HqLyjWDarjtT1zdp7dc DATABASE_URL=postgres://localhost:5432/myapp RESEND_API_KEY=re_test_xxx # .env.live STRIPE_SECRET_KEY=sk_live_xxx DATABASE_URL=postgres://prod-db:5432/myapp RESEND_API_KEY=re_live_xxx
Sync everywhere
terminal
$ dotenvy sync test
Syncing test environment to 3 targets...
vercel development, preview
STRIPE_SECRET_KEY ✔
DATABASE_URL ✔
RESEND_API_KEY ✔
netlify deploy-preview, branch-deploy, dev
STRIPE_SECRET_KEY ✔
DATABASE_URL ✔
RESEND_API_KEY ✔
flyio default
STRIPE_SECRET_KEY ? (unknown)
DATABASE_URL ? (unknown)
RESEND_API_KEY ? (unknown)
✔ Synced 3 secrets to 3 targetsIntegrations
Syncs to where you deploy
One CLI. Every platform. dotenvy calls each provider's API directly from your machine—no middleman.
Vercel
Sync to development, preview, and production environments
Netlify
Context-aware deploys: production, previews, branch, and dev
Railway
Project-level and service-level variables across environments
Fly.io
write-onlyApp-level secrets for Machines with base64 encoding
Supabase
write-onlyProject secrets via the Management API
Render
Service environment variables via the REST API
Convex
Deployment-level environment variables for your backend
Local .env
Read and write standard .env files on your machine
Architecture
Your secrets never touch our servers
Because we don't have servers. dotenvy calls platform APIs directly from your machine.
Other secret managers
Your secrets stored on third-party servers
dotenvy
Direct connection — no middleman, no breach surface
Pricing
Free for individuals. Built for teams.
The CLI is free and open source forever. The team dashboard keeps everyone in sync.
Open Source
Free
Forever. No catch.
- Full CLI access
- Unlimited secrets
- All providers
- Local config & sync
Team
$10/mo flat
Up to 10 users
- Everything in Free
- Sync status dashboard
- Drift alerts (Slack + email)
- 90-day audit log
Enterprise
Custom
Unlimited users
- Everything in Team
- SSO / SAML
- Role-based access
- Priority support
Dashboard preview
We know, we know — you just can't resist a dashboard. Fine. Here's what it looks like when you let someone else worry about drift.
| Secret | Vercel | Railway | Supabase | Updated |
|---|---|---|---|---|
| STRIPE_SECRET_KEY | synced | synced | synced | 2m ago |
| DATABASE_URL | synced | drifted | synced | 14m ago |
| RESEND_API_KEY | synced | synced | missing | 1h ago |
| OPENAI_API_KEY | synced | synced | synced | 3h ago |
| REDIS_URL | drifted | synced | synced | 1d ago |
Install
Get started in seconds
curl -fsSL https://dotenvy.dev/install.sh | shbrew install dotenvy-dev/tap/dotenvygo install github.com/dotenvy-dev/dotenvy@latest