Share.env
FeaturesUse casesPricingCLI
Log inStart for free

Your team's secrets deserve better than Slack

Upload your first .env file and see what secret sharing looks like with real access control.

Product

  • CLI
  • API documentation
  • Service status

Legal

  • Privacy policy
  • Terms of service
  • Cookie policy
  • Security
Send an email

share.env

© 2026 share.env. All rights reserved.

Built for teams who take secrets seriously.

Product

Secure .env File Sharing: Everything You Need to Keep Secrets Safe

AES-256 at rest

AES-256 encryption, role-based access control, and full audit history built into every workspace not bolted on afterwards.

Secret security, built for teams

Every .env file lives in a team workspace, not on one person's laptop with access control and version history from day one.

File encryption

Your .env files are encrypted at rest, and Postgres Row Level Security enforces who can even read them at the database layer, not just the UI.

AES-256 · RLS

Expiring links

Share a file without inviting someone to the team every link carries an expiry date and can be revoked instantly, at any time.

revoke anytime

Per-team access control

Owner, editor, and viewer roles decide who can edit secrets and who can only view them enforced by database policies, not just hidden in the UI.

owner · editor · viewer

Version history

Every change to a .env file is recorded, so you always know who changed which secret and when and can roll back to a previous version.

full change audit

CLI & CI/CD integration

Pull the current environment variables straight into your deployment pipeline, without copying secrets between environments by hand.

CLI · CI/CD

Security enforced at the database, not the UI

Every table in share.env has Row Level Security turned on. A hidden button in the interface is not a permission boundary. A policy is.

Row Level Security on every table

Postgres policies decide who can read or write a row before your application code ever runs, so a bug in the UI can't leak another team's secrets.

create policy "workspace_members_select"
on public.env_files for select
using (is_workspace_member(workspace_id, auth.uid()));

AES-256 encryption at rest

File contents are encrypted in Supabase Storage. Nobody, including us, reads a .env file outside of an authorized request.

High-entropy share tokens

Links are generated with cryptographically secure tokens, always carry an expiry date, and can be revoked the moment access should end.

Full audit trail

Every change to a file is recorded with who made it and when, so security reviews take minutes instead of days.

Stop pasting secrets into chat

The way most teams share environment variables today creates a permanent, unencrypted, unrevokable copy of your secrets.

Slack, email, or a shared doc

  • API keys sit in searchable chat history forever
  • Anyone in the channel can read them, no access control
  • No way to know who copied a secret or when
  • Rotating a leaked key means guessing who still has it

share.env

  • Files live encrypted in a workspace, never in a chat log
  • Owner, editor, and viewer roles enforced by the database
  • Every access and change is recorded with a timestamp
  • Revoke a link or a member's access in a single click

Fits into the pipeline you already have

Pull the current environment straight into local development or a CI/CD run, without anyone copying secrets by hand.

  • Official CLI for local development and scripts
  • Drop-in step for GitHub Actions, GitLab CI, and Vercel
  • Scoped tokens per project, never your personal login
  • Every pull is logged like any other file access
$ envshare login  ✓ authenticated as marta@acme.dev$ envshare pull --workspace api --env production  ✓ decrypted 14 variables into .env.production$ envshare link create --env production --expires 24h  ✓ https://share-env.app/l/9f2a1c...  expires in 24h

Stop pasting secrets into chat

Create a workspace, upload your first .env file, and share it with your team in under two minutes.

Create an account