File encryption
Your .env files are encrypted at rest, and Postgres Row Level Security enforces who can even read them at the database layer, not just the UI.
Product
AES-256 encryption, role-based access control, and full audit history built into every workspace not bolted on afterwards.
Every .env file lives in a team workspace, not on one person's laptop with access control and version history from day one.
Your .env files are encrypted at rest, and Postgres Row Level Security enforces who can even read them at the database layer, not just the UI.
Share a file without inviting someone to the team every link carries an expiry date and can be revoked instantly, at any time.
Owner, editor, and viewer roles decide who can edit secrets and who can only view them enforced by database policies, not just hidden in the UI.
Every change to a .env file is recorded, so you always know who changed which secret and when and can roll back to a previous version.
Pull the current environment variables straight into your deployment pipeline, without copying secrets between environments by hand.
Every table in share.env has Row Level Security turned on. A hidden button in the interface is not a permission boundary. A policy is.
Postgres policies decide who can read or write a row before your application code ever runs, so a bug in the UI can't leak another team's secrets.
create policy "workspace_members_select"
on public.env_files for select
using (is_workspace_member(workspace_id, auth.uid()));File contents are encrypted in Supabase Storage. Nobody, including us, reads a .env file outside of an authorized request.
Links are generated with cryptographically secure tokens, always carry an expiry date, and can be revoked the moment access should end.
Every change to a file is recorded with who made it and when, so security reviews take minutes instead of days.
The way most teams share environment variables today creates a permanent, unencrypted, unrevokable copy of your secrets.
Slack, email, or a shared doc
share.env
Pull the current environment straight into local development or a CI/CD run, without anyone copying secrets by hand.
$ envshare login✓ authenticated as marta@acme.dev$ envshare pull --workspace api --env production✓ decrypted 14 variables into .env.production$ envshare link create --env production --expires 24h✓ https://share-env.app/l/9f2a1c... expires in 24h
Create a workspace, upload your first .env file, and share it with your team in under two minutes.