Now in public beta

Secrets management & environment variables
for modern dev teams

A lightweight alternative to .env files and Vault. Encrypt, sync, and inject environment variables from the CLI — without ever writing them to disk.

Start for freeView CLI docs

Free for 3 projects · No credit card required

Terminal
$

Three commands. Zero .env files.

Get up and running in under a minute.

Step 1

Install

npm i -g @secr/cli
Step 2

Init

secr init
Step 3

Run

secr run -- npm start

Everything .env files aren't

A secrets manager built for how modern teams actually work.

Envelope encryption

AES-256-GCM with per-project keys, wrapped by your KMS. Secrets are encrypted at rest and in transit.

CLI-first workflow

Run secr run -- npm start to inject secrets directly into your process — no .env files touching disk.

Team collaboration

Role-based access control with environment-level permissions. Admins, developers, and viewers — each see only what they need.

Full audit trail

Every secret access, change, and rotation is logged. Immutable, append-only audit logs you can export.

Instant sync

Change a secret and every team member gets it immediately. No more "pull the latest .env" messages.

Environment management

Dev, staging, and production — each with their own secrets. Compare and promote between environments.

Works with your stack

Plug into your existing deployment pipeline. SDKs for your language, plugins for your platform.

VercelNetlifyGitHub ActionsTerraformNode.js SDKPython SDKGo SDKVS Code
View all integrations

Simple, honest pricing

Start free. Scale when you're ready. No surprises.

Free

$0forever

For solo developers and small side projects.

  • 3 projects & 100 secrets
  • Version history & promote
  • Dev + Staging environments
  • 7-day audit log
Get started
Popular

Pro

$6/user/mo

For growing teams shipping to production.

  • Unlimited projects & secrets
  • Rollback & webhooks
  • All environments + 5 custom
  • 30-day audit log
  • CI/CD integrations
Start trial

Team

$14/user/mo

For teams that need advanced controls.

  • Everything in Pro
  • 20 custom environments
  • 90-day audit log
  • Git secret scanning
  • Priority support
Start trial

Enterprise

Custom

For organizations with strict compliance needs.

  • SSO / SCIM
  • 365-day audit retention
  • Dedicated infrastructure
  • SLA & onboarding
Contact us

Built for security from day one

Envelope encryption. Immutable audit logs. Role-based access control. Read the full security architecture.

AES-256-GCM

Per-project keys wrapped by KMS. Secrets encrypted at rest and in transit.

SOC 2 mapped

Control mapping for CC6, CC7, CC8. Built with compliance audits in mind.

Zero disk

secr run injects secrets into the process. Nothing written to .env files.

Security docsGet Started Free