ENCRYPT.
SYNC.
SHIP.

Zero-knowledge encrypted environment variables.
CLI + web dashboard. Per-environment passwords.

tokengate init

$ npx tokengate init

▲ Tokengate v1.2.0

? Select workspace
  ❯ acme-corp
    personal-projects
    freelance-2024

? Environment name production

? Encryption password ••••••••••••

✔ Workspace linked to acme-corp
✔ Environment production ready
✔ Encryption configured

Run tokengate push to sync your .env files
$ 

Multi-file Sync

Local~/project

.env12 vars
.env.local8 vars
.env.production15 vars
.env.staging14 vars

SYNC

Remoteacme-corp

defaultrev #4
localrev #2
productionrev #7
stagingnew

CLI Workflow

Push. Pull. History.

push

$ tokengate push

Scanning .env files...

  File              Status
  ─────────────────────────
  ✓ .env            synced
  ~ .env.local      changed
  + .env.staging    new

? Push changes? Yes

Encrypting...
✔ .env.local → rev #3
✔ .env.staging → rev #1

pull

$ tokengate pull

Checking remote...

  File              Status
  ─────────────────────────
  ↓ .env            remote differs
  ✓ .env.local      synced
  ↓ .env.production remote differs

Decrypting...
✔ .env            ← rev #5
✔ .env.production ← rev #8

All files up to date.

history

$ tokengate history production

  production — 7 revisions

  #7 2024-01-15 14:32 a3f8c1d sarah
  #6 2024-01-14 09:18 b7e2f4a alex
  #5 2024-01-12 16:45 c1d9e3b sarah
  #4 2024-01-10 11:22 d4a6f8c james
  #3 2024-01-08 08:55 e9b2c7d alex
  #2 2024-01-05 13:10 f3e8a1b sarah
  #1 2024-01-03 10:00 a1c4d7e james

End-to-End Encryption

Plaintext .env

DATABASE_URL=postgres://prod:s3cr3t@db.internal:5432/app
API_KEY=sk-live-a8f3b2c1d4e5f6a7b8c9
STRIPE_SECRET=sk_live_51HG3j2eZvKYlo2C0
REDIS_URL=redis://default:p4ssw0rd@cache:6379
JWT_SECRET=xK9#mP2$vL5nQ8wR3tY6
SENDGRID_KEY=SG.abc123.xyz789def

PBKDF2
↓
AES-256-GCM

Encrypted Blob

jA0ECQMCkF3w8J+E7Gj/0sAB
AcP2xL+VHQO4mFqR9KzN3bTe
x7YpW1uJdG8vM5nC0aHi6kSf
QwRlXjU2yD4oBtZcEgAm3rKhP
9VnI7wLs1FpYxCzJ5uMdN8qTb
A6WvO0eHiRk3jG2lSfQwXcU4y
D7oBtZaEgM1rKhP5VnI9wLs3F
pYxCzJ7uMdN0qTbA8WvO2eHiR
k5jG4lSfQwXcU6yD9oBtZaEgM
3rKhP7VnI1wLs5FpYxCzJ9uMd
N2qTbA0WvO4eHiRk7jG6lSfQw

Your password never leaves your machine. We literally cannot read your secrets.

AES-256-GCM

Cipher

300K

PBKDF2 Iterations

E2E

Encrypted

ZERO

Knowledge

GET STARTED

terminal

$ npx tokengate init

ENCRYPT.SYNC.SHIP.

Push. Pull. History.

GET STARTED

ENCRYPT.
SYNC.
SHIP.