Envault

Envault is a secure, modern vault application built with Next.js, Supabase, and Tailwind CSS. It provides a robust authentication system and a sleek user interface for storing and managing sensitive information.

Features

• Bank-Grade Security: AES-256-GCM encryption with master/data key hierarchy and automatic key rotation.
• Project Workspaces: Organize secrets into distinct projects for better management.
• Semantic Routing: Clean, GitHub-style URLs (/[username]/[project-slug]) for easy sharing and navigation.
• Team Collaboration: Secure project sharing with strict Role-Based Access Control:
  • Owner: Full administrative control (Rename, Delete, Manage Team).
  • Editor: Active contributor (Read/Write secrets, request to Share).
  • Viewer: Read-only access to variables.
• Secure Authentication: Powered by Supabase Auth for robust user management, including Passkey support for passwordless, biometric login.
• Modern UI/UX: Built with Tailwind CSS, Shadcn UI, and Framer Motion for a premium experience.
• Interactive 3D Elements: High-performance 3D visuals powered by React Three Fiber.
• Keyboard First: Navigate efficiently with fully customizable, conflict-free hotkeys.
• Responsive Design: Fully responsive layout that works seamlessly on desktop and mobile.
• Dark Mode Support: Built-in support for light and dark themes.
• CLI Support: Manage your secrets directly from your terminal, featuring automatic non-blocking background update checks.
• Native Vercel Integration: Link Vercel projects, map environments, and sync secrets directly into Vercel env storage for serverless runtime compatibility.
• Real-time System Status: Monitor system health, active incidents, and historical uptime with a dedicated status page.
• Dedicated Support Page: Integrated support features directly within the app to help users manage troubleshooting options efficiently.
• Comprehensive Documentation: Integrated docs site with guides, API reference, and CLI documentation.

CLI

Envault natively supports the Model Context Protocol (MCP), so AI coding assistants like Claude Desktop, Cursor, and RooCode/Cline can pull and push your secure environments effortlessly.

# Automatically configure your AI clients (Global & Local Workspaces)
envault mcp install

# Or install strictly for the current workspace
envault mcp install --local

Installation

macOS & Linux (Universal)

curl -fsSL https://raw.githubusercontent.com/DinanathDash/Envault/main/install.sh | sh

macOS (Homebrew)

brew tap DinanathDash/envault
brew install --formula envault

Homebrew cask installs are deprecated. If you installed via cask, migrate with:

brew uninstall --cask dinanathdash/envault/envault
brew install --formula envault

For more details, check out the CLI Documentation.

Local Testing

Envault local development now uses portless with HTTPS hostnames.

npm install -g portless

To use the Envault CLI with the local development server, set the ENVAULT_CLI_URL environment variable:

export ENVAULT_CLI_URL="https://envault.localhost:1355/api/cli"
envault login

For one-command envault run local app startup, prefer hosted API fetch-first behavior by not setting ENVAULT_CLI_URL/ENVAULT_BASE_URL.

Security Architecture

Envault uses a hybrid encryption model to ensure maximum security:

1. Master Key: A 32-byte key stored in environment variables, used solely to encrypt/decrypt Data Keys.
2. Data Keys: Unique keys for encrypting actual data. These are stored encrypted in the database.
3. Key Rotation: Data keys can be rotated. The active key is cached in Redis for high performance without compromising security.
4. AES-256-GCM: Industry-standard authenticated encryption for all secrets.

Tech Stack

• Framework: [Next.js](https://nextjs.org

... View full README on GitHub