Now with AWS Secrets Manager integration

Git for env vars

Sync environment variables across your team. End-to-end encrypted — the server never sees your secrets.

npm i -g @rowlabs/ev
Read the docs
$ ev push
 Pushing to default:dev

 + DB_HOST
 + DB_PORT
 + SECRET_KEY

 ✔ Pushed to default:dev — 3 added

Live demo

See it in action

Watch two developers sync secrets in real time.

Developer A
Developer B

How it works

Three commands. That's the workflow.

01

Initialize

Creates ev.yaml and sets up encryption keys for your project.

$ ev init my-project
02

Push

Encrypted locally, pushed as ciphertext. The server never sees plaintext.

$ ev push
03

Pull

Team members decrypt locally with their own key. Instant sync.

$ ev pull

Features

Built for how developers actually work

E2E Encrypted

Secrets encrypted on your machine with libsodium. The server stores ciphertext it can never read.

Instant Rollback

Every push creates a snapshot. Roll back to any previous state with one command.

Promote Environments

Move secrets from dev to staging to prod. One command, atomic.

Team Access Control

Invite members, assign roles, revoke access. Crypto key exchange is automatic.

Monorepo Native

Map apps to directories. Context auto-resolves from your working directory.

Diff & History

See what changed, who pushed, and when. Compare any two environments.

Why ev

Not another .env syncer

Most secret managers sync files. ev manages your entire environment workflow.

True zero-knowledge encryption

Encrypted, but the service holds decryption keys

E2E encrypted — the server stores ciphertext it literally cannot read

Your infrastructure, your secrets

Secrets live in the vendor's cloud

Plug into AWS Secrets Manager, Vault, or self-host. Secrets never leave your infra.

Git-like workflows built in

Push and pull. That's about it.

Diff, promote, rollback, release history. The full workflow, not just sync.

Monorepo native

One .env per project

Per-app environments with auto-detection from your working directory

Integrations

Works with your stack

Use ev as the interface. Your secrets stay in your infrastructure.

AWS Secrets Manager

Live

Store secrets in AWS SM. Terraform, ECS, and Lambda read them natively.

HashiCorp Vault

Live

Connect to your Vault KV v2 instance for centralized secret storage.

GCP Secret Manager

Live

Google Cloud native secret management.

1Password

Live

Sync with your team's 1Password vault via Connect Server.

Get started in 30 seconds

Five commands from zero to synced.

npm i -g @rowlabs/ev
ev login
ev init my-project
echo "DB_HOST=localhost" > .env
ev push