Secret manager for developers
Store once.
Inject anywhere.
Deploy everywhere.
Encrypted vault on your machine. One command to write .env files. One command to push secrets to Railway and Netlify.
$pip install envoke
View source →$ envoke add STRIPE_KEY sk-live_... -s stripe
✓ STRIPE_KEY saved to myapp
$ envoke inject
✓ Wrote 6 secrets to .env
$ envoke deploy sync
syncing 6 secrets to railway...
✓ railway — 6 synced
syncing 6 secrets to netlify...
✓ netlify — 6 synced
Local vault
SQLite database encrypted with AES-256-GCM. PBKDF2 key derivation with 600k iterations. Never leaves your machine.
Project isolation
Secrets are scoped to projects. Service labels (stripe, supabase, etc.) keep them organized.
.env injection
envoke inject writes a clean .env file from your vault. Sorted keys, no duplicates, instant.
Deploy sync
Push secrets to Railway (GraphQL) and Netlify (REST) in one command. Auto-detects production environments.
Pricing
Free
$0
—Encrypted local vault
—Unlimited projects and secrets
—.env injection
—Offline forever
Pro
$8/mo
—Everything in Free
—Railway deploy sync
—Netlify deploy sync
—More platforms coming