Env was built with security as its foundation. We protect your sensitive data through end-to-end encryption, zero storage policy, and automatic deletion mechanisms.
Your data is encrypted in your browser using AES-256 before it ever reaches our servers. We never see your unencrypted data and cannot access it even if we wanted to.
Encryption keys never leave your device. We operate on a zero-knowledge principle, meaning we have no access to or knowledge of your encrypted data content.
Once accessed by the recipient, your sensitive data is automatically purged from our servers. This ensures your data isn't lingering longer than needed.
Set custom expiration times for your shared secrets. If not accessed within the specified timeframe, the data is automatically deleted from our systems.
When you input your environment variables or secrets, they are encrypted directly in your browser using the Web Crypto API with AES-256-GCM encryption. This happens before any data is transmitted.
The encrypted data is stored on our servers without the encryption key. This means that even if our servers were compromised, your data would remain secure as the attacker would not have the key to decrypt it.
The encryption key is included in the fragment portion of the URL (after the # symbol), which means it never gets sent to our server. This key is needed to decrypt the data on the recipient's side.
By default, once the recipient accesses the shared secrets, the data is immediately deleted from our servers, ensuring that it cannot be viewed again and minimizing the window of potential exposure.