🔐 xenvsync - Keep .env secrets in sync

🧭 What xenvsync does

xenvsync helps you handle .env files with less risk. It can encrypt your secrets, let your team share them with safe keys, and load them into your app when you need them.

It is a single CLI tool, so you do not need to install a long list of extra apps. It works on common desktop systems and fits well if you want to keep secrets out of plain text files and out of cloud services.

💻 Windows download and setup

1. Open the xenvsync Releases page
2. Find the latest release
3. Under Assets, download the Windows file for your system
4. Save the file to a folder you can find, such as Downloads
5. If the file comes in a .zip file, unzip it first
6. Open the folder that contains the program
7. Double-click the xenvsync file to run it, or open Command Prompt in that folder and run it from there

If Windows shows a security prompt, choose the option that lets you run the file.

🧰 What you need

• A Windows PC
• A recent version of Windows 10 or Windows 11
• Permission to download and run files
• A .env file or a folder of environment files to work with

If you plan to share secrets with a team, each person needs the same project setup and the right access keys.

🪟 Find the right file on the Releases page

On the release page, look for a file name that matches Windows. Common names may include:

• xenvsync-windows-amd64.exe
• xenvsync-windows-x64.zip
• xenvsync.exe

Pick the file that fits your Windows device. Most modern PCs use amd64 or x64.

If you only see source files, scroll further down the release page. The file you want is usually listed under Assets.

⚙️ First run

After you open the app, you can use it to manage your secrets in a few common ways:

• Encrypt a .env file before you save it
• Commit encrypted secrets to Git
• Share access with team members using X25519 keys
• Inject secrets into your app when you need to run it
• Rotate keys when access changes

If you are new to this, start with one small .env file and test the flow before moving your whole project.

🧪 Basic use

A typical flow looks like this:

1. Create or choose a .env file
2. Encrypt the file with xenvsync
3. Commit the encrypted version to your repo
4. Share the matching key with the right people
5. Load the secrets back into your app on the machine that needs them

This keeps the secret values out of plain text while still letting your app read them when needed.

🔑 Team sharing

xenvsync supports team sharing with X25519 key exchange. That means one person can share access without sending the same secret file to everyone.

Use this when:

• More than one person works on the same app
• You want to remove access for one person without changing everything
• You want a cleaner way to pass secrets between machines

A good team setup uses one source of truth, clear access rules, and a simple key rotation plan.

🛡️ Security model

xenvsync uses AES-256-GCM for encryption. In plain terms, it turns your .env secrets into unreadable data unless the right key is present.

This helps you:

• Keep secret values out of plain text files
• Store encrypted data in Git
• Avoid sending secrets through cloud tools
• Reduce the risk of copying secrets by hand

It is built for local use, so your files stay under your control.

📁 Common use cases

Use xenvsync if you want to:

• Store app secrets in Git without plain text
• Share .env values across a small team
• Move secrets between your laptop and a server
• Keep development and test settings in sync
• Load environment variables before starting your app

It works well for side projects, internal tools, and small teams that want a simple workflow.

🖥️ Example workflow on Windows

Here is a simple path for a Windows user:

1. Download the latest file from the Releases page
2. Put the file in a folder like C:\Tools\xenvsync
3. Open that folder
4. Run the app from Command Prompt or PowerShell
5. Point it at your .env file
6. Encrypt the file
7. Keep the encrypted file in your project folder

If you use Git, commit the encrypted file instead of the plain text version.

🧾 File types you may see

You may work with these files:

• .env — your normal environment file
• encrypted .env output — the protected version
• key files — used to unlock or share access
• release files — the Windows program you download

Keep the plain text .env file in a safe place and avoid sharing it if it contains secrets.

🔄 Key rotation

If someone leaves the team or you want to refresh access, rotate the key. This means you create a new key and stop using the old one.

Use key rotation when:

• A laptop is lost
• A team member changes roles
• You want to refresh old access
• You want to clean up who can read secrets

A simple rotation habit helps keep access tight over time.

🧭 Troubleshooting

If the app does not open:

• Check that you downloaded the Windows file from the release page
• Make sure the file finished downloading
• Unzip the file if needed
• Try running it from a folder you can access
• Check that your account can run local apps

If your file does not load:

• Check the file path
• Make sure the .env file exists
• Confirm that the file uses the format your app expects
• Try with a small test file first

If team sharing does not work:

• Check that both sides use the correct key
• Confirm that the encrypted file matches the project
• Make sure no one changed the file by hand

📌 Quick start

1. Go to the xenvsync Releases page
2. Download the Windows file from the latest release
3. Unzip it if needed
4. Run xenvsync
5. Encrypt your .env file
6. Use the encrypted file in your project