A lightweight Node.js command-line tool for syncing environment variables across teams and projects. Think of it as "Git for environment variables" - secure, fast, and team-friendly.
- π Secure Storage - Client-side encryption with AES-256-GCM
- π Multiple Storage Providers - Git, AWS, Azure, Google Cloud, or EnvFly Cloud
- π₯ Team Collaboration - Share environments with team members
- π Conflict Resolution - Smart merging and conflict detection
- π Audit Logs - Track all environment changes
- π Fast & Lightweight - Built with Node.js, works everywhere
- π§ Easy Setup - Simple initialization and configuration
npm install -g envfly-cli# Initialize with your preferred storage provider
envfly init
# Choose from:
# - Git Repository (encrypted)
# - AWS Secrets Manager
# - Azure Key Vault
# - Google Secret Manager
# - EnvFly Cloud Service# List environments
envfly list
# Push environment to storage
envfly push production
# Pull environment from storage
envfly pull staging
# Sync environment (merge local and remote)
envfly sync developmentEnvFly supports multiple storage backends, so you can use your existing cloud infrastructure:
Store encrypted environment variables directly in your Git repository:
envfly init
# Choose: Git Repository (encrypted)
# Enter encryption key
# Set environment files pathFeatures:
- Client-side encryption before Git commit
- Version control for environment changes
- Works with any Git hosting (GitHub, GitLab, etc.)
- No external dependencies
Use AWS Secrets Manager for enterprise-grade secret management:
envfly init
# Choose: AWS Secrets Manager
# Configure AWS region and prefixRequirements:
- AWS credentials configured (
aws configure) - Secrets Manager access permissions
- Optional: Install
aws-sdkfor better performance
Store environments in Azure Key Vault:
envfly init
# Choose: Azure Key Vault
# Enter Key Vault URL
# Configure prefixRequirements:
- Azure credentials (Azure CLI, Managed Identity, or Service Principal)
- Key Vault access permissions
- Optional: Install
@azure/identityand@azure/keyvault-secrets
Use Google Cloud Secret Manager:
envfly init
# Choose: Google Secret Manager
# Enter Project ID
# Configure prefixRequirements:
- Google Cloud credentials (
gcloud auth application-default login) - Secret Manager access permissions
- Optional: Install
@google-cloud/secret-manager
Use EnvFly's hosted service with team features:
envfly login
envfly init
# Choose: EnvFly Cloud Service
# Set up team access| Command | Description |
|---|---|
envfly init |
Initialize EnvFly in current project with storage provider selection |
envfly login |
Authenticate with EnvFly Cloud Service |
envfly list |
List available environments and their status |
envfly push <env> |
Push local environment to storage |
envfly pull <env> |
Pull environment from storage to local |
envfly sync <env> |
Sync environment (merge local and remote) |
| Command | Description |
|---|---|
envfly team create <name> |
Create a new team |
envfly team list |
List teams you're a member of |
envfly team invite <email> [role] |
Invite member to current team |
envfly team join <code> |
Join team with invite code |
envfly team members [teamId] |
List team members |
envfly team grant <user> <env> [permission] |
Grant environment access |
envfly team share-env <env> <team> [keys] |
Share environment with another team |
| Command | Description |
|---|---|
envfly history <env> |
Show environment version history |
envfly audit <env> |
Show detailed audit logs |
- Admin: Full access to all environments and team management
- Developer: Read/write access to assigned environments
- Readonly: Read-only access to assigned environments
- Granular permissions per environment
- Cross-team environment sharing
- Audit trail for all access
- Client-side AES-256-GCM encryption
- Zero-knowledge architecture (server never sees plaintext)
- Secure key derivation with PBKDF2
# 1. Create team
envfly team create "Backend Team"
# 2. Invite members
envfly team invite [email protected] developer
envfly team invite [email protected] readonly
# 3. Share environments
envfly team grant alice production readwrite
envfly team grant bob staging readonly# Share production environment with frontend team
envfly team share-env production frontend-team
# Grant specific access to shared environment
envfly team grant frontend-team production readonly# Grant access to specific environment variables only
envfly team grant alice production readonly --keys API_KEY,DATABASE_URL
# Revoke access
envfly team revoke alice production# View environment history
envfly history production
# Rollback to previous version
envfly rollback production v3{
"version": "1.0",
"project_id": "proj_abc123",
"project_name": "My Awesome App",
"team_id": "team_xyz789",
"storage": {
"provider": "aws",
"config": {
"aws": {
"region": "us-east-1",
"prefix": "envfly"
}
}
},
"environments": {
"production": {
"remote_id": "env_prod_123",
"description": "Production environment",
"file": ".env.production",
"last_push": "2024-01-01T00:00:00Z",
"last_pull": "2024-01-01T00:00:00Z"
}
},
"auth": {
"endpoint": "https://api.envfly.io/v1",
"encryption": {
"enabled": true,
"algorithm": "aes-256-gcm"
}
},
"sync": {
"auto_backup": true,
"conflict_resolution": "prompt",
"audit_logs": true
}
}- Node.js >= 14.0.0
- Git (for Git storage provider)
git clone https://github.com/adarsh-technocrat/EnvFly-CLI.git
cd EnvFly-CLI
npm install# Run in development mode
npm run dev
# Run tests
npm test
# Build package
npm run build
# Clean build artifacts
npm run cleanThis project uses GitHub Actions for automated releases. The release process is triggered by:
- Git Tags: Push a tag starting with
v(e.g.,v1.0.0) - Manual Workflow: Use the GitHub Actions manual workflow dispatch
# Release a patch version (1.0.0 -> 1.0.1)
npm run release:patch
# Release a minor version (1.0.0 -> 1.1.0)
npm run release:minor
# Release a major version (1.0.0 -> 2.0.0)
npm run release:major
# Show current version
npm run release:manualFor more control over the release process, use the custom release script:
# Release a patch version
node scripts/release.js patch
# Release a minor version
node scripts/release.js minor
# Release a major version
node scripts/release.js major
# Show current version
node scripts/release.js version
# Clean build artifacts
node scripts/release.js clean- Tests: All tests must pass before release
- Version Update: Automatically increments version in
package.json - Changelog: Updates
CHANGELOG.mdwith release notes - Build: Creates npm package
- Git Operations: Commits changes and creates git tag
- GitHub Action: Automatically publishes to npm and creates GitHub release
The package is automatically published to npm when:
- A git tag is pushed (e.g.,
git tag v1.0.0 && git push --tags) - The GitHub Action workflow completes successfully
Required Secrets:
NPM_TOKEN: Your npm authentication token
This project follows Semantic Versioning:
- Patch (1.0.0 β 1.0.1): Bug fixes and minor improvements
- Minor (1.0.0 β 1.1.0): New features, backward compatible
- Major (1.0.0 β 2.0.0): Breaking changes
All releases are documented in CHANGELOG.md following the Keep a Changelog format.
Install cloud provider SDKs for better performance:
# AWS Secrets Manager
npm install aws-sdk
# Azure Key Vault
npm install @azure/identity @azure/keyvault-secrets
# Google Secret Manager
npm install @google-cloud/secret-managerFor comprehensive documentation, visit the EnvFly Mintlify site: https://envfly.mintlify.app/
You can also check the docs/ directory in this repository.
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the ISC License - see the LICENSE file for details.
- π Documentation: https://envfly.mintlify.app/
- π¬ Discord Community
- π Issue Tracker
- π§ Email Support
Made with β€οΈ by Adarsh