How it works

How envhush works

Three simple steps. No dashboards, no jargon—just a clean handoff.

Step 01

Encrypt at source

Your .env encrypts locally. We never see the plaintext or your key.

Step 02

Auto-expire

Every link has a built-in timer. It dies on schedule—no stale creds.

Step 03

One handoff

Share one link and one key. No accounts. Copy, paste, done.

Transparency

What we track

We believe in complete transparency. Here's exactly what data we collect and why.

Share Metadata

When you create a share, we store: share ID, expiration time, burn-after-read status, and password hash (if protected).

Why: To enforce expiration rules and Pro features. We never see your actual environment variables.

User Authentication

For authenticated users: user ID, organization ID (if applicable), and Pro subscription status.

Why: To link shares to your account and enable Pro features like burn-after-read and password protection.

What we DON'T track

  • •Your environment variable keys, values, or any plaintext content
  • •Your decryption keys (they never leave your machine)
  • •Third-party analytics, cookies, or tracking pixels
  • •IP addresses or browser fingerprinting data
Create a secure link