Engineered for Security.
Designed for Velocity.
EnvGuard provides the robust cryptographic tools enterprise teams need, wrapped in a frictionless interface developers actually want to use.
Client-Side Encryption
Cryptographic operations happen strictly in the browser using the native Web Crypto API. Plain text never touches a network request.
Burn After Reading
Ensure a secret is only viewed once. The moment the recipient decrypts the payload, it is instantly and permanently wiped from the database.
2FA Key Wrapping
Add a password to your links. We use PBKDF2 to derive a wrapping key, ensuring even intercepted URLs cannot be decrypted without the PIN.
Granular TTL Expiry
Set strict Time-To-Live limits ranging from 24 hours to 60 days. Automated CRON jobs scrub expired ciphertexts at the database level.
Instant .env Parsing
Drag and drop raw `.env` files. Our client-side FileReader extracts and renders the keys into a beautiful, masked IDE-style UI for the receiver.
Tamper Detection
Powered by the Galois/Counter Mode (GCM). If a single byte of the encrypted payload is altered in transit, decryption mathematically fails.
Transparent Pricing
Security shouldn't be a premium feature.
Public Cloud
Everything you need to share secrets securely. Hosted on our high-availability Vercel/Supabase infrastructure.
- Unlimited Encryptions
- Burn After Reading Toggle
- Max 50KB Payload Size
- Up to 60 Days TTL
Self-Hosted
Own your infrastructure completely. Fork the repository and deploy EnvGuard entirely on your own domain and database.
- 100% Open Source Code
- Bring Your Own Supabase DB
- Custom TTL & Payload Limits
- Full Audit Control