EnvShareApp
Trusted · Zero-Knowledge · Enterprise-ready

The CLI for secure secret sharing that teams actually use

Encrypt client-side, share links, or deliver one-time secrets — all from your terminal. Built for devs, audited for security, priced for teams.

Install (npm)npm i -g envshareappTry with npx npx envshareapp uploadRun (curl) one-linerCompare plans
24h
Default expiry
One-time
Max views & burn
AES‑GCM
Client-side encryption
Quick demo
echo "MY_SECRET" | npx envshareapp upload --expires 1
Generates a one-time link. Key never sent to the server.
Auto-copy to clipboard
CI-friendly

Install & Get Started

Permanent (npm)
Best for frequent CLI users
npm i -g envshareapp
Installation guide
Global install creates the envshareapp command for immediate use.
Ad-hoc (npx)
Run without installing
npx envshareapp upload .env
CLI docs
Ideal for one-off or demo use; always runs the latest published version.
Self-host
Run in your VPC
docker run -p 3000:3000 yocyber/envshareapp
Self-hosting docs
Enterprise-friendly with granular controls and private storage.

Prerequisites & Environment

Required tools

  • Node.js (recommended ≥ 16)
  • npm / npx (bundled with Node.js)
  • Docker (for self-hosting)
  • git (optional, for development)

Environment variables

Set these when running the CLI in production or pointing to a custom instance.

Linux / macOS
export ENVSHARE_API_KEY="env_your_key_here" export ENVSHARE_API_URL="https://envshare.app/api/secrets" export ENVSHARE_BASE_URL="https://envshare.app"
Windows PowerShell
$Env:ENVSHARE_API_KEY = 'env_your_key_here' $Env:ENVSHARE_API_URL = 'https://envshare.app/api/secrets' $Env:ENVSHARE_BASE_URL = 'https://envshare.app'

Quick examples

Pipe a secret (one-time link)

echo "MY_SUPER_SECRET" | npx envshareapp upload --expires 1 --views 1

Common for sharing tokens or keys quickly. The CLI outputs a share URL and copies it to your clipboard.

One-liner (curl) — optional

Zero-install convenience for one-off shares. We recommend using the NPX CLI when you need zero-knowledge client-side encryption.

echo "MY_SUPER_SECRET" | bash -c "$(curl -fsSL https://envshare.app/share.sh)"
Inspect before running

Download and review the script, then execute locally:

curl -fsSL https://envshare.app/share.sh | sed -n '1,200p' curl -fsSL https://envshare.app/share.sh -o share.sh && less share.sh # then run: bash share.sh

Tip: For self-hosted/staging set ENVSHARE_HOST to your instance so the script posts to the right API.

Upload a file (Pro / Team)

envshareapp upload credentials.json --expires 24 --views 3

Binary/file attachments require a paid plan. The CLI detects non-text uploads and will prompt to upgrade if needed.

Password-protect a secret (Pro)

envshareapp upload .env --password "S3cretPass"

The recipient must enter the password to decrypt the secret locally.

CI example (GitHub Actions)

# .github/workflows/share.yml
env:
  ENVSHARE_API_KEY: ${{ secrets.ENVSHARE_API_KEY }}
steps:
  - run: npx envshareapp upload ./build/credentials.json --expires 24 --views 1

Use repository secrets to keep your API key safe.

Docs & Support

  • CLI Guide — full usage, options, and examples.
  • SDKs — Node, Python, Go clients and examples.
  • Pricing — plan limits for file attachments and team features.
  • Self-hosting — deployment, Docker images, and configuration.
If you need help, open an issue on GitHub or contact support via the dashboard.
File Attachments
Binary uploads (files) are available on Pro and Team plans — sizes from 10MB to 500MB depending on plan.
Free accounts can continue to share text secrets via the CLI. The CLI now detects non-text uploads and will prompt to upgrade for file attachments.

Security-first

Client-side AES‑GCM encryption; keys stay in the URL fragment. Zero-knowledge by design.

Read security details

Developer friendly

Pipe support, CI integration, and programmatic SDKs for automation.

See CLI & SDK docs

Enterprise-ready

Self-hosting, team controls, and audit logs for compliance.

Self-hosting guide