Envmesh

Local-first secret runtime · macOS

Your secrets, on every Mac you trust — and nowhere else.

Right now your API keys sit in plaintext .env files — open to any script, any dependency, any coding agent, and copied by hand to every new machine. Envmesh seals them into an encrypted store, syncs sealed copies straight between the devices you approve, and opens a secret only for the command that needs it.

  • No account
  • No server
  • No plaintext
  • Open development
.env.local12 ENTRIES · SEALED
  • DATABASE_URL=
  • STRIPE_SECRET_KEY=
  • OPENAI_API_KEY=
  • REDIS_URL=
  • AWS_SECRET_ACCESS_KEY=
  • SMTP_PASSWORD=
studio-mac ⇄ laptop · peer-to-peerSealed · No cloud contact

01/The problem

The .env file is a habit, not a decision.

Every project starts with one plaintext file — and ends with copies in chat threads, cloud drives, shell exports, and agent context windows.

01

Plaintext at rest

Any process, script, or dependency that can read your home directory can read every key you own. One curl-piped install script away from exfiltration.

02

Sprawl by default

Getting the same environment onto a second machine means AirDrop, email, or a cloud drive. Every copy outlives its purpose, and none of them get revoked.

03

Ambient access

source .env grants everything to everyone. Every subprocess — and every coding agent you invite into your terminal — silently inherits your production keys.

Cloud secret managers fix sharing for teams — by asking you to open an account, stay online, and hand your keys to one more vendor. For your own machines, that’s a trade you never needed to make.

02/How it works

One runtime. Your devices. Nothing in between.

Three verbs cover the whole workflow. The implementation can be sophisticated — the surface area stays calm.

  1. 01

    Seal

    $ envmesh import .env.local

    Your existing secrets are encrypted into a local store. The plaintext file becomes a compatibility artifact you can delete — not the source of truth.

  2. 02

    Approve

    $ envmesh devices approve

    Each Mac gets its own device identity. You approve a new device once, in person; from then on ciphertext syncs directly between your devices — same network, your tailnet, or any private route.

  3. 03

    Run

    $ envmesh run -- npm run dev

    Values are injected into that process at launch and nowhere else. No global exports, no dotfiles regenerated, nothing new written to disk.

studio-mac — zsh
$
studio-macthis devicelaptopapprovedmac-miniapprovedDIRECT · END-TO-END ENCRYPTED · NO SERVER IN THE MIDDLE
Devices pair directly; only sealed ciphertext moves between them.

03/Agent access

Your coding agent is not you.

Every secrets platform now says “for humans and AI agents.” They mean service accounts on their servers. Envmesh means the agent in your terminal right now — the one that can cat .env the moment you look away.

Separate sessions

Agent access is its own grant, never inherited from your shell. Closing the session closes the access.

Scoped by policy

Grants are per project, environment, and command. Production keys stay out of reach unless you confirm, every time.

Redacted by default

Secret values are masked in logs, UI surfaces, and everything an agent can read back.

Audited locally

Every session leaves a log of exactly what it touched — on your disk, not a vendor dashboard.

Agent sessions ship with the macOS app. The policy model — device, project, environment, command, session — is in the core today.

agent session — policy preview
$

04/Principles

Honest about what encryption can't do.

A long-lived API key doesn't become ephemeral because a vault stored it. Envmesh doesn't pretend otherwise — it constrains how far a secret can spread, and says so plainly.

01

Ciphertext at rest, always

Secrets live encrypted in a local store. Plaintext files are compatibility outputs, never the model.

02

Access is a grant, not a default

Device, project, environment, command — and eventually agent session. Each layer can say no.

03

Injection over exports

Values exist inside the target process, not in your shell, your dotfiles, or your clipboard.

04

Redaction everywhere

Logs, UI surfaces, and agent-visible output mask values by design, not by discipline.

05

Rotation stays visible

Revoking a device or rotating a key is a first-class, observable action — not a buried menu.

06

Prefer short-lived credentials

When a provider supports dynamic or identity-bound credentials, Envmesh prefers them over storing any static string.

“The implementation can be sophisticated. The surface area should remain calm.”

— Envmesh design principles

05/Compare

A different answer, not another vendor.

Doppler, Infisical, and friends are good products for teams that want a cloud control plane. Envmesh starts from the opposite premise: for your own machines, the most secure server is the one that doesn't exist.

Where secrets live
.env filesPlaintext on disk
Cloud secret managersA vendor's servers
EnvmeshEncrypted on your Macs
Account required
.env filesNone
Cloud secret managersAlways
EnvmeshNone
Sync between your machines
.env filesCopy-paste, AirDrop, chat
Cloud secret managersThrough the cloud
EnvmeshPeer-to-peer, end-to-end encrypted
Process access
.env filesAmbient — everything inherits
Cloud secret managersCLI-scoped injection
EnvmeshPer-command injection
Coding agents
.env filesRead everything, silently
Cloud secret managersService accounts on their platform
EnvmeshLocal sessions — scoped, redacted, logged
Works offline
.env filesYes
Cloud secret managersDegraded fallbacks
EnvmeshYes — it's all local
If the vendor is breached
.env filesNo vendor, no breach — just you
Cloud secret managersYour keys are in scope
EnvmeshThere is no vendor

Already on Doppler or 1Password at work? Provider adapters are on the roadmap — Envmesh as the local runtime in front, your team’s manager of record behind it.

The full landscape: six approaches, honest tradeoffs →

06/Under the hood

Built like infrastructure. Shipped like an app.

One Rust core owns policy, storage, and sync. The CLI and the macOS menu bar app are control surfaces — there is exactly one source of truth for every security decision.

envmesh-cli / menu bar appControl surfaces — thin by design
envmesh-daemonLocal coordination, small local API
envmesh-corePolicy, redaction, secret resolution
store / sync / providersEncrypted SQLite · device pairing · dynamic credentials
Core
Rust
App
Native SwiftUI
Store
Encrypted SQLite
Sync
Peer-to-peer, E2E

Developed in the open, written to be read — by security-minded maintainers, and by the agents that will help build it. The core is portable Rust: the macOS app ships first, and a Linux CLI is on the roadmap.

Early access

Calm on the surface. Sealed underneath.

Envmesh is in active development, working toward a macOS release. If you live in the terminal on more than one Mac — or you’ve started wondering what your coding agent can read — we’d like to hear from you.

No mailing-list machinery. Your note lands in a maintainer’s inbox.