Local-first secret runtime · macOS
Your secrets, on every Mac you trust — and nowhere else.
Right now your API keys sit in plaintext .env files — open to any script, any dependency, any coding agent, and copied by hand to every new machine. Envmesh seals them into an encrypted store, syncs sealed copies straight between the devices you approve, and opens a secret only for the command that needs it.
- ✓No account
- ✓No server
- ✓No plaintext
- ✓Open development
- DATABASE_URL=
- STRIPE_SECRET_KEY=
- OPENAI_API_KEY=
- REDIS_URL=
- AWS_SECRET_ACCESS_KEY=
- SMTP_PASSWORD=
01/The problem
The .env file is a habit, not a decision.
Every project starts with one plaintext file — and ends with copies in chat threads, cloud drives, shell exports, and agent context windows.
01
Plaintext at rest
Any process, script, or dependency that can read your home directory can read every key you own. One curl-piped install script away from exfiltration.
02
Sprawl by default
Getting the same environment onto a second machine means AirDrop, email, or a cloud drive. Every copy outlives its purpose, and none of them get revoked.
03
Ambient access
source .env grants everything to everyone. Every subprocess — and every coding agent you invite into your terminal — silently inherits your production keys.
Cloud secret managers fix sharing for teams — by asking you to open an account, stay online, and hand your keys to one more vendor. For your own machines, that’s a trade you never needed to make.
02/How it works
One runtime. Your devices. Nothing in between.
Three verbs cover the whole workflow. The implementation can be sophisticated — the surface area stays calm.
01
Seal
$ envmesh import .env.localYour existing secrets are encrypted into a local store. The plaintext file becomes a compatibility artifact you can delete — not the source of truth.
02
Approve
$ envmesh devices approveEach Mac gets its own device identity. You approve a new device once, in person; from then on ciphertext syncs directly between your devices — same network, your tailnet, or any private route.
03
Run
$ envmesh run -- npm run devValues are injected into that process at launch and nowhere else. No global exports, no dotfiles regenerated, nothing new written to disk.
03/Agent access
Your coding agent is not you.
Every secrets platform now says “for humans and AI agents.” They mean service accounts on their servers. Envmesh means the agent in your terminal right now — the one that can cat .env the moment you look away.
Separate sessions
Agent access is its own grant, never inherited from your shell. Closing the session closes the access.
Scoped by policy
Grants are per project, environment, and command. Production keys stay out of reach unless you confirm, every time.
Redacted by default
Secret values are masked in logs, UI surfaces, and everything an agent can read back.
Audited locally
Every session leaves a log of exactly what it touched — on your disk, not a vendor dashboard.
Agent sessions ship with the macOS app. The policy model — device, project, environment, command, session — is in the core today.
04/Principles
Honest about what encryption can't do.
A long-lived API key doesn't become ephemeral because a vault stored it. Envmesh doesn't pretend otherwise — it constrains how far a secret can spread, and says so plainly.
01
Ciphertext at rest, always
Secrets live encrypted in a local store. Plaintext files are compatibility outputs, never the model.
02
Access is a grant, not a default
Device, project, environment, command — and eventually agent session. Each layer can say no.
03
Injection over exports
Values exist inside the target process, not in your shell, your dotfiles, or your clipboard.
04
Redaction everywhere
Logs, UI surfaces, and agent-visible output mask values by design, not by discipline.
05
Rotation stays visible
Revoking a device or rotating a key is a first-class, observable action — not a buried menu.
06
Prefer short-lived credentials
When a provider supports dynamic or identity-bound credentials, Envmesh prefers them over storing any static string.
“The implementation can be sophisticated. The surface area should remain calm.”
— Envmesh design principles
05/Compare
A different answer, not another vendor.
Doppler, Infisical, and friends are good products for teams that want a cloud control plane. Envmesh starts from the opposite premise: for your own machines, the most secure server is the one that doesn't exist.
- Where secrets live
- .env filesPlaintext on diskCloud secret managersA vendor's serversEnvmeshEncrypted on your Macs
- Account required
- .env filesNoneCloud secret managersAlwaysEnvmeshNone
- Sync between your machines
- .env filesCopy-paste, AirDrop, chatCloud secret managersThrough the cloudEnvmeshPeer-to-peer, end-to-end encrypted
- Process access
- .env filesAmbient — everything inheritsCloud secret managersCLI-scoped injectionEnvmeshPer-command injection
- Coding agents
- .env filesRead everything, silentlyCloud secret managersService accounts on their platformEnvmeshLocal sessions — scoped, redacted, logged
- Works offline
- .env filesYesCloud secret managersDegraded fallbacksEnvmeshYes — it's all local
- If the vendor is breached
- .env filesNo vendor, no breach — just youCloud secret managersYour keys are in scopeEnvmeshThere is no vendor
Already on Doppler or 1Password at work? Provider adapters are on the roadmap — Envmesh as the local runtime in front, your team’s manager of record behind it.
The full landscape: six approaches, honest tradeoffs →06/Under the hood
Built like infrastructure. Shipped like an app.
One Rust core owns policy, storage, and sync. The CLI and the macOS menu bar app are control surfaces — there is exactly one source of truth for every security decision.
envmesh-cli / menu bar appControl surfaces — thin by designenvmesh-daemonLocal coordination, small local APIenvmesh-corePolicy, redaction, secret resolutionstore / sync / providersEncrypted SQLite · device pairing · dynamic credentials- Core
- Rust
- App
- Native SwiftUI
- Store
- Encrypted SQLite
- Sync
- Peer-to-peer, E2E
Developed in the open, written to be read — by security-minded maintainers, and by the agents that will help build it. The core is portable Rust: the macOS app ships first, and a Linux CLI is on the roadmap.