Delete your .env files.

Encrypt secrets. Inject at runtime. Keep AI tools out.

$ curl -fsSL noenv.dev/install.sh | sh copy
$ noenv import .env
store initialized.
imported 12 secrets.
you can now: rm .env
$ rm .env
$ noenv run -- make start
12 secrets injected.
Security

What your AI sees

cat .env file not found
printenv SECRET nothing
cat .noenv/secrets/* encrypted binary
noenv get KEY blocked (GUI dialog)
Why noenv

Built for the AI era

XChaCha20-Poly1305

Same encryption family as WireGuard. Military grade, at rest.

GUI protection

noenv get requires a physical click. AI tools cannot dismiss native OS dialogs.

Environments

noenv -e api/prod run -- deploy. Nested paths, zero config.

~500 lines of Zig

Read the entire codebase. No dependencies. Single binary.

.env import

Migrate in one command. noenv import .env && rm .env

AI skill support

npx skills add go-to-the-future/noenv

Comparison

noenv vs the rest

noenvDoppler1Password CLI
AI protectionyesnono
Cloud dependencynonerequiredrequired
Costfreefreemiumpaid
Team sharingnoyesyes
Setup time10 secminutesminutes

noenv is not a Doppler replacement. Use both. Doppler for team sharing. noenv for local AI protection.

Get started

Install

curlcurl -fsSL noenv.dev/install.sh | sh
brewbrew install go-to-the-future/tap/noenv
skillnpx skills add go-to-the-future/noenv
buildgit clone github.com/go-to-the-future/noenv && zig build