A zero-disk-first secret management platform that injects environment variables directly into process memory at runtime.
$ runenv run -- npm start
> Fetching encrypted context [prod]...
> Decrypting via AES-256-GCM in memory...
> Success: 14 secrets injected.
Ready on http://localhost:3000
Production Environment
DATABASE_URL
****************
KUMBUKA_SECRET
****************
JAMBOAI_API_KEY
****************
Stop playing hot-potato with plaintext secrets. We built RunEnv to eliminate disk exposure entirely.
A chaotic web of scattered .env.local files, hardcoded secrets leaked in GitHub commits, and slack messages asking, "Does anyone have the latest DB password?"
cat .env.local | pbcopy
Plaintext on hard drive
Wait, which env file is prod?
A single source of truth. Secrets are encrypted at rest, synchronized across the team, and never touch the hard drive unless explicitly requested.
AES-256-GCM Encryption
Memory-injected at Runtime
1-Click Synced across Team
RunEnv isn't just a web app; it's a seamless omni-channel experience for secret distribution.
Enterprise-grade UI with RBAC (Role-Based Access Control) and environment diffs. Manage production, staging, and preview secrets with granular permissions.

Pull secrets and run local dev servers without ever seeing a plaintext key on your machine.
$runenv run -- npm start
14 secrets injected into memory.
Electron app running natively on macOS/Windows for browserless, secure secret management.
GitHub Actions
Python SDK
VS Code Extension
Vercel
Core Innovation
Secrets go from PostgreSQL → AES-256 decryption in memory → directly into the Node process, bypassing the file system entirely.
PostgreSQL
Encrypted
Memory Decryption
AES-256-GCM
process.env
Runtime
Generate temporary .env files for Flutter and React Native debugging. Files are auto-configured for F5 debugging and cleaned up after the debug session ends.
$ runenv dotenv --setup
✓ Wrote 31 secrets to .env (F5 ready)
Full audit trail of all secret modifications with version history, diff comparison, and environment snapshots for safe rollbacks.
We implemented libsodium (AES-256-GCM) to encrypt all secrets at rest and in transit. Keys are derived with per-secret salting, ensuring strong encryption throughout the entire pipeline from storage to runtime injection.
Maintaining state and synchronization across the Next.js frontend, the Electron Desktop app, the VS Code extension, and the CLI required a unified REST API suite. We use Upstash Redis for rate limiting and session management, with optimistic updates across all clients.
Integrated Paddle for organization-based subscription tiers (Free, Pro, Business, Enterprise). Handled Just-In-Time (JIT) provisioning for users invited into secure workspaces.
Built With Modern Stacks
Next.js 16 (App Router)
Tailwind CSS 4
NextAuth.js v5
Prisma ORM
Commander.js
libsodium
Next.js 16 (App Router)
Tailwind CSS 4
NextAuth.js v5
Prisma ORM
Commander.js
libsodium
React 19
shadcn/ui
Framer Motion
PostgreSQL
Upstash Redis
Electron 37
Node.js Core
React 19
shadcn/ui
Framer Motion
PostgreSQL
Upstash Redis
Electron 37
Node.js Core
React 19
shadcn/ui
Framer Motion
PostgreSQL
Upstash Redis
Electron 37
Node.js Core
React 19
shadcn/ui
Framer Motion
PostgreSQL
Upstash Redis
Electron 37
Node.js Core