hushenv

local secret manager · agent era

Your .env,
invisible to AI agents.

hushenv keeps the real values encrypted in a local vault. Your .env files carry only references — safe to commit, safe for an agent to read.

$ npm i -g hushenv
get started → view source
FILE · .env VIEWED BY: coding agent 
NEXTAUTH_URL=http://localhost:3000
DB_PASSWORD={hushenv.DB_PASSWORD}
STRIPE_KEY={hushenv.STRIPE_KEY}
RESEND_KEY={hushenv.RESEND_KEY}

# real value in vault: sk_live_a91f2c
no secrets on disk — only references

the agent reads the folder → gets nothing usable

You handed your repo to an AI agent.

Cursor, Claude Code, Copilot — they read every file in the folder, .env included. A single prompt can surface whatever sits in plaintext. hushenv makes sure there is nothing in that file to read.

how it works

01

Lock it

hushenv set DB_PASSWORD encrypts the value into a local vault with AES-256-GCM. The master key lives in your OS keychain — never in a file.

02

Reference it

Your .env keeps a reference, {hushenv.DB_PASSWORD}, in place of the secret. The file is now safe to commit and safe for an agent to read.

03

Run it

hushenv run -- pnpm dev injects the real value into your app’s environment in memory, at startup. It is never written back to disk.

see it run

$ hushenv init   vault + master key created$ hushenv set DB_PASSWORD   encrypted to vault$ hushenv import   .env rewritten to references$ cat .env  DB_PASSWORD={hushenv.DB_PASSWORD}$ hushenv run -- pnpm dev   secrets injected · running$

how it compares

.env + dotenv dotenvx hushenv
Plaintext secrets on disk yes no — ciphertext in .env no — not in the project at all
Where the secret lives .env file encrypted .env file local vault, outside the repo
Decryption key .env.keys file on disk OS keychain (no key file)
What an agent reads in .env the secret ciphertext a reference
Secret can leak via git yes no no

Credit where due: dotenvx is mature, widely used, and its public-key model lets a teammate add a secret without being able to read the others. hushenv takes a different path — it removes secrets from the project entirely, built for a world where an agent is reading your files.

AES-256-GCMOS keychainzero telemetryApache-2.05 dependenciesopen source

built for the agent era

Works with Claude Code, Cursor, and Cowork — by giving them nothing.

Nothing to read

Your .env holds references, so an agent scanning the repo finds no secrets to surface.

Reveals are gated

hushenv get asks for confirmation on a real terminal. A non-interactive agent shell is refused by default.

Locks down further

Add Bash(hushenv get*) to your agent’s deny rules. Per-project grants — scoping secrets to a single project — are coming in v1.

sixty seconds

$ hushenv init creates the vault + master key
$ hushenv set DB_PASSWORD hidden prompt, encrypted
$ hushenv run -- pnpm dev injects secrets, runs your app