This content originally appeared on DEV Community and was authored by PRAS Samin
For months, I’ve been quietly building something I felt the JavaScript/TypeScript ecosystem desperately needed… a modern alternative to .env files that isn’t just another wrapper, but a complete rethink of how we manage application secrets.
Today, I’m excited to finally share it publicly.
Redenv - A Zero-Knowledge Secret Management System
A developer-first, fully end-to-end encrypted CLI + runtime client designed so teams can finally stop treating secrets as afterthoughts.
Why I Built This:
Every developer today faces the same pains:
• .env files get out of sync
• Secrets leak in logs, terminals, Git history
• Sharing secrets in teams becomes a mess
• Serverless platforms force the "rebuild to rotate" cycle
Rotating a single API key requires redeploying the entire application
This felt outdated. So I built Redenv around one belief:
Configuration should be dynamic, secure, and completely decoupled from deployment.
What Makes Redenv Different:
• Zero-Knowledge Architecture: All secrets are encrypted using AES-256-GCM with keys derived from PBKDF2-HMAC-SHA256 (310k iterations). Your Redis database never sees plaintext. Not even for a millisecond.
• Redis as a Universal Backend: Built exclusively on Upstash Redis for instant cold starts, global edge performance, serverless pricing, and connectivity from anywhere.
Redenv includes:
— CLI (@redenv/cli)
A polished, full-featured command-line tool with commands like add, edit, view, history, rollback, diff, clone, backup, restore, token create, and so on.
— Runtime Client (@redenv/client)
A lightweight, zero-knowledge client library with:
• In-memory stale-while-revalidate caching
• Instant startup
• Auto population of process.env
• Dynamic updates without redeploying
• Programmatic writes using service tokens
You can rotate an API key and your deployed applications will pick it up automatically, without any rebuild or redeployment. This is a game changer for serverless workflows.
Comparison:
There are many enterprise secret managers and vault systems out there, and they are great for large companies. The difference here is simple: Redenv is fully open-source, developer-first, extremely fast to set up, and gives you maximum control without locking you into a vendor ecosystem.
Final Thoughts:
I believe Redenv can simplify your workflow massively. It’s a fully documented, production-ready open-source project that I’m genuinely proud of.
If you're building:
• Serverless apps
• Edge functions
• SaaS products
• Multi-env systems
• Microservices
• Anything where secrets matter
GitHub Repo: https://github.com/PRASSamin/redenv
CLI: @redenv/cli
Runtime Client: @redenv/client
If you find it valuable, I would love your feedback.
Stars, suggestions, critiques, contributions, everything is welcome.
This content originally appeared on DEV Community and was authored by PRAS Samin
PRAS Samin | Sciencx (2025-11-25T15:38:51+00:00) Introducing Redenv – A Zero-Knowledge, End-to-End Encrypted Secret Manager Built for the Serverless Era. Retrieved from https://www.scien.cx/2025/11/25/introducing-redenv-a-zero-knowledge-end-to-end-encrypted-secret-manager-built-for-the-serverless-era-3/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.