End-to-end encrypted · Zero knowledge

Never lose an
API key again.

Encrypted vault for your .env files. Sync across projects with one command. Share securely. Your secrets never leave your device unencrypted.

View on GitHub

Free 7-day trial · No credit card required

~/my-app

Built for developers who care about security

Everything you need to manage secrets properly.

End-to-End Encrypted

AES-256-GCM with PBKDF2 key derivation. Encrypted on your device before upload. We literally cannot read your secrets.

Push & Pull

Sync .env files to the cloud and pull them to any machine. Like git for secrets — one command to push, one to pull.

Secure Sharing

One-time encrypted links with expiry and view limits. No more API keys in Slack DMs or email threads.

Up and running in 60 seconds

Three commands. That's it.

01

Install the CLI

Install globally via npm.

$ npm install -g keyra-cli
✓ Installed keyra v0.1.0
02

Link your project

Connect a project folder and import your existing .env.

$ keyra-cli init
✓ Linked to vault
✓ Imported 8 variables
03

Push & pull anywhere

Sync secrets to any machine, any environment.

$ keyra-cli push
✓ Pushed 8 variables
$ keyra-cli pull
✓ Pulled 8 → .env

Simple, honest pricing

Start free. Upgrade when you need more.

Free

Free

  • 1 project
  • 5 variables per project
  • CLI push & pull
  • E2E encryption
  • Auto-lock

Pro

RECOMMENDED

$5.99/mo

  • 15 projects
  • 40 variables per project
  • Encrypted sharing
  • Audit log
  • Git Guardian
  • Breach scan
  • Secret expiry alerts
  • Session management

All trials include full Pro access for 7 days. No credit card required.

FAQ

Can you read my secrets?

No. Encryption happens on your device using AES-256-GCM. We only store encrypted ciphertext. Without your passphrase, the data is meaningless to us.

Do I need a credit card to try Keyra?

No. You get 7 days of full Pro access completely free — no credit card required. Upgrade only if you want to continue after the trial.

What if I forget my passphrase?

Your data cannot be recovered. This is by design — zero-knowledge architecture means only you hold the key. We recommend storing your passphrase in a password manager.

How much does Keyra cost?

Free for 1 project with 5 variables. Pro is $5.99/mo for 15 projects and 40 variables per project.

What happens when my trial ends?

Your account switches to the Free plan (1 project, 5 variables). Your data is never deleted. Upgrade to Pro to unlock full access again.

Is the CLI open source?

Yes. The entire project is MIT licensed and available on GitHub. You can inspect the encryption code and self-host if you prefer.

Can I use this in CI/CD?

Yes. Use `keyra-cli pull --file .env.production` in your CI pipeline. Authenticate with your API token stored as a CI secret.

Your secrets deserve
better than a Slack DM.

Start your free 7-day trial. No credit card required.

Built for Security

More than just a vault — a security system for your secrets.

Zero-Knowledge Encryption

AES-256-GCM on your device. Your plaintext secrets never reach our servers.

Git Guardian

Pre-commit hook that blocks accidental .env commits before they reach your repository.

Audit Log

Every read, write, and share is logged. Know exactly who accessed what and when.

Auto-Lock Vault

Vault locks automatically after 15 minutes of inactivity. No sensitive data left exposed.