The env manager that knows nothing.
Stop emailing yourself .env files. Calyx syncs your secrets across your machines and teammates - encrypted on your laptop, unreadable to anyone else. Including Calyx.
You edit your env locally
Calyx server
······························jsz6BJRYfnv29EMUbiry5jsz6BJRYfnvThe problem
Your secrets live in a chat thread, and you know it.
You clone the repo on a new laptop. npm install, npm run dev, and nothing works - because your .env is in a Slack message from three months ago. Or on your old laptop. Or a Google Doc you'll never find again.
The difference
Most secret managers can read your secrets. Calyx can't.
Everything's encrypted on your device, with a key that never leaves it. Calyx only ever holds ciphertext - no backdoor, no admin override, no “just trust us.”
Based on each tool’s default architecture; some offer opt-in client-side or write-only modes.
What you get
Everything you'd want. None of the trust you'd have to give up.
Version control for secrets
Every change is a version. Diff it, restore it, see what moved - git-style, decrypted right on your machine.
Share without exposing
Add a teammate and the key re-seals to their device. Plaintext never changes hands.
Recovery that's yours
A one-time recovery key, made at setup. Forget your passphrase and it's your way back in - never Calyx's to hand out.
Built to live in your editor.
Push and pull encrypted envs like source control, right from VS Code. Your keys sit in your OS keychain - never in a browser tab.
How the crypto works“I built Calyx so betraying you isn't a decision I get to make. It's cryptographically not mine to make.”
Read the manifesto →Get started
Your secrets deserve better than a chat thread.
Free for one developer, forever. First encrypted env in under a minute.