ZERO-TRUST SECURITY

Secure Environment Variable Manager Built for Developers

Zero-Trust secrets management with CLI-first workflow. Encrypt environment variables locally, share securely across teams, and inject secrets directly into your applicationsno .env files needed.

Get Started Free View on GitHub
Zero-Trust
Local Encryption
No Backend
Git-Native Storage
$0/month
Free Forever
curl -fsSL https://install.nvolt.io/latest/install.sh | bash
terminal
   ███╗   ██╗██╗   ██╗ ██████╗ ██╗  ████████╗
   ████╗  ██║██║   ██║██╔═══██╗██║  ╚══██╔══╝
██╔██╗ ██║██║   ██║██║   ██║██║     ██║
██║╚██╗██║╚██╗ ██╔╝██║   ██║██║     ██║
██║ ╚████║ ╚████╔╝ ╚██████╔╝███████╗██║
╚═╝  ╚═══╝  ╚═══╝   ╚═════╝ ╚══════╝╚═╝
$ nvolt init
 Machine keypair generated
 Vault initialized at .nvolt/
$ nvolt push -f .env.production
 Encrypted 12 secrets
 Secrets pushed to vault
$ nvolt run npm start
 Loaded 12 secrets

Stop Managing Secrets the Hard Way

Expensive Backends

Monthly fees for Vault, Doppler, or AWS Secrets Manager add up quickly. You're paying for infrastructure you shouldn't need.

Plaintext .env Files

Storing secrets in .env files is risky. One accidental commit and your credentials are exposed forever.

Complex Access Control

GPG-based tools like git-crypt require manual key management. Adding or removing team members is painful.

Vendor Lock-in

Cloud secret managers lock you into their ecosystem. Migration is complex and risky.

How nvolt Works

Zero-Trust cryptography meets Git-native storage

1

Generate Machine Keypairs

Each machine (laptop, CI server, production) gets a unique RSA-4096 keypair. Private keys never leave the machine.

$ nvolt init
2

Encrypt & Push Secrets

Secrets are encrypted with AES-256-GCM using a project master key. The master key is wrapped for each authorized machine.

$ nvolt push -f .env.production -e production
3

Store in Git

Encrypted secrets are committed to Git. Git controls who can access the ciphertext, nvolt controls who can decrypt it.

$ git push origin main
4

Pull & Decrypt on Any Machine

Authorized machines unwrap the master key with their private key, then decrypt secrets locally.

$ nvolt run npm start

Powerful Features, Zero Infrastructure

Zero-Trust Architecture

All encryption happens locally on your machine. No backend servers, no API keys, no trust required.

Git-Native Storage

Encrypted secrets live in Git alongside your code. Use your existing GitHub/GitLab infrastructure.

Per-Machine Access Control

Grant or revoke access per machine and environment. CI gets staging, production servers get production.

Multi-Environment Support

Separate secrets for dev, staging, and production. Each environment has its own access controls.

Key Rotation

Rotate master keys without re-encrypting all secrets. Remove compromised machines instantly.

Audit Trail

Every secret change is tracked in Git history. See who added what, when, and why.

CLI-First Workflow

Beautiful terminal UI with color-coded output. Perfect for CI/CD pipelines and local development.

Free & Open Source

No monthly fees, no usage limits, no credit card required. Use it forever, for free.

How nvolt Compares

Choose the right tool for your needs

Feature nvolt HashiCorp Vault Doppler Akeyless git-crypt SOPS
Monthly Cost Free $$$ $$ $$ $0 $0
Zero-Knowledge Self-hosted only
No Backend
No Login/Auth Required
Per-Machine Access GPG only GPG only
Environment-Based Access
Git-Native Storage
Multi-Project Support Limited Limited
Active Maintenance BSL License Unmaintained

Perfect For

Startups & Solo Developers

No monthly costs, no infrastructure to maintain. Get enterprise-grade security without the enterprise price tag.

Small Teams

Securely share secrets across laptops and CI/CD. Everyone uses the tools they already know: Git and CLI.

Security-Conscious Organizations

Zero-Trust architecture ensures no single point of failure. All cryptography happens on machines you control.

CI/CD Pipelines

Grant CI servers access to specific environments. Secrets are loaded at runtime, never stored in CI config.

Get Started in 60 Seconds

Install nvolt

curl -fsSL https://install.nvolt.io/latest/install.sh | bash
git clone https://github.com/iluxav/nvolt.git cd nvolt go build -o nvolt ./cmd/nvolt sudo mv nvolt /usr/local/bin/

Quick Start

1

Initialize vault

nvolt init
2

Push your secrets

nvolt push -f .env
or
nvolt push -k ENV1=secret1 -k ENV2=secret2
3

Run your app with secrets

nvolt run npm start
Read Full Documentation Star on GitHub