Centralized secrets manager for AI coding agents. Your secrets live in your own private GitHub repo; envpact reads them into project-scoped .env files, syncs them to AI agents over MCP, and rotates them across every project at once.
envpact’s security claims are limited and explicit:
.env is generated
on-demand from a private vault, never committed.core.setSecret before any other step runs.--list-shared, MCP list_shared, VS Code tree view, dashboard
tables) show names only.~/.envpact/secrets/ in plaintext (unless you opt into age
encryption per secret). A user with shell access on your
machine has the vault.| Action | Why |
|---|---|
| Hardware key MFA on GitHub | Vault security == GitHub account security |
gh auth login --insecure-storage=false |
Prevent local token theft |
Fine-grained PAT for envpact-action (Contents:Read on the vault repo only) |
Blast-radius limit |
Different PAT for --sync-github-secrets (admin scope on the consumer repo only) |
Separation of duties |
Add .env to a global .gitignore (git config --global core.excludesfile) |
Defense-in-depth against future projects |
Opt into age encryption for high-value shared secrets (envpact --encrypt KEY) |
Defense if the private repo ever leaks |
| Periodic rotation: every 90 days for production keys | Standard practice |
Every change to secrets.json is a Git commit, signed off (-s)
by the component that made it (envpact-cli, envpact-mcp,
envpact-vscode, envpact-python, envpact-dashboard). The
GitHub UI shows full history at:
https://github.com/<you>/envpact-secrets/commits/main/secrets.json
This serves as a complete audit log: who rotated what, when, from which client.
Email whyiswhen@gmail.com. Don’t open public issues for security findings.
For each component, the dedicated SECURITY.md (when present)
takes precedence over this document.