Back to Blog
7 min read

Why We Built SlickEnv

By Sumit Khanna

Why We Built SlickEnv

TL;DR

  • Environment variables are critical infrastructure, yet teams still share them via Slack DMs and sticky notes.
  • SlickEnv is CLI-first with end-to-end AES-256-GCM encryption — the server never sees plaintext.
  • Every push is versioned. Roll back, diff, or share any environment instantly.

You know the drill. You clone a repo, look for a .env file, and... it's not there. The README says "ask someone for the env file." So you hop on Slack, find whoever looks like they've been around long enough to actually have it, and send the most universal message in all of software engineering:

hey, can you send me the .env for this project?

They paste a wall of key-value pairs into a DM. You copy it into a file, cross your fingers that nothing's missing or outdated, and get back to work. Until next time. And there's always a next time.

Here's what gets me: it's 2026. We've got CI/CD pipelines, infrastructure as code, automated everything. And yet this one absolutely critical piece of our stack - the file that holds every secret your app needs to run - is still managed with copy-paste and vibes. How is that still a thing?

That's why we built SlickEnv.

Configuration is not an afterthought

Kelsey Hightower has been saying this for years, and he's right: configuration deserves the same rigor we give to code. The 12-factor app methodology spells it out pretty clearly too - config belongs in the environment, separate from your code.

The future of software is about managing complexity. Configuration is part of that complexity, and it deserves proper tooling.

Kelsey Hightower

And most teams have gotten the first half right. They use environment variables. They've got .env files. But the tooling around those files? It hasn't kept up at all. The file format has barely changed since it was introduced. And the workflows for actually managing, sharing, and syncing those files across a team? Completely stagnant.

The landscape gap

Before we started building, we looked at what was already out there. And honestly? The options fall into two camps, and neither one really works for most teams.

Camp 1: Enterprise secrets platforms. Think HashiCorp Vault, AWS Secrets Manager, CyberArk. These are powerful, battle-tested systems built for big orgs with dedicated DevOps teams. RBAC matrices, audit logs, dynamic secrets rotation - the whole nine yards. But they come with real costs: infrastructure you have to manage, steep learning curves, and a level of complexity that most small to mid-size teams just don't need. If you're a team of 5 building a SaaS product, spinning up Vault is like buying a fire truck to light a candle.

Camp 2: Minimal wrappers. Things like git-crypt, dotenv-vault, or the good old .env.example pattern. Easy to set up, sure. But they only solve a sliver of the actual problem. Your .env.example file goes stale the second someone adds a variable and forgets to update it (which is basically always). Git-crypt encrypts files in your repo, but gives you no versioning, no diffing, no per-environment management. It's a band-aid.

Look, there's a goldilocks zone between these two camps. Something simple enough to set up in 30 seconds, but actually powerful enough for real team workflows: encrypted sharing, version history, rollback, per-environment management, conflict detection. That's exactly where SlickEnv lives.

Designed from the terminal up

We made a deliberate call early on: SlickEnv would be CLI-first. Not CLI-also. Not "oh yeah, we have a CLI too." The terminal is the primary interface. Full stop.

Why? Because that's where you already are. Your git commands, your package manager, your build tools - it all runs in the terminal. Why should managing env files be the one thing that makes you open a browser, log into some dashboard, and click around? It shouldn't.

We intentionally modeled the workflow after git, because you already know git:

# Initialize a project
slickenv init

# Push your local .env to the cloud (encrypted)
slickenv push

# Pull the latest .env on another machine
slickenv pull

# See what changed between versions
slickenv diff

# Roll back to a previous version
slickenv rollback

No new mental model. If you can git push and git pull, you already know how to use SlickEnv. That's it.

Security that works by default

Here's the thing - we didn't bolt security on as an afterthought. It's baked into every layer of how SlickEnv works.

  • Client-side encryption. Every variable gets encrypted with AES-256-GCM on your machine before it ever leaves. Our server never sees plaintext values. Ever.
  • Zero-knowledge architecture. We literally can't read your secrets even if we wanted to. The encryption keys live on your machine, not ours.
  • OS keychain integration. Auth tokens get stored in your OS's secure keychain (macOS Keychain, Linux Secret Service, Windows Credential Vault) - not sitting in some plaintext config file.
  • Encrypted transit. Everything goes over TLS 1.3. Your secrets are encrypted at rest on our servers and encrypted in transit between your machines.

The whole philosophy here is that security should be invisible. You shouldn't have to remember to flip an encryption toggle or configure access controls. It just works. Every time. By default.

Version control for your configuration

Think about this for a second. Your code? Versioned. Database schema? Versioned. Infrastructure definitions? Versioned. But the file containing every critical credential your app needs to run? That's sitting in an unversioned file on someone's laptop. It's kind of wild when you put it that way.

SlickEnv versions every push. Every time you run slickenv push, we create an immutable snapshot. You can diff between versions, see who changed what and when, and roll back to any previous state with one command. No more "does anyone have the old Stripe key?" panic moments.

What we are not

Let's be clear: SlickEnv isn't trying to replace Vault. It's not a full-blown secrets platform with dynamic rotation, policy engines, and service mesh integration. If you need that stuff, use it. Seriously.

But SlickEnv is for the 90% of teams that don't need all of that. Teams that just want their .env files to be secure, versioned, and easy to share without the headache. Teams that are sick of the Slack DM workflow but aren't about to adopt enterprise infrastructure for a problem that should honestly be simple.

We built SlickEnv because we were tired of dealing with this ourselves. If you are too, give it a spin.

# Install and get started in 30 seconds
npx slickenv init

Related articles

Stop Sharing Secrets on Slack9 min readYour Code is Versioned. Your Secrets Aren't. Here's Why That's a Problem.8 min readThe Practical Guide to Environment Variable Management for Teams12 min read
SK
Sumit Khanna

Founder

Founder and developer behind SlickEnv. Building CLI-first tools for developers who care about security, simplicity, and shipping fast.

Ready to manage your .env files properly?

SlickEnv gives your team encrypted sync, version history, and rollback for every environment variable. No more Slack DMs.