Features
SlickEnv is not a secrets vault with a CLI bolted on. It is a developer tool designed CLI-first, scoped to environment variables, and built to stay out of your way.
Everything you need. Nothing you don't.
No web dashboard to click through. Every action is a single terminal command, designed to be read at a glance.
AES-256-GCM client-side encryption. Your secrets are encrypted before they leave your machine. The server never sees plaintext.
Every push creates an immutable snapshot. List versions, compare diffs, and roll back to any previous state instantly.
Push rejects if your local .env has diverged from remote. See a clean diff before anything is overwritten.
Tag variables with @description, @required, @sensitive, @format, and @example, right inside your .env file.
Share environments with your team through encrypted sync. Generate one-time links or export to .env, JSON, or YAML.
Control who can read, write, or admin each environment. Fine-grained permissions per project, per environment.
One command to push your local .env to the cloud. One command to pull the latest. Conflicts caught before they happen.
Export strips sensitive values and generates a clean .env.example that's always in sync with your actual configuration.
53 built-in patterns detect AWS keys, Stripe tokens, GitHub PATs, OpenAI keys, database URLs, and 45+ more. Scan files, git history, MCP configs, and AI-generated code in one command.
One command scans your entire commit history across all branches. Guided BFG Repo-Cleaner removes secrets permanently. A pre-commit hook makes sure it never happens again.
Auto-generates .cursorignore, .claudeignore, .copilotignore, and .aiexclude. The slickenv:// reference system means AI coding tools see references — never real values.
11 rules run silently on every push and pull. Catches lowercase keys, duplicates, unquoted spaces, generic names, and missing .env.example entries before they reach remote.
AES-256-GCM encrypted, one-time self-destructing links. Set expiry, read limit, and optional password protection. Replaces Slack DMs, WhatsApp messages, and email threads.
The next layer is already mapped out.
These features are planned next. We want the roadmap visible, but we do not want roadmap copy pretending to be shipped functionality.
Planned
Inline secret warnings and one-click fix suggestions directly inside your editor — without switching to the terminal.
Planned
Automated secret scanning on every pull request. Block merges when critical or high findings are detected.
Planned
Alerts for stale secrets, over-shared links, and new critical findings — delivered to the channel where your team already works.
Planned
Enterprise-grade authentication and the option to self-host the full stack on your own infrastructure.
Your terminal, your workflow.
No web dashboard you forgot was open. No browser tabs to manage. SlickEnv lives in your terminal, right next to your code. Every action is a single command. Every output is designed to be read at a glance.
Your .env files, but smarter.
SlickEnv reads and writes standard .env files, but it also understands metadata annotations. Add a comment above any variable and SlickEnv will track it, validate it, and display it in context.
Push and pull with confidence.
SlickEnv detects conflicts before they become problems. If your local .env has diverged from the remote version, you will know before anything is overwritten. Review changes one by one, or resolve in bulk.
Share environments. Not secrets.
Four ways to share environment configurations, each designed for a different level of trust and access.
Everyone on the team pulls the same environment. Changes are versioned and attributed.
Generate a single-use, time-limited link that expires after one pull or after a set duration.
Export your environment to .env, JSON, or YAML and share it however you like.
Control who can read, write, or admin each environment. Fine-grained permissions per project.
Most security incidents happen through one of three surfaces. SlickEnv protects all three.
Secrets hardcoded in source files, config files, Docker files, CI configs, or MCP configs right now. slickenv scan finds them.
slickenv scanSecrets committed months ago and deleted since. Git stores every version of every file. Deleting the file doesn't help. slickenv git scan finds them.
slickenv git scanAI coding tools index your entire project directory. .gitignore has zero effect on Cursor or Claude Code. slickenv ai protect fixes this.
slickenv ai protectSlickEnv is the only tool that covers all three surfaces where secrets leak: current files, git history, and AI coding tools.
| Capability | SlickEnv | GitHub | Doppler | Infisical |
|---|---|---|---|---|
| Pre-commit secret blocking | ✓ | ✗ | ✗ | ✗ |
| Git history scanning + cleanup | ✓ | ✗ | ✗ | ✗ |
| AI tool protection (.aiignore) | ✓ | ✗ | ✗ | ✗ |
| 53-pattern secret scanner | ✓ | ✓ | ✗ | ✗ |
| Zero-knowledge encryption | ✓ | — | ✗ | ~ |
| Encrypted team .env sync | ✓ | ✗ | ✓ | ✓ |
| Audit log and drift monitor | ✓ | ✗ | ~ | ~ |
| Free for solo devs | ✓ | ✓ | ~ | ~ |
Secure by design, not by configuration.
Security is not an add-on. Every part of SlickEnv is built with encryption, access control, and auditability from the ground up.
All stored variables are encrypted with AES-256-GCM. Keys are derived per-user, per-project using PBKDF2.
Every API call is encrypted in transit. No plaintext ever touches the wire.
Sensitive values are masked in all CLI output. No secrets in your terminal history or logs.
Every push, pull, share, and rollback is logged. Know who changed what and when.
Finds secrets committed months ago that .gitignore never caught. Uses git log patterns to surface every exposure in your repo's lifetime.
.aiignore generation for Cursor, Claude Code, GitHub Copilot, Windsurf, and Continue.dev. What .gitignore does for Git, .aiignore does for AI tools.
Blocks secrets at the commit level — before they leave your machine. No account required. Works on GitHub, GitLab, Bitbucket, and self-hosted Git.
Get started in under a minute. Free for individual developers.