Encrypt and back up your .env files
Your .env files hold the keys to everything — and they are the one thing you must never commit to git. KeysArk gives them a safe home: encrypted in your browser or terminal, synced to your own cloud, restorable on any machine.
The ark CLI is git-aware: run it inside a repo and it derives the target path from your git origin, so a single command backs up or restores the right .env without you spelling out where it goes.
How developers use it
ark save .envfrom a project directory — encrypted and stored under your repo's path.ark get github.com/me/app/.env .envto restore it on a new machine.- Supply the mnemonic via an environment variable for non-interactive CI use.
- Binary secrets (keystores, .p12) are stored as encrypted file items too.
FAQ
Why not just keep .env files in a private git repo?
Anything committed to git is plaintext to anyone with repo access and lives forever in history. KeysArk keeps them end-to-end encrypted, so even the storage backend can't read them.
Can I restore a .env on a new machine?
Yes. With your recovery phrase, `ark get` decrypts and writes the file back to the right path — even years later, offline from a backup.
Does this work in CI?
Yes. Provide the mnemonic through an environment variable and the ark CLI runs non-interactively to fetch secrets during a build.
Is it free?
Yes — KeysArk is free and open source; your encrypted backups live in your own cloud drive.