Your .env becomes a .sec file — encrypted and committed alongside your code. One source of truth, version-controlled.

Secrets are never written to disk. Decrypted on the fly when you run your app, then gone.

One command to start. dotsec set auto-creates an encrypted .sec file — no AWS, no cloud accounts, no setup.

Accidentally logging a secret? dotsec intercepts stdout and redacts sensitive values before they hit your terminal or CI logs.

Available as a CLI via npm and cargo. Native Node.js bindings (@dotsec/core) for parsing and validating .env files programmatically.

Directives like @type, @format, @pattern, @min/@max let you enforce rules on your env vars. Shared schema files keep constraints consistent across environments.