Security at Core
EnvPush is built on the principle that security shouldn't be an afterthought. We've designed every layer of our platform to protect your most sensitive data.
AES-256 Encryption
Every secret is encrypted using industry-standard AES-256 algorithms before it ever leaves your device.
Zero-Knowledge
We never see your decryption keys. Even as service providers, we cannot access your stored secrets.
Multi-Factor Auth
Secure your account with TOTP based multi-factor authentication for an extra layer of protection.
Encrypted Transit
All data is transmitted via secure TLS (Transport Layer Security) tunnels to prevent interception.
At-Rest Security
Your data is stored in highly secure, SOC 2 compliant data centers managed by industry leaders.
Secure CLI
Our CLI tool is built with a security-first mindset, ensuring secrets are handled safely in your terminal.
Zero-Knowledge Architecture
Unlike traditional secret management systems that store your data in plain text or using keys managed by the provider, EnvPush uses a **Zero-Knowledge Architecture**.
When you store a secret, it is encrypted on your local machine using a key derivative of your master password or organization key. The encrypted blob is then sent to our servers. Because we never receive your decryption keys, it is mathematically impossible for us (or any attacker who might compromise our infrastructure) to read your secrets.
Security Compliance
We are committed to maintaining the highest security standards. Our infrastructure is powered by Supabase and AWS, adhering to:
- SOC 2 Type II Compliance
- ISO 27001 Certification
- Regular third-party security audits
- Continuous vulnerability scanning
Responsible Disclosure
If you believe you've found a security vulnerability in EnvPush, please contact our security team at security@envpush.com. We respond to all reports within 24 hours.