Secure your stack.
Analyze. Vault. Ship.Scan dependencies for vulnerabilities across and 9+ ecosystems — store secrets with end-to-end encryption, and share .env files securely across your team.
How it works
From install to secure in four CLI commands
Install
Install the CLI with a single command. Works on macOS, Linux, and Windows — Native AOT binary, no runtime needed.
Scan
Run depvault scan in your repo to analyze dependencies, detect vulnerabilities, find leaked secrets, and discover env files — all at once.
Push
Push your config and secret files — each encrypted as a whole-file blob. Environments are inferred per file — development, staging, production — in one interactive flow.
Pull
Teammates pull secrets with depvault pull. CI/CD pipelines use scoped tokens. No .env files in Slack, no secrets in git.
Everything you need to ship securely
Dependency analysis, encrypted config & secret storage, secret sharing, and more — one unified platform
Dependency Analysis
Run depvault scan in any repo to instantly detect outdated packages, known CVEs, and license conflicts. Supports package.json, requirements.txt, Cargo.toml, go.mod, *.csproj, and more — no file uploads needed.
Environment Vault
End-to-end encrypt config files and secret files — .env, appsettings.json, SSL certificates, private keys, keystores, cloud credentials — with AES-256-GCM. Each file is stored per environment with full version history. Secrets are encrypted in your browser before they reach the server. Even we can't read them.
Secret Sharing
Generate one-time encrypted links where the decryption key lives only in the URL — the server never sees it. Set expiration times, add optional passwords, and stop credentials from sitting in Slack or email history. Every link creation, access, and expiration is tracked in the audit log.
And that's not all
Built-in tools for every stage of your security workflow
CLI-First Workflow
Native AOT binary — no runtime needed. Scan, push, and pull from your terminal. Browser-based login, interactive prompts, and CI/CD token mode.
Git Secret Detection
Scan connected repos for accidentally committed secrets with built-in and custom regex patterns.
CI/CD Secret Injection
Generate scoped, short-lived tokens for pipelines to pull end-to-end encrypted secrets at build time — no .env files in CI.
Environment Templates
Clone an environment's config files to bootstrap new stages. Diff templates against live environments.
License Compliance
Detect license types per dependency, configure allow/warn/block policies, and export audit reports.
Secret File Bundler
Download all config files and secret files for an environment as a single encrypted archive with a one-time password.
Works with your stack
Analyze dependencies, manage secrets, and store sensitive files across every major ecosystem
Dependency Ecosystems
Node.js
Python
Rust
.NET
Go
Java / Kotlin
Ruby
PHP
Config Formats
.env
appsettings.json
secrets.yaml
values.yaml
application.properties
application.yml
config.toml
config.yaml
Secret Files
SSL / TLS Certificates
Private Keys
Java / Android Keystores
iOS Provisioning Profiles
Cloud Credentials
SSH Keys
GPG / PGP Keys
Built on zero trust
Your secrets are encrypted before they leave your browser. The server stores only ciphertext — it can never decrypt your data.
Zero-Knowledge
Your vault password never leaves your device. Encryption keys are derived locally with PBKDF2-SHA256 — we never see them.
End-to-End Encrypted
All secrets are encrypted with AES-256-GCM in your browser before they reach the server. Even we can't read your data.
Open Source
The full codebase is open on GitHub. Audit the encryption implementation, verify our claims, and contribute.
Recovery Without Backdoors
If you forget your password, your recovery key restores access. There are no master keys and no server-side backdoors.
9+
Ecosystems supported
Zero-Knowledge
Server never sees your secrets
AES-256-GCM
End-to-end encryption
Open Source
Fully auditable codebase
Ready to secure your stack?
Install the CLI, scan your repo, and push secrets to the vault — all in under 2 minutes. Free for individual developers, scalable for teams.