envpact — centralized secrets dashboard

Centralized secrets manager for AI coding agents. Your secrets live in your own private GitHub repo; envpact reads them into project-scoped .env files. No third-party server, no plaintext-in-public-repo risk, one-rotate updates every project.

Your vault, your account

Secrets are stored in <your-username>/envpact-secrets on GitHub — a private repo only you can read. envpact never sees a token of yours.

One key, many projects

Define OPENAI_API_KEY once in shared. Every project that references shared.OPENAI_API_KEY picks up the new value next run.

Works with your AI agent

MCP server for Claude Code, Cursor, Windsurf, Cline, Goose. CLI, VS Code extension, GitHub Action, Python module. Pick your tool.

Browser-only dashboard

This page reads and writes your vault directly via the GitHub API. No envpact server is involved. Your token stays in this tab only.

# add envpact to any AI agent that speaks MCP
npx -y envpact-mcp

# or use the CLI to generate .env from your vault
npx -y envpact-cli

Components: CLI · MCP server · GitHub Action · VS Code extension · Python package

Full documentation →

Centralized secrets, served from your private vault

Your envpact-secrets repo on GitHub is the single source of truth. This dashboard reads & writes it directly from your browser via the GitHub API — no backend.

Privacy model: your access token is stored ONLY in this tab's sessionStorage (cleared on close). Every API call goes directly to api.github.com. No envpact server is involved.