EnvCP

Secure secrets for AI agents — local, encrypted, reference-only.

^{Français | Español | 한국어 | 中文 | Tiếng Việt | 日本語}

 

 

Secure environment variable management for AI-assisted coding.
MCP server that lets AI reference your secrets by name — never by value.

---

What It Does

• Stores secrets on your machine
• Lets AI tools reference secrets by name instead of raw values
• Can sync values into .env files when you want
• Works with MCP, REST, OpenAI-compatible, and Gemini-compatible clients

---

In v1.2.0

• Simpler first-time setup
• Interactive config and rule menus
• Per-variable and per-client AI rules
• Better service/startup setup
• General cleanup, hardening, and test coverage

Quick Start

Install and initialize:

npm install -g @fentz26/envcp
envcp init   # choose Basic / Advanced / Manual setup for this project

Add your secrets:

envcp add API_KEY --from-env API_KEY
# or: printf '%s' "$API_KEY" | envcp add API_KEY --stdin

Start the MCP server for AI tools:

envcp serve

envcp serve walks up from the current directory looking for an envcp.yaml; if none is found, it falls back to ~/.envcp/config.yaml. This means MCP clients launched from arbitrary working directories will still find the vault and an active session. Use --global to skip the project lookup entirely.

For setup, rules, and integrations, see SETUP.md.

---

Documentation

Guide	Description
Docs Site	Main documentation
Setup Guide	Install, configure, and connect tools
Security Guide	Safer setup and incident response
Verification	Release verification steps
Security Policy	How to report security issues

---

License

SAL v1.0 — See LICENSE file for details.

Support

• Email: [email protected]
• GitHub Issues: https://github.com/fentz26/EnvCP/issues
• Documentation: https://envcp.org/docs