Skip to content
1337skills 1337skills

Envii - Encrypted Environment Variable Backup Cheatsheet

Envii - Encrypted Environment Variable Backup Cheatsheet

Section titled “Envii - Encrypted Environment Variable Backup Cheatsheet”

A CLI tool for securely backing up and restoring .env files across machines. Uses end-to-end encryption (AES-256-GCM) with a 12-word recovery phrase — the server never sees your plaintext secrets.

Installation

Section titled “Installation”

From npm (Global)

Section titled “From npm (Global)”
npm install -g envii

From Source

Section titled “From Source”
git clone https://github.com/akinloluwami/envii.git
cd envii/envii-cli
npm install
npm run build
npm link

Requires: Node.js 18+

Getting Started

Section titled “Getting Started”

Initialize (First Time Only)

Section titled “Initialize (First Time Only)”
envii init

This generates a 12-word recovery phrase. Save it securely — it’s the only way to decrypt your backups. There are no passwords, no emails, no accounts.

Critical: Write down your recovery phrase and store it somewhere safe (password manager, physical backup). If you lose it, your backups are permanently unrecoverable.

Core Commands

Section titled “Core Commands”
CommandDescription
envii initInitialize envii, generate recovery phrase
envii backupScan current directory tree and back up all .env files
envii restoreDownload and decrypt all backed-up .env files
envii restore --forceRestore and overwrite existing .env files without prompting
envii listList all projects with active backups

How It Works

Section titled “How It Works”

Backup Flow

Section titled “Backup Flow”
cd ~/projects      # Navigate to your projects root
envii backup       # Scans for all .env files in subdirectories
  1. Envii scans the current directory tree for projects (identified by .git, package.json, etc.)
  2. All .env* files are found (.env, .env.local, .env.production, etc.)
  3. Each file is encrypted locally using AES-256-GCM with PBKDF2 key derivation (600,000 iterations)
  4. Only encrypted data is sent to the server
  5. Project is identified by Git remote URL, package name, or folder name

Restore Flow

Section titled “Restore Flow”
cd ~/projects      # On your new machine
envii restore      # Downloads and decrypts all backups
  1. Envii downloads your encrypted backups
  2. Decrypts them locally using your recovery phrase
  3. Places .env files back into their original project paths
  4. Prompts before overwriting existing files (use --force to skip)

Security Architecture

Section titled “Security Architecture”
FeatureDetails
EncryptionAES-256-GCM
Key DerivationPBKDF2 with 600,000 iterations
Unique IVsEach backup has a unique initialization vector
Authentication TagsTamper detection on every backup
Zero-KnowledgeServer never sees recovery phrase, plaintext, or encryption keys
Recovery12-word phrase is the only authentication method

Development Mode

Section titled “Development Mode”
CommandDescription
envii init --devInitialize against local API (localhost:4400)
envii backup --devBackup using local API server
envii restore --devRestore from local API server
envii list --devList backups from local API

Configuration

Section titled “Configuration”

Envii stores its configuration at:

ItemLocation
Config file~/.envii/config.json
Recovery phrase hashStored in config (never the phrase itself)

Common Workflows

Section titled “Common Workflows”
# Initial setup on your main machine
envii init
# ⚠️ Save the 12-word recovery phrase!

# Back up all env files from project directory
cd ~/projects
envii backup

# Set up a new machine
envii init          # Enter the SAME recovery phrase
cd ~/projects
envii restore       # All .env files restored

# Check what's backed up
envii list

# Update backups after changing env vars
envii backup        # Re-encrypts and uploads updated files

What Gets Backed Up

Section titled “What Gets Backed Up”

Envii scans for all environment files matching common patterns:

  • .env
  • .env.local
  • .env.development
  • .env.production
  • .env.staging
  • .env.test
  • Other .env* variants

Projects are detected by the presence of:

  • .git directory (uses remote URL as identifier)
  • package.json (uses package name)
  • Falls back to folder name

Troubleshooting

Section titled “Troubleshooting”
IssueSolution
”No projects found”Ensure you’re in a directory with projects (must have .git or package.json)
Restore failsVerify you’re using the same recovery phrase as the original init
Recovery phrase lostBackups are unrecoverable — re-init and re-backup
Permission deniedEnsure ~/.envii/ directory is writable
Network errorCheck internet connection; envii requires access to the API server

Best Practices

Section titled “Best Practices”
  • Save your recovery phrase in a password manager (1Password, Bitwarden, etc.)
  • Run envii backup before switching machines or reformatting
  • Don’t commit .env files to Git — use envii instead
  • Run periodic backups after updating environment variables
  • Use envii list to verify your backups are current

Resources

Section titled “Resources”