EnvSync: Secure Config & Secret Sync
EnvSync: Secure Config & Secret Sync
Securely manage and sync environment variables for solo devs and small teams.
Solo developers and small teams often face a chaotic and error-prone process managing environment variables and secrets across various development stages (local, dev, staging, production). They typically rely on `.env` files, leading to inconsistencies when switching branches or collaborating. This manual syncing results in hours wasted debugging 'it works on my machine' issues, deployment failures due to missing or incorrect configurations, and significant security risks from accidentally committing sensitive API keys or database credentials to version control. Existing solutions are either too complex and expensive for micro-SaaS budgets (e.g., HashiCorp Vault), or too tightly coupled to specific hosting platforms (e.g., Vercel's built-in envs) that don't cover all use cases like local development or custom CI/CD pipelines. This friction slows down development, introduces vulnerabilities, and creates unnecessary operational overhead for builders who need to ship fast and securely.
EnvSync provides a centralized, secure, and developer-friendly platform for managing all your project's environment variables and secrets. Users can create projects, define multiple environments (e.g., development, staging, production), and store key-value pairs securely. The core of EnvSync is its seamless integration: a simple CLI tool allows developers to fetch and inject environment variables directly into their local development environment or CI/CD pipelines with a single command, ensuring consistency and preventing accidental exposure. Unique features include version history for each variable, environment comparison (diffing config across dev vs. prod), and secure, short-lived access tokens for programmatic retrieval. This eliminates `.env` file sprawl, enhances security by preventing secrets from being committed, and drastically reduces configuration-related debugging time, allowing solo developers and small teams to focus on building rather than managing infrastructure.
Tech Stack
System Architecture
āāāāāāāāāāāāāāāāāāā āāāāāāāāāāāāāāāāāāā āāāāāāāāāāāāāāāāāāā
ā Client ā ā Next.js App ā ā Database ā
ā (Web Browser / ā ā (Frontend/API) ā ā (Supabase ā
ā CLI) āāāāāāāāŗā āāāāāāāāŗā PostgreSQL) ā
āāāāāāāāāāāāāāāāāāā āāāāāāāāā¬āāāāāāāāāā āāāāāāāāāāāāāāāāāāā
ā² ā ā²
ā ā ā
ā Login/Register ā¼ ā
āāāāāāāāāāāāāāāāā¤ NextAuth.js ā ā Store
āāāāāāāāā¬āāāāāāāā ā User/Project/Env/Var
ā ā Data
ā Payments ā
ā¼ ā
āāāāāāāāāāāāāāāāā ā
ā Stripe ā ā
āāāāāāāāāāāāāāāāā ā
ā² ā
ā Emails ā
ā¼ ā
āāāāāāāāāāāāāāāāā ā
ā Resend ā ā
āāāāāāāāāāāāāāāāā āDatabase Schema
-- Enable RLS for all tables for security, as Supabase encourages this.
-- This schema assumes Supabase's auth.users table for `user_id` foreign keys.
CREATE TABLE users (
id UUID PRIMARY KEY REFERENCES auth.users(id) ON DELETE CASCADE,
email TEXT UNIQUE NOT NULL,
name TEXT,
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
);
COMMENT ON TABLE users IS 'Public user profiles connected to Supabase auth.';
CREATE TABLE projects (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
name TEXT NOT NULL,
slug TEXT NOT NULL,
description TEXT,
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
UNIQUE (user_id, slug) -- Ensure unique project slug per user
);
COMMENT ON TABLE projects IS 'Holds information about each project.';
CREATE INDEX idx_projects_user_id ON projects (user_id);
CREATE TABLE environments (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
project_id UUID NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
name TEXT NOT NULL,
slug TEXT NOT NULL,
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
UNIQUE (project_id, slug) -- Ensure unique environment slug per project
);
COMMENT ON TABLE environments IS 'Defines different deployment environments for a project.';
CREATE INDEX idx_environments_project_id ON environments (project_id);
CREATE TABLE variables (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
environment_id UUID NOT NULL REFERENCES environments(id) ON DELETE CASCADE,
key TEXT NOT NULL,
value TEXT NOT NULL,
is_secret BOOLEAN DEFAULT FALSE,
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
UNIQUE (environment_id, key) -- Ensure unique variable key per environment
);
COMMENT ON TABLE variables IS 'Stores key-value environment variables for each environment.';
CREATE INDEX idx_variables_environment_id ON variables (environment_id);
CREATE TABLE api_tokens (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
project_id UUID REFERENCES projects(id) ON DELETE CASCADE,
token_hash TEXT NOT NULL UNIQUE,
name TEXT NOT NULL,
expires_at TIMESTAMP WITH TIME ZONE,
last_used_at TIMESTAMP WITH TIME ZONE,
created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
);
COMMENT ON TABLE api_tokens IS 'Secure API tokens for programmatic access (e.g., CLI, CI/CD).';
CREATE INDEX idx_api_tokens_user_id ON api_tokens (user_id);
CREATE INDEX idx_api_tokens_project_id ON api_tokens (project_id);API Endpoints
/api/auth/registerUser registration with email and password./api/auth/loginUser login with email and password./api/userGet the currently authenticated user's profile./api/projectsRetrieve all projects for the authenticated user./api/projectsCreate a new project for the authenticated user./api/projects/[projectId]Get details of a specific project./api/projects/[projectId]Update an existing project./api/projects/[projectId]Delete a project and all its associated data./api/projects/[projectId]/environmentsGet all environments for a specific project./api/projects/[projectId]/environmentsCreate a new environment within a project./api/projects/[projectId]/environments/[envId]Get details of a specific environment within a project./api/projects/[projectId]/environments/[envId]Update an existing environment./api/projects/[projectId]/environments/[envId]Delete an environment and all its associated variables./api/environments/[envId]/variablesGet all variables for a specific environment (for UI display)./api/environments/[envId]/variablesCreate a new variable within an environment./api/variables/[variableId]Update an existing variable./api/variables/[variableId]Delete a variable./api/projects/[projectId]/tokensGet all API tokens associated with a project./api/projects/[projectId]/tokensGenerate a new API token for a project. Token is displayed once./api/projects/[projectId]/tokens/[tokenId]Revoke an existing API token./api/cli/variables/[projectId]/[environmentSlug]Public endpoint for CLI/CI-CD. Requires `X-API-KEY` header. Returns environment variables as JSON.Start Building with AI
Copy this prompt for Cursor, v0, Bolt, or any AI coding assistant
BuilderDaily Team
VerifiedIndie hackers and full-stack engineers creating validated Micro-SaaS blueprints with production-ready tech stacks.
Related Blueprints
More Micro-SaaS ideas you might like to build
API CostPilot
Real-time API expense tracking, forecasting, and optimization for developers.
EcoContent Auditor
Analyze and reduce the digital carbon footprint of your website content.
ClientFlow Metrics
Custom client progress tracking for health & wellness practitioners.
Gap Alert
Today's gap expires in ~14 hours
Get tomorrow's blueprint delivered to your inbox so you never miss a profitable idea.
(Email delivery launching soon ā sign up to be first!)