Now in public beta release:

Your secrets,
versioned and safe.

Version control and encrypted backup for .env files. Client-side encryption. Bring your own storage. Never lose your secrets again.

$brew tap mgeovany/homebrew-tap
$brew install sentra

Sentra installs via Homebrew tap (not yet in homebrew/core)

sentra — ~/projects/landing-app

Features

Everything you need.
Nothing you don't.

End-to-end encrypted

AES-256-GCM encryption happens on your machine. Your secrets never leave your device unencrypted.

Version history

Track every change to your environment files. Roll back to any previous version instantly.

Bring your own storage

Use S3, GCS, Azure Blob, or any S3-compatible storage. Your data stays in your infrastructure.

CLI-first workflow

Designed for developers who live in the terminal. Simple commands, powerful results.

Team sync

Share encrypted secrets with your team. Everyone stays in sync, securely.

Zero config

One command to init. One command to push. No complicated setup or configuration needed.

How it works

Simple workflow.
Powerful results.

01

Login & Setup

$sentra login

Authenticate with your account and register your machine. Sentra uses browser-based authentication for secure access.

02

Scan & Add

$sentra scan && sentra add .

Discover all .env files across your projects and add them to version control. Sentra automatically finds environment files in your workspace.

03

Commit & Push

$sentra commit -m "message" && sentra push

Create a commit with a message, then encrypt locally with AES-256-GCM and upload to your storage (BYOS: AWS S3, GCS, Azure).

04

Export & Use

$sentra export landing-app

Fetch and decrypt your secrets on any machine. Export specific commits with --at flag. Perfect for CI/CD, onboarding, or switching between devices.

Security

Security isn't a feature.
It's the foundation.

We built Sentra with a zero-trust architecture. Your secrets are encrypted before they leave your machine, and only you hold the keys.

Client-side encryption

Encryption and decryption happen entirely on your machine. We never see your secrets.

Zero knowledge

Your encryption key never leaves your device. Not even we can access your data.

Your infrastructure

Data stays in your cloud storage. No third-party servers ever touch your secrets.

AES-256-GCM

Industry-standard encryption used by governments and financial institutions worldwide.

Stop sharing secrets
over Slack.

Join the developers who trust Sentra to manage their environment variables securely.

Free for individual developers. No credit card required.