ConfigStackVersion, share, and secure env config

Stop Sending .env Files.

Copy-pasting env vars into Slack, emailing .env files, or hoping nobody commits secrets—there's a better way. Create, version, and share environment config securely.

See how it works

Now with version history, drift detection, and CI-ready policy enforcement.

  • AES-256-GCM encryption at rest
  • Secrets never exposed in UI
  • Built with Next.js and Prisma

See it in action

Watch how to set up a stack, validate it, and keep config in sync — then explore the product below.

In the product

Stack detail — version and edit your config
Create a shareable Stack Link
Public masked view — keys visible, secrets hidden

Features you'll actually use

Versioned Config Stacks

  • Manual & automatic snapshots
  • Rollback with baseline support

Stack Health & Drift Detection

  • Compare environments (Staging ↔ Production)
  • Missing keys, secret mismatches, high-risk drift

Policy Enforcement

  • Risk scoring (CLEAN / LOW / MEDIUM / HIGH)
  • CI endpoint & CLI (configstack doctor)
  • Ignore rules for acceptable drift

Sound familiar?

  • .env in git. Again.
  • Slack thread full of pasted API keys.
  • “Which .env was for staging?”
  • No idea who has access to what.

Built for security and control

  • AES-256-GCM at rest
  • Secrets masked in UI
  • Revocable share links

How it works

  1. Create a stack and snapshot it

    Add variables, set a baseline, and capture versions automatically or on demand.

  2. Detect drift across environments

    Use Stack Doctor to compare Staging vs Production and catch missing keys or secret mismatches.

  3. Enforce policies in CI/CD

    Gate deployments with configstack doctor and fail on risk level.

Everything you need to tame configs

Version, import, secure, and automate.

Versioning

Snapshot stacks (manual and auto), set a baseline, and roll back to any version. Full history per environment.

Import

Paste .env or upload JSON to bulk-import keys and values into an environment.

API tokens

Create scoped tokens for export and CI. Revoke anytime. Audit trail included.

CLI

Pull configs and run configstack doctor from the command line. Use in scripts or GitHub Actions.

From the blog

Tips on sharing env vars securely and using ConfigStack.

Why Environment Variables Need Contracts

Environment variables drift silently. Learn how configuration contracts enforce required keys, secret classification, and CI validation.

Stop Sending .env Files: A Safer Way to Share Environment Variables

Learn why sharing .env files is risky and how to share environment variables securely without leaking secrets via email, Slack, or screenshots.

Ready to enforce configuration quality?

Create your stack or try configstack doctor in your pipeline. Free plan available.

npx configstack-cli doctor --source <env-id> --target <env-id>