better-env – Secure, encrypted environment variable management without plaintext .env files

Summary: better-env is a CLI tool that securely manages environment variables using OpenPGP encryption, eliminating plaintext secrets from projects. It stores secrets in a global encrypted store and links them to projects via commit-safe files, decrypting only at runtime.

What it does

better-env stores all secrets in a local PGP-encrypted global store and uses files containing only key names to link secrets to projects. Secrets decrypt at runtime with commands like bnv shell or bnv run, avoiding plaintext exposure.

Who it's for

Developers who need secure, centralized management of environment variables across multiple projects without risking accidental secret exposure.

Why it matters

It prevents accidental commits of plaintext secrets and consolidates secret management without requiring complex infrastructure or plaintext .env files.