Stop Using .env Files on Servers (Do This Instead)

If you're deploying apps on a VPS, chances are you're still using .env files. I was, too. Until I realized how messy (and risky) it actually is: copying .env files between machines leaving secrets sitting in plaintext on servers forgetting to delete old files no real access control per machine It works… until it doesn’t. So I built a different approach. 🚀 The idea Instead of storing secrets on your server: 👉 don’t store them at all encrypt secrets locally store only ciphertext inject them into your app at runtime No .env files. No plaintext on disk. ⚡ Example vaultsync secrets push --file .env vaultsync run -- node app.js That’s it. Your app still gets environment variables — but they’re never written to disk on the server. 🧠 How it works (simplified) .env is encrypted locally using AES the server stores only ciphertext each machine has its own RSA keypair secrets are decrypted only in memory at runtime After your app exits, secrets are wiped. 🔐 Why this is better than .env .env files: