Link Search Menu Expand Document

How CloudEnv Works

CloudEnv is essentially a special-purpose object storage system, similar to AWS S3 or Google Cloud Storage.

What makes it different is that the data stored within CloudEnv is always fully encrypted and that CloudEnv never sees or even generates the encryption keys.

Encryption keys are always and only generated on your machine and are 256 character long random strings.

Those keys are used along with openssl’s AES-256-CBC symmetric encryption cipher to keep your data fully encrypted.

Because the encryption keys are on your machine and never leave, it creates an End-to-End encrypted closed loop which is easy to verify by running some simple curl commands on your terminal.

$ curl -s -H "Authorization: Bearer your-bearer-token" ""


You need to pass this data through a simple openssl command in order to unscramble your secrets.

$ openssl enc -a -aes-256-cbc -md sha512 -d -pass pass:"$secretkey" -in "$encrypted_file"


The best part is that the $secretkey is never in our hands. We can’t see your keys, so we can’t see your secrets.

You can verify that this is true by looking at the first few lines of our CLI’s open-source source code:

Once that code is on your machine, there is no way for us to change it or try to do anything malicious. Your secrets are auditably safe and secure.

CloudEnv Libraries

We have built various client libraries that seamlessly grab the encrypted data, decrypt it with openssl, and load those variables into your typical environment variable access.