johnnycat
Zero-knowledge encryption

Secrets that even we can't read.

Manage environment variables and secrets with state-of-the-art browser encryption. One curl to inject. Zero trust in the server.

Get started free
terminal
$

Simple on the outside. Fortified on the inside.

No SDKs, no agents, no complexity. The API is a GET and encryption is AES-256-GCM.

Zero-knowledge

Your secrets are encrypted in the browser before leaving your machine. The server never sees plaintext values.

CLI & cURL

Lightweight Go binary for CI/CD or terminal. Or use the generated cURL script directly on the project page.

Simple API

A single GET call with Bearer token. Returns .env, JSON, or appsettings — encrypted or plaintext.

No vendor lock-in

AES-256-GCM with v1 format. Use the Go CLI or implement decryption in any language.

One line. All your secrets.
$ curl -sH "Authorization: Bearer $API_KEY" \
  "https://johnnycat.net/api/v1/secrets?format=env"

Ready to protect your secrets?

Set up in 2 minutes. No credit card. No data stored on the server.

Create free account