The latest articles on DEV Community by Arjuna Nayak (@arjunn881). https://dev.to/arjunn881 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3978053%2F84d6d386-3ef1-4c51-8dc1-5c64143e0388.jpeg https://dev.to/arjunn881 en Arjuna Nayak Wed, 10 Jun 2026 18:04:23 +0000 https://dev.to/arjunn881/stop-sharing-env-files-in-discord-i-built-a-zero-setup-e2e-encrypted-cli-instead-hoo https://dev.to/arjunn881/stop-sharing-env-files-in-discord-i-built-a-zero-setup-e2e-encrypted-cli-instead-hoo <p>Sharing environment variables during a quick project hand-off shouldn't require setting up a heavy enterprise vault like Doppler or Infisical. But it also shouldn't mean copy-pasting plaintext API keys into Slack or Discord.</p> <p>I wanted a frictionless, terminal-native bridge. So I built <code>share-env</code>: an ephemeral, peer-to-peer CLI for securely sharing <code>.env</code> files.</p> <p>Here is exactly how it is architected under the hood:</p> <p><strong>True Zero-Knowledge E2E Encryption</strong><br> Files are encrypted entirely locally using Node's native <code>crypto</code> module (AES-256-GCM). The decryption key is passed via a hash fragment in the generated share code (e.g., <code>blue-sky-rocket#a1b2c3d4</code>). The relay server receives the ciphertext, but the hex key after the # never leaves your local machine.</p> <p><strong>Smart Merging (No overwriting)</strong><br> Generic file-sharers like Magic Wormhole blindly overwrite files. <code>share-env</code> parses the incoming payload using <code>dotenv</code>. If there is a conflict (e.g., you have <code>PORT=3000</code> locally and the incoming file has <code>PORT=8080</code>), it pauses and interactively asks which value to keep.</p> <p><strong>Pre-Flight Git Guardrails</strong><br> To prevent accidental leaks, the CLI uses the <code>fs</code> module to check your <code>.gitignore</code> before pulling. If <code>.env</code> isn't safely ignored, the CLI throws a fatal error and physically blocks execution.</p> <p><strong>Burn-After-Reading TTL</strong><br> The Express relay server has no database. It uses <code>node-cache</code> to hold encrypted blobs in memory with a strict 10-minute TTL. The millisecond a payload is pulled, it is permanently destroyed.</p> <p>Test it locally in 5 seconds (Zero Setup)<br> You do not need to create an account, and you don't even need to install it globally. Run this in any directory with a <code>.env</code> file:</p> <p><strong>Developer A (Sender):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Bash npx share-env push </code></pre> </div> <p><strong>Developer B (Receiver):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Bash npx share-env pull &lt;share-code&gt; </code></pre> </div> <p><strong>Source Code &amp; Registry:</strong></p> <p>GitHub: <a href="https://github.com/arjunn881/env-share" rel="noopener noreferrer">https://github.com/arjunn881/env-share</a><br> npm: <a href="https://www.npmjs.com/package/share-env" rel="noopener noreferrer">https://www.npmjs.com/package/share-env</a></p> <p>I spend a lot of my time building in the MERN stack, and juggling local environments across different setups has always been a pain point. I open-sourced the entire monorepo—I'd love for the community to audit the crypto architecture or drop feedback on the CLI UX!</p> <p>— Arjun</p> opensource security javascript node