Calyx
Zero-knowledge .env sync with git-style version control for teams.
Tagline
The env manager that knows nothing.
Version control for secrets without trust leaks.
Sync .env files locally, encrypted on device.
Stop chasing secrets through Slack and laptops.
The zero-knowledge secret manager built for local development, not just centralized storage.
The product explicitly emphasizes device-side encryption, OS keychain use, and VS Code workflows, so positioning it as local-dev-first differentiates it from admin-centric secret vaults.
The alternative to Slack threads, stale docs, and emailing yourself .env files.
The landing page makes the pain vivid and specific; this angle speaks directly to the chaotic real workflow Calyx replaces instead of abstracting into generic security messaging.
Version control for secrets without handing trust to the vendor.
Git-style versioning, diffs, restores, and recovery are strong functional hooks, while the zero-knowledge architecture is the trust wedge against Doppler, Infisical, and cloud env managers.
Primary user
Indie or small-team backend engineer responsible for managing application secrets across local dev environments
ICP #1
Solo founder of a B2B SaaS startup with 1-5 engineers
Pain
Secrets are scattered across Slack threads, old laptops, Google Docs, and half-broken onboarding notes, so every new machine setup turns into a scavenger hunt.
Why this solves
Calyx gives them a single encrypted source of truth with version history and teammate sharing, so onboarding and laptop swaps stop depending on memory and tribal knowledge.
ICP #2
Engineering manager at a 10-30 person product team
Pain
They are responsible for reducing operational risk, but existing secret tools either overpromise trust or create admin access paths that they can’t justify to security-conscious customers.
Why this solves
Calyx’s zero-knowledge design and no-backdoor claim give them a cleaner story: the platform cannot read secrets even if it wanted to.
ICP #3
DevOps-minded platform engineer supporting multiple developers
Pain
They’re forced to choose between convenience tools like Vercel/Netlify env vars and heavier secret infrastructure that’s awkward for local development.
Why this solves
Calyx adds local-dev-first secret sync plus version control and recovery, making it a practical bridge between secure storage and day-to-day coding.
Strengths
- +The value proposition is immediately clear: encrypted .env sync with zero-knowledge trust boundaries.
- +The page uses concrete developer pain points like Slack threads, old laptops, and Google Docs instead of vague security language.
- +The comparison table creates a sharp competitive wedge against Doppler, Infisical, and Vercel/Netlify by focusing on who can decrypt.
Weaknesses
- −It over-indexes on cryptographic philosophy and under-explains the actual day-to-day workflow: how sync, diff, restore, and teammate sharing really feel.
- −There is almost no proof: no screenshots of the editor flow, no setup steps, no trust/security audit details, and no customer logos or testimonials beyond the manifesto voice.
- −The page is too binary and combative; calling out competitors is useful, but it risks sounding ideological rather than practical for buyers who just want onboarding to stop breaking.
- −The product’s exact scope is fuzzy: is it only .env files, or broader secrets management? The page implies both, but the copy doesn’t draw a crisp boundary.
- −The CTA hierarchy is weak: “Get started” and “See how it works” are present, but there’s no obvious demo path or explanation of free-plan limits beyond “Free for one developer, forever.”
Fix these
- Add a 3-step product walkthrough showing local edit, encrypted sync, and teammate access re-sealing on another device.
- Replace some manifesto copy with a concrete before/after workflow: clone repo, pull Calyx env, run app, share with teammate, restore previous version.
- Add visual proof of version history, diffs, and recovery key setup so the differentiators feel real instead of theoretical.
- Tighten the positioning around a single buyer: local-dev secret sync for small engineering teams, not a broad secret-management platform.
- Add trust-building assets: security model diagram, audit/architecture notes, and a plain-English explanation of what the server can and cannot see.
Drop-in replacement copy
Headline
Env sync that knows nothing
Encrypted on device. Versioned like git.
Encrypted before it leaves your laptop
Calyx encrypts .env files on the device first, so the server can sync data without ever seeing plaintext. That keeps the trust boundary where it belongs: on the developer machine.
Version history for secrets
See diffs, restore previous versions, and inspect changes locally before they break your app. Secret handling finally gets the same safety net developers expect from source control.
Teammate sharing that re-seals access
Share env access with a teammate without handing the whole team a pile of plaintext. Each device gets its own sealed access path, so collaboration stays controlled.
Built for the workflow developers actually use
Calyx works with a VS Code workflow and OS keychain storage, so secret handling fits into local development instead of hiding behind a browser tab.
FAQ
Is Calyx only for .env files?
Yes, that’s the core scope today. It’s focused on syncing and managing environment files for local development, not replacing every possible secret system.
Can the server read my secrets?
No. Secrets are encrypted on the device before they leave it, and the server only stores encrypted data. The point is to remove server-side plaintext access entirely.
How does teammate sharing work?
You share access to a teammate, and their device receives its own re-sealed copy. That keeps collaboration workable without turning the server into a plaintext middleman.
What happens if I lose a laptop?
You can recover using the one-time recovery key. The idea is to make recovery possible without giving the platform a permanent way to read your secrets.
How is this different from Doppler, Infisical, or Vercel env vars?
Calyx is local-dev-first and zero-knowledge by design. It’s built around device-side encryption, git-style versioning, and small-team workflow, not centralized admin access.
Secrets still live in Slack threads. Calyx fixes that. Zero-knowledge .env sync with git-style history for teams. Edit locally. Encrypt on device. Sync. Diff. Restore. Share with teammates. The server never sees your secrets.
Your .env file should not roam. Calyx keeps secrets on the device, not in a browser tab or a random admin dashboard. Version history, diffs, restores, teammate sharing. Built for small teams that ship code and hate onboarding chaos.
I kept seeing the same failure. New laptop. Broken app. Missing env vars. Someone digs through Slack, an old doc, or an email from 2022. So I built Calyx: zero-knowledge env sync with git-style history. If your onboarding still depends on tribal knowledge, this is for you.
The hard part was trust. I didn't want another tool where an admin can decrypt secrets "for support". Calyx encrypts on your device before anything leaves it. That means versioning, sharing, and recovery without giving the server a backdoor.
New machine setups waste hours. Not because devs are lazy. Because secrets are scattered across Slack, docs, old laptops, and memory. Calyx gives teams one encrypted source of truth for .env files, with restore and teammate sharing built in.
Emailing yourself .env files is insane. So is pasting them into chat, Docs, or a browser vault. Calyx keeps env files encrypted end to end, synced across devices, and recoverable when someone leaves or loses a laptop.
Watch a secret change stay private. 1. Edit .env locally. 2. Calyx encrypts it on-device. 3. Teammate pulls it and re-seals access on their laptop. 4. Diff, restore, or roll back a bad change. Same workflow as git. Less drama.
This is what sync actually feels like. Open VS Code. Pull your env. Run the app. Make a change. Push. No copy-paste circus. No browser-tab secrets. No guessing which laptop has the real file.
Teams keep asking for this exact thing. "Can we stop storing secrets in Slack?" "Can new hires get working in 5 minutes?" "Can we see what changed before production breaks?" Calyx is the answer to all three.
The best feedback is relief. Not "cool crypto". Not "nice dashboard". Just: "I don't have to hunt for env vars anymore." That’s the whole point of Calyx.
Angle: zero-knowledge local-dev-first
Most secret managers are built for admins. Calyx is built for the person actually shipping code. If you're a small team, your secret workflow is probably some mix of Slack, Google Docs, old laptops, and tribal knowledge. That works right up until onboarding breaks or someone loses a machine. Calyx encrypts .env files on the device before anything leaves it. Version history. Diffs. Restore. Teammate sharing. Recovery keys. The server can sync data. It cannot read it. That distinction matters more than a polished dashboard. I wanted a tool that made local development easier without turning secrets into a trust problem. So I built one. If your team still treats secrets as an afterthought, I'd love to hear what the real pain is.
Angle: workflow and practicality
Security tools fail when they make the daily workflow worse. That’s the trap. You buy something to reduce risk, then developers avoid it because it’s slower than the current mess. Calyx tries to do the opposite. Open in VS Code. Pull the env you need. Edit locally. Push changes. See diffs. Restore a previous version if you break something. Share access with a teammate without exposing plaintext to the server. This is not "enterprise secrets platform" energy. This is "get the app running on a new laptop without a scavenger hunt" energy. If you’re responsible for onboarding or secret handling on a small team, I’d be curious where the current flow breaks most often.
Angle: trust story
I think a lot of dev tools are accidentally asking for too much trust. "Store your secrets here." "Let us handle recovery." "Let us support you by seeing plaintext." That might be fine for some teams. For others, it’s exactly the wrong trade. Calyx was built around a simple rule: betrayal is not a feature I get to ship. Secrets are encrypted on the device. The server never gets the keys. Teammate access gets re-sealed per device. Recovery uses a one-time key. You still get version control and collaboration, but without handing the vendor a backdoor. If you care about local development and zero-knowledge architecture, I’m happy to compare notes with anyone dealing with messy secret workflows today.
No visuals for this kit yet.
Tagline
Zero-knowledge .env sync for teams
Description
Calyx syncs .env files across teammates with device-side encryption, git-style history, diffs, restore, and recovery. Built for local development, not admin dashboards.
Maker's first comment
I built Calyx because I kept seeing the same boring failure: a new laptop, a broken app, and some secret buried in Slack from six months ago. Existing tools either make secrets feel like a browser problem or push trust into places I don’t want it. Calyx encrypts on the device, then syncs the encrypted data, so the server can help move secrets around without being able to read them. The goal wasn’t to build another giant platform. It was to make the daily workflow of getting a project running feel obvious, safe, and fast. If you’ve ever had onboarding stall because of env vars, or had to restore a bad secret change under pressure, I built this for you.
Pinned maker comment
I’d love feedback on the clarity of the workflow, the trust story, and whether the product feels like a practical .env tool or too broad.
Meta
Tired of secrets scattered everywhere?
Hypothesis: small dev teams will convert when the ad names the exact mess they live in. Calyx syncs .env files with zero-knowledge encryption, version history, diffs, restore, and teammate sharing. No browser vault. No plaintext server. Built for teams shipping code, not managing dashboards.
Google Search
Zero-knowledge .env sync for teams
Hypothesis: high-intent searchers comparing secret tools want a clear trust boundary and local-dev workflow. Encrypt .env files on-device, sync encrypted, inspect history, restore versions, and share with teammates without exposing plaintext to the server. For small engineering teams.
Reddit Promoted
Stop storing .env files in Slack.
Hypothesis: indie hackers and small-team engineers will engage with a blunt pain-first message, not a security brochure. Calyx is zero-knowledge .env sync with git-style history. Edit locally, encrypt on device, pull on another laptop, restore a bad change, and stop hunting secrets across old threads.
Subreddits
r/SideProject
Show the before/after workflow: Slack chaos vs encrypted .env sync
Rules: No spam, show what you built, be transparent about being the maker, keep promo light and useful.
r/indiehackers
Build log on solving secret onboarding for tiny teams
Rules: Value-first posts, no link-only posts, engage in comments, explain what you learned.
r/microsaas
Niche developer utility that solves one painful workflow
Rules: Keep it relevant to small SaaS builders, share product details, avoid generic marketing language.
r/EntrepreneurRideAlong
Founder story: building a trust-first dev tool
Rules: Post your journey, ask for feedback, don't overdo self-promo, be active in replies.
r/reactjs
Only if framed as a developer workflow tool with real implementation details
Rules: Technical content only, no blatant promo, show architecture or workflow specifics, follow subreddit rules carefully.
Communities
Post a build-in-public thread about replacing Slack-spread env vars, then reply daily with concrete workflow updates and screenshots.
Launch with a plain title, strong technical explanation, and no marketing fluff; answer every security question directly.
Publish a tutorial on zero-knowledge .env workflows and how version history saves bad deploys.
Cold outreach template
Hey {firstName} — saw you mention {context}. Calyx is a zero-knowledge .env sync tool for small teams, with version history and teammate sharing. If secret onboarding is still messy for you, I’d love to show you the 2-minute flow.
Product Hunt timing
Launch on Tuesday at 12:01am Pacific after you’ve posted a short demo clip on X and seeded 20-30 warm supporters; Tuesday gives you a full weekday for momentum and comment replies, which matters more than the badge.
Indie Hackers post ideas
- 01I got tired of env vars living in Slack, so I built this
- 02How I designed zero-knowledge .env sync for small teams
- 03What I learned building version control for secrets
Competitor alternatives
Current tone of voice
Defiant, security-first, and slightly manifesto-driven, as in “The env manager that knows nothing” and “betraying you isn't a decision I get to make.”
Your kit is ready. Sign up free to unlock, takes 10 seconds.
7 more X posts · 2 LinkedIn · Product Hunt copy · ad hooks · 100-user playbook · landing critique