The Universal
Secrets Adapter

Zero-disk, zero-config secrets injection for local development. Stop shuffling .env files.

brew tap dynamicHarsh/tap && brew install env-pull
bash — env-pull

Sub-shell Injection

env-pull wraps the process and injects secrets directly into memory. They vanish when the terminal closes.

Zero-Config Upstream Vaults

AWS SDK & 1Password IPC integration. If your CLI is logged in, env-pull is logged in.

The env-edit Workflow

Local/personal overrides powered by instantly encrypted AES-GCM local files.

Security Model

Eliminate the #1 cause of leaked credentials.

No plaintext .env files on developer laptops, ever.

  • >Secrets live exclusively in process memory
  • >Zero footprint on the filesystem
  • >Automatic cleanup on process exit
  • >Auditable vault access via existing toolchain

Upstream Vault

AWS Secrets Manager · 1Password

env-pull (Memory)

secrets injected via process env

Local Process

npm run dev · any command

Disk / .env

never touched

Enterprise

env-pull Enterprise
Control Plane

Bring comprehensive audit logs, RBAC, and policy enforcement to your developer's local environments.