Zenvault

Product Introduction

1. Definition: Zenvault is a CLI-first project control plane (technical category: developer tooling for environment and secrets management) that centralizes repositories, environment variables, and infrastructure configurations.
2. Core Value Proposition: It eliminates manual project setup friction by synchronizing codebases, secrets, and runtime configurations, enabling developers to onboard to any project in seconds with a single CLI command. Primary keywords: project onboarding automation, centralized environment management, CLI secrets manager.

Main Features

1. One-Command Project Onboarding

   • How it works: Executes npx zvault clone [workspace/project] to auto-clone repositories, inject environment variables, and configure dependencies. Uses Git integration and dynamic secret injection via Zenvault’s API.
   • Technologies: Node.js (npx), end-to-end AES-256-GCM encryption for secret retrieval, and workspace-based access controls.

2. Per-Service Environment Isolation

   • How it works: Segregates environments (dev/staging/prod) per microservice. Variables are injected at runtime via zvault run, eliminating shared .env files. Supports drift detection to flag configuration mismatches.
   • Technologies: Environment-scoped secret storage, parity checks via config hashing, and CLI-based runtime injection.

3. Zero-Knowledge Secrets Management

   • How it works: Encrypts secrets locally using AES-256-GCM before syncing to Zenvault’s servers. Decryption keys never leave user devices, ensuring server-side zero data access.
   • Technologies: Client-side key derivation (HKDF), versioned secret history, and role-based access controls (RBAC) for team permissions.

Problems Solved

1. Pain Point: Manual project setup causes broken onboarding, outdated documentation, and environment drift (e.g., "runs only on my machine" issues).
2. Target Audience:
   • DevOps engineers managing multi-repo microservices.
   • Startup teams scaling engineering operations.
   • New developers onboarding to complex projects.
3. Use Cases:
   • Instantly replicating production environments for debugging.
   • Securing secrets in CI/CD pipelines via zvault run injection.
   • Standardizing configurations across distributed teams.

Unique Advantages

1. Differentiation: Unlike fragmented solutions (e.g., HashiCorp Vault for secrets + custom scripts for setup), Zenvault unifies repos, environments, and run commands in one control plane. Competitors lack CLI-driven project templating.
2. Key Innovation: Client-side encryption with zero-knowledge architecture surpasses traditional secrets managers (e.g., AWS Parameter Store) by guaranteeing data privacy even from Zenvault’s servers.

Frequently Asked Questions (FAQ)

1. How does Zenvault secure environment variables?
   Secrets are encrypted locally via AES-256-GCM before syncing. Only encrypted data reaches servers, and decryption keys remain user-controlled.

2. Can Zenvault manage multi-repository projects?
   Yes. It maps dependencies between services, clones linked repos via zvault clone, and injects service-specific variables during execution.

3. What happens if secrets drift from production?
   PRO/Team plans include drift detection to identify configuration mismatches and version history to roll back to audited states.

4. Is Zenvault suitable for CI/CD pipelines?
   Absolutely. Use npx zvault run in workflows to inject secrets dynamically, avoiding hardcoded credentials in build scripts.

5. How does pricing scale for larger teams?
   PRO ($9/month) adds 10 seats (+$3/user), while Team ($29/month) includes 25 seats (+$4/user), RBAC, and project templates.