dotenvar lets you share individual secrets or entire Groups with teammates — without exposing your master passphrase or any other data in your account.

How sharing works

When you share a secret or Group, dotenvar re-encrypts the content using a separate share key that is tied to the recipient. Your master passphrase is never involved in the share. The recipient can only access the specific content you shared — nothing else in your account is visible to them.

Zero-knowledge sharing: Encryption and decryption happen in the browser on both ends. The server only stores ciphertext and never sees the plaintext values.

Sharing a secret or Group

1Open the secret or Group you want to share.
2Click the Share icon in the action bar.
3Enter the username of the recipient. They must have a dotenvar account.
4Choose the permission level — View or Edit.
5Confirm. The recipient can access the shared content from their account under a Shared with me section.

Permission levels

View

The recipient can see and copy the secret value but cannot change it or re-share it.

Edit

The recipient can view and update the value. Changes are reflected for all parties who have access to that secret.

Managing and revoking access

You can see who has access to a secret at any time from the Shares panel. To revoke access, open the panel and remove the recipient. Once revoked, they lose access immediately — the shared key is invalidated and the content can no longer be decrypted on their end.

Note: Revoking access does not delete any value the recipient may have copied before revocation. Rotate the secret value if you believe it has been compromised.