Clients

Core

Contains shared client-side logic. Runs on localhost and handles authenticated requests from EnvKey's UI and CLI. Fetches and decrypts EnvKey config when needed, storing it in RAM. Evicts data that has not been recently accessed from RAM after an idle period.
Also stores EnvKey API authentication tokens and NaCl private keys in RAM.
EnvKey API authentication tokens and NaCl private keys , along with other authentication information and pending updates are also persisted to disk. When supported by the OS, this data is first encrypted symmetrically with a device key that is stored in the OS keyring. If no keyring is available in the OS, the device key is also stored on disk.
Written in TypeScript.

Cross-platform user interface built with Electron and React. Handles UI rendering and event dispatch. Offloads to the Core for everything else.
Written in TypeScript.

Cross-platform CLI. Can run in interactive mode or automation mode. Handles user input and terminal output. Offloads to the Core for everything else.
Written in TypeScript.

Cross-platform integration tool that can inject EnvKey environment variables into any program. Handles fetching, decryption, verification, and redundancy.
Written in Go.

Main EnvKey api, running on Node.js.
Stores and fetches organization data, user data, app data, and encrypted config. Notifies clients of relevant updates. Enforces user access levels. Logs all requests.
For authentication, uses tokens and signature verification with device public keys.
In Cloud and Business Self-Hosted, replicates encrypted config to AWS S3, both in-region and to a secondary region to provide redundancy.
Written in TypeScript.

In Cloud and Business Self-Hosted, runs failover logic on AWS Lambda both in the same region as the API and in a secondary region, providing access to encrypted S3 backups of config if the main API isn't unresponsive. Logs all requests.
Written in TypeScript.