Envoy

Share .env files securely, no browser, no copy-paste.

Envoy encrypts your credentials end-to-end and turns them into a one-time link, all without leaving VS Code.

How it works

Sender (you):

Receiver (your teammate):

VS Code deep link: click the vscode:// link to open the note directly, no Command Palette needed
Web link: run Envoy: Open Note from the Command Palette, paste the URL, enter the password if prompted

The decrypted content opens as an untitled file, never auto-saved.

No Envoy? No problem, the link also works in any browser at enclosed.cc.

The encryption key lives only in the link fragment, it is never sent to the server
Share the link through a private channel (DM, encrypted chat), never in a public thread
Notes are ephemeral: by default they self-destruct after the first read
No account required, no data retained beyond the note's TTL

Envoy uses AES-256-GCM encryption with PBKDF2 key derivation, the same parameters as the Enclosed web app.

Setting	Default	Description
`envoy.enclosedInstanceUrl`	`https://enclosed.cc`	Enclosed instance to use
`envoy.defaultTtl`	`86400` (1 day)	Default link expiration, in seconds
`envoy.defaultDeleteAfterReading`	`true`	Destroy note after first read
`envoy.shouldCopyEnclosedUrl`	`true`	Copy web link to clipboard; disable to copy VS Code deep link instead

Access via Settings → Extensions → Envoy or add to your settings.json.

To point Envoy to your own Enclosed instance:

Open Settings → Extensions → Envoy → Instance URL (envoy.enclosedInstanceUrl)
Set it to your instance, e.g. https://notes.mycompany.com

For self-hosting Enclosed itself, see the Enclosed documentation.

Envoy uses Enclosed as its backend by default. Enclosed is an independent open-source project by @CorentinTh, not affiliated with this extension.

Icon credits: see ATTRIBUTION.md.