Version History & Rollbacks
Track every change to your secrets and rollback to previous versions instantly with Redenv's built-in version control.
Every time you add or edit a secret in Redenv, a new version is created automatically. No extra commands, no configuration — you get a complete audit trail and instant rollbacks out of the box.
Info
Think of it like Git for individual secrets — every change is tracked, every version is recoverable, but without branches or merge conflicts.
How Versioning Works#
Each secret maintains an array of versions, ordered from newest to oldest:
| Version | Timestamp | User | Value |
|---|---|---|---|
| 5 | 1/26/2026, 1:53:05 AM | prassamin@gmail.com | version_5_value |
| 4 | 1/26/2026, 1:52:58 AM | prassamin@gmail.com | version_4_value |
| 3 | 1/26/2026, 12:34:03 AM | stk_eph_studio_prassam… | version_3_value |
| 2 | 1/24/2026, 7:49:34 PM | prassamin@gmail.com | version_2_value |
| 1 | 1/24/2026, 7:04:51 PM | prassamin@gmail.com | version_1_value |
Every version records four things:
| Field | Description |
|---|---|
| Value | The encrypted secret value |
| Version | Sequential integer (1, 2, 3, …) — immutable once created |
| User | Who made the change (email or token ID) |
| Timestamp | When the version was created (ISO 8601) |
Viewing History#
See all versions of a secret:
redenv history view API_KEYOutput:
| Version | Timestamp | User | Value |
|---|---|---|---|
| 2 | 1/24/2026, 7:49:34 PM | prassamin@gmail.com | version_2_value |
| 1 | 1/24/2026, 7:04:51 PM | prassamin@gmail.com | version_1_value |
Rolling Back#
Restore a previous version:
# Rollback to version 1
redenv rollback API_KEY --to 1This creates a new version (version 3) with the content from version 1:
| Version | Timestamp | User | Value |
|---|---|---|---|
| 3 | 1/24/2026, 7:49:34 PM | prassamin@gmail.com | version_1_value |
| 2 | 1/24/2026, 7:49:34 PM | prassamin@gmail.com | version_2_value |
| 1 | 1/24/2026, 7:04:51 PM | prassamin@gmail.com | version_1_value |
Info
Rollback doesn't delete versions — it creates a new one. The complete history is always preserved.
To rollback to the immediately previous version, omit the --to flag:
redenv rollback API_KEY
# Equivalent to: redenv rollback API_KEY --to <previous version>Version Limits#
By default, Redenv stores all versions forever. You can set a per-secret limit to manage storage:
# Keep only the last 10 versions per secret
redenv history limit 10When the limit is reached, the oldest versions are automatically pruned.
# Check the current limit
redenv history limit --show
# Remove the limit (keep all versions)
redenv history limit --unlimitedInfo
Version limits apply per secret, not globally. A limit of 10 means each secret keeps its 10 most recent versions independently.
Accessing Versions in SDKs#
Fetch specific versions programmatically using the JavaScript or Python SDK.
// Get version 5 by version number
const v5 = await redenv.getVersion("API_KEY", 5);
// Get the previous version (1 version older than current)
const prev = await redenv.getVersion("API_KEY", 1, "index");
// Get the oldest version
const oldest = await redenv.getVersion("API_KEY", -1);# Get version 5 by version number
v5 = await client.get_version("API_KEY", 5)
# Get previous version
prev = await client.get_version("API_KEY", 1, mode="index")
# Get oldest version
oldest = await client.get_version("API_KEY", -1)Modes:
| Mode | Description | Example |
|---|---|---|
"id" (default) | Version number | 5 = version 5 |
"index" | Array offset from latest | 0 = latest, 1 = previous, -1 = oldest |
Use Cases#
Emergency Rollback#
A newly deployed secret breaks production:
# Immediately restore the previous working value
redenv rollback DATABASE_URLApplications using the SDK pick up the old value on the next cache refresh (default: 5 minutes).
Audit Trail#
Investigate when and by whom a secret was changed:
redenv history view STRIPE_KEYUseful for compliance, security audits, or debugging production incidents.
Time Travel for Testing#
Test how your app behaves with an old configuration:
const oldConfig = await redenv.getVersion("FEATURE_FLAG", 5);
// Run assertions against the old valueStorage & Performance#
| Metric | Value |
|---|---|
| Size per version | ~100–500 bytes (depends on secret length) |
| 1,000 secrets × 10 versions | ~500 KB–5 MB |
| Fetch latest version | Instant |
| Fetch older version | <10ms for 100 versions |
| Redis free tier | 256 MB (plenty of headroom) |
Info
For most projects, keeping 10–20 versions per secret is a good balance between history depth and storage.
Redenv vs. Git#
| Feature | Redenv | Git |
|---|---|---|
| Granularity | Per secret | Per file / repo |
| Rollback | Instant, one command | Commit + push + deploy |
| History storage | Encrypted in Redis | .git directory |
| Audit trail | Built-in per-version metadata | Requires commit messages |
| Merge conflicts | N/A (single source of truth) | Possible |
Best Practices#
- Set reasonable limits — 10–50 versions per secret is usually sufficient
- Test rollbacks in staging — practice before relying on them in production
- Backup before bulk operations — use
redenv backupbefore imports or clones - Review history after incidents — version metadata helps with root cause analysis