You could securely exchange .env files using public key cryptography with a tool such as GPG. Broadly, you'd 1) generate a key-pair, 2) export and share the key to your co-worker, 3) import your co-worker's public key 4) encrypt your file 5) send the encrypted file via email or any channel to your co-worker 6) decrypt!
You can revoke access to that person by changing your .env file credentials and deleting your co-worker's key.
You can revoke access to that person by changing your .env file credentials and deleting your co-worker's key.