update readme for secrets

README.md

@@ -3,7 +3,7 @@
   <img height="68" width="306" src="img/phase-console-wordmark-dark.png" alt="Phase">
 </h1>
 
-<h3 align="center">Open Source, end-to-end encrypted key management platform for developers to encrypt data in their apps.</h3>
+<h3 align="center">Open Source, end-to-end encrypted, self-hostable all in one platform for developers to manage secrets and environment variables. From their laptop 💻 to the cloud ☁️.</h3>
 
 <div align="center">
   <a href="https://phase.dev">Website</a> |
@@ -13,45 +13,75 @@
 </div>
 
 <hr/>
+
+<br>
+
 
-<img src="img/console-home.png" width="100%" alt="Phase Console" />
+## Console
+
+<img src="img/environment-secrets.png" width="100%" alt="Phase Console" />
 
 <div width="100%">
-  <img src="img/console-logs.png" alt="Phase Console" width="47%">
+  <img src="img/secrets-overview.png" alt="Phase Console" width="45%">
   &nbsp; &nbsp; &nbsp; &nbsp;
-  <img src="img/vscode-demo.png" alt="Phase Console" width="47%"/>
+  <img src="img/members.png" alt="Phase Console" width="45%"/>
 </div>
-
-<br>
 
-[Phase Console](https://phase.dev) is an open source, end-to-end encrypted key management solution for developers to seamlessly encrypt production data in their apps.
+- **[Phase Console](https://console.phase.dev)**: Dashboard for seamlessly creating, managing, rotating secrets and environment variables
 
-We're on a mission to make strong encryption accessible to all developers, not just security teams. That means redesigning the entire developer experience from the ground up.
-
-## Features
-
-- **[Phase Console](https://console.phase.dev)**: Dashboard for seamlessly creating, managing, rotating and monitoring keys
-- **[Phase KMS](https://phase.dev)**: A zero knowledge key management service
-- **[Dual-Key Model](https://docs.phase.dev/security#dual-key-model)**: Avoid single point of compromise of the private key via [secret splitting schemes](https://en.wikipedia.org/wiki/Secret_sharing)
 - **[Hold your keys](https://docs.phase.dev/security/phase-encryption#account-keyring)**: Maintain self-custody of your root keys via 24 word mnemonic phrase
+- **Secret management**: Diffs, version control and Point-in-time Recovery
+- **RBAC**: Fine-grained, role-based and cryptographic access control, per application, per environment.
+- **Service Tokens**: Authenticate CI runners, build tools and production environment with granualar-scope
+- **Secret referencing**: Inherit secrets to create sophisticated configurations
+- **[Audit Logs]()**: Compelte visibility into every change and access event 
 - **[Self Hosting](https://docs.phase.dev)**: Run Phase on your own infrastructure
-- **[Client SDKs](https://docs.phase.dev/sdks)**: Asynchronously encrypt data in the browsers of your users without any external API or sensitive keys [Live Demo](https://phase.dev/#use-cases)
-- **[Server SDKs](https://docs.phase.dev/sdks)**: Securely decrypt and process data in memory only when you need to with 3 lines of code
-- **[Phase I/O]()**: Self-hosted EaaS (Encryption as a Service) and a transparent proxy encryption (Coming Soon)
+- **[Phase KMS](https://phase.dev)**: A zero knowledge key management service
+- **[SDKs](https://docs.phase.dev/sdks)**: Encrypt / decrypt data with a few lines of code.
 
 And much more.
 
 ---
 
-## What about SSE?
+## CLI
+
+```bash
+# Your existing secrets
+> cat .env
+AWS_ACCESS_KEY_ID="AKIA2OGYBAH63UA3VNFG"
+AWS_SECRET_ACCESS_KEY="V5yWXDe82Gohf9DYBhpatYZ74a5fiKfJVx8rx6W1"
 
-Relying on automatic database, disk or bucket level encryption has its limitations, since the data is automatically decrypted when retrieved and the keys typically belong to the hosting provider. A breach is a single SQL or a IAM misconfiguration away.
+# Import your existing secrets
+> phase secrets import .env
+Successfully imported and encrypted 2 secrets.
+To view them please run: phase secrets list
 
-See:
+# View your secrets in Phase
+> phase secrets list
+KEY 🗝️                    | VALUE ✨                                                                  
+----------------------------------------------------------------------------------------------------     
+AWS_ACCESS_KEY_ID        | AKI**************NFG                                                     
+AWS_SECRET_ACCESS_KEY    | V5y**********************************6W1                                 
+
+🥽 To uncover the secrets, use: phase secrets list --show
+
+# Get rid of your .env
+> rm .env
+
+# Seamlessly inject secrets during runtime
+> phase run yarn dev
+$ next dev
+ready - started server on 0.0.0.0:3000, url: http://localhost:3000
+```
+
+
+- **CLI**: Fetch, decrypt and inject secrets and environment variables to your application. Zero code changes required.
+- Inject
+- Export secrets in a dotenv format
+- **Cross platform**: Easily install the Phase CLI on macOS, Ubuntu/Arch/Redhat/Alpine Linux, Windows, Docker.
+- **Keyring Integration** - Store keys and credentials securely in [macOS Keychain](https://en.wikipedia.org/wiki/Keychain_%28software%29), [Windows Credential Locker](https://learn.microsoft.com/en-us/windows/uwp/security/credential-locker), [KDE Wallet](https://en.wikipedia.org/wiki/KWallet), [GNOME Keyring](https://en.wikipedia.org/wiki/GNOME_Keyring) etc.
+- **[Private Key Sharding](https://docs.phase.dev/security#dual-key-model)**: Avoid single point of compromise of the private key via [secret splitting schemes](https://en.wikipedia.org/wiki/Secret_sharing)
 
-- [OWASP - Cryptographic Failures](https://owasp.org/Top10/A02_2021-Cryptographic_Failures/#example-attack-scenarios)
-- [IAM misconfiguration](https://github.com/nagwww/s3-leaks)
-- [Problems with S3 encryption](https://www.secwale.com/p/encryption)
 
 ---
 
@@ -65,11 +95,12 @@ The quickest and most reliable way to get started is making a new free account o
 
 ### Deploy Phase Console on your infrastructure
 
-Deployment options:
+- [Docker Compose](https://docs.phase.dev/self-hosting/docker-compose)
+- [AWS](https://docs.phase.dev/self-hosting/aws)
+- [Azure](https://docs.phase.dev/self-hosting/azure)
+- [Google Cloud Platform](https://docs.phase.dev/self-hosting/gcp)
+- [DigitalOcean](https://docs.phase.dev/self-hosting/digitalocean)
 
-- Docker-compose
-- AWS
-- DigitalOcean
 
 See: [Self-hosting Phase](https://docs.phase.dev/self-hosting)
 
@@ -83,29 +114,13 @@ See: [Self-hosting Phase](https://docs.phase.dev/self-hosting)
 
 More coming soon!
 
-Example:
-
-```js
-// Import & initialize
-const Phase = require('@phase.dev/phase-node')
-const phase = new Phase(APP_ID, APP_SECRET)
-
-// Encrypt
-const ciphertext = await phase.encrypt('hello world')
-
-// Decrypt
-const plaintext = await phase.decrypt(ciphertext)
-console.log(plaintext)
-$ hello world
-```
-
 ---
 
 ## Community vs Enterprise edition
 
-Phase operates on an [open-core](https://en.wikipedia.org/wiki/Open-core_model) model, similar to that of [GitLab](https://gitlab.com), [Infisical](https://infisical.com), [PostHog](https://posthog.com) etc.
+Phase operates on an [open-core](https://en.wikipedia.org/wiki/Open-core_model) model, similar to that of [GitLab](https://gitlab.com).
 
-This repo available under the [MIT expat license](/LICENSE), with the exception of the `ee` directory which will contain premium Pro or Enterprise features requiring a Phase license in the future.
+This repo available under the [MIT expat license](/LICENSE), with the exception of the `ee` directory which will contain Pro or Enterprise features requiring a Phase license.
 
 ---
 
@@ -121,7 +136,7 @@ For more information see: [SECURITY.md](/SECURITY.md)
 
 ## Contributing
 
-Whether it's big or small, we love contributions. See [CONTRIBUTING.md](/CONTRIBUTING.md)
+We love contributions. See [CONTRIBUTING.md](/CONTRIBUTING.md)
 
 You can join our [Slack](https://join.slack.com/t/phase-community/shared_invite/zt-1tkwzl31z-a6yCB5Uqlj~V2x43ep2Evg) if you have any questions!