Open Source, end-to-end encrypted, self-hostable all in one platform for developers to manage secrets and environment variables. From their laptop 💻 to the cloud ☁️.
-
Phase Console: Dashboard for seamlessly creating, managing, rotating secrets and environment variables
-
Hold your keys: Maintain self-custody of your root keys via 24 word mnemonic phrase
-
Secret management: Diffs, version control and Point-in-time Recovery
-
RBAC: Fine-grained, role-based and cryptographic access control, per application, per environment.
-
Service Tokens: Authenticate CI runners, build tools and production environment with granualar-scope
-
Secret referencing: Inherit secrets to create sophisticated configurations
-
Audit Logs: Compelte visibility into every change and access event
-
Self Hosting: Run Phase on your own infrastructure
-
Phase KMS: A zero knowledge key management service
-
SDKs: Encrypt / decrypt data with a few lines of code.
And much more.
# Your existing secrets
> cat .env
AWS_ACCESS_KEY_ID="AKIA2OGYBAH63UA3VNFG"
AWS_SECRET_ACCESS_KEY="V5yWXDe82Gohf9DYBhpatYZ74a5fiKfJVx8rx6W1"
# Import your existing secrets
> phase secrets import .env
Successfully imported and encrypted 2 secrets.
To view them please run: phase secrets list
# View your secrets in Phase
> phase secrets list
KEY 🗝️ | VALUE ✨
----------------------------------------------------------------------------------------------------
AWS_ACCESS_KEY_ID | AKI**************NFG
AWS_SECRET_ACCESS_KEY | V5y**********************************6W1
🥽 To uncover the secrets, use: phase secrets list --show
# Get rid of your .env
> rm .env
# Seamlessly inject secrets during runtime
> phase run yarn dev
$ next dev
ready - started server on 0.0.0.0:3000, url: http://localhost:3000
- CLI: Fetch, decrypt and inject secrets and environment variables to your application. Zero code changes required.
- Inject
- Export secrets in a dotenv format
- Cross platform: Easily install the Phase CLI on macOS, Ubuntu/Arch/Redhat/Alpine Linux, Windows, Docker.
- Keyring Integration - Store keys and credentials securely in macOS Keychain, Windows Credential Locker, KDE Wallet, GNOME Keyring etc.
- Private Key Sharding: Avoid single point of compromise of the private key via secret splitting schemes
Check out the Quickstart Guides
The quickest and most reliable way to get started is making a new free account on the Phase Console.
See: Self-hosting Phase
More coming soon!
Phase operates on an open-core model, similar to that of GitLab.
This repo available under the MIT expat license, with the exception of the ee
directory which will contain Pro or Enterprise features requiring a Phase license.
For more information on how Phase encryption works, please see the Security Docs
Please do not file GitHub issues or post on our public forum for security vulnerabilities, as they are public!
For more information see: SECURITY.md
We love contributions. See CONTRIBUTING.md
You can join our Slack if you have any questions!