Phase is an all-in-one platform for developers to securely create, manage and deploy application secrets across local development 💻, CI tools 🔨, and cloud ☁️ infrastructure.
An open source and developer-friendly alternative to HashiCorp Vault and AWS Secrets Manager that works with your whole team 🧑💻.
| Features | |
|---|---|
| 📈 | Phase Console: Dashboard for seamlessly creating, managing, rotating secrets and environment variables |
| ⌨️ | CLI: Import existing secrets from .env files, encrypt them and securely inject them in your application at runtime |
| 🤫 | Secret management: Secret Diffs, version control and Point-in-time Recovery |
| 🙋 | RBAC: Fine-grained, role-based and cryptographic access control, per application, per environment. |
| 🔌 | Integrations: Automatically sync secrets to GitHub, Cloudflare Pages, AWS Secrets Manager etc. |
 |
Kubernetes: Automatically deploy secrets to your Kubernetes Cluster with End-to-End encryption via Phase Secrets Operator |
| ⛓️ | Secret referencing & overrides: Create personal secrets. Inherit values from other secrets |
| 🥡 | Self Hosting: Run Phase on your own infrastructure |
| 🔑 | Service Tokens: Authenticate CI runners, build tools and production environment with granular scope |
| 🔍 | Audit Logs: Complete visibility into every change and access event |
λ phase
Securely manage and sync environment variables with Phase.
⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⠔⠋⣳⣖⠚⣲⢖⠙⠳⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⡴⠉⢀⡼⠃⢘⣞⠁⠙⡆⠀⠘⡆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⢀⡜⠁⢠⠞⠀⢠⠞⠸⡆⠀⠹⡄⠀⠹⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⢀⠞⠀⢠⠏⠀⣠⠏⠀⠀⢳⠀⠀⢳⠀⠀⢧⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⢠⠎⠀⣠⠏⠀⣰⠃⠀⠀⠀⠈⣇⠀⠘⡇⠀⠘⡆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⢠⠏⠀⣰⠇⠀⣰⠃⠀⠀⠀⠀⠀⢺⡀⠀⢹⠀⠀⢽⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⢠⠏⠀⣰⠃⠀⣰⠃⠀⠀⠀⠀⠀⠀⠀⣇⠀⠈⣇⠀⠘⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⢠⠏⠀⢰⠃⠀⣰⠃⠀⠀⠀⠀⠀⠀⠀⠀⢸⡀⠀⢹⡀⠀⢹⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⢠⠏⠀⢰⠃⠀⣰⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣇⠀⠈⣇⠀⠈⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠛⠒⠚⠛⠒⠓⠚⠒⠒⠓⠒⠓⠚⠒⠓⠚⠒⠓⢻⡒⠒⢻⡒⠒⢻⡒⠒⠒⠒⠒⠒⠒⠒⠒⠒⣲⠒⠒⣲⠒⠒⡲⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢧⠀⠀⢧⠀⠈⣇⠀⠀⠀⠀⠀⠀⠀⠀⢠⠇⠀⣰⠃⠀⣰⠃⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⡆⠀⠘⡆⠀⠸⡄⠀⠀⠀⠀⠀⠀⣠⠇⠀⣰⠃⠀⣴⠃⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠹⡄⠀⠹⡄⠀⠹⡄⠀⠀⠀⠀⡴⠃⢀⡼⠁⢀⡼⠁⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⣆⠀⠙⣆⠀⠹⣄⠀⣠⠎⠁⣠⠞⠀⡤⠏⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠳⢤⣈⣳⣤⣼⣹⢥⣰⣋⡥⡴⠊⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀
Options:
-h, --help show this help message and exit
--version, -v
show program's version number and exit
Commands:
auth 💻 Authenticate with Phase
init 🔗 Link your project with your Phase app
run 🚀 Run and inject secrets to your app
secrets 🗝️ Manage your secrets
secrets list 📇 List all the secrets
secrets get 🔍 Get a specific secret by key
secrets create 💳 Create a new secret
secrets update 📝 Update an existing secret
secrets delete 🗑️ Delete a secret
secrets import 📩 Import secrets from a .env file
secrets export 🥡 Export secrets in a dotenv format
users 👥 Manage users and accounts
users whoami 🙋 See details of the current user
users logout 🏃 Logout from phase-cli
users keyring 🔐 Display information about the Phase keyring
console 🖥️ Open the Phase Console in your browser
update 🆙 Update the Phase CLI to the latest versionCheck out the Quickstart Guides
The quickest and most reliable way to get started is by signing up on the Phase Console.
| Deploy Phase Console on your infrastructure | |
|---|---|
 |
Docker Compose |
 |
AWS |
 |
Google Cloud Platform |
 |
Azure |
 |
DigitalOcean |
| 🥡 | Self-hosting Phase |
More coming soon!
Phase operates on an open-core model, similar to that of GitLab.
This repo available under the MIT expat license, with the exception of the ee directory which will contain Pro or Enterprise features requiring a Phase license.
For more information on how Phase encryption works, please see the Security Docs
Please do not file GitHub issues or post on our public forum for security vulnerabilities, as they are public!
For more information see: SECURITY.md
We love contributions. See CONTRIBUTING.md
You can join our Slack if you have any questions!