Phase Console


Open-source encryption and key management platform for app developers.



Phase is an all-in-one platform for developers to securely create, manage and deploy application secrets across local development 💻, CI tools 🔨, and cloud ☁️ infrastructure.

An open source and developer-friendly alternative to HashiCorp Vault and AWS Secrets Manager that works with your whole team 🧑‍💻.

Phase Console

Phase Console
📈Phase Console: Dashboard for seamlessly creating, managing, rotating secrets and environment variables
⌨️CLI: Import existing secrets from .env files, encrypt them and securely inject them in your application at runtime
🤫Secret management: Secret Diffs, version control and Point-in-time Recovery
🙋RBAC: Fine-grained, role-based and cryptographic access control, per application, per environment.
🔌Integrations: Automatically sync secrets to GitHub, Cloudflare Pages, AWS Secrets Manager etc.
KubernetsKubernetes: Automatically deploy secrets to your Kubernetes Cluster with End-to-End encryption via Phase Secrets Operator
⛓️Secret referencing & overrides: Create personal secrets. Inherit values from other secrets
🥡Self Hosting: Run Phase on your own infrastructure
🔑Service Tokens: Authenticate CI runners, build tools and production environment with granular scope
🔍Audit Logs: Complete visibility into every change and access event

Explore Phase Console

CLI - Import, Encrypt and Inject secrets

Phase CI

λ phase
Securely manage and sync environment variables with Phase.


  -h, --help   show this help message and exit
  --version, -v
               show program's version number and exit


    auth             💻 Authenticate with Phase
    init             🔗 Link your project with your Phase app
    run              🚀 Run and inject secrets to your app
    secrets          🗝️ Manage your secrets
    secrets list     📇 List all the secrets
    secrets get      🔍 Get a specific secret by key
    secrets create   💳 Create a new secret
    secrets update   📝 Update an existing secret
    secrets delete   🗑️ Delete a secret
    secrets import   📩 Import secrets from a .env file
    secrets export   🥡 Export secrets in a dotenv format
    users            👥 Manage users and accounts
    users whoami     🙋 See details of the current user
    users logout     🏃 Logout from phase-cli
    users keyring    🔐 Display information about the Phase keyring
    console          🖥️ Open the Phase Console in your browser
    update           🆙 Update the Phase CLI to the latest version

Explore Phase CLI

Getting started

Check out the Quickstart Guides

Use Phase Cloud

The quickest and most reliable way to get started is by signing up on the Phase Console.

Deploy Phase Console on your infrastructure
DockerDocker Compose
GCPGoogle Cloud Platform
🥡Self-hosting Phase


More coming soon!

Community vs Enterprise edition

Phase operates on an open-core model, similar to that of GitLab.

This repo available under the MIT expat license, with the exception of the ee directory which will contain Pro or Enterprise features requiring a Phase license.


For more information on how Phase encryption works, please see the Security Docs

Please do not file GitHub issues or post on our public forum for security vulnerabilities, as they are public!

For more information see:


We love contributions. See

You can join our Slack if you have any questions!