Phase Console
Open-source encryption and key management platform for app developers.
Security
Open source platform for fast-moving engineering teams to secure and deploy application secrets ā from development to production.
A developer-friendly alternative to HashiCorp Vault and AWS Secrets Manager that works with your whole team š§āš».
Phase Console
https://github.com/user-attachments/assets/160c721d-a941-440a-bc42-afd419c1df18
| Features | |
|---|---|
| š | Phase Console: Dashboard for seamlessly creating, managing, rotating secrets, and environment variables |
| āØļø | CLI: Import existing secrets from .env files, encrypt them, and securely inject them in your application at runtime |
| š¤« | Secret management: Secret Diffs, version control, and recovery |
| š | RBAC: Fine-grained, role-based, and cryptographic access control, per application, per environment. |
| š | Integrations: Automatically sync secrets to GitHub, Cloudflare Pages, GitLab CI, Railway, AWS Secrets Manager, etc. |
 | Kubernetes: Automatically deploy secrets to your Kubernetes Cluster with End-to-End encryption via Phase Secrets Operator |
| āļø | Secret referencing & overrides: Create personal secrets. Inherit values from other secrets |
| š | REST API: Access and manage secrets programmatically |
| š¦ | SDKs: SDKs for integrating Phase with various programming languages and frameworks |
| š„” | Self Hosting: Run Phase on your own infrastructure |
| š | Audit Logs: Complete visibility into every change and access event |
CLI - Import, Encrypt and Inject secrets
Ī» phase
Securely manage application secrets and environment variables with Phase.
@@@
@@@@@@@@@@
@@@@@@@@@@@@@@@@
P@@@@@&@@@?&@@&@@@@@P
P@@@@# @&@ @P@@@
&@@@# *@& #@@@&
&@@@5 &@? 5@@@&
Y@@@# ^@@ #@@@J
#@@@7 B@5 7@@@#
#@@@? .@@. ?@@@#
@@@@& 5@G &@@@7
#@@@B @@^ #@@@B
B@@@@ .@# 7@@@@B
@@@@@@ &.@ P@@@@@7
@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@
@@@@@@@@
@@@
options:
-h, --help show this help message and exit
--version, -v
show program's version number and exit
Commands:
auth š» Authenticate with Phase
init š Link your project with your Phase app
run š Run and inject secrets to your app
secrets šļø Manage your secrets
secrets list š List all the secrets
secrets get š Get a specific secret by key
secrets create š³ Create a new secret
secrets update š Update an existing secret
secrets delete šļø Delete a secret
secrets import š© Import secrets from a .env file
secrets export š„” Export secrets in a dotenv format
users š„ Manage users and accounts
users whoami š See details of the current user
users logout š Logout from phase-cli
users keyring š Display information about the Phase keyring
docs š Open the Phase CLI Docs in your browser
console š„ļø Open the Phase Console in your browser
update š Update the Phase CLI to the latest version
Getting started
Check out the Quickstart Guides
Use Phase Cloud
The quickest and most reliable way to get started is by signing up on the Phase Console.
Self-host Phase
| Deploy Phase Console on your infrastructure | |
|---|---|
 | Docker Compose |
 | AWS |
 | Google Cloud Platform |
 | Azure |
 | DigitalOcean |
| š„” | Self-hosting Phase |
SDKs
More coming soon!
Community vs Enterprise edition
Phase operates on an open-core model, similar to that of GitLab.
This repo is available under the MIT expat license, with the exception of the ee directory which will contain Pro or Enterprise features requiring a Phase license.
Security
For more information on how Phase encryption works, please see the Security Docs
Please do not file GitHub issues or post on our public forum for security vulnerabilities, as they are public!
For more information see: SECURITY.md
Contributing
We love contributions. See CONTRIBUTING.md
You can join our Slack if you have any questions!