Develop with Secrets
Shifting security left shouldn't be rocket science. You focus on building; we'll take care of SecretOps.
Seamless dev experience
Create, list and manage secrets from your terminal.
Runtime Secret Injection
Seamlessly inject secrets into your application, container, or runtime as environment variables.
Work with your stack
Works with any language or framework, without the need for any code changes or added dependencies.
Deploy Secrets
Centralize, integrate and automate secret deployment pipelines across your infrastructure.
A single source of truth
Centralize your application secrets and configurations.
![Phase Console](/assets/images/integrations.webp)
Automate deployments
Automate critical tasks like secret rotation and keep your deployments in sync.
Work with your infrastructure
Set up automatic secret syncing pipelines in seconds to your favorite platforms.
![Phase Console](/assets/images/integrations.webp)
Manage and Control
Every critical security feature out of the box, with sane defaults.
Audit logs
Batteries included audit logging to monitor every secret CRUD operation.
![Phase Console](/assets/images/logs.webp)
Role-based access control
Enforce least privilege with cryptographically backed RBAC and custom roles.
version: '1.0'
user:
email: '[email protected]'
permissions:
- application: 'StarlinkCommand'
environments:
- 'development'
- 'production'
folder: '*'
access:
- resource: 'secrets'
actions:
- 'create'
- 'read'
- 'update'
- 'delete'
- resource: 'integrations'
actions:
- 'create'
- 'read'
- 'update'
- 'delete'
IP Allow Listing
Restrict access to secrets to specific IP ranges and networks.
![Phase Console](/assets/images/logs.webp)
version: '1.0'
user:
email: '[email protected]'
permissions:
- application: 'StarlinkCommand'
environments:
- 'development'
- 'production'
folder: '*'
access:
- resource: 'secrets'
actions:
- 'create'
- 'read'
- 'update'
- 'delete'
- resource: 'integrations'
actions:
- 'create'
- 'read'
- 'update'
- 'delete'
platform
Secret management that works for you
The Phase platform provides powerful tools to build flexible solutions to meet the needs of your stack. Architect your own secret management setup to be as simple or complex as you need.
import (
"log"
"github.com/phasehq/golang-sdk/phase"
)
getOpts := phase.GetSecretOptions{
EnvName: "Production",
AppName: "MyApp",
KeyToFind: "API_KEY",
}
secret, err := phaseClient.Get(getOpts)
if err != nil {
log.Fatalf("Failed to get secret: %v", err)
} else {
log.Printf("Secret: %+v", secret)
}
Encrypted
Secure by default
Phase uses end-to-end encryption along with TLS to provide multiple layers of protection for your secrets. Private keys are sharded and reconstructed in memory only at decryption. Learn more about Phase Security
![Phase Console](/assets/images/logs.webp)
Audit logs
Keep track of changes to secrets, user roles, permissions and access events with detailed logs.
DB_NAME
DB_HOST
DB_PORT
DB_USER
DB_PASSWORD
DB_CONN_STRING
> phase run "printenv | grep DB_CONN_STRING"
DB_CONN_STRING=postgresql://api:yc57lc4y57lk568gdxchg3@localhost:5432/postgres
Secret referencing
Construct sophisticated configuration patterns by using references to other secrets and inheriting values across folders and environments Explore
![Phase Console](/assets/images/integrations.webp)
Native integrations
Integrate, don't replace. Phase works hand-in-hand with your favoritie tools and platforms to keep your application secrets secure and synced accross your infrastructure. Explore
![Phase Console](/assets/images/secret-history.webp)
Secret Diffs & Roll-back
Track secret changes over time via git-styled diffs. Restore secrets or entire environments with a single click.