Manage secrets and environment variables

Open source platform for fast-moving engineering teams to secure and deploy application secrets — from development to production.

Develop with Secrets

Shifting security left shouldn't be rocket science. You focus on building; we'll take care of SecretOps.

Seamless dev experience
Create, list and manage secrets from your terminal.
Runtime Secret Injection
Seamlessly inject secrets into your application, container, or runtime as environment variables.
Work with your stack
Works with any language or framework, without the need for any code changes or added dependencies.

Deploy Secrets

Centralize, integrate and automate secret deployment pipelines across your infrastructure.

A single source of truth
Centralize your application secrets and configurations.
Phase Console
Automate deployments
Automate critical tasks like secret rotation and keep your deployments in sync.
Phase Console
Work with your infrastructure
Set up automatic secret syncing pipelines in seconds to your favorite platforms.

Manage and Control

Every critical security feature out of the box, with sane defaults.

Audit logs
Batteries included audit logging to monitor every secret CRUD operation.
Phase Console
Role-based access control
Enforce least privilege with cryptographically backed RBAC and custom roles.
version: '1.0'
  email: '[email protected]'
  - application: 'StarlinkCommand'
      - 'development'
      - 'production'
    folder: '*'
      - resource: 'secrets'
          - 'create'
          - 'read'
          - 'update'
          - 'delete'
      - resource: 'integrations'
          - 'create'
          - 'read'
          - 'update'
          - 'delete'
IP Allow Listing
Restrict access to secrets to specific IP ranges and networks.

Secret management that works for you

The Phase platform provides powerful tools to build flexible solutions to meet the needs of your stack. Architect your own secret management setup to be as simple or complex as you need.

import (

getOpts := phase.GetSecretOptions{
  EnvName:   "Production",
  AppName:   "MyApp",
  KeyToFind: "API_KEY",

secret, err := phaseClient.Get(getOpts)
if err != nil {
    log.Fatalf("Failed to get secret: %v", err)
} else {
    log.Printf("Secret: %+v", secret)
Access secrets programmatically and build powerful workflows via the REST API and versatile SDKs.

Secure by default
Phase uses end-to-end encryption along with TLS to provide multiple layers of protection for your secrets. Private keys are sharded and reconstructed in memory only at decryption. Learn more about Phase Security
Phase Console
Audit logs
Keep track of changes to secrets, user roles, permissions and access events with detailed logs.
> phase run "printenv | grep DB_CONN_STRING"
Secret referencing
Construct sophisticated configuration patterns by using references to other secrets and inheriting values across folders and environments Explore
Phase Console
Native integrations
Integrate, don't replace. Phase works hand-in-hand with your favoritie tools and platforms to keep your application secrets secure and synced accross your infrastructure. Explore
Phase Console
Secret Diffs & Roll-back
Track secret changes over time via git-styled diffs. Restore secrets or entire environments with a single click.


We build in public. Check out the latest feature drops and improvements to Phase.


The fastest and easiest way to get started with Phase. Spin up an app in minutes. Hosted in Frankfurt 🇩🇪


Run Phase on your own infrastructure and maintain full control. Perfect for customers with strict compliance requirements.