Workers Integration, OIDC Auth support + more

We've added native integration for Cloudflare Workers along with a host of new features and DX updates including:

• OIDC Auth for self-hosted instances supporting Google, Microsoft Entra ID and JumpCloud
• Drag & drop imports in the Console to seamlessly import .env files into apps and environments
• A one-click programmatic access menu to get a one-liner shell command to fetch secrets based on your app, environment and folder
• Improved folder UX when managing secrets across environments
• Editable app names
• UI optimizations for smaller screens

Cloudflare Workers Integration

You can now sync secrets to your Cloudflare workers via the native integration directly in the Console. To set up a sync, you'll need to add authentication credentials by way of an Account ID and Access token. Check out the docs for detailed instructions on how to get these from the Cloudflare dashboard. You can also re-use existing Cloudflare credentials that you may be using for Pages syncs.

Next, simply select an Environment and path to sync secrets from, and choose your Cloudflare Worker as the destination:

Secrets will now automatically sync with Cloudflare whenever you make changes to your environment:

Synced secrets are stored in Cloudflare Workers environment variables as Encrypted for additional protection. This means that you will not be able to see the secret value in the Cloudflare Workers UI, but you can still use the secrets in your Worker scripts.

Drag & Drop .env Files

We've made it easier to import secrets into your Apps and Environments by dragging-and-dropping .env files or selecting them from your filesystem:

By default, this will parse all key-value pairs in your .env files, as well as any comments that are either in-line or precede a key-value pair. You can also open the "Import secrets" menu for more detailed import options as well as a textarea to simply paste the contents of your .env file.

You can also import .env files into multiple Environments simultaneously from the Secrets tab. You'll be able to decide which specific environments to import into, and whether or not to include values and comments in each respective Environment. This is great for quickly initializing your App with dev secrets from your local .env file, while populating other Environments with just the corresponding keys.

OIDC Auth

We've added support for OIDC authentication for self-hosted instances. Currently Google, JumpCloud, and Microsoft Entra ID are supported as authentication providers. OIDC is currently available on self-hosted instances of Phase Enterprise, and allows organizations with a pre-existing OIDC authentication setup to use this to manage users in their Phase instance. Check out the docs for more information on setting up OIDC with your Phase instance.

One-click Programmatic Access

The Console now has a "One-click access" menu in the top right of the screen when inside of an App. Open this menu and click to copy a one-liner for either the CLI or REST API to fetch secrets from the current environment and path (this defaults to the first environment and the root / path if in the app home).

A temporary PAT is generated to authenticate the request. This is great for quickly fetching secrets either in your dev environment or in a shell session on a remote machine.

Improved Folder UX

Managing secrets in folders across environments is easier now, as the Console has been updated to maintain your folder path context when switching environments. This should make it easier to make sure your folder structure remains consistent across environments, and was a feature that was highly requested by monorepo users in particular.

Misc other updates

In addition to the updates above, we've shipped several other improvements and bugfixes to the Console. Some notable updates include:

• Editable app names: You can now update your App names from the App Settings page.
• Responsive UI updates: We've improved the UI to be more responsive and usable on a variety of screen sizes, particularly smaller laptop and mobile displays.
• Logged exports: Secrets exported from the Console are now logged.

Login to Phase Cloud to check out all the latest features, or upgrade to v2.39.0 if you are self-hosting.

We have many more updates and features shipping soon, and even more on our roadmap. Reach out on Slack or GitHub if you have any suggestions, questions or feedback on this release!