Render Integration, Authentik SSO support and more

July was another busy month, with the platform seeing native integration for Render, support for Authentik SSO, new features, optimizations and bug fixes. Here's a quick catch-up of everything we've shipped over the last few weeks.

Render integration

You can now sync secrets to Render via the native integration directly in the Console. To set up a sync, add your Render API key under Integrations > Third-party credentials. Check out the docs for detailed instructions on how to get these from the Render dashboard.

Next, set up the sync by choosing your source environment and path, and either a Render Service or Environment Group as the destination:

Sync secrets to a Render Service

Sync secrets to a Render Environment Group

Secrets will now automatically sync to Render whenever you make changes to your environment. You can manage these syncs and view logs from Integrations > Syncs, or the Syncing tab in your App.

Authentik SSO support

So far the only SSO options for self-hosted instances of Phase were Google, GitHub, or GitLab. Although GitLab can be self-hosted, it was significant overkill for users who were just looking for an authentication solution without relying on a Cloud-based third party provider.

Authentik was the most highly requested alternative provider, and support for Authentik as an SSO provider is now available, allowing for a fully self-hosted authentication solution for your Phase instance. Create an Authentik app with an OAuth 2.0 / OpenID provider, set up the redirect URL, and bind your app to a policy, group or individual user.

Once your Authentik App is set up, supply the AUTHENTIK_CLIENT_ID, AUTHENTIK_CLIENT_SECRET, AUTHENTIK_URL, and AUTHENTIK_APP_SLUG env vars to your Phase instance. Make sure to add authentik to your SSO_PROVIDERS and you should be all set.

Check out the docs for complete instructions on setting up Authentik SSO for your Phase instance.

Updated import behavior

We've fixed a few bugs with the import feature in the Console and improved how imported secrets are parsed. The parser now recognizes pre-existing keys and updates their values rather than simply importing them as duplicate secrets:

We've also made various bug fixes to the import UX when deselecting certain environments, or choosing to import values or comments into a subset of your App's environments. These updates make the import experience much more usable and help quickly populate or update your Apps and Environments with secrets from .env files or other platforms.

New login screen

We've reworked the login page with a fresh coat of paint, light and dark theme variants, a system status indicator, and information about the instance you're currently on.

Miscellaneous other updates

There's plenty more that we've shipped over the last month or so, but here are the highlights.

Service account optimizations

We made several performance updates and UX improvements to the Service Account pages. Data fetching on the account detail pages has been optimized to prevent long-running queries related to tokens from blocking rendering or interactivity on other parts of the page. We've also made significant performance improvements to how Service Account and Token deletes are handled on the backend, as well as better loading states and UI feedback on the frontend.

Deleted accounts and tokens are now also shown in log data and secret history:

Improved Subscription & Billing management

Cloud users can now view and manage their subscription and account information in more detail by clicking the "Manage billing" button from Settings > Organisation > Billing. You can also view and download invoices, alter payment methods, and update tax or company information from this screen.

Updated Manager role permissions

The Manager role has been updated to include Billing management permissions.

All these features are live now on Phase Cloud and available in the latest release v2.50.2 for self-hosted users.

As always, we'd love your feedback — come say hi on Slack or GitHub.