announcementlaunchsecrets-management

Announcing secr: Public Beta

secr is now in public beta. A CLI-first secrets manager that replaces .env files with encrypted, synced environment variables your whole team can share.

secr team·

We built secr because managing secrets shouldn't require a dedicated platform team, a 200-page runbook, or a six-figure contract.

Today, secr is in public beta — free for up to 3 projects.

The problem

Every team we talked to had the same story:

  1. Someone commits a .env file to Git.
  2. New hires DM each other for API keys on Slack.
  3. Production secrets live in a shared 1Password vault that three people have access to.
  4. Nobody knows which secrets are actually in use.

Tools like HashiCorp Vault solve this — but they're built for platform teams with dedicated infrastructure. Most product teams need something simpler.

What secr does differently

secr is a CLI-first secrets manager designed for small-to-mid teams shipping web apps. Three ideas drive the design:

Secrets never touch disk

Run secr run -- npm start and your environment variables are injected directly into the process. No .env file is written. Nothing for an AI coding agent — or a careless git add . — to leak.

Encryption by default

Every secret is encrypted with AES-256-GCM using per-project keys wrapped by your KMS provider. You don't configure this; it just happens.

Environments are first-class

Dev, staging, and production each have their own secret set. Promote a secret from staging to production with a single command:

secr promote DATABASE_URL --from staging --to production
ℹ️

secr supports AWS KMS, Google Cloud KMS, and Azure Key Vault. You can also run with a local key for development.

What's included in the beta

The public beta ships with everything you need for day-to-day secrets management:

  • CLIsecr init, secr set, secr pull, secr run, and more
  • Dashboard — web UI for browsing secrets, managing teams, and viewing audit logs
  • SDKs — TypeScript, Python, and Go
  • Integrations — Vercel, Netlify, and GitHub Actions
  • Secret scanningsecr scan checks your codebase for leaked credentials
  • Import — pull secrets from Vercel, Heroku, Railway, Render, and 10 other providers

Getting started

Install the CLI and create your first project in under a minute:

npm install -g @secr/cli
secr login
secr init
secr set DATABASE_URL "postgres://..."
secr run -- npm start

That's it. Your secrets are encrypted, synced, and never written to disk.

What's next

We're working on SSO/SAML, secret rotation policies, and more. Check the roadmap to see what's coming next.

secr is free for up to 3 projects. Create your account and stop sharing secrets over Slack.

← Back to blog

Ready to get started?

Stop sharing secrets over Slack. Get set up in under two minutes.

Create your account