Roadmap

Full-featured CLI

Manage secrets, environments, teams, and deployments entirely from the terminal

Web dashboard

Browse secrets, manage teams, view audit logs, and handle billing from the browser

Envelope encryption

AES-256-GCM with per-project keys wrapped by AWS, GCP, or Azure KMS

TypeScript, Python & Go SDKs

First-class clients for the three most popular backend languages

Platform integrations

Vercel, Netlify, GitHub Actions, VS Code, and Postman — plug into your existing workflow

One-click provider import

Pull secrets from 12+ providers including AWS, Vercel, Heroku, Railway, and Cloudflare

Secret scanning

Detect leaked credentials in your codebase before they reach production

Secure sharing

Share a secret via a time-limited, view-limited encrypted link — no Slack DMs

Terraform provider

Manage projects and secrets alongside the rest of your infrastructure-as-code

Webhooks

Get notified instantly when secrets are created, updated, or deleted

SSO / SAML & OIDC

Sign in with your company's identity provider via SAML or OpenID Connect

SCIM directory provisioning

Automatically sync team members from Okta, Azure AD, or Google Workspace

MFA & passkeys

Enforce multi-factor authentication and passkey login across your organization

Machine tokens (NHI)

Dedicated tokens for CI/CD pipelines and automated services — scoped, auditable, and lifecycle-managed

AI agent secrets (MCP)

Give AI agents scoped, short-lived access to secrets via the Model Context Protocol

NHI discovery & posture

See every non-human identity in your org and get a health score with actionable remediation

NHI policies

Org-level governance: require expiry, enforce least-privilege, auto-disable stale tokens

OIDC identity federation

Tokenless authentication for GitHub Actions, GitLab CI, AWS, GCP, and Kubernetes

Conditional access

Restrict token usage by IP range, time window, and user-agent

Secret rotation policies

Define rotation schedules and let secr rotate database passwords and API keys automatically

Slack & email notifications

Get notified when secrets change — first-party Slack integration and email digests

Ephemeral access

Grant time-limited access to environments that auto-revokes after expiry

Secret referencing

Reference a secret across projects — update once, propagate everywhere

Compliance reports

Generate SOC 2 and ISO 27001 evidence packages with one command

Docker integration

Inject secrets into Docker containers without writing .env files to disk

NHI anomaly detection

Baseline-aware alerting for unusual access patterns from machine identities

GitHub App

PR comments when code references env vars that don't exist in secr

Kubernetes operator

Native secret injection for containerised workloads

More SDKs

Ruby, Java, .NET, and PHP clients

Multi-region encryption

Encrypt with region-local keys for data residency and compliance