Keep secrets. Open source platform for teams and AI agents to securely access, manage and deploy application secrets — from development to production.
Joined January 2024
- Tweets 173
- Following 2
- Followers 49
- Likes 205
95 Photos and videos
Jun 4
📜 CHANGELOG - Our biggest release yet!
May ’26:
- Teams, Team Roles & Policies
- SCIM for Okta and Microsoft Entra ID
- Platform-wide REST APIs
- Organization Audit Logs
2
1
5
93
Jun 4
Audit Logs - A new organization-wide audit logging engine that captures every action across your Phase instance.
Who performed the action, what changed, the before/after diff, and the surrounding context -- IP address, user agent, and timestamp.
1
2
18
May 12
📜 CHANGELOG
April ’26:
- Offline mode: for when stuck on localhost ️✈🚇🛜⁉️
- Azure External Identity
- Secret reference tab completions
- Self-serve OIDC SSO
- Full auth rewrite. No more NextAuth! 🥳
1
2
5
49
Apr 8
New – PHASE_OFFLINE=1
Stuck on localhost? ✈️🚇🛜⁉️
All your secrets and configs remain securely available.
1
3
4
137
Apr 8
Pass a simple flag and access the most recent encrypted cache. More - docs.phase.dev/cli/commands#…
1
28
Apr 4
⌨️ Tab completion for secrets and configs across your organization.
Imagine securely stitching together configs from all the .env and .yml files in your org.
- Tab to complete
- Enter to accept
- Ctrl/Cmd Enter to open a secret, environment, or app in a new tab
1
1
4
129
Apr 4
Behind the scenes, we handle:
- Client-side end-to-end encrypted secret lookups
- Config validation
- Role-based access control (RBAC)
- Secret deployment mapped to GitHub, Vercel, AWS, etc.
3
31
Apr 1
📜 CHANGELOG
March ’26:
- CLI 2.0: AI skills, Python → Go rewrite, 90% smaller, 5× faster, 16 build targets
- Azure Key Vault secrets sync
- Azure External Identity
- Authelia OIDC SSO
- Go SDK 2.0: No CGO/libsodium, dynamic secrets
- Secret types: Config, Secret, Sealed secret
1
3
5
145
Mar 31
📌ed to "axios": "^1.13.5" ✅
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages.
The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise.
This is textbook supply chain installer malware. axios has 100M weekly downloads. Every npm install pulling the latest version is potentially compromised right now.
Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that:
• Deobfuscates embedded payloads and operational strings at runtime
• Dynamically loads fs, os, and execSync to evade static analysis
• Executes decoded shell commands
• Stages and copies payload files into OS temp and Windows ProgramData directories
• Deletes and renames artifacts post-execution to destroy forensic evidence
If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
4
72
