Roadmap

AES-256-GCM encryption

Secrets are encrypted at rest and in transit on every plan.

CLI (any shell)

envshed login, init, pull, run — single binary, macOS/Linux/Windows.

Service tokens

Scoped machine-to-machine auth for CI/CD and infrastructure.

Audit trail

Every read, write, and admin action logged with user and timestamp.

SAML SSO

Okta, Azure AD, Google Workspace, or any SAML 2.0 IdP on Business.

Webhooks

Notify your systems when secrets change or environments are updated.

GitHub Actions

Inject secrets into workflows with a single step.

Node.js SDK

@envshed/node for managing secrets from backend code and scripts.

Docker & Coolify

Documented flows for injecting secrets into container deployments.

Secret expiration

Set expiry dates with UI and CLI warnings before and after.

Personal overrides

Per-user values on top of shared project config.

Vercel integration

One-click sync of Envshed projects into Vercel environment variables.

Self-hosting

Run Envshed on your own infrastructure. No date commitment yet.

AWS Secrets Manager sync

Two-way sync with AWS Secrets Manager so existing pipelines keep working.

Terraform provider

Manage environments, projects, and secrets as code.

SCIM provisioning

Automated user provisioning and deprovisioning from your IdP.