Roadmap
Where Envshed is today and where it's headed. Honest about state — planned work has no date commitments.
Shipped
Live in production today.
AES-256-GCM encryption
Secrets are encrypted at rest and in transit on every plan.
CLI (any shell)
envshed login, init, pull, run — single binary, macOS/Linux/Windows.
Service tokens
Scoped machine-to-machine auth for CI/CD and infrastructure.
Audit trail
Every read, write, and admin action logged with user and timestamp.
SAML SSO
Okta, Azure AD, Google Workspace, or any SAML 2.0 IdP on Business.
Webhooks
Notify your systems when secrets change or environments are updated.
GitHub Actions
Inject secrets into workflows with a single step.
Node.js SDK
@envshed/node for managing secrets from backend code and scripts.
Docker & Coolify
Documented flows for injecting secrets into container deployments.
Secret expiration
Set expiry dates with UI and CLI warnings before and after.
Personal overrides
Per-user values on top of shared project config.
In progress
Actively being built.
Planned
On the list. No promised date.
Vercel integration
One-click sync of Envshed projects into Vercel environment variables.
GitLab CI integration
Inject Envshed secrets into GitLab pipelines with a single include.
Python SDK
Official @envshed/python library for Python apps and scripts.
Netlify integration
Sync Envshed projects into Netlify site environment variables.
CircleCI integration
Load Envshed secrets into CircleCI jobs via an Orb.
AWS Secrets Manager sync
Two-way sync with AWS Secrets Manager so existing pipelines keep working.
Terraform provider
Manage environments, projects, and secrets as code.
Kubernetes (ESO)
External Secrets Operator provider that pulls Envshed values into cluster secrets.
Self-hosting
Run Envshed on your own infrastructure. No date commitment yet.
SCIM provisioning
Automated user provisioning and deprovisioning from your IdP.
Have a request? File an issue on GitHub or reach out — we prioritize what teams actually need.