varsafeSecure secrets management

For developers and teams. CLI-first, observable by design.

Get Started

View CLI Reference

CLI-first workflow

Inject secrets directly into your process — no files, no leaks. Export to .env when needed.

End-to-end encrypted

Encrypted at rest and in transit. Decrypted only at execution time, in process memory.

Observable by design

Immutable audit trails for every access. Know who accessed what, when, and from where.

Version history & rollback

Every change tracked. Preview diffs and rollback to any previous state in one click.

SSO & OAuth

SAML 2.0, OIDC, Google, GitHub, GitLab, Bitbucket. Enterprise-ready identity federation.

Passwordless login

Passkeys, WebAuthn, device trust. Phishing-resistant authentication with passkey-only mode.

Quick Start

bash

# Install
curl -fsSL https://varsafe.dev/install.sh | sh

# Login once
varsafe login

# Inject secrets and run your app
varsafe run -- npm run dev

# Or export to .env when needed
varsafe export -o .env

Multiple projects?

Set your context with varsafe use -p my-api -e development — it's saved locally for subsequent commands.