Secrets
The Secrets system is an encrypted vault for API keys, database credentials, environment variables, and other sensitive data. All secrets are encrypted client-side with AES-256-GCM before being sent to the server.
Key Features
- End-to-end encryption — AES-256-GCM with PBKDF2-derived keys
- Personal and team vaults — isolated storage with granular sharing
- Environment variables panel — manage env vars with import/export
- API token management — create scoped tokens for programmatic access
- MCP integration — access secrets from Claude Code and Cursor
- Drag-and-drop organization — reorder and move secrets between groups
Architecture
- The server only stores encrypted blobs
- Each vault has an independent encryption key
- Team vaults share a single password across members
- Personal vaults are protected by your individual password
Sections
Vault Management→
Create and manage personal and team vaults.Environment Variables→
The env vars panel for managing configuration values.MCP Integration→
Access secrets from AI coding assistants via MCP.API Tokens→
Create and manage programmatic access tokens.Encryption→
How client-side encryption works under the hood.Team Sharing→
Share vaults and secrets with team members.