The secrets manager that thinks like a developer. Environments, folders, diffs, and an audit log that actually reads — wired to every framework and CI you already use.
No more grep'ing `.env`s in Slack. shush gives every key an environment, an owner, a history, and a way home — without slowing the room down.
Dev, staging, preview, prod — first-class, with per-env overrides, inheritance, and a diff view that tells you exactly which values drift.
Every change versioned. Roll back any value in one click. Know who, what, when — and why.
One command pulls the right secrets into the right env. Wire it into package.json, your Dockerfile, or any CI — and never paste a key again.
Every read, write, rotate, and delete — timestamped, attributed, exportable to SIEM. Catch leaks before they leak.
Push to Vercel, Netlify, Fly, AWS Parameter Store, or your own Kubernetes. Webhooks fire on every change, so your runtime stays in lockstep.
Scope keys to people, services, and environments. SSO via SAML, SCIM provisioning, and a permission model your security team will actually approve.
Migrating off plaintext takes one afternoon. Most teams are running everything through shush by Monday.
One binary, every OS. Or pull it from npm, brew, or your preferred package manager.
Point shush at your existing file. It diffs, dedupes, encrypts, and uploads — keys land in folders automatically.
Wrap any command. Your app sees secrets as env vars, decrypted at runtime — never written to disk.
End-to-end encryption with keys you own. Even if we wanted to read your secrets — and we don't — we couldn't.
No per-seat tax. No per-secret nickel-and-diming. Every plan includes audit logs, version history, and the full CLI.
For solo devs, side projects, and learning.
For squads that ship together.
For teams with security teams.
Three minutes to install. Zero to your first secret. Bring the whole team.