Skip to main content

Learn More

Learn more about the Ghostable platform

What is Ghostable?

Ghostable is a secure, collaborative platform for managing and sharing environment variables across your entire portfolio—Laravel, Node.js, Python, Ruby, Go, serverless runtimes, container platforms, and beyond. The ghostable init wizard captures your primary language, framework, and deployment platform so we can tailor workflows for everything from Laravel Vapor to Kubernetes or Fly.io. Ghostable v2 introduces a completely zero-knowledge architecture. The Ghostable CLI performs all encryption and decryption locally, so only ciphertext and non-sensitive metadata are transmitted to Ghostable for storage. Your secrets never leave your workstation in a readable form—Ghostable itself cannot view or recover them. Ghostable abstracts the complexity of securely handling sensitive environment data, ensuring consistency and compliance across your projects and organizations. With Ghostable, you’ll benefit from:
  • Secure Sharing & Management: Safely share environment variables across organizations, projects, and CI/CD pipelines.
  • Comprehensive Versioning: Track every change with full history and instant rollbacks to previous environment configurations.
  • Granular Access Control: Precisely manage permissions at the user, organization, and project level.
  • CI/CD Integration: Seamlessly integrate Ghostable into your automated testing and deployment workflows.
  • Activity Logging: Complete audit trails of environment variable interactions for compliance and security audits.
  • Easy Local Inspection: Effortlessly pull environment variables locally for debugging and testing.
  • API Driven: Full-featured API to integrate with third-party compliance tools, monitoring platforms, and AI-powered workflows.
In short, Ghostable is your central hub for secure, compliant, and collaborative environment variable management—purpose-built for polyglot teams shipping across many platforms.

Security

Ghostable never compromises on the fundamentals: zero-knowledge architecture, strong encryption, and transparency. We treat your environment variables with the same care and respect as our own — because your trust depends on it.

Zero-knowledge

Your environment data is encrypted locally before it ever leaves your machine. The ciphertext we store is mathematically impossible for us to decrypt — because we never see your keys.
  • On developer workstations, Ghostable stores device identities in the OS keychain / secure enclave. Keys are hardware-bound, encrypted at rest, and protected by the same biometric / PIN controls used by the operating system.
  • For machine-based CI/CD, you mint a deployment token. It contains an API token plus a private key that you manage entirely within your secret manager (e.g., GitHub Actions Secrets, AWS Secrets Manager). Ghostable never persists that private key.
Ghostable never stores or transmits your key material in plaintext form — only encrypted ciphertext and metadata are ever persisted.
Even with linked devices or deployment tokens, access remains gated by Ghostable’s permission system—only identities authorized to pull a specific environment can decrypt its data.

What We Can See

  • That an environment exists.
  • Basic metadata about each encrypted variable — such as the algorithm used, ciphertext size, and a keyed hash (HMAC) that lets us detect changes or duplicates.
  • When variables are updated or accessed (for audit history).
  • Which user or system performed an action.

What We Cannot See

  • Your environment variable values.
  • Your encryption keys or any data derived from them.
  • Anything that could be used to decrypt your environments.

Strong Encryption

Every variable is encrypted with a dedicated environment key derived from your device identity. When you run ghostable env push:
  1. The CLI derives the environment key locally (never sent to Ghostable).
  2. Each variable is encrypted with an authenticated cipher (AES-256-GCM / XChaCha20-Poly1305, depending on the platform) and tagged with integrity metadata (HMAC).
  3. Ghostable stores only the ciphertext, algorithm identifiers, and minimal metadata required for auditing/versioning.
When you pull or deploy, the process runs in reverse—the CLI fetches ciphertext, derives the same environment key locally, and decrypts it on your machine or runner. Ghostable never touches the plaintext.

Transparent Access

Ghostable gives your team complete visibility into how environments are used—without ever exposing sensitive data. Every push, pull, and change is logged, so you always know when data changed, who accessed it, and what actions were taken. Comprehensive audit trails and permission logs keep your team accountable while removing the need to manage or commit .env files by hand.

Permissions, Not Keys

Each team member can push or pull environments only if their assigned role allows it—and even then, decryption happens only with their own locally-held key. Because of this, you never need to check an encrypted .env file into your repository. No merge conflicts, no stale variables, and no relying on commit messages to guess what changed. Environment history and access control live in Ghostable—not in Git. Paid plans add fine-grained controls, letting you restrict access down to individual projects or environments within an organization, ensuring that developers, contractors, and CI systems only see what they actually need.

Device-Bound Trust

API scopes and roles decide who can access an environment, but the device identity decides what they can decrypt. A developer’s laptop can pull, diff, or push only after:
  1. The user signs in and selects an organization / project.
  2. The device is linked (one-time ghostable device link) and its keys live in the OS keychain.
If the same user signs in on another machine, that machine must be linked as well. Without the device keys, API access alone cannot decrypt secrets. Likewise, when a device is revoked, Ghostable re-shares environment keys to the remaining devices, instantly cutting off access on that machine even if credentials still exist.

Collaborators

You can invite others to your organization through the Ghostable web app. Each collaborator can be assigned a specific role and permission level — for example, read-only or read-write access to environment variables. Paid plans unlock advanced, fine-grained access controls, letting you scope permissions down to individual projects or even specific environments within an organization. This allows larger teams to delegate access safely while maintaining tight control over production secrets. Our Terms of Service and Privacy Policy outline the terms, conditions, and privacy practices for using Ghostable. By using Ghostable, you agree to these policies.

What’s Next?

Initialize a project

Run ghostable init to capture your stack profile and create the .ghostable/ghostable.yaml manifest.

Invite collaborators

Add teammates to your organization so they can link devices, push envs, and review audit logs.

Automate deployments

Mint deployment tokens and wire them into CI so environments stay in sync everywhere.