Start with the platform overview
Read the shared Ghostable overview before diving into client-specific workflows.
Zero-Knowledge by Default
Ghostable stores encrypted secret material and metadata, not plaintext values. Encryption and decryption happen on trusted clients:- The Desktop app uses your linked Mac as a trusted device.
- The CLI uses the linked workstation or runner you authorize.
- Automation flows rely on deploy tokens instead of human device sessions.
What Ghostable Can See
- Organization, project, and environment metadata.
- Audit and activity records for actions such as create, pull, push, rotate, and revoke.
- Encrypted payload metadata such as algorithm identifiers, ciphertext sizes, and keyed integrity markers.
- Which actor or automation identity performed an operation.
What Ghostable Cannot See
- Plaintext environment variable values.
- Device private keys.
- Deployment token private seeds.
- Data that would let Ghostable decrypt environments on its own.
Trusted Identities
Ghostable uses two trusted identity types:- Devices for human-operated workstations.
- Deploy tokens for CI, scripts, and ephemeral runners.
Use devices for people and deploy tokens for automation. Do not run CI with a personal desktop
session.