Phase

@phasedotdev

Keep secrets. Open source platform for teams and AI agents to securely access, manage and deploy application secrets — from development to production.

eu-central-1 Joined Ocak 2024

2 Following51 Followers

Phase@phasedotdev·12 May

phase.dev/changelog/apri…

ZXX

Phase@phasedotdev·12 May

📜 CHANGELOG April ’26: - Offline mode: for when stuck on localhost ️✈🚇🛜⁉️ - Azure External Identity - Secret reference tab completions - Self-serve OIDC SSO - Full auth rewrite. No more NextAuth! 🥳

English

Phase retweeted

Nimish@nimishkarmali·29 Nis

@nalinrajput23 phase.dev

QME

Phase@phasedotdev·8 Nis

Pass a simple flag and access the most recent encrypted cache. More - #offline-mode" target="_blank" rel="nofollow noopener">docs.phase.dev/cli/commands#o…

English

Phase@phasedotdev·8 Nis

New – PHASE_OFFLINE=1 Stuck on localhost? ✈️🚇🛜⁉️ All your secrets and configs remain securely available.

English

134

Phase@phasedotdev·4 Nis

Behind the scenes, we handle: - Client-side end-to-end encrypted secret lookups - Config validation - Role-based access control (RBAC) - Secret deployment mapped to GitHub, Vercel, AWS, etc.

English

Phase@phasedotdev·4 Nis

⌨️ Tab completion for secrets and configs across your organization. Imagine securely stitching together configs from all the .env and .yml files in your org. - Tab to complete - Enter to accept - Ctrl/Cmd + Enter to open a secret, environment, or app in a new tab

English

127

Phase@phasedotdev·1 Nis

phase.dev/changelog/marc…

ZXX

Phase@phasedotdev·1 Nis

📜 CHANGELOG March ’26: - CLI 2.0: AI skills, Python → Go rewrite, 90% smaller, 5× faster, 16 build targets - Azure Key Vault secrets sync - Azure External Identity - Authelia OIDC SSO - Go SDK 2.0: No CGO/libsodium, dynamic secrets - Secret types: Config, Secret, Sealed secret

English

144

Phase@phasedotdev·31 Mar

📌ed to "axios": "^1.13.5" ✅

Feross@feross

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios @1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

English

Phase retweeted

Nimish@nimishkarmali·28 Mar

Skill > MCP

English

Phase retweeted

Nimish@nimishkarmali·9 Mar

Introducing: Phase Deployment Skill Imagine a forward-deployed engineer that automates @phasedotdev self-hosting and maintenance. Install the skill. Then tell Claude Code, Codex, Cursor, or any agent to deploy Phase: - Via Helm chart or Docker Compose - Set up a custom domain - Configure Let’s Encrypt certificates - Choose an internal or external managed database - Set up backups - Deploy inside your @Tailscale tailnet - Upgrades and migrations If something goes wrong Automatically debug it with all the relevant context available.