Add a New Secret

Unlock the vault with your master password, then click Store key in the top-right corner of the vault panel.

Fields

The creation form (the SecretForm component) collects the following:

• Name — the env variable name for this key (e.g. STRIPE_SECRET_KEY). This is the key used in KEY=value format.
• Value — the secret content. Masked by default.
• App tag — which application this key belongs to (e.g. billing-service). Displayed in the “App and environment” column.
• Environment tag — which environment this key targets (e.g. production). Displayed below the app name.
• Additional tags — arbitrary tags for organization. Shown as badges on the key row.
• Setup context / runbook — free-text notes. Use this to record rotation steps, where to get a new value, service restart instructions, or links to relevant docs.
• Sync scope — choose approved devices to share with your team, or local only to keep it on this machine.

Example

Click Save. The secret is encrypted immediately and written to your local vault.

Viewing Secrets

The vault list shows four columns: Key, App and environment, Updated, and Sync scope. Click any row to expand the detail view.

Detail View

The expanded view shows:

• Copy-ready env line — the key in NAME=value format (value hidden until revealed).
• Value — masked by default. Click Reveal value to show plaintext. Values auto-hide after 30 seconds.
• Key context — app, environment, creation and update timestamps, and the device that created it.
• Setup context / runbook — attached notes.
• Audit trail — the last 10 actions (created, read, updated, copied, deleted) with timestamps and device names.

Copying Secrets

• Copy value — copies just the secret value to the clipboard.
• Copy env line — copies the full NAME=value string to the clipboard.

Editing and Deleting

Click Edit context in the expanded detail view to open the edit form. To delete, click Delete and confirm the prompt.