Your central source of truth from local development to production for every language, stack, and infrastructure.
Enclave is different. Unlike other partial solutions, our Universal Secrets Manager is your team's central source of truth for secrets across every language, every stage of the development lifecycle, and every infrastructure provider.
Your secrets matter. They are the literal keys to your business. So why safe-guard your secrets with partial solutions that are cumbersome to the point of being unusable, limited in scope, and lend themselves to human error?
When you switch to our Universal Secrets Manager you can develop locally with the confidence that comes from best in class security, guaranteed high availability, and robust versioning.
Say goodbye to ENV files, copy/pasting, and sharing secrets over email, Slack, and git.
When developing locally our command line tool smartly fetches the right secrets for your application depending on where you are in the filesystem. Change a few secrets and all your applications will have it on their next run.
It is an honor to be entrusted with your sensitive data and we take that responsibility very seriously.
We keep your data safe by using end-to-end encrypted communication channels, encrypting data at rest, and ensuring our infrastructure never has direct access to your secrets.
Our internal tools do not and will never have a "God Mode". We also strictly enforce least privilege which means our employees only have access to exactly what they need to perform their duties.
Worried an outage can bring you down? At every layer in the Enclave stack there is high availability built-in. Our databases run in high availability clusters. The applications serving requests run on multiple infrastructures, and the Doppler CLI automatically creates encrypted fallback files which are used if you are unable to reach the API.Visit our live status page
Strictly control who can access your Enclave projects and secrets with a granular access control list (ACL).
You can also limit access to a set of trusted IP addresses per config. Read-only service tokens also help reduce exposure when retrieving secrets in staging and production environments.
Are your apps running on Heroku? We can sync the secrets in Enclave with the config vars in your Heroku apps.
With two-way sync Enclave knows when a Heroku addon like Redis is provisioned. Adding a secret in Enclave will automatically sync with Heroku and immediately restart your app with the new secrets.
Every change in Enclave is captured through an audit log. These audit logs create a complete picture of history for a given config.
If you ever need to rollback a change, you can do it in a single click in the dashboard or one command in the Doppler CLI.