Scoping lets you restrict a member’s access to specific parts of your workspace, regardless of their role. A Developer with full secret permissions scoped to a single project can only manage secrets in that project.Documentation Index
Fetch the complete documentation index at: https://docs.enkryptify.com/llms.txt
Use this file to discover all available pages before exploring further.
How scoping works
Every member has a scope configuration with two modes:- All access — the member can access everything in the workspace
- Scoped access — the member can only access the specific teams, projects and environments in their scope
Scope levels
Scopes can be set at three levels, from broadest to most restrictive:Team scope
Granting access to a team gives the member access to all projects and environments within that team.Project scope
Granting access to a project gives the member access to all environments within that project, without granting access to other projects in the same team.Environment scope
Granting access to specific environments restricts the member to only those environments. They cannot see secrets in other environments of the same project.Cascading behavior
Scopes cascade downward:- Selecting a team automatically includes all its projects and their environments
- Selecting a project automatically includes all its environments
- Selecting an environment grants access only to that environment
Examples
Developer with access to one team
Developer with access to one team
A backend developer who should only access Backend team projects:
- Role: Developer
- Scope: Team — “Backend”
Developer with access to one project
Developer with access to one project
A contractor working only on the API service:
- Role: Developer
- Scope: Project — “api-service”
Member with access to staging only
Member with access to staging only
A QA tester who should only see staging secrets:
- Role: Member
- Scope: Environment — “staging” (for specific projects)