Documentation Index
Fetch the complete documentation index at: https://docs.enkryptify.com/llms.txt
Use this file to discover all available pages before exploring further.
Authentication
Why can't I sign up with email and password?
Why can't I sign up with email and password?
Enkryptify uses OAuth-only authentication (Google and Microsoft). This eliminates password-related vulnerabilities like credential stuffing, weak passwords and phishing. There are no passwords to manage or rotate.
Which sign-in providers are supported?
Which sign-in providers are supported?
Google and Microsoft. Sign in with your existing company Google Workspace or Microsoft 365 account.
CLI
The CLI can't find my configuration
The CLI can't find my configuration
The CLI stores configuration in
~/.enkryptify/config.json, linked to the current directory path. Run ek setup in your project directory to re-link it to your Enkryptify workspace, project, and environment.ek login doesn't open a browser
ek login doesn't open a browser
This might happen in headless environments (e.g. SSH sessions, containers, CI/CD). At the moment we don’t support this, but we are working on it. If you need this, please contact us and we will help you.
How do I quickly switch environments?
How do I quickly switch environments?
Use the To override the project as well, add the Or re-run
--env flag with ek run:--project flag (requires --env):ek setup to change the default environment for the current directory.How do I use Enkryptify in Docker?
How do I use Enkryptify in Docker?
Docker is a headless environment, so the CLI cannot run interactively inside containers. For containerized and CI/CD environments, use API tokens to authenticate with the Enkryptify API and fetch secrets programmatically.
How do I update the CLI?
How do I update the CLI?
Run
ek upgrade to update to the latest version. The command auto-detects your install method (Homebrew, Scoop or binary) and upgrades accordingly. Use --force to reinstall even if you are already on the latest version.What is secret caching?
What is secret caching?
The CLI caches secrets in your system keyring with a 10-second TTL to avoid redundant API calls when you restart your app quickly. Use
--skip-cache to force a fresh fetch, or --offline to run entirely from cache without an API call.Secrets
Why can't I see secret values?
Why can't I see secret values?
Members have read-only access and can view secret names, but values may be restricted depending on your workspace configuration. Ask your workspace admin to verify your role and scope.
What characters are allowed in secret names?
What characters are allowed in secret names?
Letters (A-Z, a-z), numbers (0-9), underscores (
_), and hyphens (-). We recommend using uppercase with underscores for consistency (e.g. DATABASE_URL). Secret values can be up to 64KB in size and allow all characters.Can I use personal overrides in CI/CD?
Can I use personal overrides in CI/CD?
This is not possible, syncs always use the shared secret values. If you need special values for CI/CD, you can just create an extra environment for CI/CD and use that.
Syncs
My sync is not updating the provider
My sync is not updating the provider
Check the sync status on the project’s syncs page. Try manually re-running the sync. If it still fails, verify that the OAuth connection to the provider is still valid.
Can I sync from a provider into Enkryptify?
Can I sync from a provider into Enkryptify?
No. Syncs are one-way only: from Enkryptify to the external provider. Enkryptify is designed to be the single source of truth. If you need to import secrets, add them through the dashboard or CLI.
Are personal overrides synced?
Are personal overrides synced?
No. Syncs always use the shared secret values. Personal overrides only affect the individual user’s CLI and dashboard experience.
Access control
I can't create a project or team
I can't create a project or team
Only Admins can create teams and projects. If you’re a Developer or Member, ask your workspace Admin to create the resource or upgrade your role.
I can't see a project that exists
I can't see a project that exists
Your scope may not include that project’s team. Ask your workspace Admin to add the relevant team, project or environment to your scope.
Security
Can Enkryptify employees see my secrets?
Can Enkryptify employees see my secrets?
No. Decryption is performed exclusively by backend services using AWS KMS. Plaintext exists only in process memory during a request and is never logged or written to disk. IAM policies deny decrypt permissions to human identities. See the Security Model for full details.
Where is my data stored?
Where is my data stored?
All infrastructure runs in Frankfurt, Germany (AWS eu-central-1). Data is stored in NeonDB on AWS servers in Frankfurt, encrypted at rest and in transit.
Is Enkryptify SOC 2 or ISO 27001 certified?
Is Enkryptify SOC 2 or ISO 27001 certified?
Enkryptify is ISO 27001 certified. Annual penetration tests are conducted by independent security firms. See Compliance and Testing.