> ## Documentation Index
> Fetch the complete documentation index at: https://docs.enkryptify.com/llms.txt
> Use this file to discover all available pages before exploring further.

# FAQ

> Frequently asked questions about Enkryptify.

## Authentication

<AccordionGroup>
  <Accordion title="Why can't I sign up with email and password?">
    Enkryptify uses OAuth-only authentication (Google and Microsoft). This eliminates password-related vulnerabilities like credential stuffing, weak passwords and phishing. There are no passwords to manage or rotate.
  </Accordion>

  <Accordion title="Which sign-in providers are supported?">
    Google and Microsoft. Sign in with your existing company Google Workspace or Microsoft 365 account.
  </Accordion>
</AccordionGroup>

## CLI

<AccordionGroup>
  <Accordion title="The CLI can't find my configuration">
    The CLI stores configuration in `~/.enkryptify/config.json`, linked to the current directory path. Run `ek setup` in your project directory to re-link it to your Enkryptify workspace, project and environment.
  </Accordion>

  <Accordion title="ek login doesn't open a browser">
    This might happen in headless environments (e.g. SSH sessions, containers, CI/CD). At the moment we don't support this, but we are working on it. If you need this, please contact us and we will help you.
  </Accordion>

  <Accordion title="How do I quickly switch environments?">
    Use the `--env` flag with `ek run`:

    ```bash theme={"dark"}
    ek run --env production -- npm run start
    ```

    To override the project as well, add the `--project` flag (requires `--env`):

    ```bash theme={"dark"}
    ek run -p backend -e staging -- npm run start
    ```

    Or re-run `ek setup` to change the default environment for the current directory.
  </Accordion>

  <Accordion title="How do I use Enkryptify in Docker?">
    Docker is a headless environment, so the CLI cannot run interactively inside containers. For containerized and CI/CD environments, use [API tokens](/credentials/api-tokens) to authenticate with the Enkryptify API and fetch secrets programmatically.
  </Accordion>

  <Accordion title="How do I update the CLI?">
    Run `ek upgrade` to update to the latest version. The command auto-detects your install method (Homebrew, Scoop or binary) and upgrades accordingly. Use `--force` to reinstall even if you are already on the latest version.
  </Accordion>

  <Accordion title="What is secret caching?">
    The CLI caches secrets in your system keyring with a 10-second TTL to avoid redundant API calls when you restart your app quickly. Use `--skip-cache` to force a fresh fetch, or `--offline` to run entirely from cache without an API call.
  </Accordion>
</AccordionGroup>

## Secrets

<AccordionGroup>
  <Accordion title="Why can't I see secret values?">
    Members have read-only access and can view secret names, but values may be restricted depending on your workspace configuration. Ask your workspace admin to verify your role and [scope](/access-control/scoping).
  </Accordion>

  <Accordion title="What characters are allowed in secret names?">
    Letters (A-Z, a-z), numbers (0-9), underscores (`_`) and hyphens (`-`). We recommend using uppercase with underscores for consistency (e.g. `DATABASE_URL`). Secret values can be up to 64KB in size and allow all characters.
  </Accordion>

  <Accordion title="Can I use personal overrides in CI/CD?">
    This is not possible, syncs always use the shared secret values. If you need special values for CI/CD, you can just create an extra environment for CI/CD and use that.
  </Accordion>
</AccordionGroup>

## Syncs

<AccordionGroup>
  <Accordion title="My sync is not updating the provider">
    Check the sync status on the project's syncs page. Try manually re-running the sync. If it still fails, verify that the OAuth connection to the provider is still valid.
  </Accordion>

  <Accordion title="Can I sync from a provider into Enkryptify?">
    No. Syncs are one-way only: from Enkryptify to the external provider. Enkryptify is designed to be the single source of truth. If you need to import secrets, add them through the dashboard or CLI.
  </Accordion>

  <Accordion title="Are personal overrides synced?">
    No. Syncs always use the shared secret values. Personal overrides only affect the individual user's CLI and dashboard experience.
  </Accordion>
</AccordionGroup>

## Access control

<AccordionGroup>
  <Accordion title="I can't create a project or team">
    Only Admins can create teams and projects. If you're a Developer or Member, ask your workspace Admin to create the resource or upgrade your role.
  </Accordion>

  <Accordion title="I can't see a project that exists">
    Your [scope](/access-control/scoping) may not include that project's team. Ask your workspace Admin to add the relevant team, project or environment to your scope.
  </Accordion>
</AccordionGroup>

## Security

<AccordionGroup>
  <Accordion title="Can Enkryptify employees see my secrets?">
    No. Decryption is performed exclusively by backend services using AWS KMS. Plaintext exists only in process memory during a request and is never logged or written to disk. IAM policies deny decrypt permissions to human identities. See the [Security Model](/security/overview) for full details.
  </Accordion>

  <Accordion title="Where is my data stored?">
    All infrastructure runs in Frankfurt, Germany (AWS eu-central-1). Data is stored in NeonDB on AWS servers in Frankfurt, encrypted at rest and in transit.
  </Accordion>

  <Accordion title="Is Enkryptify SOC 2 or ISO 27001 certified?">
    Enkryptify is ISO 27001 certified. Annual penetration tests are conducted by independent security firms. See [Compliance and Testing](/security/overview#compliance-and-testing).
  </Accordion>
</AccordionGroup>
