beta live soon

SECRETS MANAGEMENT
FOR DEVELOPERS

Stop sharing .env files. Start managing secrets with a single tool.

Join Waitlist
bash — 80x24
$

Stop sharing keys in Slack.

Get started in minutes. Self-host the server, install the CLI, or add the Python SDK to your app.

# Self-host with Docker

$curl -sL https://get.oaths.dev | bash
$docker compose up -d
Join Waitlist

Trusted by developers at

ACME Corp_Globex_Soylent_Initech_Umbrella_

One Platform.
Three Ways to Access.

Use the web dashboard for management, the CLI for automation, or the Python SDK for runtime access. All backed by the same secure API.

Web Dashboard

Manage secrets, projects, and team permissions from your browser.

app.your-oaths-instance.com

CLI

A powerful command-line interface for developers who live in the terminal. Full feature parity with the UI—automate everything.

oaths secrets get DATABASE_URL --project api

Python SDK

Import secrets directly into your Python applications. Type-safe, async-ready, and designed for modern Python workflows.

from oaths import OathsClient client = OathsClient() db_url = client.get_secret("DATABASE_URL")

Enterprise Security.
Developer Simplicity.

Envelope Encryption

Three-tier AES-256-GCM encryption: Master Key encrypts Project Keys, which encrypt your secrets. Complete isolation per project.

SSH Key Auth

Authenticate the CLI using your existing SSH keys. No new credentials to manage—your development workflow stays unchanged.

Built-in PKI

Issue and manage TLS certificates without external CA dependencies. Create Certificate Authorities, issue certs, and handle revocation.

Secret Versioning

Every secret update creates a new version. Roll back instantly if a config breaks. Configurable retention policy.

Audit Logging

Immutable audit trails for every operation. Know exactly who accessed what secret, when, and from which IP address.

Self-Hostable

Run on your own infrastructure with a single binary or Docker container. Zero external dependencies beyond PostgreSQL.

Envelope Encryption

Three layers of protection.

Master Key (KEK)File or KMS
Project Key (DEK)Per-project isolation
Secret ValueAES-256-GCM

Team & Organization

Multi-tenant with RBAC.

JD
j.doe@company.com
OWNER
CI
github-actions-bot
SERVICE
AS
a.smith@company.com
MEMBER

Your Secrets.
Your Infrastructure.
Your Control.

Three-Tier Encryption

Master Key encrypts Project Keys, which encrypt your secrets. Even with database access, secrets remain protected without the master key.

Zero Client Exposure

The HTMX web dashboard renders server-side. Sensitive data never touches browser memory, JavaScript, or history.

Role-Based Access

Fine-grained permissions with Owner, Admin, and Member roles. Service tokens for CI/CD with scoped access to specific projects.

Straightforward Pricing

Self-host for free or let us handle the infrastructure.

Self-Hosted

Free

Host OATHS on your own infrastructure with full control.

  • Unlimited secrets
  • Unlimited projects
  • Full source code access
  • Community Support
  • Self-managed
Get Started
Most Popular

Hosted

$5/month

Let us handle the infrastructure so you can focus on building.

  • Everything in Self-Hosted
  • Managed infrastructure
  • Automatic updates
  • Backup & recovery
  • Email Support
Get Started

Ready to Secure Your Secrets?

Join the Waitlist

Be first to know when OATHS launches. Get early access and exclusive updates.