Secrets Manager Cloud
Sign in
Sign in to manage your vaults, machine tokens, and team.
New here?

secrets-manager

Encrypted-env secrets, synced zero-knowledge.

A secrets manager for encrypted .env files with zero-knowledge cloud sync — built for AI-agent workflows: an MCP server, a tamper-evident audit log, and human-only approval gates.

Your vault is never unlocked in our cloud.

The hosted service stores only ciphertext vault heads and salted auth verifiers. There is no decryption path in the cloud — a full server breach yields ciphertext, nothing else.

Get started in three steps

  1. 1. Install the CLI

    $ npm install -g @jigspec/sm

  2. 2. Create your account

    $ sm cloud signup

  3. 3. Sync your vault

    $ sm sync config --cloud --vault-id my-vault

    $ sm sync push

Free tier

1 user, 5 vaults, and unlimited machine identities — machines and agents are never billed as seats, on any tier. Self-hosting the open-source server is always free.