Product Introduction

1. Shelve is an open-source secrets management platform designed to eliminate manual handling of environment variables (⁠.env files) by centralizing API keys, tokens, and configurations in a secure vault accessible via CLI, GitHub integration, or a web dashboard. It enables developers to inject secrets directly into applications during runtime, synchronize configurations across environments, and manage team access with granular permissions.
2. The core value lies in its ability to prevent configuration drift and security breaches through automated secret synchronization, environment parity checks, and end-to-end encryption, while maintaining a developer-first experience with keyboard-driven workflows and seamless CI/CD integration.

Main Features

1. Secrets Injection via CLI: Developers execute applications without local .env files using commands like npx shelve run, which fetches encrypted secrets from the vault and injects them at runtime, ensuring sensitive data never touches disk or version control. The CLI supports environment-specific configurations, bulk operations, and integration with npm/yarn workflows.
2. GitHub Secrets Synchronization: Shelve’s GitHub App automatically syncs secrets between repositories and the vault, ensuring GitHub Actions and repository secrets stay updated with the latest values. This bidirectional sync eliminates manual updates and reduces misconfigurations during CI/CD pipeline executions.
3. Environment Consistency Engine: The platform detects discrepancies (e.g., missing STRIPE_SECRET_KEY in production) across development, staging, and production environments using SHA-256 hashing. Teams resolve mismatches via one-click synchronization or CLI commands like shelve sync --all, preventing runtime errors caused by configuration gaps.

Problems Solved

1. Manual Secret Distribution Risks: Traditional methods like sharing .env files over insecure channels (Slack, email) expose teams to leaks. Shelve centralizes secrets with AES-256 encryption, version history, and audit logs, ensuring only authorized users access credentials through encrypted channels.
2. Fragmented Team Collaboration: Development teams and open-source maintainers struggle with inconsistent configurations across contributors. Shelve provides role-based access (Owner/Admin/Member), project-level isolation, and real-time secret updates, enabling secure collaboration without exposing sensitive data.
3. CI/CD Pipeline Vulnerabilities: Hardcoding secrets in GitHub Actions or other CI tools risks exposure. Shelve injects secrets dynamically during pipeline runs, integrates with GitHub’s encrypted secrets storage, and auto-rotates credentials to meet compliance requirements.

Unique Advantages

1. Open-Source with Self-Hosting Flexibility: Unlike proprietary SaaS tools, Shelve offers full transparency via MIT licensing and supports self-hosting via Docker or Coolify, allowing enterprises to retain complete data sovereignty. The codebase is auditable, with no hidden costs or vendor lock-in.
2. Keyboard-Centric Productivity: The Cmd+K command palette enables instant navigation, secret searches, and actions (e.g., creating projects, managing environments) without leaving the keyboard. This reduces context switching and accelerates workflows by 83% compared to traditional dashboard UIs.
3. Transparent Security Architecture: Secrets are hashed with SHA-256 for integrity checks and encrypted using AES-256-GCM before storage. Decryption occurs only in memory during authorized access, with transport layer protection via TLS 1.3, exceeding typical .env file security practices.

Frequently Asked Questions (FAQ)

1. Is Shelve free? Yes, Shelve is entirely free and open-source under the MIT License, offering unlimited secrets, projects, and collaborators. Future premium features will focus on enterprise support, not core functionality.
2. Is Shelve secure? All secrets are encrypted using AES-256-GCM with keys managed via AWS KMS (cloud) or user-provided keys (self-hosted). The open-source model allows independent audits, and no plaintext secrets are stored or transmitted.
3. Can I self-host Shelve? Yes, Shelve provides Docker Compose templates and Coolify one-click deployments for self-hosting. Self-hosted instances retain full functionality, including GitHub sync and CLI integration, while keeping data within your infrastructure.