Secrets management,
defined in code

GitOps-native secrets with schema validation. Define what you need in code, never worry about missing config again.

Start for FreeView Documentation
# Install and authenticate
$ pip install vezor
$ vezor login
✓ Authenticated successfully

# Generate local .env from your schema
$ vezor generate-env -e development
✓ Generated .env with 12 secrets

# Validate before deploy
$ vezor validate -e production
✓ All 12 required secrets present

Secrets shouldn't be this hard

You've got better things to do than wrestle with Vault or pay per secret.

The old way

  • $0.40/secret/month adds up fast
  • No schema validation—deploy and pray
  • HashiCorp Vault needs a full-time babysitter
  • Secrets in Notion docs or Slack DMs
  • "Ask Sarah for the prod credentials"
  • Terraform state files with plaintext secrets

The Vezor way

  • Flat pricing—unlimited secrets
  • Schema defines what must exist
  • Zero infrastructure to manage
  • One source of truth in Git
  • New dev? vezor generate-env done
  • Secrets that exist but nobody sees

Built for developers who ship

📋

Schema as Code

Define your secrets in YAML. Commit to Git. Your schema becomes documentation that can't lie.

Validate in CI

Catch missing secrets before deploy. PR fails if someone adds code that needs config that doesn't exist.

🌍

Environment Inheritance

Define once, override per environment. Dev inherits from base, prod overrides what it needs.

🔒

True Isolation

Your secrets run in dedicated infrastructure. Not multi-tenant with row-level security—actual isolation.

Zero-Knowledge Generation

Auto-generate passwords that flow to your database and app. No human ever sees the value.

📜

Full Audit Trail

Every read, write, and change logged. Know who accessed what and when—compliance ready.

Your schema, your rules

Define what secrets your app needs. Vezor makes sure they exist.

vezor.schema.yml
version: 1
project: my-app

base:
  database_url:
    type: connection_string
    required: true
    description: "Postgres connection"

  api_secret:
    type: password
    auto_generate: true
    length: 32

  redis_url:
    type: url
    default: "redis://localhost:6379"

environments:
  development:
    inherit: base

  production:
    inherit: base
    overrides:
      redis_url:
        required: true

Self-Documenting

New team member? The schema tells them exactly what config the app needs. No tribal knowledge required.

Type-Safe

Connection strings, URLs, passwords—Vezor validates format before you deploy broken config.

DRY Environments

Base config inherited everywhere. Override only what differs. One secret definition, not three billable items.

Auto-Generation

Need a random API key? Mark it auto_generate. Vezor creates it, stores it, injects it.

Simple, usage-based pricing

Unlimited secrets, unlimited projects, unlimited users. Pay for queries.

Free

$0/mo
5,000 queries/month
  • Unlimited secrets
  • Unlimited projects
  • Unlimited team members
  • Schema validation
  • CLI & API access
  • 30-day audit log
Get Started

Starter

$29/mo
50,000 queries/month
  • Everything in Free
  • 1-year audit log
  • Terraform provider
  • Priority support
  • Overage: $0.50/1k queries
Get Started

Pro

$99/mo
500,000 queries/month
  • Everything in Starter
  • SSO / SAML
  • Unlimited audit retention
  • Auto-rotation
  • Overage: $0.30/1k queries
Contact Us

Ready to stop wrestling with secrets?

Get started in 30 seconds. No credit card required.

pip install vezor


Start for Free →