Stop passing around .env files.

Desktop-First .env and Secrets Management for Developers

Q: Can I validate config before deploy?

Yes. Ghostable uses shared .ghostable schema files so the same rules can be used across desktop workflows and CLI-based automation.

Most secrets tools are built for storage and pipelines. Ghostable is built for the daily work of managing environments: reviewing variables, fixing bad config, validating changes, checking history, and shipping the right environment. Use the desktop app for day-to-day work. Use the CLI when the job belongs in CI, scripts, or deploy hooks.

Download Desktop for macOS Sign up

Variables

Activity

Validation

Deploy Tokens

Settings

Ghostable › Apollo › production

Search by key

Table Grouped

Key Value Version Updated

APP_DEBUG true 1 1 min ago

APP_ENV local 1 1 min ago

APP_FAKER_LOCALE en_US 1 1 min ago

APP_FALLBACK_LOCALE en 1 1 min ago

APP_KEY •••••• 1 1 min ago

APP_LOCALE en 1 1 min ago

APP_MAINTENANCE_DRIVER file 1 1 min ago

APP_NAME Ghostable 1 1 min ago

APP_URL https://ghostable.dev 1 1 min ago

AWS_ACCESS_KEY_ID •••••• 1 1 min ago

AWS_BUCKET app-assets 1 1 min ago

AWS_DEFAULT_REGION us-east-1 1 1 min ago

AWS_SECRET_ACCESS_KEY •••••• 1 1 min ago

AWS_USE_PATH_STYLE_ENDPOINT false 1 1 min ago

BCRYPT_ROUNDS 12 1 1 min ago

BROADCAST_CONNECTION log 1 1 min ago

CACHE_STORE database 1 1 min ago

DB_CONNECTION sqlite 1 1 min ago

FILESYSTEM_DISK local 1 1 min ago

GHOSTABLE_API https://ghostable.test/api/v2 1 1 min ago

GHOSTABLE_KEYCHAIN_PROFILE •••••• 1 1 min ago

LOG_CHANNEL stack 1 1 min ago

LOG_DEPRECATIONS_CHANNEL null 1 1 min ago

LOG_LEVEL debug 1 1 min ago

LOG_STACK single 1 1 min ago

Info Validation History

Variable

Review and edit the selected environment variable.

Key APP_ENV

Value

local

Current value stored for this environment variable.

Suggested Values

Common values for this variable.

local

staging

production

testing

Details

Version 1

Updated Mar 19, 2026 at 4:01 PM

Updated By will@ghostable.dev

Status Active

Insight

Framework guidance for this variable and recent validation context stays attached to the active environment value.

Most secrets tools solve storage. The daily work is still a mess.

The painful part is not where secrets live. It is everything around them: figuring out what changed, keeping staging from drifting, validating config before deploys, and not turning every env edit into a terminal ritual. Ghostable is built for that reality. A CI dashboard is great for delivery. A terminal is great for automation. Day-to-day environment management deserves its own workspace.

Can someone share the Google Maps API key? Gotta debug this map thing locally real quick.

Just hardcoding the Twilio key in the code for 5 mins to test SMS. I'll revert before commit.

Which deploy actually picked up the new SENTRY_DSN? The errors are still grouped under the old project.

Did anyone update QUEUE_CONNECTION? Jobs are stuck on sync again after the deploy.

When was the last time we rotated the Stripe key? Seeing a bunch of 401s in prod logs all of a sudden.

Production needs the mail token rotated before tonight. Who actually has access to do that?

What gets easier with Ghostable

Find the variable. Fix the variable. Move on.

Browse organizations, projects, and environments in one place. Search by key, switch between table and grouped views, inspect metadata, and import or export .env files without hunting through dashboards, repos, and old messages.

Key STRIPE_SECRET_KEY

Value

sk_live_demo_7b9x2k4qf3m8n1p

Current value stored for this environment variable.

Details

Version 7

Updated Feb 23, 2026

Updated By will@ghostable.dev

Status Active

Catch bad config before it becomes a staging-only mystery.

Run validation against the same Ghostable schema files your project already uses. Define global rules, add environment-specific overrides, and catch missing keys, broken values, and bad assumptions before they reach a deploy.

APP_DEBUG

2 rules

boolean

−

in:false

−

QUEUE_CONNECTION

1 rule

in:sync,database,redis

−

Know what changed before you start guessing.

Review organization, project, and environment activity. Open a variable, inspect its history, and restore an older value when something looks off instead of turning config management into archaeology.

Version 2 Current

By will@ghostable.dev

Updated | Mar 18, 2026 at 4:22 PM

sk_live_mock_4f9x2m8q7p1v6k3d

Version 1

By james@ghostable.dev

Created | Feb 23, 2026 at 10:51 AM

••••••••

Keep automation in its lane.

Issue deploy tokens from the desktop app when CI needs access. Use the CLI when the work belongs in scripts, pipelines, or non-macOS workflows. Humans get a UI. Automation gets credentials and commands.

Token Details

Token ID tok_01jq8t2qv3x9m4z7c6

Secrets

Deploy Seed

MmJNeE9pQ2hMek5qWTR5VmxCSGRqQnRNVEE9

Environment Variables

DEPLOY_TOKEN=tok_01jq8t2qv3x9m4z7c6

DEPLOY_TARGET=production-web

DEPLOY_SEED=MmJNeE9pQ2hMek5qWTR5VmxCSGRqQn...

Zero-knowledge, without the theater.

Ghostable encrypts environment data on trusted clients before it is stored. Linked devices handle human access. Deploy tokens handle automation. Plaintext values and private keys stay with the client that actually needs them.

Trusted Client (Human Access)

Plaintext values and private keys stay on the trusted client. This is where humans review and manage environment data.

Key DB_PASSWORD

Value

q7M2x9Lp4Rk8Vn3D

Encrypted Sync / Storage

Data is encrypted at the edge before it is stored or synced. Ghostable only sees encrypted data, not plaintext values.

v14

REDIS_URL

XChaCha20-Poly1305

5bcf17aa42d0f98e61c3b27d11f43e7a8c2b741ec8139f42e0aa71d54b2d88ca06e31fb714ab69cd0e5a74c9f6ab31e4f80a2f5a47bc19d27cbfe12a2a7f05bc91d43c7a6e52bb1caa7fd403f6a12b8e0d4f7a86cc31a4ef1bd9c25a56b3ff12

v27

STRIPE_SECRET_KEY

XChaCha20-Poly1305

c8139f42e0aa71d54b2d88ca06e31fb714ab69cd5bcf17aa42d0f98e61c3b27d7f4a90c2b1d64e18c8aa5d72f9231ab4dfe11847c75f61a29f6cb820d0f14a2f3ae1bc77d94f8a23c0bd116f2e8c491ab77fd0034c512fa89e16bb7f52cda1e4

v19

DATABASE_PASSWORD

XChaCha20-Poly1305

7f4a90c2b1d64e18c8aa5d72f9231ab4dfe11847c75f61a29f6cb820d0f14a2f0e5a74c9f6ab31e4f80a2f5a47bc19d2b1fa84ce9d13a7617cbfe12a2a7f05bcd91e5f43cafe8b7236cb3d49a8ff2c7e14ab69cd5bcf17aa42d0f98e61c3b27d

Scoped Automation Access

Automation uses scoped deploy tokens and limited machine access instead of broad human-style access.

Ghostable CLI Scoped token session

$ ghostable env validate --env production

✅ Environment file passed validation.

$ ghostable env deploy

✔ Bundle fetched.

✅ Wrote 24 keys → /Users/developer/Projects/app/.env

Ghostable 👻 deployed (local).

Frequently asked questions

Because deployment platforms are good at last-mile delivery, not day-to-day environment management. Ghostable gives your team a place to review, validate, edit, and track config before it gets handed off to automation.

No. Use the desktop app for daily work. Use the CLI for scripting, CI, deploy hooks, and non-macOS workflows.

Yes. Ghostable fits environment-driven workflows across Laravel, Node, Python, Ruby, Go, and similar stacks.

Yes. Ghostable supports importing a local .env file and exporting an environment back to a local file.

Yes. Ghostable uses shared .ghostable schema files so the same rules can be used across desktop workflows and CLI-based automation.

Environment data is encrypted before it leaves a trusted client. Human access is tied to linked devices, and automation uses scoped deploy tokens.

Stop babysitting .env files

Download Ghostable Desktop for macOS and manage environment configuration where it actually happens: in the hands-on work of reviewing, editing, validating, and tracking changes. Create an account, bring in your environments, and keep CI and the terminal for automation, not for day-to-day env management.

Download Desktop for macOS Sign up