Ghostable V2: Zero-Knowledge Security Comes to the Core

Building on everything users already loved about the platform — team-based environment management, validation, and versioning — but with a completely reengineered security model. The goal wasn’t to add more surface area, but to make the existing workflow fundamentally safer. Every secret, validation rule, and deploy action now happens locally and cryptographically, ensuring privacy without sacrificing convenience.

Zero-Knowledge Architecture

Ghostable now operates on a fully a zero-knowledge, client-side encryption model — your data is encrypted locally before it’s ever sent or stored. Ghostable never has access to your plaintext data or encryption keys, meaning even we can’t decrypt your secrets.

Why?

This shift moves Ghostable into the same class of security used by privacy-first platforms like Proton and Signal. It’s not just about protecting data in transit — it ensures your secrets remain cryptographically isolated from everyone outside your team, while still allowing full collaboration and automated workflows.

Cross-platform CLI

The Ghostable CLI has been fully rewritten in TypeScript — bringing native ESM support, better error handling, and a faster local runtime.

Why?

Ghostable’s original PHP-based CLI served Laravel developers well, but this new foundation extends that same reliability to many other modern frameworks like Next.js and Ruby on Rails. Teams running both Laravel and Node projects can now use a single CLI across their stack without friction. It’s faster, easier to maintain, and still fully compatible with Laravel, while opening the door for future cross-platform integrations.

Local Validation

All environment validation now runs locally through the CLI. Rules for required keys, allowed values, and formats are configured inside your .ghostable/schema.yaml file and checked into your repo. Your are then free to override specific rules for each environment with additional .ghostable/schemas/{environment}.yaml files.

Why?

You can confidently validate configurations without ever exposing sensitive data. It aligns with the zero-knowledge model, giving developers full control over their validation logic and security boundaries.

Surgical Push/Pull

A new set of variable commands for pushing and pulling individual environment variables — giving you precise control without the risk of unintended changes.

ghostable var:push

? Which environment would you like to push?
  development
  forge
❯ local
  production
  testing

? Select a variable to push from my-laravel-app/local:
  APP_ENV
❯ APP_KEY
  APP_LOCALE
  APP_NAME
  APP_URL

✅ Pushed APP_KEY from .env to my-laravel-app/local.

Why

Making changes to production secrets can be high-stakes. Surgical edits let you update or sync specific variables with confidence, reducing the chance of accidental overwrites or broad updates to critical environments.

Learn More & Upgrade Guide

To explore everything new in Ghostable V2 — including detailed CLI usage, architecture breakdowns, and security design — check out the full documentation at docs.ghostable.dev.

If you’re upgrading from a legacy Ghostable V1 project, we’ve made migration straightforward. Follow the official step-by-step guide: 👉 V2 Upgrade Guide

The upgrade process walks you through updating your CLI, migrating your existing project configuration, and re-encrypting your environments to take advantage of the new zero-knowledge model.