Ghostable V2: Zero-Knowledge Security and TypeScript CLI Rewrite | Ghostable Article [ Blog ](https://ghostable.dev/blog) [ Articles ](https://ghostable.dev/blog/articles) [ Product Updates ](https://ghostable.dev/blog/category/product-updates) Tuesday, October 21, 2025 Ghostable V2: Zero-Knowledge Security Comes to the Core ========================================================= This release marks our biggest architectural change yet: Ghostable now runs on a fully zero-knowledge foundation. ![Ghostable V2: Zero-Knowledge Security Comes to the Core](https://fls-9fca3102-944c-48ac-a3cc-22f1b47a39c7.laravel.cloud/blog/019a06dc-f0d1-7068-b56c-884ac4c01bfc/v2-release.jpg) Building on everything users already loved about the platform — team-based environment management, validation, and versioning — but with a completely reengineered security model. The goal wasn’t to add more surface area, but to **make the existing workflow fundamentally safer**. Every secret, validation rule, and deploy action now happens locally and cryptographically, ensuring privacy without sacrificing convenience. Zero-Knowledge Architecture --------------------------- Ghostable now operates on a [fully a zero-knowledge](https://medium.com/veridise/zero-knowledge-for-dummies-introduction-to-zk-proofs-29e3fe9604f1), client-side encryption model — your data is encrypted locally before it’s ever sent or stored. Ghostable never has access to your plaintext data or encryption keys, meaning **even we can’t decrypt your secrets**. ![A diagram explaining Ghostable's zero-knowledge architecture design](https://fls-9fca3102-944c-48ac-a3cc-22f1b47a39c7.laravel.cloud/blog/019a06dc-f0d1-7068-b56c-884ac4c01bfc/zero_knowledge.jpg) ### Why? This shift moves Ghostable into the same class of security used by privacy-first platforms like [Proton](https://proton.me) and [Signal](https://signal.org). It’s not just about protecting data in transit — it ensures your secrets remain cryptographically isolated from everyone outside your team, while still allowing full collaboration and automated workflows. --- Cross-platform CLI ------------------ The Ghostable CLI has been fully rewritten in TypeScript — bringing native ESM support, better error handling, and a faster local runtime. ![](https://fls-9fca3102-944c-48ac-a3cc-22f1b47a39c7.laravel.cloud/blog/019a06dc-f0d1-7068-b56c-884ac4c01bfc/cross_platform_logos.jpg) ### Why? Ghostable’s original PHP-based CLI served Laravel developers well, but this new foundation extends that same reliability to many other modern frameworks like [Next.js](https://nextjs.org) and [Ruby on Rails](https://rubyonrails.org). Teams running both Laravel and Node projects can now use a single CLI across their stack without friction. It’s faster, easier to maintain, and still fully compatible with [Laravel](https://laravel.com), while opening the door for future cross-platform integrations. --- Local Validation ---------------- All environment validation now runs locally through the CLI. Rules for required keys, allowed values, and formats are configured inside your `.ghostable/schema.yaml` file and checked into your repo. Your are then free to override specific rules for each environment with additional `.ghostable/schemas/{environment}.yaml` files. ### Why? You can confidently validate configurations without ever exposing sensitive data. It aligns with the zero-knowledge model, giving developers full control over their validation logic and security boundaries. --- Surgical Push/Pull ------------------ A new set of variable commands for pushing and pulling individual environment variables — giving you precise control without the risk of unintended changes. ```bash ghostable var:push ? Which environment would you like to push? development forge ❯ local production testing ? Select a variable to push from my-laravel-app/local: APP_ENV ❯ APP_KEY APP_LOCALE APP_NAME APP_URL ✅ Pushed APP_KEY from .env to my-laravel-app/local. ``` ### Why Making changes to production secrets can be high-stakes. Surgical edits let you update or sync specific variables with confidence, reducing the chance of accidental overwrites or broad updates to critical environments. --- Learn More & Upgrade Guide ------------------------------ To explore everything new in Ghostable V2 — including detailed CLI usage, architecture breakdowns, and security design — check out the full documentation at [docs.ghostable.dev](https://docs.ghostable.dev). If you’re upgrading from a legacy Ghostable V1 project, we’ve made migration straightforward. Follow the official step-by-step guide: 👉 [V2 Upgrade Guide](https://docs.ghostable.dev/v2/getting-started/upgrade-guide) The upgrade process walks you through updating your CLI, migrating your existing project configuration, and re-encrypting your environments to take advantage of the new zero-knowledge model. [ Back to blog ](https://ghostable.dev/blog) [All articles](https://ghostable.dev/blog/articles) Want product news and updates? -------------------------------- Sign up for our newsletter. Email Address Subscribe → Subscribing... We care about your data. Read our [privacy policy](https://ghostable.dev/privacy).