Variable Promotion and Environment Duplication: Safer Config Workflows

This update is about a very normal kind of work: moving configuration from one environment to another without losing control of what changed, who approved it, or whether secrets came along when they should not have.

That shows up in a few common situations.

• A developer adds a new key in staging and needs the same key in production.
• A team wants to roll out a variable to another environment, but only after someone reviews it.
• Someone needs to spin up a new environment that matches an existing one without manually rebuilding every variable by hand.

Those are routine jobs, but they are also the jobs where teams end up copy-pasting values, recreating keys from memory, or explaining sensitive changes in Slack instead of in the system that actually owns the configuration.

Ghostable Desktop v1.1.13 and Ghostable CLI v2.6.1 are meant to make that work more deliberate. This release adds variable promotion with review and approval, plus environment duplication in the macOS desktop app. The server-side support for both flows is already live in production.

Latest versions

• Ghostable Desktop: v1.1.13
• Ghostable CLI: v2.6.1

Variable Promotion

You have one or more variables in a source environment and you want them to exist in another environment. Before this release, that usually meant some version of manual recreation: find the keys, decide whether to carry values over, make the edits, and then explain the change to whoever needed to know about it.

Now the flow is built into Ghostable. In Desktop, you open the source environment, select the variables you want to promote to another environment, right click and choose "Promote...", and pick the target environment. At that point, you decide whether the request should include current values or just the keys.

That choice is important in real teams. Sometimes you are promoting a variable because the exact current value should move forward. Other times you only want to establish the key in the target environment and let someone set a different value there later. Promotion handles both cases without forcing a separate workflow.

The other useful change is that promotion is not just an action. It is a request with review built in. An eligible reviewer can approve or reject it, and Ghostable records that outcome in activity history. If the reviewer is on a device that cannot decrypt the submitted value payload, Ghostable surfaces that clearly and allows an explicit override value during approval. That matters because it keeps the security boundary honest while still letting the team complete the operational task.

For teams that work in the terminal, the same model now exists in the CLI. In v2.6.1, you can create promotion requests, inspect pending work, review, approve, reject, or cancel them there as well. That keeps desktop users and CLI users on the same path instead of inventing two separate ways to move configuration between environments.

Environment Duplication

The duplication feature is for a different, but equally common, moment: you need a new environment that mostly matches an existing one.

That can mean a new preview environment, a customer-specific environment, a fresh testing target, or just a cleaner way to branch operational setup without rebuilding everything manually. The annoying part of that job is rarely the concept of creating the environment. It is rebuilding the variable structure correctly, especially when there are enough keys that doing it by hand is slow and error-prone.

Desktop now lets you duplicate an environment directly from the project view. You choose the new environment name, the environment type, and whether sensitive values should be copied. Non-sensitive variables are copied into the duplicate. Sensitive variables follow the rule you choose: copy the values when the new environment genuinely needs them, or create the same sensitive keys with blank values when you only want the structure.

That last option is what makes the feature practical instead of just convenient. In a lot of cases, a team wants the shape of the environment, not a blind clone of every secret inside it. The duplicate should tell people which keys exist and what needs to be filled in, without assuming that the original secret material belongs in the new environment. That is a much better default than recreating everything by hand or over-copying just because it is faster.

Why this is better than the usual manual path

What these features really replace is informal process.

Without promotion, teams often move values between environments by hand and then rely on memory, chat, or ticket comments to explain what happened. Without duplication, they often rebuild environment structure manually or copy more than they meant to because the fast path and the safe path are not the same thing.

This update closes both gaps. Promotion gives teams a reviewable path for moving config between environments. Duplication gives them a faster way to scaffold a new environment without treating secret reuse as the default. Formal guidance like NIST SP 800-128 is right that configuration changes should be controlled and traceable. The practical version of that idea is simpler: teams need a clean record of what moved, where it went, and who signed off on it.

The security model stays the same

These workflows do not change the core security model described in Ghostable V2: Zero-Knowledge Security. Ghostable still stores encrypted payloads and metadata, not plaintext secret values. Encryption and decryption still happen on trusted clients. Key-sensitive operations still depend on environment-specific key material, signed payload validation, and device ownership checks.

That is why the approval flow is explicit about what a reviewing device can and cannot decrypt. It is also why environment duplication lets you preserve key structure without silently carrying sensitive values forward. The goal of this release is to make environment operations easier to execute correctly, not to add a shortcut around the existing trust model.

Available now

Variable promotion is available now in Ghostable Desktop v1.1.13 and Ghostable CLI v2.6.1, with server support already live. If you are already using Ghostable, update both clients and use the next environment-to-environment change as the first real test of the workflow.