> ## Documentation Index
> Fetch the complete documentation index at: https://capy.sc/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Capy: Git-Native Secrets Manager for Engineering Teams

> Capy is a git-native secrets manager with end-to-end encryption, branch-aware syncs, and PR-reviewable diffs — five CLI commands, zero plaintext on our servers.

**Capy is designed to make your secrets management much simpler.** Our CLI works with a single command `capy`, but it's also MUCH more powerful than that. Explore a bit more, and you'll find that it basically behaves **git, but for secrets**. The way it links to your actual version control is through a`keep.lock`, which is a versioning manifest that lives in your repo and shows up in PR diffs. \
\
Unlike other secrets managers, which have a seperate UI, capy treats secrets like the rest of your code, while keeping it secure, and gives you the most ergonomic method for managing and keeping track of them without needing to commit them to source control.

Capy is not just a CLI! It's also a ridiculously easy-to-use batteries included secrets manager that incorporates compliance features like audit logging, and the strongest zero-trust cryptography patterns. A subpoena, a breach, or a rogue employee on Capy's side only gives ciphertext that is useless without your private key.\
\
All of this works incredibly well under the hood. Five commands is all you need!

```bash theme={null}
brew install capysc/tap/capy    # or: npm i -g @capysc/cli

capy                             # sync secrets (like git pull)
capy invite alice@example.com    # share with teammates
capy run -- python app.py        # run with decrypted secrets
capy deploy                      # ship to prod
```

## Why teams pick Capy

* **The CLI you already know.** `capy checkout staging` lines up with `git checkout staging`. `capy push` ships your branch's secrets. `capy kick` reads as cleanly as `git revert`. No new mental model.
* **Branches that match git.** Capy's branch model pins to your git branch, and post-checkout/post-merge hooks keep `.env` in sync as you move around the tree.
* **PR-reviewable secret diffs without exposing values.** `keep.lock` is the only thing committed — a small manifest with no keys or plaintext — so changes show up in code review the same way schema migrations do.
* **Zero-trust storage, not a feature flag.** The service stores ciphertext. There is no mode where it doesn't. See [zero-trust](/internals/zero-trust).
* **Cryptographic revocation.** `capy kick` doesn't flip a database flag — it makes the kicked user's local key material inert. Remaining members keep using their existing keys. See [kicking](/using/team/kicking).
* **Headless.** No dashboard, no daemon, no SDK. Your code reads `process.env`. There is nothing to host, import, or stay logged into.

<Columns cols={2}>
  <Card title="Get started" icon="rocket" horizontal href="/getting-started/nodejs">
    Pick your runtime and be up in under two minutes.
  </Card>

  <Card title="How it works" icon="shield-halved" horizontal href="/internals/zero-trust">
    The cryptographic design behind Capy's zero-trust model.
  </Card>

  <Card title="Compare" icon="scale-balanced" horizontal href="/comparisons">
    Capy vs. Doppler, Infisical, dotenvx, AWS Secrets Manager, SOPS.
  </Card>

  <Card title="License" icon="scale-balanced" horizontal href="/using/license">
    What Capy's AGPL-3.0 license means for your team.
  </Card>
</Columns>
