Config & Secrets

One place for your config.
Encrypted, shared, pulled.

Shared, encrypted configuration for your whole project — set it once and every app and agent pulls it from one place. The flat-rate, EU alternative to Doppler.

The same secret, copy-pasted into five .env files

Per-app environment variables are fine for one service, but a real project has several — a frontend, a backend, workers — that share the same DATABASE_URL and API keys. Copy-pasting secrets into every one is how they drift and leak. koigrid Config is a single encrypted store for the project: set a value once, and every app (or your AI agent) pulls the config from one place.

How koigrid compares

koigridDoppler
PricingFlat ratePer seat
Encrypted at restYes (envelope)Yes
Shared across a project’s appsYesYes
Pull into your app (API/CLI)NativeCLI / SDK
Next to your apps/DBsYes (same platform)No
Manage by AI agentNativeAPI
EU data residencyYesOptional

From public docs, 2026. koigrid encrypts each value with an envelope scheme (a dedicated key, rotatable); the dashboard only ever shows a masked preview.

Config that doesn’t drift

One shared store

Set DATABASE_URL, API keys and flags once for the project — every app pulls the same values.

Encrypted at rest

Envelope encryption (a dedicated key + a per-secret DEK); the dashboard shows only a masked preview, never the plaintext.

Pull into your app

koigrid config pull > .env, or GET /config/pull from your code or your AI agent.

Never leaks in logs

Events and logs carry only the key name — never the value.

Agent-native

Set and pull config from Claude Code or any LLM via the API.

Flat rate

One price — no per-seat bill for storing your own config.