Features Use cases Integrations Compare Resources Pricing Docs

Secrets vault

AES-256-GCM encrypted. Resolves at dispatch time.

Your API keys live in a .env file on a VPS. Rotating one means SSHing in, restarting the process, and hoping nothing else broke.

The Rotor vault stores secrets encrypted at rest with AES-256-GCM. Reference them as ${{ secrets.KEY }} in your workflow config. They resolve when the step runs, not when you deploy. Rotate without touching code.

# Store a secret via CLI
rotor secrets set HUBSPOT_API_KEY sk-hub-...

# Reference in workflow config
{
  "trigger": {
    "type": "webhook",
    "secret": "${{ secrets.HUBSPOT_API_KEY }}"
  }
}

# Rotate without redeploying
rotor secrets rotate HUBSPOT_API_KEY sk-hub-newkey-...
# Next run picks up the new key automatically

Read the full docs →

Stop babysitting cron. Start shipping.

Your workflows retry themselves. Your pipeline runs unattended. You sleep.

Start shipping$9 to start. 30-day money back.

Read the docs →