Secrets

Autopilot's Secrets feature is end-to-end-encrypted secret-file storage scoped per repository and per environment. The threat model is simple:

• The server only ever sees ciphertext.
• The encryption key is derived from your passkey's PRF (a per-credential, hardware-backed pseudo-random function) — there's no password to leak and no recovery key the server can hold.
• Decryption happens in the browser (or the same browser the CLI hands off to). Plaintext never touches Autopilot's backend.

This page covers the web UI. For the command-line workflow used in development environments and CI, see the Secrets CLI page.

One-time enrollment

The first time you visit Secrets in the dashboard, you'll be redirected to the enrollment page. You'll need:

• A passkey registered on auth.rxlab.app that supports WebAuthn PRF. Most modern setups do: TouchID, FaceID, hardware security keys (YubiKey 5+), 1Password, and iCloud Keychain on iOS 17+.
• The browser session for that authenticator (i.e. you have to be signed in with the passkey).

Click Enroll. Your authenticator prompts you, the browser derives a key-encryption key (KEK) from the PRF output, generates a wrapped private key, and posts the wrapped material to Autopilot. From this point on, Autopilot can store secrets for you that only your passkey can unwrap.

Important: if you lose access to all your PRF-capable authenticators, your encrypted secrets are unrecoverable. Register at least two passkeys on auth.rxlab.app before storing anything important.

Repositories

After enrollment, Secrets opens to a list of repositories you've added for secret storage. Click Add repository, search by name, and pick one of your installations. The repository becomes a container for one or more environments.

Environments

Each repository can have multiple environments (typically dev, staging, prod, but you choose the names). An environment is the actual unit of encryption: it has its own data-encryption key (DEK), and members get access by having that DEK wrapped to their passkey-derived KEK.

For each environment you can:

• Create files — name + content. The plaintext is encrypted in the browser with the environment's DEK before upload.
• View files — read decrypted contents in the browser, on demand. Each view requires your passkey.
• Edit and version files — edits create a new version; old versions are kept and viewable.
• Delete files — removes both the ciphertext and key wrapping for that file.

Members

The Members tab on an environment shows everyone who has access. To grant someone access:

1. They first need to be enrolled (have their own wrapped key on Autopilot).
2. You add them as a member from the UI.
3. Your browser fetches their public key, wraps the environment's DEK to their KEK using HPKE, and uploads only the wrapped DEK.

That's the only operation that touches plaintext keys; from then on, the new member can decrypt files in that environment with just their own passkey.

To remove access, delete the member. They'll lose the ability to decrypt new fetches; rotate the DEK for existing files if you suspect the member already exfiltrated them.

What this is good for

• .env files for local development that the team needs to share securely.
• Service credentials consumed by an app at startup.
• Per-environment configuration that you don't want sitting in plaintext in a private repo.

For static, single-secret values that GitHub Actions consumes, GitHub's own encrypted secrets are still the right tool. Autopilot's Secrets is for files that humans and dev environments need to read.

Security model in one diagram

Plaintext only exists in the browser tab during the moment a file is read or written.