The last secret manager config you'll ever write.
You've spent more time configuring secret managers than writing features. FyVault.auto() detects where your code is running, finds credentials automatically, and connects. One line. Every platform. Done.
Every platform. A different dance.
Vercel uses env vars. AWS uses Parameter Store. GitHub Actions uses repository secrets. Railway has its own dashboard. You have written the same "get secret from somewhere" boilerplate for every single one. And every time you switch platforms? You rewrite the configuration. New env vars. New API keys. New YAML. It is 2026 and you are still manually wiring secrets into every deployment.
One function call. A four-step resolution chain.
FyVault.auto() walks a priority chain top-to-bottom. The first match wins. You never think about it again.
Agent Token File
~/.fyvault/tokenDropped by the FyVault agent on startup. Checked first, always.
Environment Variables
FYVAULT_API_KEY, FYVAULT_ORG_IDFalls back to standard env vars if no token file exists.
GitHub OIDC
ACTIONS_ID_TOKEN_REQUEST_URLInside GitHub Actions, authenticates with OIDC. No stored keys.
Platform Detection
11 platforms auto-detectedVercel, Netlify, Railway, Render, Fly.io, AWS Lambda, and more.
It just works. On 11 platforms.
Ship to any of these today. FyVault figures out where it is running and configures itself. You change nothing.
All 11 platforms auto-detected at runtime. Zero configuration required.
15 lines became 1. That is not a demo.
This is your actual code. The boilerplate is gone and it is not coming back.
apiKey: process.env.FYVAULT_API_KEY!,
orgId: process.env.FYVAULT_ORG_ID!,
environment: process.env.NODE_ENV === 'production'
? 'production' : 'development',
baseUrl: process.env.FYVAULT_URL || 'https://...',
});
Your CI pipeline has zero secrets in it.
In GitHub Actions, FyVault authenticates through OIDC. No API keys pasted into your repo settings. No tokens rotating on a schedule you will forget.