Integrations

FyVault connects to 30+ platforms across hosting, CI/CD, infrastructure, cloud vaults, and notifications. Every integration is available via the dashboard, CLI, and API.

Hosting & Deployment

Push secrets from any FyVault environment directly to your hosting platform. All syncs are one-command from the CLI or one-click from the dashboard.

Vercel

Sync FyVault secrets as Vercel project environment variables.

CLIbash

# Sync production secrets to Vercel
fyvault sync vercel \
  --env=production \
  --token=$VERCEL_TOKEN \
  --project-id=prj_xxxxxxxx

APItypescript

// Via REST API
POST /api/v1/orgs/:org_id/integrations/sync
{
  "platform": "vercel",
  "environmentId": "env_production",
  "config": {
    "token": "your-vercel-token",
    "projectId": "prj_xxxxxxxx"
  }
}

Netlify

Push secrets to Netlify site environment variables.

CLIbash

fyvault sync netlify \
  --env=production \
  --token=$NETLIFY_TOKEN \
  --service-id=site_xxxxxxxx

Railway

Sync to Railway services via GraphQL API.

CLIbash

fyvault sync railway \
  --env=production \
  --token=$RAILWAY_TOKEN \
  --project-id=prj_xxxxxxxx

Heroku

Push secrets as Heroku config vars.

CLIbash

fyvault sync heroku \
  --env=production \
  --token=$HEROKU_API_KEY \
  --app=my-app

Fly.io

Set Fly.io app secrets from FyVault environments.

CLIbash

fyvault sync fly \
  --env=production \
  --token=$FLY_API_TOKEN \
  --app=my-app

Render

Sync environment variables to Render services.

CLIbash

fyvault sync render \
  --env=production \
  --token=$RENDER_API_KEY \
  --service-id=srv_xxxxxxxx

CI/CD Pipelines

GitHub Actions

Use the official fybyte/fyvault-action to inject secrets into your workflows.

.github/workflows/deploy.ymlyaml

name: Deploy
on: push

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: fybyte/fyvault-action@v1
        with:
          api-key: ${{ secrets.FYVAULT_API_KEY }}
          org-id: "your-org-id"
          environment: "production"
          secrets: "DATABASE_URL,STRIPE_KEY,API_SECRET"

      - run: echo "Secrets are now available as env vars"
        # $DATABASE_URL, $STRIPE_KEY, $API_SECRET are set

GitLab CI

Generate GitLab CI variable configuration.

CLIbash

# Generate GitLab CI variables config
fyvault generate gitlab-ci --env=production

# Or use the CLI directly in .gitlab-ci.yml:
# before_script:
#   - eval $(fyvault envs:pull production)

CircleCI

Generate CircleCI context configuration.

CLIbash

fyvault generate circleci --env=production

Infrastructure

Generate native configuration files for your infrastructure tools. All generated from your FyVault secrets.

Kubernetes

Generate Kubernetes Secret manifests with base64-encoded values.

CLIbash

# Generate K8s Secret manifest
fyvault generate k8s --env=production --name=app-secrets

# Apply directly
fyvault generate k8s --env=production --name=app-secrets | kubectl apply -f -

Docker

Generate .env files for Docker containers.

CLIbash

# Generate .env file
fyvault generate docker --env=production > .env.production

# Use with Docker
docker run --env-file .env.production my-app

Docker Compose

CLIbash

fyvault generate docker-compose --env=production --service=api

Terraform

Generate tfvars files from your secrets.

CLIbash

# Generate terraform.tfvars
fyvault generate terraform --env=production > secrets.auto.tfvars

# Use in Terraform
terraform apply

Ansible

CLIbash

fyvault generate ansible --env=production > group_vars/all/fyvault.yml

Pulumi

CLIbash

fyvault generate pulumi --env=production --name=my-stack

Import & Migration

Import secrets from competing vault providers. Paste your JSON export and FyVault creates the secrets in your chosen environment.

AWS Secrets Manager

Export from AWS, import to FyVaultbash

# Export from AWS
aws secretsmanager get-secret-value --secret-id my-secret | jq '.SecretString' > aws-export.json

# Import to FyVault
fyvault import --env=production --format=json --file=aws-export.json

HashiCorp Vault

Export from Vault, import to FyVaultbash

# Export from Vault KV v2
vault kv get -format=json secret/my-app > vault-export.json

# Import to FyVault
fyvault import --env=production --format=json --file=vault-export.json

Doppler

Export from Doppler, import to FyVaultbash

# Export from Doppler
doppler secrets download --format=json > doppler-export.json

# Import to FyVault
fyvault import --env=production --format=json --file=doppler-export.json

Also supported

Google Secret Manager — Import from GCP SM JSON exports
Azure Key Vault — Import from Azure KV exports
Infisical — Import from Infisical JSON exports
1Password — Import from 1Password JSON exports

Notifications

Slack

Receive formatted Slack notifications when secrets are rotated, leaks are detected, or policies are violated. Uses Slack Block Kit for rich formatting with color-coded severity.

Setupbash

# 1. Create a Slack Incoming Webhook at https://api.slack.com/messaging/webhooks
# 2. Test from FyVault dashboard: Integrations → Slack → Test
# 3. Configure in webhook settings to auto-notify on events

PagerDuty

Alert on-call engineers via PagerDuty Events API v2 when leaked secrets are detected.

Setupbash

# 1. Get your PagerDuty Events API v2 routing key
# 2. Test from FyVault dashboard: Integrations → PagerDuty → Test
# 3. Auto-alerts trigger on SECRET_ROTATED and scan findings

Webhooks

Generic HMAC-SHA256 signed HTTP webhooks for all secret and device events. Configure from the Webhooks page.

Verify webhook signaturetypescript

import crypto from "crypto";

function verifySignature(payload: string, signature: string, secret: string): boolean {
  const expected = crypto
    .createHmac("sha256", secret)
    .update(payload)
    .digest("hex");
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  );
}

Integration API

All integrations are accessible via the REST API.

Endpoint	Purpose
`POST /integrations/sync`	Sync secrets to hosting platform
`POST /integrations/generate`	Generate infra config file
`POST /integrations/import`	Import from external vault
`POST /integrations/notify`	Send test notification