pock
Secrets management

Secrets,
sealed at the edge.

Pock is a secrets manager for humans and machines. End-to-end encrypted, distributed across the edge, and audited down to the last read.

Read the docs →

$ curl -fsSL pock.sh/install | sh

pock — zsh — 80×24
$pock login
✓ authenticated as ada@pock.sh
$pock push DATABASE_URL STRIPE_KEY
✓ 2 secrets sealed · aes-256-gcm · edge
$pock run -- npm start
↳ injecting 12 secrets into process env
↳ audit: read by ci-runner @ 2 keys
$

// why pock

encrypt

Sealed before it leaves

AES-256-GCM, client-side. Your plaintext never touches our disks — we only ever hold ciphertext.

edge

Edge-native reads

Built on Cloudflare. Secrets resolve from the region nearest your workload, in single-digit milliseconds.

audit

Every touch, logged

Reads, writes, rotations, and grants — all recorded. Know exactly who accessed what, and when.