# Capy ## Docs - [capy branch](https://docs.capy.sc/cli/branch.md): List, delete, and switch between secret branches. - [capy](https://docs.capy.sc/cli/capy.md): Sync secrets with the remote. Initializes the project on first run. - [capy checkout](https://docs.capy.sc/cli/checkout.md): Switch to a secret branch. Create it with `-b`. - [capy cleanup](https://docs.capy.sc/cli/cleanup.md): Remove Capy git hooks from this repository. - [capy deploy](https://docs.capy.sc/cli/deploy.md): Set up secret delivery to a deployment platform. - [capy edit](https://docs.capy.sc/cli/edit.md): Inspect and edit secrets in an interactive two-pane TUI. - [capy grant-branch](https://docs.capy.sc/cli/grant-branch.md): Grant a member access to a protected branch (non-interactive). - [capy info](https://docs.capy.sc/cli/info.md): Show current session info. - [capy invite](https://docs.capy.sc/cli/invite.md): Invite a teammate to this organization. - [capy kick](https://docs.capy.sc/cli/kick.md): Remove a teammate from this organization. - [capy logout](https://docs.capy.sc/cli/logout.md): End the current session and clear cached keys. - [capy org](https://docs.capy.sc/cli/org.md): Switch organization. - [capy push](https://docs.capy.sc/cli/push.md): Push local changes to the remote without pulling. - [capy redeem](https://docs.capy.sc/cli/redeem.md): Redeem an invite code to join an organization. - [capy revoke-branch](https://docs.capy.sc/cli/revoke-branch.md): Revoke a member's access to a protected branch (non-interactive). - [capy run](https://docs.capy.sc/cli/run.md): Run a command with decrypted secrets injected as environment variables. - [capy status](https://docs.capy.sc/cli/status.md): Show drift between local, pinned, and remote secrets. - [capy users](https://docs.capy.sc/cli/users.md): Interactive table of org members, roles, and protected-branch grants. - [Go](https://docs.capy.sc/getting-started/go.md): Adopt Capy in a Go app using `capy run`. - [Next.js](https://docs.capy.sc/getting-started/nextjs.md): Adopt Capy in a Next.js app - dev, build, deploy. - [Node.js](https://docs.capy.sc/getting-started/nodejs.md): Adopt Capy in a Node.js app using `capy run`. - [Other runtimes](https://docs.capy.sc/getting-started/other-runtimes.md): Use Capy with any runtime via `capy run`. - [Python](https://docs.capy.sc/getting-started/python.md): Adopt Capy in a Python app using `capy run`. - [Ruby](https://docs.capy.sc/getting-started/ruby.md): Adopt Capy in a Ruby app using `capy run`. - [Rust](https://docs.capy.sc/getting-started/rust.md): Adopt Capy in a Rust app using `capy run`. - [Overview](https://docs.capy.sc/index.md): End-to-end encrypted environment variables for your team. - [Architecture](https://docs.capy.sc/internals/architecture.md): How Capy fits together on disk and in memory. - [Cryptography](https://docs.capy.sc/internals/cryptography.md): End-to-end walkthrough of the client-side cryptography, from seed phrase to runtime decryption. - [Zero trust](https://docs.capy.sc/internals/zero-trust.md): Why neither the client nor the service can decrypt alone. - [Branches](https://docs.capy.sc/using/branches/overview.md): Parallel sets of secrets for development, staging, and production. - [Protected branches](https://docs.capy.sc/using/branches/protected.md): Invite-only branches for production secrets. - [Overview](https://docs.capy.sc/using/deploying.md): Ship encrypted secrets to production with zero-trust. - [AWS Lambda](https://docs.capy.sc/using/deploying/aws-lambda.md): Container-image Lambdas and zip-deploy patterns. - [Cloudflare Pages / Workers](https://docs.capy.sc/using/deploying/cloudflare.md): Build-time decryption for Cloudflare Pages and Workers. - [Docker](https://docs.capy.sc/using/deploying/docker.md): `capy run` as the container entrypoint. - [Fly.io](https://docs.capy.sc/using/deploying/fly.md): Fly Machines with `capy run` as the entrypoint. - [GitHub Actions](https://docs.capy.sc/using/deploying/github-actions.md): Wrap CI build / test steps with `capy run`. - [Railway / Render / Heroku](https://docs.capy.sc/using/deploying/railway-render-heroku.md): Long-running hosts with `capy run` in the start command. - [Vercel](https://docs.capy.sc/using/deploying/vercel.md): Build-time env inlining for Next.js on Vercel. - [Editing secrets](https://docs.capy.sc/using/editing-secrets.md): Two ways to change a value: the TUI or your editor. - [Organizations](https://docs.capy.sc/using/organizations/overview.md): The cryptographic tenant boundary in Capy. - [Switching organizations](https://docs.capy.sc/using/organizations/switching.md): Move between orgs on a single machine. - [Switching computers](https://docs.capy.sc/using/organizations/switching-computers.md): Moving your Capy identity to a new machine, the self-custodied way. - [Running your app](https://docs.capy.sc/using/running-your-app.md): How `capy run` gets decrypted values into your process. - [Syncing secrets](https://docs.capy.sc/using/syncing-secrets.md): Pull, push, and diff encrypted environment variables. - [Inviting users](https://docs.capy.sc/using/team/inviting.md): Share access via out-of-band redeem codes. - [Kicking users](https://docs.capy.sc/using/team/kicking.md): Remove a teammate. O(1), no re-encryption. - [Roles](https://docs.capy.sc/using/team/roles.md): Owner, Admin, Project Admin, and Member.