SlateBeaverSlateBeaver
SlateBeaverSlateBeaver
Log in
DOCUMENTATION

Aegis

What Aegis does

Aegis is the credential management product in SlateBeaver. It stores, encrypts, and controls access to API keys, database connection strings, service tokens, and any other secret value your team uses.

Workspaces and environments

  • A workspace corresponds to a project or service - for example api-gateway or data-pipeline
  • Each workspace has multiple environments: production, staging, development
  • Credentials can exist in one or more environments
  • Access can be configured differently per environment - for example read-only in production, write access in development

Adding credentials

Three ways to add credentials to a workspace:

1
Manual entry
Add a key name and value directly in the UI.
2
Import .env file
Drag a .env file into the workspace. Aegis parses and imports all key-value pairs, then asks who on your team should see each key.
3
CLI push
Run sb aegis push from a local .env file to sync directly to a workspace environment.

The CLI

The Aegis CLI (sb) is available for macOS, Linux, and Windows:

# Install
npm install -g @slatebeaver/cli

# Authenticate
sb auth login

# Pull credentials for an environment
sb aegis pull --env production --project api-gateway

# Push a local .env file to staging
sb aegis push --env staging --project api-gateway

# Check for drift
sb aegis diff --env production --project api-gateway

Drift detection

Drift occurs when a local .env file contains a different value from the stored credential. Aegis detects drift automatically when you run sb aegis diff or when CI/CD pipelines are configured to check on deployment.

When drift is detected, Aegis flags the affected credential and notifies the workspace owner. The flag remains until the credential is rotated or the local file is updated.

Audit log

Every interaction with a credential is logged:

  • Who revealed it - actor name, timestamp, IP address
  • Which credential and which environment
  • Which Aero sprint ticket was active at the time (if linked)

The audit log is immutable - entries cannot be modified or deleted. Export at any time as CSV or forward to a SIEM.

Aegis product page →Access control guide →

Detailed guides

API key management →Audit logging →RBAC →Secure .env →Offboarding →