Sign inRegister
← All updates
Releases

Group a service's projects with Applications

You can now group the projects for a single service under one named application. From the Overview page, click the + on the Projects card and choose New application: SikkerKey creates three projects together, Prod, Staging, and Dev, and drops you into Prod. Each is an ordinary project with its own encryption key, machines, secrets, and grants.

Applications are optional. Projects can still be created on their own, and any project that belongs to no application stays under Standalone.

2026-06-19_16-04

In the dashboard

The sidebar groups each service's projects under a collapsible application row with a project count, and the Overview card rolls up the secret and machine totals for the whole application. The three projects are managed as a set: they are created together, can't be renamed or deleted on their own, and deleting the application removes all of them, with every secret, version, and grant inside them, at once.

Access stays exactly where it was, granted per machine, per secret, per project. An application only changes how those projects are grouped in the dashboard and the CLI.

Screenshot from 2026-06-19 16-06-06

From the CLI

The CLI now understands applications. list secrets and list projects nest each project under its application and keep anything outside one under Standalone:

$ sikkerkey list secrets
SikkerKey
  [Staging]
    sk_ij5654k00r5wbz7b  STAGING_SECRET
    sk_cmz4lhq5uuuskwdj  STAGING_DATABASE  [structured]
  [Prod]
    sk_16xz7pqc91t6xnmm  PROD_SECRET
  [Dev]
    sk_q8c40qg1zpi124nx  DEV_SECRET

Standalone
  [Personal]
    sk_f82znjxgxl  VPN Wireguard Config  [structured]

list applications lists the applications in your vault with a project count:

$ sikkerkey list applications
  SikkerKey (app_29p3r9etjr)  3 projects

Scope a session to one application with set application. While a scope is set, list secrets, list projects, export, and run --all all narrow to that application's projects, and the scope shows in whoami. Clear it with set application none, or override it on a single command with an explicit --project.

$ sikkerkey set application app_29p3r9etjr
application set: SikkerKey (app_29p3r9etjr)
'list secrets' and 'list projects' now scope to this application

$ sikkerkey export
# scoped to application app_29p3r9etjr
STAGING_SECRET=...
PROD_SECRET=...
DEV_SECRET=...

Docs