Sealrepo
Sign inStart free
Collaborate

Add real teammates with persistent access

Members are for people you trust long-term — engineers on payroll, your co-founder, your DevOps team. They don't need a fresh access code every week, but you can remove them in one click the day they leave.

Members vs. access codes
Use members for ongoing relationships (employees, co-founders). Use access codes for short-lived ones (contractors, auditors, on-call hand-offs). Both can coexist on the same project.
New in 1.0 — Strict Mode + exfil detection
When you mint an access code with Strict Modeenabled, the contractor's CLI runs a watcher daemon. If they kill the watcher, disconnect from the network beyond grace, or get caught by an exfiltration heuristic (mass file reads, tar/rsync on the project, a new git remote being added), their local copy re-locks immediately and you get an email. Install the supervisor with sealrepo install-serviceon the contractor's machine to make the watcher survive reboots too.

The three roles

Owner
  • ·Everything an admin can do
  • ·Delete the project
  • ·Transfer ownership
Admin
  • ·Invite & remove members
  • ·Issue access codes
  • ·Create CI tokens
  • ·Rename / configure project
Member
  • ·Unlock the vault
  • ·View project details
  • ·Cannot invite or remove anyone

  1. Invite a teammate by email

    On the project page, switch to the Members tab and click Invite member.

    sealrepo.dev/app/projects/acme-billing/members

    Invite member

    They'll get an email with a link to accept.

    MemberAdmin
    Send invite

    The invite expires after 7 days if unaccepted. They appear in the Pending invitations list until they accept; you can revoke any time.

  2. They accept, then unlock from their machine

    The invitation email contains a link to sealrepo.dev/accept-invite/<token>. If they don't have an account, that page walks them through signup with the right email pre-filled. After accepting, their CLI works immediately — no code needed:

    Their terminal — first time on the project
    $git clone [email protected]:acme/billing.git
    $cd billing
    $sealrepo unlock
    Passphrase: ●●●●●●●●●●●●
    unlocked 137 files — welcome, [email protected]
    They still need the project passphrase
    Being added as a member proves who they are. The passphrase proves they should be reading the vault. Share the passphrase out-of-band (1Password, in person) — or use cloud key escrow so each member sets up their own personal recovery without ever exchanging the passphrase by hand.

  3. Change roles or remove people, any time

    Each row on the Members tab has a menu: Promote to admin, Demote to member, Remove from project. Removing someone is instant — their next CLI call gets a 403 and any decrypted shell they had open auto-locks within seconds.

    sealrepo.dev/app/projects/acme-billing/members
    3 members
    Y
    [email protected]
    owner
    C
    [email protected]
    admin
    D
    [email protected]
    member

  4. Leaving a project

    If you want out of a project someone else owns, click Leave projecton the members tab. The owner is notified. (Owners can't leave directly — transfer ownership first, or delete the project.)

Next
Use it in CI pipelines