VS Code Copilot

Manage Phase secrets directly from GitHub Copilot in VS Code. Copilot Agent can list, create, update, and delete secrets, run processes with injected secrets, and manage your Phase environments — all from natural language.

Prerequisites

• Phase CLI installed and authenticated
• VS Code with GitHub Copilot extension

Setup

1. Enable AI integration

phase ai enable

Select VS Code Copilot when prompted. This installs the Phase skill to ~/.copilot/skills/phase-cli/SKILL.md and configures secret visibility.

You'll be asked whether AI agents can see secret values:

• Mask values (recommended) — secret and sealed types show as [REDACTED]
• Show values — secret and config types are visible; sealed is always hidden

2. Start using Phase in Copilot

Open Copilot Chat in Agent mode. You can immediately start managing secrets:

You: list my secrets
You: create a DATABASE_URL as config with value postgres://localhost:5432/mydb
You: rotate the API_KEY as a sealed secret with random base64
You: run npm start with my secrets

How it works

The Phase CLI installs a skill document that teaches Copilot Agent how to use the Phase CLI. Copilot runs Phase commands directly in your terminal — no separate server or middleware.

The skill is installed globally at ~/.copilot/skills/phase-cli/SKILL.md and is automatically discovered by VS Code Copilot for all projects. Copilot also reads from ~/.claude/skills/ and ~/.agents/skills/ as fallback locations.

Secret types and AI visibility

Security guardrails

The Phase CLI enforces guardrails when it detects an AI agent:

• printenv, env, export, set, declare, compgen are blocked inside phase run
• phase shell is blocked entirely in AI mode
• Sealed secret values are always redacted in output
• phase ai enable / phase ai disable must be run by the user directly

Managing the integration

# Update the skill (re-run after CLI upgrade)
phase ai enable

# Remove the integration
phase ai disable

# View the skill document
phase ai skill