Add Approval Workflow for Secret Access Requests #733
Description
Is your feature request related to a problem?
Please describe.
Yes, currently anyone with a service token has immediate access to secrets without any oversight. Even with RBAC and network policies in place, if a service token is compromised or shared, there's no way to control or approve access before secrets are retrieved. This creates security risks in production environments where we need tighter control over who accesses sensitive credentials.
Describe the solution you'd like
An Approval Workflow feature where admins can manually approve or deny secret access requests before they're granted. Similar to how Infisical handles this:
- Scripts/applications request access to secrets instead of getting immediate access
- Admins receive notifications (email/Slack/dashboard) for pending requests
- Admins review context (requester, app, environment, reason) and approve/deny
- Approved access can be temporary (time-limited) or permanent
- All approvals/denials are logged in audit trail
Describe alternatives you've considered
- Building a custom proxy service between applications and Phase API (requires maintenance and keeping it running 24/7)
- Switching to Infisical which has this feature built-in
- Using only network policies and RBAC (not sufficient for preventing access with compromised tokens)
- Manual secret rotation after each access (too cumbersome and not scalable)
Additional context
This feature would significantly enhance Phase's security posture for teams managing production secrets and would be a key differentiator. Many secret management platforms (Infisical, HashiCorp Vault Enterprise) already offer approval workflows, and this is becoming a standard requirement for enterprises.