Flipt

Git-native feature flag platform that stores, versions, and deploys feature toggles directly in your own Git repositories with no external database required.

4.8Kstars
295forks
Custom / Unknown
Go

Flipt v2 is an enterprise-ready, Git-native feature management platform that treats feature flags as first-class code artifacts. Rather than storing flags in an external database, Flipt writes flag definitions directly into your Git repositories so they version alongside your application code, travel through your existing CI/CD pipelines, and benefit from the full power of Git branching, history, and blame.

The platform introduces a multi-environment model that maps directly onto Git concepts: environments can correspond to branches, directories within a repo, or entirely separate repositories, giving teams the flexibility to match their existing branching strategy. Real-time flag propagation to connected clients is delivered via Server-Sent Events without polling. A React-based UI surfaces flag management with dark mode support, and both gRPC and REST APIs are available for programmatic access.

Flipt also ships a secrets management layer (file-based providers in OSS; HashiCorp Vault, AWS Secrets Manager, GCP Secret Manager, and Azure Key Vault available in Pro) that integrates with flag configuration and enables GPG commit signing so every flag change is cryptographically attributed. OIDC, JWT, OAuth, and Kubernetes service-token authentication are supported out of the box, making the platform suitable for security-conscious organisations that need to keep flag data within their own infrastructure.

What You Get

  • A single binary Go server with no required external dependencies — runs on bare metal, Docker, or Kubernetes without a database
  • Git-native flag storage with full version control, blame, diff, and history for every flag change across all environments
  • Multi-environment support via Git branches, directories, or separate repositories to model dev, staging, and production isolation
  • Real-time flag propagation using Server-Sent Events (SSE) so client SDKs receive updates instantly without polling
  • gRPC and REST APIs plus OpenFeature OFREP support for vendor-neutral integration with any language or SDK
  • Built-in secrets management with file-based providers (OSS) and cloud/Vault providers (Pro) for secure flag configuration
  • OpenTelemetry and Prometheus instrumentation for full observability across flag evaluations, latency, and error rates
  • React-based web UI with Git integration, dark mode, and a wizard-driven quickstart for rapid onboarding

Common Use Cases

  • Trunk-based development at scale: teams merge incomplete features behind flags to main, keeping release velocity high without long-lived branches
  • GitOps feature management: flag changes go through pull requests, code review, and CI/CD the same way infrastructure-as-code changes do
  • Multi-environment promotion: flags live in environment-specific Git branches or directories and are promoted by merging, ensuring consistency
  • Secure enterprise deployments: organizations in regulated industries self-host Flipt to keep sensitive flag data inside their own network perimeter
  • Gradual rollouts and A/B testing: percentage-based rollouts and segment targeting let product teams release to subsets of users with real-time control
  • Microservice flag isolation: each service or team owns its own namespace or repository, eliminating cross-team coupling in flag management

Under The Hood

Architecture Flipt v2 is structured as a layered, modular Go application that routes all flag management through a Git-backed storage abstraction. The server layer (gRPC + REST via grpc-gateway) delegates to an environment registry that resolves the correct Git-backed filesystem for each request based on environment key or HTTP header. The storage layer sits behind a clean interface that separates read-only evaluation stores from read-write management stores, with the Git implementation using go-git to operate directly on the object database. Environments are first-class citizens rather than a namespace concept: each environment carries its own storage reference, enabling completely independent flag states across branches or directories. The evaluation engine lives as a pure function over the storage layer, performing consistent-hash rollouts and multi-constraint segment matching without any database round-trips, which means co-located evaluation is genuinely zero-latency.

Tech Stack The server runtime is Go 1.26, compiled to a single static binary that bundles the embedded React/Vite UI (TypeScript, Redux for state management) as a sub-filesystem. The API surface is defined in Protobuf and exposed as both native gRPC and HTTP REST via grpc-gateway, with an auto-generated OpenAPI spec. Git operations use the pure-Go go-git v6 library, which allows Flipt to run without a system Git installation. Configuration is validated with CUE schemas. Observability is wired through the OpenTelemetry SDK, exporting traces and logs; Prometheus metrics are exposed via the gRPC middleware. Secrets backends integrate with the official AWS SDK v2, Azure SDK, GCP Secret Manager client, and the HashiCorp Vault API. The interactive CLI quickstart uses Charm’s Bubble Tea and Huh libraries for a TUI wizard. ClickHouse is supported as an analytics sink for evaluation event streaming.

Code Quality The codebase demonstrates comprehensive testing practices: the extensive test suite uses testify with mocks generated via mockery, and tests are colocated with production code throughout the internal packages. Error handling is explicit and typed — a custom errors package wraps sentinel error types (ErrNotFound, ErrInvalid, ErrUnauthenticated) that propagate cleanly from storage through to gRPC status codes via middleware interceptors. The codebase uses functional options (Option func patterns) consistently for constructor configuration, keeping the API surface stable. CI enforces linting via golangci-lint and proto-generation via buf. The secrets and coss packages use a factory-registry pattern with blank-import side-effect registration, keeping optional provider dependencies out of the core binary unless explicitly compiled in.

What Makes It Unique Flipt’s genuinely novel contribution is treating Git itself as the feature flag database rather than using Git as an optional sync mechanism layered on top of a database. Competing tools (LaunchDarkly, Unleash, Flagsmith) store flags in relational or document databases and optionally provide Git export — Flipt inverts this so the Git repository is the source of truth and the server is purely a read layer on top of it. The consequence is that the full Git object model — commit signing, branching, merging, blame, history, code review workflows — applies natively to flag management without any custom tooling. The implementation of environment-as-Git-reference is also distinct: by mapping environments to branches or directories rather than database rows, environment promotion becomes a git merge rather than an API call, which is semantically correct and auditable by default.

Self-Hosting

Flipt v2 is released under the Fair Core License 1.0 (FCL-1.0-MIT), which permits internal use, non-commercial research, and professional services without restriction. However, it explicitly prohibits building a commercial product or service that competes with Flipt or its cloud offering. After a two-year delay, the license converts to MIT, so the codebase eventually becomes fully open source. Practically, this means you can self-host Flipt freely inside your own organisation, but you cannot package it as a managed service to sell to others.

Running Flipt yourself is straightforward compared to traditional feature flag systems: the server is a single Go binary with no mandatory database. Flag data lives in a Git repository you already own, so backups, replication, and disaster recovery inherit whatever you have in place for Git. You are responsible for provisioning the binary (or Docker image), configuring Git credentials, and keeping the server updated. Horizontal scaling requires ensuring all instances point at the same upstream Git remote and share a consistent poll interval; the server handles concurrent reads safely. Secrets providers beyond the built-in file backend require additional infrastructure (a Vault cluster, or cloud IAM permissions for AWS/GCP/Azure providers available in Pro).

Flipt Pro adds capabilities that are meaningful at enterprise scale: merge proposals with code-review workflows for flag changes, GPG commit signing with keys retrieved from secret providers, and dedicated commercial support. The hosted Flipt Cloud removes all operational burden and adds SLAs, managed upgrades, and high-availability by default. Self-hosters give up those guarantees and must handle on-call responsibilities, but gain full data sovereignty and can air-gap the deployment entirely — a trade-off that is particularly valuable for financial services, healthcare, and government customers.

Join founders buildingwith open source

Opinionated takes, migration guides, cost-saving tips, and insights from the open source ecosystem.

Subscribe on Substack

No spam. Unsubscribe anytime.

Join 750+ subscribers
No spam. Unsubscribe anytime.

Search