Preprequisites

  1. Signup for an envsecrets account.
  2. Install the CLI.

Setup

Firstly, change directory to your project root.

cd my-project

Local Environment

In order to get comfortable, let’s first run through all commands in your local environment before we go to remote environment.

Run the following commands in correct order.

1

Set your secrets

envs set DB_PASSWORD=awesome

This will set your key-value pair locally without encrypting the values.

2

List your secrets

envs ls

This will list your locally saved key-value pairs and help you validate that your key-value pair indeed got set.

3

Get your secret

envs get DB_PASSWORD

This will get the value of key DB_PASSWORD from locally saved key-value pairs.

4

Consume your secret

envs run -- [start-command-of-your-process]

This will fetch all the locally available values and inject them into your process. You can now access your secrets natively in your code.

Remote Environment

  • To manage secrets in your remote/hosted environment, you can simply use the same aforementioned commands with -e or --env.
  • For the purpose of this tutorial, we will use the pre-initialized/default prod environment that is created for your every envsecrets project.
1

Login

envs login

When prompted, enter your envsecrets account credentials i.e. email and password.

2

Initalize the project directory

envs init

This command will ask you to choose your organisation, project and one of it’s environments.

If you do not already have a project, you can create one directly from the CLI when prompted with the option.

3

Set your secrets

envs set DB_PASSWORD=awesome -e prod

This will create a new version of your secret in your remote prod environment.

4

List your secrets

envs ls -e prod

This will list the key-value pairs in the latest secret version of your remote prod environment and help you validate that your key-value pair indeed got set.

You can use the --version flag to modify which version to list the secrets for.

If you want to export the values of all the keys and not just list the keys, use: envs export

5

Get your secret

envs get DB_PASSWORD -e prod

This will get the value for key DB_PASSWORD in the latest secret version of your remote prod environment.

You can use the --version flag to modify which version to get the value from.

6

Consume your secret

envs run -e prod -- [start-command-of-your-process]

This will fetch the key-value pairs in the latest secret version of your remote prod environment. You can now access your secrets natively in your code.

You can use the --version flag to modify which version to get the values from.

Connect an Integration

For the sake of this tutorial, let’s connect the Github Actions integration.

  1. Go to integrations catalog in your envsecrets dashboard and choose “Github Actions.”
  2. Complete the Oauth procedure that begins and grant access to all of your Github repositories to which you wish to sync your secrets.
  3. Go to the integrations dashboard in your envsecrets organisation and under “Github Actions” choose “Sync New Environment With Your Github Actions Account.”
  4. In the page that opens, select your envsecrets project, environment and your Github repository where you wish to push/sync your secrets.
  5. Complete and save the form.

Sync Your Secrets

Once your secrets are synced, it is recommended you go to your Github repository and validate the new values.

Similarly, you can choose any native integration from our catalog of available integrations to keep your secrets synchronized everywhere in real-time.