Secrets Management

Code CLI includes built-in secrets management for storing and retrieving API keys, database credentials, and other sensitive values without leaving the terminal.

Commands

Command	Description
codecli secrets list [--vault]	List vaults or secrets in a vault
codecli secrets get NAME	Retrieve a secret value
codecli secrets set NAME VALUE	Create or update a secret
codecli secrets delete NAME	Delete a secret
codecli secrets pull [--vault] [--output]	Pull secrets to .env file
codecli secrets push [--vault] [--input]	Push from .env to vault
codecli secrets token	Manage API tokens

Pulling to .env

Terminal

bash

# Pull all secrets from production vault to .env
codecli secrets pull --vault prod --output .env.production

# Pull with JSON format
codecli secrets pull --vault staging --format json --output config.json

Pushing from .env

Terminal

bash

# Push local .env to a vault
codecli secrets push --vault dev --input .env.local

Vault Password

Set CODECLI_VAULT_PASSWORD to avoid entering your password interactively. This is useful for CI/CD pipelines.

CI/CD example

bash

export CODECLI_VAULT_PASSWORD={"$"}{{"{"}VAULT_PASSWORD{"}"}
codecli secrets pull --vault prod --output .env

#Secrets Management

#Commands

#Pulling to .env

#Pushing from .env

#Vault Password

Secrets Management

Commands

Pulling to .env

Pushing from .env

Vault Password