Skip to main content
The Enkryptify CLI (ek) provides commands to authenticate, configure and run your applications with secrets injected as environment variables.

Usage

ek [command]

Global Flags

  • -h, --help: help for ek
  • -v, --version: get the current version of the CLI

Commands

Authenticate with Enkryptify to access your secrets.This opens a web browser to complete the OAuth flow. After successful authentication, credentials are stored securely in your system keyring.
ek login
Options:
  • -f, --force: force re-authentication even if already logged in
ek login --force
Link the current git repository to an Enkryptify workspace, project and environment.The configuration is saved to ~/.enkryptify/config.json and associated with the current directory path.
ek configure
# OR
ek setup
Run a command with secrets from Enkryptify injected as environment variables.This fetches secrets for your configured workspace, project and environment, then executes the provided command with those secrets available as env vars.Arguments:
  • cmd: command and arguments to run
Options:
  • -e, --env <environmentName>: environment name to use (overrides default from config)
Note: Use -- to separate ek run from the command you want to execute.
ek run -- <command>
Examples:
ek run -- npm start         # Run npm start with secrets
ek run -- pnpm run dev      # Run pnpm dev with secrets
ek run -- python app.py     # Run Python app with secrets
ek run -- docker-compose up # Run docker-compose with secrets
Replace all ${VARIABLES} in a file with the corresponding secrets from Enkryptify.
ek run-file --file <file>
Arguments:
  • file: file to replace variables in
Usage:
sam deploy --config-file <(ek run-file --file samconfig.toml)
node index.js --file <(ek run-file --file data.json)
Examples of files to replace variables in:
[default]
region = "${AWS_REGION}"
stack_name = "${STACK_NAME}"
s3_bucket = "${AWS_S3_BUCKET}"
s3_prefix = "${AWS_S3_PREFIX}"
s3_key = "${AWS_ACCESS_KEY_ID}"
s3_secret = "${AWS_SECRET_ACCESS_KEY}"
s3_session_token = "${AWS_SESSION_TOKEN}"
s3_region = "${AWS_REGION}"

{
  "databaseUrl": "${DATABASE_URL}",
  "sessionToken": "${SESSION_TOKEN}"
}
Create a new secret in the current environment.
ek create <name> [value]
Arguments:
  • name: secret key (A-Z, a-z, 0-9, underscore, hyphen)
  • value: secret value (use quotes for spaces or special characters)
ek create DATABASE_URL "postgresql://app:app@localhost:5432/enkryptify"
Expected result: the DATABASE_URL secret is created in the current environment.
Update a secret in the current environment.
ek update <name>
Arguments:
  • name: secret key to update
Options:
  • --ispersonal: make the secret personal (Enkryptify provider only)
ek update DATABASE_URL
Expected result: the DATABASE_URL secret is updated in the current environment.
Delete a secret from the current environment.
ek delete <name>
Arguments:
  • name: secret key to delete
ek delete DATABASE_URL
Expected result: the DATABASE_URL secret is removed from the current environment.
List secrets in the current environment.
ek list [options]
Options:
  • -s, --show: show secret values (defaults to masked)
ek list --show
Expected result: a table of secrets with values visible.