Command Overview

The Enkryptify CLI provides three powerful commands to manage your secrets effectively:

  • configure: Set up your CLI and authenticate with Enkryptify
  • run: Execute commands with automatically injected secrets
  • export: Extract secrets in various formats for different workflows

Each command is designed to handle specific use cases while maintaining security best practices. We followed the ‘less is more’ approach to keep the commands simple and easy to understand.

Configure

The configure command establishes a secure connection between your environment and Enkryptify. You only need to run this command once per project or when you want to change the environment.

enkryptify configure [--token=<token>] [--skip-token] [--environment=<environment>]

A user-friendly way to configure the CLI:

enkryptify configure

TODO: Screenshots + what you need

Manual Configuration

For automated setups or CI/CD environments:

# Using command line arguments
enkryptify configure --token=enkr_prod_xxx --environment=1000

# Using environment variables
export ENKRYPTIFY_TOKEN=enkr_prod_xxx
enkryptify configure --environment=1000

Changing environment

# Interactive
enkryptify configure --skip-token

# Using CLI
enkryptify configure --skip-token --environment=1000

Configuration Files

After successful configuration, Enkryptify stores your settings in:

  • Unix-like systems: ~/.enkryptify/config.json
  • Windows: %USERPROFILE%\.enkryptify\config.json

Enkryptify securely stores sensitive data like tokens in your system’s native keyring/keychain.

Run

The run command creates a secure environment with your secrets injected as environment variables, then executes your specified command within this context.

# One command
enkryptify run -- <command>

# Multiple commands
enkryptify run [--command=<command>]

Key Benefits

  • Secrets never are written to disk
  • Automatic cleanup after command completion
  • Environment isolation
  • Compatible with any command or script

Common Use Cases

Local Development

Perfect for running development servers with live secret injection:

# Basic development server
enkryptify run -- npm run dev

# With environment specific configuration
enkryptify run -- NODE_ENV=development npm run dev

# Hot-reloading development
enkryptify run -- next dev

Database Operations

Safely manage database connections and migrations:

# Run migrations
enkryptify run -- drizzle-kit migrate

# Database backup
enkryptify run -- pg_dump -U username database > backup.sql

# MongoDB operations
enkryptify run -- mongosh --eval "db.users.find()"

Container Operations

Seamlessly integrate with Docker workflows:

# Docker Compose
enkryptify run -- docker compose up

# Building images
enkryptify run -- docker build --build-arg NODE_ENV=production -t myapp:latest .

# Multiple container commands
enkryptify run --command="docker compose build && docker compose up -d"

Testing Workflows

Ensure your tests have access to the right secrets:

# Run test suite
enkryptify run -- npm run test

# Specific test files
enkryptify run -- jest auth.test.js

# Integration tests
enkryptify run -- cypress run

Export

The export command provides flexible ways to extract and format your secrets for various use cases.

enkryptify export [--format=<format>] [--select=<secrets>] [--exclude=<secrets>]

Available Formats

JSON Format

Structured data format ideal for programmatic access:

# Complete export
enkryptify export --format=json > secrets.json

# API-related secrets only
enkryptify export --format=json --select=API_KEY,API_SECRET,API_URL > api-config.json

# Excluding sensitive data
enkryptify export --format=json --exclude=PRIVATE_KEY,ADMIN_TOKEN > public-config.json

Dotenv Format

Compatible with most development frameworks and tools:

# Standard .env file
enkryptify export --format=file > .env

# Environment-specific configurations
enkryptify export --format=file > .env.production
enkryptify export --format=file > .env.staging

# Development setup excluding production secrets
enkryptify export --format=file --exclude=PROD_DB,PROD_API > .env.development

Shell Environment Format

Direct shell integration for immediate use:

# Load all secrets into current shell
source <(enkryptify export --format=env)

# Load database-specific configuration
source <(enkryptify export --format=env --select=DB_HOST,DB_USER,DB_PASS)

Secret Selection

Using —select

Include only specific secrets:

# Select payment-related secrets
enkryptify export --select=STRIPE_KEY,PAYPAL_ID,PAYMENT_API

# Select database configuration
enkryptify export --select=DB_HOST,DB_PORT,DB_NAME,DB_USER,DB_PASS

Using —exclude

Exclude specific secrets:

# Exclude sensitive production data
enkryptify export --exclude=PROD_PRIVATE_KEY,ADMIN_SECRET

# Create public configuration
enkryptify export --exclude=INTERNAL_API_KEY,AUTH_TOKEN

Tips

  • Avoid storing exported secrets in version control
  • Limit export scope to necessary secrets only
  • Clean up exported files after use
  • Use appropriate file permissions
  • Maintain separate exports for different environments
  • Use clear naming conventions
Quickstart.env