Secrets

​

Structure

• Name — the key used as an environment variable (e.g. DATABASE_URL, API_KEY)
• Values — one encrypted value per environment
• Note — an optional encrypted note for documentation

​

Naming rules

• Uppercase and lowercase letters (A-Z, a-z)
• Numbers (0-9)
• Underscores (_) and hyphens (-)

​

Managing secrets

​

Dashboard

• Add a secret by clicking “Add Secret” and entering the key and values
• Edit a value by clicking on it in the table
• Delete a secret from the secret options menu
• Search secrets using the search bar (supports fuzzy matching)
• Show/hide values with the visibility toggle

​

CLI

# Create a secret
ek create DATABASE_URL "postgresql://localhost:5432/dev"

# Update a secret (prompts for new value)
ek update DATABASE_URL

# Delete a secret
ek delete DATABASE_URL

# List all secrets (values masked by default)
ek list

# List with visible values
ek list --show

​

Using secrets

1. CLI injection — run ek run -- <command> to inject secrets as environment variables into any process. See CLI quickstart.
2. Syncs — push secrets to external providers (GitHub, Vercel, AWS, GCP) automatically. See Syncs overview.

​

Best practices

• Don’t store secrets in source code. Use Enkryptify as the single source of truth and inject secrets at runtime.
• Use environment-specific values. Each environment should have its own credentials, don’t share production database URLs with development.
• Use descriptive names. Name secrets clearly so their purpose is obvious (e.g. STRIPE_SECRET_KEY instead of SECRET_KEY).