You’ve been invited to an Enkryptify workspace by your team lead or admin. This guide will get you up and running so you can start developing with secrets managed through Enkryptify.
What is Enkryptify?
Enkryptify is a secrets manager that securely stores and injects environment variables (API keys, database URLs, tokens, etc.) into your applications. Instead of sharing .env files over Slack or email, your team manages secrets centrally and you pull them automatically via the CLI.
As a developer, you mainly need two things:
- The CLI — to inject secrets into your app when running locally
- The Dashboard — to view secrets or set personal overrides (if your admin has enabled this)
CLI Setup
1. Install
brew install enkryptify/enkryptify/enkryptify
scoop bucket add enkryptify https://github.com/Enkryptify/scoop-enkryptify.git
scoop install enkryptify
curl -fsSL https://raw.githubusercontent.com/Enkryptify/cli/refs/heads/main/install.sh | sh
2. Log in
This opens your browser to authenticate via OAuth. Your credentials are stored securely in your system’s keyring.
3. Link your project
Navigate to your project’s repository and run:
This walks you through selecting your workspace, project, and environment. The configuration is saved locally and tied to the current directory.
4. Run your app
ek run -- <your start command>
Usage Examples by Language
Below are examples for running your application with secrets injected. Replace the command after -- with whatever you normally use to start your app.
Node.js
Python
Go
Java
Ruby
PHP
Rust
.NET
# npm
ek run -- npm run dev
# pnpm
ek run -- pnpm run dev
# yarn
ek run -- yarn dev
# bun
ek run -- bun run dev
# deno
ek run -- deno run --allow-all main.ts
# Running a script directly
ek run -- node server.js
# Standard
ek run -- python app.py
# Flask
ek run -- flask run
# Django
ek run -- python manage.py runserver
# FastAPI with uvicorn
ek run -- uvicorn main:app --reload
# Poetry
ek run -- poetry run python app.py
# Using a virtual environment
ek run -- .venv/bin/python app.py
# Run directly
ek run -- go run .
# Run a compiled binary
ek run -- ./myapp
# With air (hot reload)
ek run -- air
os.Getenv("DATABASE_URL")
# Maven
ek run -- mvn spring-boot:run
# Gradle
ek run -- ./gradlew bootRun
# Running a JAR
ek run -- java -jar target/myapp.jar
System.getenv("DATABASE_URL");
Using application.properties or application.yml
If your project uses Spring Boot, you may be used to defining secrets in application.properties or application.yml. You can reference environment variables injected by Enkryptify in these files using Spring’s placeholder syntax:spring.datasource.url=${DATABASE_URL}
spring.datasource.username=${DB_USERNAME}
spring.datasource.password=${DB_PASSWORD}
spring:
datasource:
url: ${DATABASE_URL}
password: ${DB_PASSWORD}
username: ${DB_USERNAME}
ek run.We recommend accessing secrets directly via System.getenv() when possible. Using placeholder files like application.properties adds an extra layer of indirection and makes it harder to track which secrets your app depends on. If you do use them, never hardcode secret values in these files.
# Rails
ek run -- rails server
# Rack
ek run -- rackup
# Running a script
ek run -- ruby app.rb
# Bundler
ek run -- bundle exec ruby app.rb
# Laravel
ek run -- php artisan serve
# Symfony
ek run -- symfony server:start
# Built-in server
ek run -- php -S localhost:8000
getenv('DATABASE_URL');
// or
$_ENV['DATABASE_URL'];
# Cargo
ek run -- cargo run
# Running a compiled binary
ek run -- ./target/release/myapp
std::env::var("DATABASE_URL").unwrap();
# .NET CLI
ek run -- dotnet run
# Watch mode
ek run -- dotnet watch run
Environment.GetEnvironmentVariable("DATABASE_URL");
Overriding the environment
If you need to run against a different environment than your default (e.g. staging instead of development), use the -e flag:
ek run -e staging -- npm run dev
IDE Integration
If you don’t run your application from the terminal (e.g. you use a built-in run button in your IDE), you can configure your IDE to use the Enkryptify CLI.
JetBrains (IntelliJ, WebStorm, PyCharm, GoLand, Rider, etc.)
Open Run Configuration
Go to Run > Edit Configurations… (or click the run configuration dropdown in the toolbar).
Modify the startup command
Depending on your project type, update the run configuration to use ek run:For interpreted languages (Node.js, Python, Go, etc.), set the command to:
- In the Before launch section, click + and select Run External Tool
- Or alternatively, change the script/command field to wrap your existing command with
ek run --
The simplest approach for any language:
- Go to Run > Edit Configurations…
- Instead of modifying the existing configuration, create a new Shell Script run configuration
- Set the script to:
ek run -- <your original command>
ek run -- npm run dev
ek run -- python manage.py runserver
ek run -- go run .
ek run -- dotnet run
Visual Studio
Use a launch profile with ek run
Edit your launchSettings.json (found in Properties/launchSettings.json):{
"profiles": {
"Enkryptify": {
"commandName": "Executable",
"executablePath": "ek",
"commandLineArgs": "run -- dotnet run"
}
}
}
VS Code
If you use VS Code’s built-in terminal, ek run works out of the box. For the launch configuration, add to .vscode/launch.json:
{
"version": "0.2.0",
"configurations": [
{
"name": "Run with Enkryptify",
"type": "node",
"request": "launch",
"runtimeExecutable": "ek",
"runtimeArgs": ["run", "--"],
"program": "${workspaceFolder}/src/index.js"
}
]
}
Using the Dashboard
Your admin may have given you access to view secrets and/or set personal overrides in the Enkryptify Dashboard.
Viewing Secrets
If your workspace admin has enabled secret viewing for your role, you can browse secrets in the dashboard:
- Log in at app.enkryptify.com
- Select your workspace and project
- Navigate to the environment you’re working in
- You’ll see the list of secrets
If you can’t see secret values, your admin has restricted this. Reach out to them if you need access.
Personal Overrides
Personal overrides let you replace a shared secret with your own value, for example, pointing DATABASE_URL to your local database instead of the shared development database.
When would you use this?
- You’re running a local database and need a different connection string
- You need to use your own API key for a third-party service during development
- You want to test with different configuration values without affecting the rest of the team
How to set a personal override:
- Open the environment in the dashboard
- Find the secret you want to override
- Click the second input field for that secret (in that environment). The input field is marked with “Personal”.
- Enter your personal value and save
Your personal value will be used whenever you run ek run, while everyone else on the team continues to get the shared value.You can also set a personal override via the CLI:ek update DATABASE_URL --ispersonal
Personal overrides are only available if your workspace admin has enabled this feature. If you don’t see the option, ask your admin.
Quick Reference
| Task | Command |
|---|
| Install CLI (macOS) | brew install enkryptify/enkryptify/enkryptify |
| Log in | ek login |
| Link project | ek setup |
| Run with secrets | ek run -- <command> |
| Run against different env | ek run -e staging -- <command> |
| List secrets | ek list |
| Set personal override | ek update SECRET_NAME --ispersonal |
Need Help?
- Check the full CLI Commands reference
- Ask your workspace admin for access or permission changes
- Visit enkryptify.com for more information
