> ## Documentation Index
> Fetch the complete documentation index at: https://docs.enkryptify.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Developer onboarding

> Everything you need to know when you get invited to an Enkryptify workspace

You've been invited to an Enkryptify workspace by your team lead or admin. This guide will get you up and running so you can start developing with secrets managed through Enkryptify.

## What is Enkryptify?

Enkryptify is a secrets manager that securely stores and injects environment variables (API keys, database URLs, tokens, etc.) into your applications. Instead of sharing `.env` files over Slack or email, your team manages secrets centrally and you pull them automatically via the CLI.

**As a developer, you mainly need two things:**

1. **The CLI** for injecting secrets into your app when running locally
2. **The Dashboard** for viewing secrets or setting personal overrides (if your admin has enabled this)

***

## CLI Setup

### 1. Install

<Tabs>
  <Tab title="macOS">
    ```bash theme={"dark"}
    brew install enkryptify/enkryptify/enkryptify
    ```
  </Tab>

  <Tab title="Windows">
    ```bash theme={"dark"}
    scoop bucket add enkryptify https://github.com/Enkryptify/scoop-enkryptify.git
    scoop install enkryptify
    ```
  </Tab>

  <Tab title="Linux">
    ```bash theme={"dark"}
    curl -fsSL https://raw.githubusercontent.com/Enkryptify/cli/refs/heads/main/install.sh | sh
    ```
  </Tab>
</Tabs>

Verify the installation:

```bash theme={"dark"}
ek --version
```

For more detailed installation instructions (Debian, RedHat, Alpine, Arch), see the [Install](/cli/install) page.

### 2. Log in

```bash theme={"dark"}
ek login
```

This opens your browser to authenticate via OAuth. Your credentials are stored securely in your system's keyring.

### 3. Link your project

Navigate to your project's repository and run:

```bash theme={"dark"}
ek setup
```

This walks you through selecting your workspace, project and environment. The configuration is saved locally and tied to the current directory.

### 4. Run your app

```bash theme={"dark"}
ek run -- <your start command>
```

That's it. Enkryptify fetches your secrets and injects them as environment variables into your process.

***

## Usage Examples by Language

Below are examples for running your application with secrets injected. Replace the command after `--` with whatever you normally use to start your app.

<Tabs>
  <Tab title="Node.js">
    ```bash theme={"dark"}
    # npm
    ek run -- npm run dev

    # pnpm
    ek run -- pnpm run dev

    # yarn
    ek run -- yarn dev

    # bun
    ek run -- bun run dev

    # deno
    ek run -- deno run --allow-all main.ts

    # Running a script directly
    ek run -- node server.js
    ```
  </Tab>

  <Tab title="Python">
    ```bash theme={"dark"}
    # Standard
    ek run -- python app.py

    # Flask
    ek run -- flask run

    # Django
    ek run -- python manage.py runserver

    # FastAPI with uvicorn
    ek run -- uvicorn main:app --reload

    # Poetry
    ek run -- poetry run python app.py

    # Using a virtual environment
    ek run -- .venv/bin/python app.py
    ```
  </Tab>

  <Tab title="Go">
    ```bash theme={"dark"}
    # Run directly
    ek run -- go run .

    # Run a compiled binary
    ek run -- ./myapp

    # With air (hot reload)
    ek run -- air
    ```

    Access secrets in your Go code using the standard library:

    ```go theme={"dark"}
    os.Getenv("DATABASE_URL")
    ```
  </Tab>

  <Tab title="Java">
    ```bash theme={"dark"}
    # Maven
    ek run -- mvn spring-boot:run

    # Gradle
    ek run -- ./gradlew bootRun

    # Running a JAR
    ek run -- java -jar target/myapp.jar
    ```

    Access secrets in your Java code:

    ```java theme={"dark"}
    System.getenv("DATABASE_URL");
    ```

    #### Using `application.properties` or `application.yml`

    If your project uses Spring Boot, you may be used to defining secrets in `application.properties` or `application.yml`. You can reference environment variables injected by Enkryptify in these files using Spring's placeholder syntax:

    ```properties title="application.properties" theme={"dark"}
    spring.datasource.url=${DATABASE_URL}
    spring.datasource.username=${DB_USERNAME}
    spring.datasource.password=${DB_PASSWORD}
    ```

    ```yaml title="application.yml" theme={"dark"}
    spring:
      datasource:
        url: ${DATABASE_URL}
        password: ${DB_PASSWORD}
        username: ${DB_USERNAME}
    ```

    This way, your config files contain no actual secrets, just references to environment variables that Enkryptify provides at runtime via `ek run`.

    <Warning>
      We recommend accessing secrets directly via `System.getenv()` when possible. Using placeholder files like `application.properties` adds an extra layer of indirection and makes it harder to track which secrets your app depends on. If you do use them, **never** hardcode secret values in these files.
    </Warning>
  </Tab>

  <Tab title="Ruby">
    ```bash theme={"dark"}
    # Rails
    ek run -- rails server

    # Rack
    ek run -- rackup

    # Running a script
    ek run -- ruby app.rb

    # Bundler
    ek run -- bundle exec ruby app.rb
    ```

    Access secrets in your Ruby code:

    ```ruby theme={"dark"}
    ENV["DATABASE_URL"]
    ```
  </Tab>

  <Tab title="PHP">
    ```bash theme={"dark"}
    # Laravel
    ek run -- php artisan serve

    # Symfony
    ek run -- symfony server:start

    # Built-in server
    ek run -- php -S localhost:8000
    ```

    Access secrets in your PHP code:

    ```php theme={"dark"}
    getenv('DATABASE_URL');
    // or
    $_ENV['DATABASE_URL'];
    ```
  </Tab>

  <Tab title="Rust">
    ```bash theme={"dark"}
    # Cargo
    ek run -- cargo run

    # Running a compiled binary
    ek run -- ./target/release/myapp
    ```

    Access secrets in your Rust code:

    ```rust theme={"dark"}
    std::env::var("DATABASE_URL").unwrap();
    ```
  </Tab>

  <Tab title=".NET">
    ```bash theme={"dark"}
    # .NET CLI
    ek run -- dotnet run

    # Watch mode
    ek run -- dotnet watch run
    ```

    Access secrets in your C# code:

    ```csharp theme={"dark"}
    Environment.GetEnvironmentVariable("DATABASE_URL");
    ```
  </Tab>
</Tabs>

### Overriding the environment

If you need to run against a different environment than your default (e.g. `staging` instead of `development`), use the `-e` flag:

```bash theme={"dark"}
ek run -e staging -- npm run dev
```

***

## IDE Integration

If you don't run your application from the terminal (e.g. you use a built-in run button in your IDE), you can configure your IDE to use the Enkryptify CLI.

### JetBrains (IntelliJ, WebStorm, PyCharm, GoLand, Rider, etc.)

<Steps>
  <Step title="Open Run Configuration">
    Go to **Run > Edit Configurations...** (or click the run configuration dropdown in the toolbar).
  </Step>

  <Step title="Modify the startup command">
    Depending on your project type, update the run configuration to use `ek run`:

    **For interpreted languages** (Node.js, Python, Go, etc.), set the command to:

    * In the **Before launch** section, click **+** and select **Run External Tool**
    * Or alternatively, change the **script/command** field to wrap your existing command with `ek run --`

    **The simplest approach for any language:**

    1. Go to **Run > Edit Configurations...**
    2. Instead of modifying the existing configuration, create a new **Shell Script** run configuration
    3. Set the script to:

    ```bash theme={"dark"}
    ek run -- <your original command>
    ```

    For example:

    ```bash theme={"dark"}
    ek run -- npm run dev
    ek run -- python manage.py runserver
    ek run -- go run .
    ek run -- dotnet run
    ```
  </Step>
</Steps>

### Visual Studio

<Steps>
  <Step title="Use a launch profile with ek run">
    Edit your `launchSettings.json` (found in `Properties/launchSettings.json`):

    ```json theme={"dark"}
    {
      "profiles": {
        "Enkryptify": {
          "commandName": "Executable",
          "executablePath": "ek",
          "commandLineArgs": "run -- dotnet run"
        }
      }
    }
    ```

    Then select the **Enkryptify** profile from the launch dropdown.
  </Step>
</Steps>

### VS Code

If you use VS Code's built-in terminal, `ek run` works out of the box. For the launch configuration, add to `.vscode/launch.json`:

```json theme={"dark"}
{
  "version": "0.2.0",
  "configurations": [
    {
      "name": "Run with Enkryptify",
      "type": "node",
      "request": "launch",
      "runtimeExecutable": "ek",
      "runtimeArgs": ["run", "--"],
      "program": "${workspaceFolder}/src/index.js"
    }
  ]
}
```

***

## Using the Dashboard

Your admin may have given you access to view secrets and/or set personal overrides in the [Enkryptify Dashboard](https://app.enkryptify.com).

### Viewing Secrets

If your workspace admin has enabled secret viewing for your role, you can browse secrets in the dashboard:

1. Log in at [app.enkryptify.com](https://app.enkryptify.com)
2. Select your workspace and project
3. Navigate to the environment you're working in
4. You'll see the list of secrets

<Note>
  If you can't see secret values, your admin has restricted this. Reach out to them if you need access.
</Note>

### Personal Overrides

Personal overrides let you replace a shared secret with your own value, for example, pointing `DATABASE_URL` to your local database instead of the shared development database.

**When would you use this?**

* You're running a local database and need a different connection string
* You need to use your own API key for a third-party service during development
* You want to test with different configuration values without affecting the rest of the team

**How to set a personal override:**

<Tabs>
  <Tab title="Dashboard">
    1. Open the environment in the dashboard
    2. Find the secret you want to override
    3. Click the second input field for that secret (in that environment). The input field is marked with "Personal".
    4. Enter your personal value and save

    Your personal value will be used whenever **you** run `ek run`, while everyone else on the team continues to get the shared value.
  </Tab>

  <Tab title="CLI">
    <Warning>
      The `ek secret` commands are **deprecated** and may be removed in a future release. Prefer setting personal overrides from the dashboard.
    </Warning>

    You can also set a personal override via the CLI:

    ```bash theme={"dark"}
    ek secret update DATABASE_URL --ispersonal
    ```

    This will prompt you for the new value and mark it as a personal override.
  </Tab>
</Tabs>

<Note>
  Personal overrides are only available if your workspace admin has enabled this feature. If you don't see the option, ask your admin.
</Note>

***

## Quick Reference

| Task                                 | Command                                         |
| ------------------------------------ | ----------------------------------------------- |
| Install CLI (macOS)                  | `brew install enkryptify/enkryptify/enkryptify` |
| Log in                               | `ek login`                                      |
| Link project                         | `ek setup`                                      |
| Run with secrets                     | `ek run -- <command>`                           |
| Run against different env            | `ek run -e staging -- <command>`                |
| Run against different project        | `ek run -p backend -e staging -- <command>`     |
| List secrets *(deprecated)*          | `ek secret list`                                |
| Set personal override *(deprecated)* | `ek secret update SECRET_NAME --ispersonal`     |
| Upgrade CLI                          | `ek upgrade`                                    |

## Need Help?

* Check the full [CLI Commands](/cli/commands) reference
* Ask your workspace admin for access or permission changes
* Visit [enkryptify.com](https://enkryptify.com) for more information
