Skip to main content
This guide covers migrating secrets from common sources into Enkryptify.

Migration checklist

Regardless of where you’re migrating from, follow these steps:
1

Inventory your secrets

List all secrets across your environments. Identify which are still in use, which are duplicated and which can be retired.
2

Set up your Enkryptify workspace

Create your workspace, teams, projects and environments to match your current structure. See Quickstart.
3

Add secrets

Add secrets through the dashboard or CLI. Start with a non-production environment to verify the process.
4

Secrets injection

Replace existing secret injection with the Enkryptify CLI and set up syncs to your providers.
5

Decommission old sources

Once everything runs on Enkryptify, remove secrets from your old tool and revoke any unused credentials.

From .env files

If your team shares .env files (via Slack, email, or a shared drive), you can add each key-value pair to Enkryptify (via our import via .env feature) through the dashboard or with the CLI: After migrating, remove .env files from your workflow and use ek run instead: 
# Before
npm run start

# After
ek run -- npm run start
Do not remove .env from your .gitignore file to prevent accidental commits.

From cloud provider secret managers

If you’re using AWS Secrets Manager, GCP Secret Manager or similar:
  1. Export the current secret values
  2. Add them to Enkryptify
  3. Set up a sync back to the same provider if you still need secrets there
  4. Use Enkryptify as the single source of truth going forward
This gives you centralized management while keeping secrets available in your cloud provider.