Secrets
Command to interact with secrets
The secrets root command allows you to easily manage secrets in your environments.
stashbse secrets <COMMAND> (-p <PROJECT> -e <ENVIRONMENT> | --scope=environment) [OPTIONS]List
Use this command to list secrets in a selected project and environment.
stashbase secrets list [OPTIONS]Options
Prop
Type
Examples
stashbase secrets list -p my-project -e api-dev
# return with values
stashbase secrets -p my-project -e api-dev --include-values
# example with scope=environment (environment-scoped API Key required)
stashbase secrets list --scope=environmentGet
Use this command to get one or more secrets from selected project and environment.
environments get <NAMES> [OPTIONS]Options
Prop
Type
Examples
stashbase secrets get DB_URL JWT_KEY -p my-project -e my_env
# format output as table
stashbase secrets get DB_URL JWT_KEY -f table -p my-project -e my_envMetadata
Use metadata commands to read operational metadata for secrets without returning raw secret values.
stashbase secrets metadata <COMMAND> [OPTIONS]List metadata
List metadata for all visible secrets in the selected environment.
stashbase secrets metadata list [OPTIONS]Options
Prop
Type
Examples
# list metadata for all secrets
stashbase secrets metadata list -p my-project -e api-dev
# list metadata for one secret only
stashbase secrets metadata list -p my-project -e api-dev --secret JWT_KEY
# use environment-scoped API key context
stashbase secrets metadata list --scope=environmentGet metadata
Get metadata for one secret by name.
stashbase secrets metadata get <NAME> [OPTIONS]Options
Prop
Type
Examples
stashbase secrets metadata get JWT_KEY -p my-project -e api-dev
# output as JSON
stashbase secrets metadata get JWT_KEY -p my-project -e api-dev -f json
# use environment-scoped API key context
stashbase secrets metadata get JWT_KEY --scope=environmentUpsert
Use this command to create or update secrets. Argument SECRETS can be one or more secrets in this format NAME=VALUE. Alias for this command is set. If a secret already exists, it will be updated with the new value. If it does not exist, it will be created.
stashbase secrets <SECRETS> [OPTIONS]Options
Prop
Type
Examples
stashbase secrets set JWT_KEY=123 PORT=127.0.0.1 \
-p my-project -e frontend-dev
# with comment
stashbase secrets set JWT_KEY=123 PORT=127.0.0.1 \
-c JWT_KEY="Used for JWT tokens" \
-c PORT="Used for server port" \
-p my-project -e frontend-devMultiline secrets
You can use the cat or bat command to read the content of the file and pass it as part of the command argument.
This approach ensures that the entire content, including line breaks, is properly handled.
# content from file 'private_key.pem' as secret value
stashbase secrets set PRIVATE_KEY="$(cat private_key.pem)" \
-p my-project -e api-devCreate
Use this command to create a new secrets. It will create secrets that are not present in the environment yet. Existing secrets will not be overwritten (use set command to upsert secrets if needed).
stashbase secrets create <SECRETS> [OPTIONS]Options
Prop
Type
Examples
stashbase secrets create JWT_KEY=123 PORT=127.0.0.1 \
-p my-project -e frontend-dev
# with comments
stashbase secrets create JWT_KEY=123 PORT=127.0.0.1 \
-c JWT_KEY="Used for JWT token authentication" \
-c PORT="API server port" \
-p my-project -e frontend-devUpdate
Use this command to update existing secrets. It will update specified secrets that are present in the environment. You can use this command to update secret values, names or comments.
stashbase secrets update [OPTIONS]Options
This command requires at least one of the following options to be provided: -n/--names, -v/--values, -c/--comments.
Prop
Type
Examples
stashbase secrets update -p my-project -e api-dev \
-n JWT_KEY=JWT_SECRET_KEY \
-v JWT_KEY="eyJjbGllbnRfaWQiOiJZekV6TUdk..."
# update comment
stashbase secrets update -p my-project -e api-dev \
-c JWT_KEY="Used for JWT token authentication" \
-c PORT="API server port"
# update names
stashbase secrets update -p my-project -e api-dev \
-n DB_URL=DATABASE_URL \
-n DB_USER=DATABASE_USERUpload
Use this command to upload secrets from your local dotev, YAML or JSON file to Stashbase.
stashbase secrets upload <FILE_PATH> [OPTIONS]Options
Prop
Type
Examples
stashbase secrets upload .local.env -p my-project -e api-localDelete
Use this command to delete one or more secrets from. Argument NAMES can be one or more secrets separated by space.
stashbase secrets <NAMES> [OPTIONS]Options
Prop
Type
Examples
stashbase secrets delete JWT_KEY -p my-project -e api-prod
# delete all
stashbase secrets delete --all -p my-project -e api-prodSearch
Use this command to search for secrets in selected projects or in the whole workspace. Searching for secrets works only for exact matches.
stashbase secrets search [OPTIONS]Options
Prop
Type
Examples
# search project secret by name
stashbase secrets search -p my-project --name JWT_KEY
# search project secret by value
stashbase secrets search -p my-project --value 123Diff
Compare (get the diff between) local secrets file and remote environment secrets (stored in Stashbase).
stashbase secrets diff <FILE_PATH> [OPTIONS]Options
Prop
Type
Examples
stashbase secrets diff .env -p project -e api-dev
# show comparison with values
stashbase secrets diff .env -p project -e api-dev --include-values
# show comparison with json output
stashbase secrets diff .env -p project -e api-dev --json