Manage Secrets and Files

Keystone can handle secrets and files. Secrets are key-value pairs meant to be used as environment variables. Files are things like certificates, configuration files (e.g.: wp-config.php), credential files, etc.

Add secrets and files

You can add a secret, or file, to all environments with ks secret add and ks file add:

ks secret add API_KEY a-default-secret-value
ks file add ./a-secret-file.conf.js

For the API_KEY secret, it will prompt the secret value for dev, staging and prod environments, one after the other, using a-default-secret-value as default.
For the ./a-secret-file.conf.js, it will open your default editor (using $EDITOR) to set the file content for each enviroment, one after the other.

List secrets and managed files

ks secret
ks file

Required secrets and files

Required secrets and files cannot be set to empty values or removed. If you setup a CI integration, empty or missing secrets/files will cause your pipelines to fail.


For an exhaustive list of commands regarding secrets and files, see:

Edit this page on GitHub