Table of Contents
- Prerequisites
- Navigate to your App's Directory
- Obtain the encryption key
- Fetch Secrets for the App
- Verify the Pulled Secrets
Prerequisites
Before pulling down secrets, ensure you have:
- You have installed the Hyphen CLI (see installation guide).
- Signed in to your Hyphen account via the CLI with the
hx authcommand - You have access to an existing project that contains the app secrets in your Hyphen organization
Navigate to your App's Directory
First, navigate to the directory where your app’s source code is located:
cd path/to/your/app
This is where the secrets will be synced and stored.
Obtain the encryption key
The encryption key is stored in a .hxkey file, but Hyphen never has access to this key, and is why we never see your secrets. Once you obtained the encryption key via a secure channel, place in the app's root diretory.
Fetch Secrets for the App
hx pull
The pull command retrieves environment variables from Hyphen and decrypts them into local .env files.
You can also pull a specific environment by name:
hx pull production
Verify the Pulled Secrets
Once the command has completed, the secrets will be available in the corresponding .env files in your app’s directory. The following files may be updated based on your environment.
You can open and inspect these files to verify that the secrets have been pulled correctly.
If you edit an of the .env files, the next time you push, a new version for that environment(s) will be added to the version history.