envshed pull

Pull secrets from Envshed and write them to a local file.

Usage

envshed pull [-o <org>] [-p <project>] [-e <env>] [-f <path>] [--stdout] [--force] [--format <format>]

Options

Flag	Description	Default
`-o, --org <slug>`	Organization slug	From config
`-p, --project <slug>`	Project slug	From config
`-e, --env <slug>`	Environment slug	From config
`-f, --file <path>`	Output file path	`.env`
`--stdout`	Print to stdout instead of writing a file
`--force`	Overwrite without checking for changes
`--format <format>`	Output format: `env` or `json`	`env`

Safe pull

By default, the CLI compares incoming secrets with the existing file and aborts if any values would be modified or deleted:

Pull aborted. The following changes were detected:

  ~ DATABASE_URL (modified)
  - OLD_SECRET (deleted)

Run with --force to overwrite.

Use --force to skip this check.

Placeholder warnings

If any secrets are marked as placeholders and you haven't set a personal override, the CLI shows a warning with clickable links to set your override in the dashboard:

  2 placeholders without personal override:

  ! GITHUB_TOKEN  Set override
  ! AWS_SECRET_KEY  Set override

Clicking the link opens the project page with the override modal ready for that secret.

Examples

# Pull to .env (default)
envshed pull

# Pull to a specific file
envshed pull -f .env.local

# Print to stdout (useful for piping)
envshed pull --stdout

# Pull as JSON
envshed pull --format json

# Force overwrite
envshed pull --force

# Pull from a specific environment
envshed pull -e production

Usage​

Options​

Safe pull​

Placeholder warnings​

Examples​

Usage

Options

Safe pull

Placeholder warnings

Examples