envshed run
Run a command with secrets injected as environment variables.
Usage
envshed run [-o <org>] [-p <project>] [-e <env>] -- <command...>
Options
| Flag | Description | Default |
|---|---|---|
-o, --org <slug> | Organization slug | From config |
-p, --project <slug> | Project slug | From config |
-e, --env <slug> | Environment slug | From config |
Arguments
| Argument | Description |
|---|---|
command... | The command to run (everything after --) |
How it works
- Fetches secrets from the API
- Merges them into the current environment variables (secrets override existing vars)
- Spawns the command as a child process
- Exits with the same exit code as the child process
No .env file is written to disk — secrets exist only in the process environment.
Examples
# Run a Node.js app with secrets
envshed run -- npm start
# Run a one-off script
envshed run -- node scripts/migrate.js
# Run with a specific environment
envshed run -e production -- npm run seed
# Run any command
envshed run -- docker compose up