Netlify
Connect an Envshed project to a Netlify site and let every build pull fresh secrets from Envshed — no manual edits in the Netlify environment-variable UI, no copy-paste between staging and production.
The Netlify build plugin (@envshed/netlify-plugin-envshed) ships in Q4 2026. Until then, the workaround gets you the same behavior with one extra build command.
How it will work
- Install the build plugin — add
@envshed/netlify-plugin-envshedto yournetlify.tomland the build runner injects secrets intoprocess.envbefore your build command runs. - Map deploy contexts — link Netlify's
production,deploy-preview, andbranch-deploycontexts to specific Envshed environments. - Branch-aware — pulls preview secrets for PR previews and production secrets for the live site, with no
ifblocks in your build script. - One token, one env var — set
ENVSHED_TOKENonce in the Netlify UI; everything else lives in Envshed.
Workaround today
Wrap the Netlify build command with envshed run and add a single token. In netlify.toml:
[build]
command = "envshed run -e production -- npm run build"
publish = "dist"
[context.deploy-preview]
command = "envshed run -e preview -- npm run build"
[context.branch-deploy]
command = "envshed run -e staging -- npm run build"
Then in the Netlify dashboard, add one environment variable:
ENVSHED_TOKEN— a service token with read access to every environment you reference above.
The CLI installs from npm automatically because Netlify already runs npm ci before the build command. If you use pnpm, add pnpm add -g envshed to the build command instead.
Want this sooner?
The Netlify plugin lands after the Vercel integration in the public roadmap. If Netlify is the integration that would unblock your team, email hello@envshed.com with a one-liner about your build setup — it helps us pick which framework cases to test first.
Related
- Vercel — same pattern, different host
- GitHub Actions — for builds that run before the Netlify deploy
envshed run- Public roadmap