Andasy Secret Commands
Learn how to manage sensitive secrets for your app.
Overview
The secret commands in Andasy CLI are designed to manage sensitive environment variables and secrets for applications deployed on the Andasy platform. These commands provide a secure way to handle sensitive data that shouldn't be committed directly in your public configuration files.
Command Syntax
andasy secret [command]
Aliases
The secret command can be invoked using any of the following aliases:
secretenvsecretssec
Available Commands
Secret List
The list command displays all secrets stored for a specified application.
Usage
andasy secret list -a <app-name> [flags]
Aliases
listls
Flags
| Flag | Short Form | Description | Required |
|---|---|---|---|
--app | -a | The target Andasy application name | No |
--config | -c | Path to application configuration file | No |
--help | -h | Display help information for the list command | No |
--json | -j | Output results in JSON format | No |
Example
# List all secrets for an app
andasy secret list
Secret Set
The set command creates or updates secrets for a specified application.
Usage
andasy secret set [flags] NAME=VALUE NAME=VALUE... -a <app-name>
Flags
| Flag | Short Form | Description | Required |
|---|---|---|---|
--app | -a | The target Andasy application name | No |
--config | -c | Path to application configuration file | No |
--help | -h | Display help information for the set command | No |
--json | -j | Output results in JSON format | No |
Examples
# Set a single secret for an app
andasy secret set API_KEY=abc123xyz
# Set multiple secrets at once
andasy secret set DB_USER=admin DB_PASSWORD=secure123 API_KEY=xyz987abc
# Set secrets using a specific config file
andasy secret set STRIPE_KEY=sk_test_123456 -a my-web-api -c ./config/andasy.hcl
Global Flags
The following flags are available across all andasy secret commands:
| Flag | Short Form | Description |
|---|---|---|
--verbose | -v | Enable verbose output for detailed logging |
--json | -j | Output results in JSON format |
Security Best Practices
When working with the andasy secret commands, consider these security recommendations:
-
Never store secrets in version control: Use the
andasy secretcommands instead of hardcoding secrets in yourandasy.hclfiles. -
Limit access to secret management: Only authorized team members should have permission to view or modify secrets.
-
Rotate secrets regularly: Update sensitive credentials periodically using the
setcommand. -
Use different secrets across environments: Maintain separate secrets for development, staging, and production environments.
Integration with Application Configuration
Secrets managed via the andasy secret commands can be referenced in your andasy.hcl configuration file without exposing their values:
app_name = "my-web-api"
app {
env = {} # You don't need to include secrets here
# Other configuration...
}
The secrets set using the CLI will be automatically injected into your application's environment at runtime.
Common Use Cases
CI/CD Integration
In automated deployment pipelines, you can use the andasy secret set command to dynamically update secrets:
# In a CI/CD pipeline script
andasy secret set VERSION=$BUILD_VERSION DEPLOY_TIME=$(date) -a my-web-api
Database Credentials Management
Store database connection details securely:
andasy secret set \
DB_HOST=postgres.example.com \
DB_PORT=5432 \
DB_USER=app_user \
DB_PASSWORD=highly_secure_password \
-a my-web-api
API Keys Rotation
When rotating API keys, you can easily update them:
# Update an API key
andasy secret set API_KEY=new_key_value -a my-web-api
Troubleshooting
| Issue | Solution |
|---|---|
| Command fails with "App not found" | Verify the app name with andasy apps list |
| Unable to set secrets | Ensure you have proper permissions for the application |
| Secrets not available in app | Check that the app is redeployed after setting new secrets |
Further Resources
- Use
andasy secret [command] --helpfor detailed information about specific commands - Refer to the Andasy documentation for more details about secret management and best practices