Setup

For the Onboardbase CLI to access secrets for your projects, it needs an access token.

Onboardbase considers how you work as a team to make sure you are secure and in sync every time across all stages of development.

The Onboardbase way

  • Authentication
  • Project
  • Usage
  • Upload .env into Onboardbase
  • Remove .env file

Authentication

For our CLI to access secrets for your projects, it needs an access token. We do this by authentication with the command below, which will open a browser window and ask you to authenticate.

onboardbase login

Enter Y to open the URL in a new browser. If you use the N option, a webpage URL will be logged in your terminal, copy the link, and open it in a browser to complete the login and authentication process.

This only needs to happen once per organization. You can scope each login to a separate directory if you have multiple organizations.

Project

Congrats on installing and authenticating 🎉.

Let's configure it for use with a project in your development environment.

In Onboardbase, access to a project's secrets is scoped to a specific directory in your file system. This lets you fetch secrets for multiple projects and organizations on a single machine.

Three ways to do this

  • Setup command
  • Onboardbase file
  • Start script

For each project, do this at the repository root level.

# Change to your project's directory
cd ./your/project/directory


# Run the below command to select the organization, project, and environment
onboardbase setup


# After the process, an onboardbase.yml file would be generated that looks like below:
setup:
  project: projectname
  environment: environmentname
  

# Then run a build with:
onboardbase run --command="your project start command"
# The build command creates a virtualized environment with the host variables and secrets from onboardbase.
# Create a .onboardbase file and copy this basic config
setup:
  project: projectname
  environment: environmentname
  

# Then run a build with:
onboardbase run --command="your project start command"
# Onboardbase can inject your secrets into a registered command on your machine.

# For example, in a REACT or Vue project, the Onboardbase CLI can inject your secrets into your start command, and process.env.ENV_NAME would be populated in your project.
onboardbase run --command="your project start command" -p [PROJECT_NAME] -e [ENVIRONMENT_NAME=development]

📘

The Onboardbase setup adds your .onboardbase.yml file to your project's .gitignore file

Because Onboardbase injects secrets as environment variables, it works for any language, framework, platform, and cloud provider.

const secret = process.env["SECRET_NAME"]
$secret = get_env("SECRET_NAME")

// laravel
$secret = env("SECRET_NAME")
secret = os.getenv("SECRET_NAME")
secret = System.getenv("SECRET_NAME")
secret := os.Getenv("SECRET_NAME")

--start-script flag

Running onboardbase setup with the --start-script will add the value of the --start-script command into the Onboardbase config file, this allows you to run onboardbase run subsequently without having to provide a start command:

onboardbase setup --start-script "yarn start"

Then you can execute onboardbase run and Onboardbase will start your application with the start script that has be set.

If you don't provide the --start-script flag, onboardbase setup will optionally ask for a start script while executing onboardbase setup.

Upload .env into Onboardbase

Onboardbase provides you a way to upload your secrets directly from your env file into your project on Onboardbase.

📘

Your env values is expected be in this format KEY=MY_KEY

Remove .env file

Now that Onboardbase is injecting secrets as environment variables, it's best to remove all application code relying on .env files and .env files that may still exist locally.

This instantly improves security by removing the storage of unencrypted secrets from your file system and avoiding potential confusion around the source of truth for the loading of environment variables.

Now you are ready to get a little more advanced for your workflow 🔥