2. Basic Setup

For the Onboardbase CLI to access secrets for your projects, it needs an access token.

Onboardbase considers how you work as a team to make sure you are secure and in sync every time across all stages of development.

1. Login via CLI

For our CLI to access secrets for your projects, it needs an access token. We do this by authentication with the command below, which will open a browser window and ask you to authenticate.

onboardbase login

Enter Y to open the URL in a new browser. If you use the N option, a webpage URL will be logged in your terminal, copy the link, and open it in a browser to complete the login and authentication process.

This only needs to happen once per organization. You can scope each login to a separate directory if you have multiple organizations.

2. Setup the Project

Congrats on installing and authenticating πŸŽ‰.

Let's configure it for use with a project in your development environment.

In Onboardbase, access to a project's secrets is scoped to a specific directory in your file system. This lets you fetch secrets for multiple projects and organizations on a single machine.

In your project directory, run the setup command to let Onboardbase guide you:

onboardbase setup

An onboardbase.yml file is generated containing your secretops configuration:

  project: my-project
  environment: development
  start_script: npm run dev

You can then simply use the run command to start your project. It creates a virtualized environment with the host variables and secrets from onboardbase.

onboardbase run

You can also use optional parameters to override the configuration in the onboardbase.yml file and run any script:

onboardbase run -p my-project -e development -c "npm run dev"
onboardbase run -p my-project -e development -c "python manage.py runserver"
onboardbase run -p my-project -e development -c "php artisan serve"
onboardbase run -p my-project -e development -c "go run main.go"
onboardbase run -p my-project -e development -c "mvn spring-boot:run"
onboardbase run -p my-project -e development -c "rails server"

Because the -c argument accepts any bash command, you can use Onboardbase in any programming language or framework.


The Onboardbase setup adds your .onboardbase.yml file to your project's .gitignore file

Because Onboardbase injects secrets as environment variables, it works for any language, framework, platform, and cloud provider.

const secret = process.env["SECRET_NAME"]
$secret = get_env("SECRET_NAME")

// laravel
$secret = env("SECRET_NAME")
secret = os.getenv("SECRET_NAME")
secret = System.getenv("SECRET_NAME")
secret := os.Getenv("SECRET_NAME")

3. Upload .env into Onboardbase

Onboardbase provides you a way to upload your secrets directly from your env file into your project on Onboardbase.


Your env values are expected in a YAML format like KEY=MY_KEY

4. Remove .env file

Now that Onboardbase is injecting secrets as environment variables, you can remove your .env files to prevent security leaks:

  • It instantly improves security by removing the storage of unencrypted secrets from your file system.
  • It avoids potential confusion around the source of truth for the loading of environment variables.

What’s Next

Learn more about Onboardbase basics: