For the Onboardbase CLI to access secrets for your projects, it needs an access token.
Onboardbase considers how you work as a team to make sure you are secure and in sync every time across all stages of development.
The Onboardbase way
- Upload .env into Onboardbase
- Remove .env file
For our CLI to access secrets for your projects, it needs an access token. We do this by authentication with the command below, which will open a browser window and ask you to authenticate.
Enter Y to open the URL in a new browser. If you use the N option, a webpage URL will be logged in your terminal, copy the link, and open it in a browser to complete the login and authentication process.
This only needs to happen once per organization. You can scope each login to a separate directory if you have multiple organizations.
Congrats on installing and authenticating 🎉.
Let's configure it for use with a project in your development environment.
In Onboardbase, access to a project's secrets is scoped to a specific directory in your file system. This lets you fetch secrets for multiple projects and organizations on a single machine.
Three ways to do this
- Setup command
- Onboardbase file
- Start script
For each project, do this at the repository root level.
# Change to your project's directory cd ./your/project/directory # Run the below command to select the organization, project, and environment onboardbase setup # After the process, an onboardbase.yml file would be generated that looks like below: setup: project: projectname environment: environmentname # Then run a build with: onboardbase run --command="your project start command" # The build command creates a virtualized environment with the host variables and secrets from onboardbase.
# Create a .onboardbase file and copy this basic config setup: project: projectname environment: environmentname # Then run a build with: onboardbase run --command="your project start command"
# Onboardbase can inject your secrets into a registered command on your machine. # For example, in a REACT or Vue project, the Onboardbase CLI can inject your secrets into your start command, and process.env.ENV_NAME would be populated in your project. onboardbase run --command="your project start command" -p [PROJECT_NAME] -e [ENVIRONMENT_NAME=development]
The Onboardbase setup adds your
.onboardbase.ymlfile to your project's .gitignore file
Because Onboardbase injects secrets as environment variables, it works for any language, framework, platform, and cloud provider.
const secret = process.env["SECRET_NAME"]
$secret = get_env("SECRET_NAME") // laravel $secret = env("SECRET_NAME")
secret = os.getenv("SECRET_NAME")
secret = System.getenv("SECRET_NAME")
secret := os.Getenv("SECRET_NAME")
Upload .env into Onboardbase
Onboardbase provides you a way to upload your secrets directly from your env file into your project on Onboardbase.
Your env values is expected be in this format
Remove .env file
Now that Onboardbase is injecting secrets as environment variables, it's best to remove all application code relying on
.env files and
.env files that may still exist locally.
This instantly improves security by removing the storage of unencrypted secrets from your file system and avoiding potential confusion around the source of truth for the loading of environment variables.
Now you are ready to get a little more advanced for your workflow 🔥
Updated 2 months ago