wheels deploy secrets
Manage deployment secrets and sensitive configuration.
Synopsis
Description
The wheels deploy secrets command provides secure management of sensitive data like API keys, database passwords, and other credentials used during deployment. Secrets are encrypted and stored separately from your codebase.
Actions
list
List all secrets for a target
set
Set or update a secret
get
Retrieve a secret value
delete
Remove a secret
sync
Synchronize secrets with target
rotate
Rotate secret values
export
Export secrets to file
import
Import secrets from file
Arguments
action
Action to perform
Yes
name
Secret name
For set/get/delete
value
Secret value
For set action
Options
--target
Deployment target
production
--env-file
Environment file for bulk operations
--format
Output format (table, json, dotenv)
table
--force
Skip confirmation prompts
false
--encrypt
Encryption method (aes256, rsa)
aes256
--key-file
Path to encryption key
.wheels-deploy-key
--help
Show help information
Examples
Set a secret
Set secret interactively (hidden input)
List all secrets
Get a specific secret
Delete a secret
Import from .env file
Export secrets
Rotate database password
Secret Storage
Secrets are stored encrypted in:
Local:
.wheels-deploy-secrets/[target].encRemote: Deployment target's secure storage
Encryption
Secrets are encrypted using:
AES-256 encryption by default
Unique key per environment
Optional RSA public key encryption
Key Management
Encryption keys stored in:
Secret Types
Environment Variables
Standard key-value pairs:
File-based Secrets
Store file contents as secrets:
Multi-line Secrets
Bulk Operations
Import from .env
Export Formats
Table format:
JSON format:
DotEnv format:
Secret Rotation
Rotate secrets with automatic update:
Synchronization
Sync secrets to deployment target:
Access Control
Team Sharing
Share encrypted secrets with team:
Permission Levels
Read: View secret names only
Write: Set/update secrets
Admin: Delete/rotate secrets
Integration
During Deployment
Secrets automatically injected:
In Application
Access secrets via environment:
Security Best Practices
Never commit secrets to version control
Use strong encryption keys
Rotate secrets regularly
Limit access to production secrets
Audit secret usage via logs
Use different secrets per environment
Backup and Recovery
Backup Secrets
Restore Secrets
Troubleshooting
Common Issues
Encryption key not found:
Permission denied:
Check file permissions on key files
Verify user has deployment access
Secret not available during deployment:
Ensure secrets are synced
Check target configuration
Use Cases
Database Credentials: Secure database passwords
API Keys: Third-party service credentials
SSL Certificates: Secure certificate storage
OAuth Secrets: Client secrets for OAuth
Encryption Keys: Application encryption keys
Notes
Secrets are never logged or displayed in plain text
Use environment-specific secrets
Regular rotation improves security
Keep encryption keys secure and backed up
Monitor secret access in production
See Also
Last updated
Was this helpful?