fyvault init

Quick start

cd your-project
fyvault init

This walks you through an interactive setup that:

• Scans for .env, .env.local, .env.production, etc.
• Auto-detects environments from file suffixes (development, staging, production)
• Uploads secrets to FyVault (encrypted)
• Generates a .env.fyvault manifest

The manifest file

.env.fyvault maps local env var names to FyVault secret references:

# .env.fyvault — commit this to your repo
DATABASE_URL=fyvault://secrets/DATABASE_URL
STRIPE_SECRET_KEY=fyvault://secrets/STRIPE_SECRET_KEY
OPENAI_API_KEY=fyvault://secrets/OPENAI_API_KEY

Pull secrets locally

# Pull secrets into a .env file for local development
fyvault pull --env development

# Pull for a specific environment
fyvault pull --env staging --output .env.staging

Run with injected secrets

# Inject secrets as env vars and run your command
fyvault run -- npm start

# With a specific environment
fyvault run --env production -- node server.js

fyvault run reads the manifest, fetches secrets, injects them as environment variables, and executes your command. Secrets never touch disk.

Non-interactive mode

fyvault init --yes --env production --scan .env.production

See also: Git Hooks, FyVault.auto(), Quick Start