dniccum / secret-stash-cli
A PHP-based Composer package to interact with the SecretStash environment variable service.
Maintainers
Fund package maintenance!
Requires
- php: ^8.2
- endroid/qr-code: ^5.0.9
- guzzlehttp/guzzle: ^7.10
- illuminate/collections: ^11.0|^12.0|^13.0
- illuminate/console: ^11.0|^12.0|^13.0
- illuminate/contracts: ^11.0|^12.0|^13.0
- illuminate/http: ^11.0|^12.0|^13.0
- illuminate/support: ^11.0|^12.0|^13.0
- laravel/prompts: ^0.3.0
- nesbot/carbon: ^3.11
- spatie/laravel-package-tools: ^1.16
Requires (Dev)
- larastan/larastan: ^3.0
- laravel/boost: ^2.0
- laravel/pint: ^1.14
- nunomaduro/collision: ^8.8
- orchestra/testbench: ^9.0.0|^10.0.0|^11.0.0
- pestphp/pest: ^4.0
- pestphp/pest-plugin-arch: ^4.0
- pestphp/pest-plugin-laravel: ^4.0
- phpstan/extension-installer: ^1.4
- phpstan/phpstan-deprecation-rules: ^2.0
- phpstan/phpstan-phpunit: ^2.0
- spatie/laravel-ray: ^1.35
README
SecretStash CLI (PHP / Laravel)
Stop sharing
.envfiles in Slack.
The SecretStash CLI lets you securely sync environment variables across your team, applications, and environmentsβdirectly from your Laravel or PHP project.
Built for developers who want a simple, secure way to manage secrets without breaking their workflow.
Requirements
- PHP 8.2 or higher
- Laravel 11 or higher
- A SecretStash API Key
π Why SecretStash?
If youβve ever:
- Shared
.envfiles over Slack, email, or Notion - Accidentally committed secrets to Git
- Struggled keeping dev/staging/prod configs in sync
- Spent too long onboarding teammates with environment setup
π SecretStash fixes this in minutes.
β‘ Quick Start (2 Minutes)
1. Install
composer require dniccum/secret-stash-cli
2. Authenticate
php artisan secret-stash:login
3. Pull your environment variables
php artisan secret-stash:pull
β
Your .env file is now synced and secure.
π Use with SecretStash Cloud
The CLI is designed to work with SecretStash Cloud:
π https://secretstash.cloud
With the cloud platform, you can:
- Manage applications and environments in one place
- Share secrets securely across your team
- Sync configs across multiple machines instantly
- Avoid ever exposing sensitive values
Start free β no credit card required.
π Secure by Design
SecretStash uses zero-knowledge encryption:
- Secrets are encrypted locally before being sent
- Your encryption keys never leave your machine
- SecretStash servers never see your raw values
Only you and your team can decrypt your secrets.
βοΈ How It Works
- Store your environment variables in SecretStash Cloud
- Encrypt values locally before transmission
- Use the CLI to sync
.envfiles across environments
This ensures a secure, consistent workflow from local development to production.
π‘ Common Use Cases
π₯ Team Collaboration
Keep your entire team in sync without sharing sensitive files manually.
π Environment Management
Manage separate configs for local, staging, and production.
π Laravel Development
Plug directly into your Laravel workflow via Artisan commands.
π CI/CD Pipelines
Securely pull environment variables during deployment.
π¦ Available Commands
php artisan secret-stash:login # Authenticate with SecretStash php artisan secret-stash:pull # Pull environment variables php artisan secret-stash:push # Push local changes
π§ͺ Import Existing Projects
Already have a .env file?
You can import your existing variables into SecretStash and start syncing immediately.
π Why Not Just Use .env Files?
.env files alone:
- β Hard to share securely
- β Easy to leak
- β Not synced across teams
- β No access control
SecretStash:
- β Secure sharing
- β Encrypted end-to-end
- β Built for teams
- β CLI-native workflow
π Documentation
Full documentation available at:
π https://docs.secretstash.cloud
β€οΈ Ready to stop leaking secrets?
Start using SecretStash today:
π https://secretstash.cloud
Testing
composer test
or:
./vendor/bin/pest
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Credits
License
The MIT License (MIT). Please see License File for more information.