CLI Commands

Keep provides a comprehensive set of command-line tools for managing secrets. Each command is designed for both direct use and CI/CD automation.

Command Guides

Creating & Viewing Secrets

Set, get, list, and delete secrets across environments.

Cross-Environment Operations

Copy secrets between stages, import from .env files, and compare environments.

Exporting to .env

Generate plaintext .env files for traditional deployments.

Core Concepts

Stages organize secrets by environment:

local - Local development environment
staging - Pre-production testing
production - Live environment

Vaults provide the storage backend:

AWS SSM - Parameter Store for simple key-value storage
AWS Secrets Manager - Advanced features with rotation support

Context syntax for cross-vault operations:

bash

# Default vault
keep list --stage=production

# Explicit vault
keep list --stage=production --vault=ssm

# Vault:stage syntax
keep copy DB_PASSWORD --from=secretsmanager:local --to=ssm:production

Common Workflows

Local → Production:

Set secrets in local environment
Test with exported .env files
Copy to staging for testing
Promote to production

Team Collaboration:

Share vault configurations via .keep/ directory
Use consistent naming conventions
Control production access with IAM policies

Getting Help

bash

keep [command] --help

CLI Commands ​

Command Guides ​

Creating & Viewing Secrets ​

Cross-Environment Operations ​

Exporting to .env ​

Core Concepts ​

Common Workflows ​

Getting Help ​