Installation

Install the SecretStash CLI package for secure variable management in Laravel or any PHP application.

The SecretStash CLI works with any PHP project. Choose the installation path that matches your framework:

Laravel: Install as an Artisan package with full service-provider integration.
Standalone (any PHP project): Install via Composer and use the vendor/bin/secret-stash binary.

Requirements

PHP 8.2+
Composer
A SecretStash API token and Application ID

Laravel users also need Laravel 11+. The CLI integrates as a first-party Artisan package using spatie/laravel-package-tools.

Laravel Installation

Install the CLI package

Install the Composer package in your Laravel app:

composer require dniccum/secret-stash-cli

Run the installer. It will optionally publish a config file and generate an encryption key stored locally for securing your variables.

php artisan secret-stash:install

This package creates a ~/.secret-stash directory on your machine. Ensure this folder is secure as it contains the keys required to decrypt your environment variables. You can override this directory by setting the SECRET_STASH_KEY_DIR environment variable.

Configure environment variables

Add the following to your app's .env:

SECRET_STASH_API_TOKEN=your_token_here
SECRET_STASH_APPLICATION_ID=your_application_id_here

Create an API token in SecretStash (Profile → Tokens).
Create or select an Application in SecretStash and copy its ID.

The SecretStash CLI requires both the API token and Application ID to be present to work. Failure to set them will throw an error.

Optional: Publish config

If you want to customize behavior, publish the config file:

php artisan vendor:publish --tag=secret-stash-config

This creates config/secret-stash.php where you can set ignored variables, override the API URL, and more. See Configuration for details.

Standalone Installation (Non-Laravel)

Install the CLI package

Install the Composer package in your PHP project:

composer require dniccum/secret-stash-cli

Run the installer using the standalone binary:

vendor/bin/secret-stash secret-stash:install

This creates a ~/.secret-stash directory on your machine. Ensure this folder is secure as it contains the keys required to decrypt your environment variables. You can override this directory by setting the SECRET_STASH_KEY_DIR environment variable.

Configure environment variables

Add the following to your project's .env file:

SECRET_STASH_API_TOKEN=your_token_here
SECRET_STASH_APPLICATION_ID=your_application_id_here

Create an API token in SecretStash (Profile → Tokens).
Create or select an Application in SecretStash and copy its ID.

The SecretStash CLI requires both the API token and Application ID to be present to work. Failure to set them will throw an error.

In standalone mode, the CLI reads configuration from system environment variables first, then falls back to your .env file. There is no config file to publish — all settings are managed via environment variables. See Configuration for details.

Next steps

Use the CLI to pull/push variables between SecretStash and your .env.
Explore all commands in the CLI reference.
Learn more about the available configuration.

CLI source code: https://github.com/dniccum/secret-stash-cli

Overview

SecretStash is a centralized environment variable management service designed for modern development teams and PHP applications.

Available commands

The SecretStash CLI provides a series of commands to securely create and manage environment variables across multiple applications.

On This Page

Requirements
Laravel Installation
Standalone Installation (Non-Laravel)
- Install the CLI package
- Configure environment variables
Next steps

Star the CLI on GitHub Report an issue