Environments

Create and manage deployment environments for your SecretStash applications.

Environments represent deployment targets for your application, such as local, development, staging, or production. Each environment has its own set of variables and its own unique encryption key, ensuring complete isolation between environments.

Viewing Environments

On the application detail page, environments are displayed as vertical tabs on the left side. Click on any environment tab to view its variables and management options.

Each environment tab shows:

Environment name
Environment type (local, development, production, or testing)

Creating an Environment

Open the create dialog

Click the New Environment button below the environment tabs on the application detail page.

Fill in the details

Provide the following:

Name — a descriptive name (e.g., "Staging", "QA").
Slug — a URL-friendly identifier (e.g., staging). This must match the APP_ENV value used in your deployment.
Type — select one of: local, development, production, or testing.

If you select the Testing type, the environment is intended for CI/CD purposes only. Variables in a Testing environment can only be managed within the SecretStash web application — the CLI cannot push variables to it.

Submit

Click Create to add the environment. It will appear as a new tab in the environment list.

When a new environment is created, a unique Data Encryption Key (DEK) is automatically generated client-side and stored securely via the envelope encryption system. This ensures your variables are encrypted from the start.

Editing an Environment

Click the Edit button next to the environment name to update its name, slug, or type.

Deleting an Environment

Click the Delete button to remove an environment and all of its variables.

Each application must have at least one environment. If only one environment remains, the Delete button will be disabled. Create another environment before deleting the last one.

Testing Environments

The Testing environment type is designed for CI/CD pipelines and automated testing workflows. It has the following restrictions:

Testing environments are read-only via the CLI. The CLI can pull and read variables from a Testing environment, but all push (write) operations are blocked. Variables must be created and managed exclusively through the SecretStash web application.

This restriction ensures that CI/CD secrets remain under centralized control and cannot be accidentally overwritten by automated processes or team members using the CLI.

Next Steps

Add and manage Variables within your environments.
Learn about the security model behind environment-specific encryption.

Applications

Create and manage applications in SecretStash to organize your environment variables by project.

Variables

Add, edit, delete, and import environment variables in SecretStash with client-side encryption.

On This Page

Viewing Environments
Creating an Environment
Editing an Environment
Deleting an Environment
Testing Environments
Next Steps

Star the CLI on GitHub Report an issue