Skip to content

Environments

Environments let you store different values for the same secret name across deployment stages. Every vault starts with a default development environment.

Terminal window
passbox environment list [options]
OptionDescription
--vault <name>Vault name or ID
Terminal window
passbox environment list --vault my-app
# development (default)
# staging
# production
Terminal window
passbox environment create <name> [options]
OptionDescription
--vault <name>Vault name or ID
--description <text>Optional description
Terminal window
passbox environment create staging --vault my-app --description "Staging environment"
Terminal window
passbox environment delete <name> [options]

Requires admin or owner role. Deleting an environment also deletes all secrets in that environment.

OptionDescription
--vault <name>Vault name or ID
Terminal window
passbox environment clone <target> --from <source> [options]

Copies all secrets from one environment to another. Useful for initializing a new environment with existing config.

OptionDescription
--from <name>Source environment to clone from
--vault <name>Vault name or ID
Terminal window
# Create production environment with staging's secrets
passbox environment create production --vault my-app
passbox environment clone production --from staging --vault my-app

Most secret commands accept --env to target a specific environment:

Terminal window
# Store secrets in different environments
passbox set DATABASE_URL "postgres://dev/db" --env development
passbox set DATABASE_URL "postgres://staging/db" --env staging
passbox set DATABASE_URL "postgres://prod/db" --env production
# Retrieve from specific environment
passbox get DATABASE_URL --env production
# List secrets in an environment
passbox list --env staging
# Run with production secrets
passbox run --env production -- node server.js
# Push/pull .env for specific environment
passbox env push .env.staging --env staging
passbox env pull --env production -o .env.production

When --env is not specified, PassBox uses:

  1. The environment field from .passbox.json (if present)
  2. The defaultEnvironment from ~/.passbox/config.json
  3. The vault’s default environment (usually development)

Set a default:

Terminal window
# Per-project (in .passbox.json)
passbox init # select environment during setup
# Global
passbox config set defaultEnvironment staging