Running Commands
Run with Secrets
Section titled “Run with Secrets”passbox run [options] -- <command>Executes a command with all vault secrets injected as environment variables. Secrets are decrypted in memory and passed to the child process — they are never written to disk.
Options
Section titled “Options”| Option | Description |
|---|---|
--vault <name> | Vault name or ID |
--env <name> | Environment name |
Examples
Section titled “Examples”# Run Node.js app with secretspassbox run --vault my-app -- node server.js
# Run with production secretspassbox run --vault my-app --env production -- npm start
# Run any commandpassbox run -- docker compose up
# Use with project config (.passbox.json)passbox run -- python manage.py runserverHow It Works
Section titled “How It Works”- PassBox fetches all secrets from the vault (and environment)
- Decrypts each secret value client-side
- Spawns the child process with secrets as environment variables
- Existing environment variables are preserved; vault secrets are merged in
Push .env to Vault
Section titled “Push .env to Vault”passbox env push <file> [options]Reads a local .env file and imports all key-value pairs as secrets in the vault.
Options
Section titled “Options”| Option | Description |
|---|---|
--vault <name> | Vault name or ID |
--env <name> | Target environment name |
Example
Section titled “Example”passbox env push .env --vault my-apppassbox env push .env.production --vault my-app --env productionPull Secrets to .env
Section titled “Pull Secrets to .env”passbox env pull [options]Exports all secrets from a vault as a .env file.
Options
Section titled “Options”| Option | Description |
|---|---|
--vault <name> | Vault name or ID |
--env <name> | Environment name |
-o, --output <file> | Output file path (default: stdout) |
Examples
Section titled “Examples”# Print to stdoutpassbox env pull --vault my-app
# Save to filepassbox env pull --vault my-app -o .env.local
# Pull production secretspassbox env pull --env production -o .env.productionImport from Files
Section titled “Import from Files”passbox import <format> <file> [options]Import secrets from various file formats.
Supported Formats
Section titled “Supported Formats”| Format | Command | File Format |
|---|---|---|
.env | passbox import dotenv .env | KEY=value |
| JSON | passbox import json secrets.json | {"KEY": "value"} |
| CSV | passbox import csv secrets.csv | name,value,description |
Options
Section titled “Options”| Option | Description |
|---|---|
--vault <name> | Vault name or ID |
--env <name> | Target environment name |
Examples
Section titled “Examples”passbox import dotenv .env.production --env productionpassbox import json secrets.json --vault my-apppassbox import csv export.csv --vault my-app --env staging