OverviewInstallFirst commandAuthenticateInject secretsTerminal UIExport dotenvGenerate TOTPAutomateCommandsTroubleshooting
GUIDEGuide

Inject secrets into a process

movitera run fetches an ENV_BUNDLE credential and runs your command with those keys in the child process environment.

Run with a credential

bash
$ movitera run -c myapp-prod -- npm start
> myapp@1.0.0 start
> node server.js

listening on http://localhost:3000

Use -- before your command to separate CLI flags from the flags of the process you want to run.

Examples by stack

Start the production build without a local `.env`

The Next.js process receives the ENV_BUNDLE keys in its environment, including database URLs, tokens, and session secrets.

bash
$ movitera run -c web-prod -- pnpm start
> web@1.0.0 start
> next start

ready - started server on 0.0.0.0:3000

Choose the team explicitly

bash
$ movitera run --team <team-id> -c myapp-prod -- pnpm dev

Without --team, the CLI uses MOVITERA_TEAM, then the team saved by movitera team use, and finally the interactive picker on a TTY.

What happens to secrets

  • The CLI fetches dotenv from the Vault endpoint for the selected credential.
  • The dotenv body is converted to environment variables in memory.
  • On macOS and Linux, the CLI process is replaced by the command through execvpe.
  • The CLI does not write values to disk during run.

Next

Browse in the TUIExport dotenv