OverviewInstallFirst commandAuthenticateInject secretsUse in CI/CDTerminal UIExport dotenvGenerate TOTPCommandsTroubleshooting
GUIDEGuide

Inject secrets into a process

movitera run fetches an ENV_BUNDLE credential and runs your command with those keys in the child process environment.

Run with a credential

bash
$ movitera run -c myapp-prod -- npm start
> myapp@1.0.0 start
> node server.js

listening on http://localhost:3000

Use -- before your command to separate CLI flags from the flags of the process you want to run.

Examples by stack

Start the production build without a local `.env`

The Next.js process receives the ENV_BUNDLE keys in its environment, including database URLs, tokens, and session secrets.

bash
$ movitera run -c web-prod -- pnpm start
> web@1.0.0 start
> next start

ready - started server on 0.0.0.0:3000

Choose the team explicitly

bash
$ movitera run --team <team-id> -c myapp-prod -- pnpm dev

Without --team, the CLI uses the team you saved with movitera team use.

What happens to secrets

  • The CLI fetches dotenv from the Vault endpoint for the selected credential.
  • The dotenv body is converted to environment variables in memory.
  • On macOS and Linux, the command replaces the CLI process.
  • The CLI does not write values to disk during run.

Next

Browse in the TUIExport dotenv