Vaultlier

Quickstart

Go from an empty directory to typed, sealed configuration in five steps.

1. Sign in

Authenticate this machine with the portal. The CLI prints a link and a short code; approve it in your browser.

Terminal
vaultlier login

# To authenticate, open this link in a browser:
#   https://vaultlier.com/cli/approve?code=WDJB-MJHT
# and confirm the code WDJB-MJHT
Login is optional if you already have a project id and API key — pass them to init directly. See API Keys.

2. Initialize

In your project directory, run init. Pick an existing project with the arrow keys or create a new one. It writes vaultlier.json (schema metadata) and lib/vaultlier.ts (the generated typed client).

Terminal
vaultlier init

3. Declare keys

Add the keys your app needs to vaultlier.json, or let scan detect them from your existing .env files, then push the schema to the portal. Only metadata — names, types, scopes — is sent; never values.

Terminal
vaultlier scan          # detect keys from .env files (optional)
vaultlier push          # sync schema metadata to the portal

4. Set values

Write secret values for an environment. They are sealed server-side as new immutable versions; the CLI prints version numbers and never echoes the values back.

Terminal
vaultlier set DATABASE_URL=postgres://prod-db/main --env=prod
vaultlier set STRIPE_SECRET=sk_live_... FEATURE_NEW_FLOW=true -e prod

5. Read at runtime

Set VAULTLIER_API_KEY in your hosting environment, then resolve typed configuration on boot.

TypeScript
import { vault } from "./lib/vaultlier";

const config = await vault({ environment: "prod" });

await db.connect(config.DATABASE_URL); // typed string

That's the full loop. Next, dig into the details:

  1. CLI reference — every command and flag.
  2. SDK reference — client options and error handling.
  3. Environments — scoping and promotion.