Features
Secret Templates
Templates are project-scoped required key registries. Define which secrets a project needs and validate any environment before deployment to catch missing keys early.
CLI Usage
List templates
secr template listAdd a required key
secr template add DATABASE_URL --description "PostgreSQL connection string"Add an optional key
secr template add ANALYTICS_KEY \
--description "Analytics tracking key" \
--optionalRemove a key
secr template remove ANALYTICS_KEYValidate an environment
Check whether an environment has all required keys defined in the template:
secr template validate --env productionCLI Options
| Option | Type | Required | Description |
|---|---|---|---|
| --description | string | No | Human-readable description of what the key is for |
| --optional | flag | No | Mark the key as optional (not required for validation) |
| --env | string | all envs | Environment to validate against |
API Usage
List templates
GET /templates/:orgSlug/:projectSlugReturns all template entries for the project.
Add a template entry
POST /templates/:orgSlug/:projectSlug{
"key": "DATABASE_URL",
"description": "PostgreSQL connection string",
"required": true
}| Option | Type | Required | Description |
|---|---|---|---|
| key | string | Yes | The secret key name to register |
| description | string | No | Description of what the key is used for |
| required | boolean | true | Whether the key is required for validation to pass |
Requires admin or owner role.
Remove a template entry
DELETE /templates/:orgSlug/:projectSlug/:keyRequires admin or owner role.
Validate an environment
GET /templates/:orgSlug/:projectSlug/validate/:env{
"valid": false,
"missing": ["DATABASE_URL", "REDIS_URL"],
"extra": ["LEGACY_KEY"]
}| Field | Description |
|---|---|
| valid | true if all required template keys are present in the environment |
| missing | Required keys defined in the template but not set in the environment |
| extra | Keys set in the environment but not defined in the template |
Use Cases
Pre-deploy validation
Add a validation step to your deployment pipeline to catch missing secrets before they cause runtime errors:
secr template validate --env production || exit 1
# proceed with deployment...Onboarding new environments
When creating a new environment, use templates and promotion together to ensure nothing is missed:
# Create the environment, then promote secrets
secr promote --from staging --to preview
# Validate that all required keys are present
secr template validate --env previewTeam documentation
Templates serve as living documentation of what secrets a project needs. New team members can run secr template list to see every required key and its description, without needing to read through application code.
Never miss a secret again
secr template validate --env production