The push command uploads environment variables from a local .env file to your cloud provider (AWS SSM Parameter Store
or Azure Key Vault) using a mapping file.
envilder --push --envfile=.env --map=param-map.jsonenvilder --push --envfile=.env.prod --map=param-map.json --profile=prod-account📖 See Mapping File Format for the full reference on
$configand provider options.
{
"API_KEY": "/myapp/api/key",
"DB_PASSWORD": "/myapp/db/password"
}Add $config to your map file to target Azure Key Vault:
{
"$config": {
"provider": "azure",
"vaultUrl": "https://my-vault.vault.azure.net"
},
"API_KEY": "myapp-prod-api-key",
"DB_PASSWORD": "myapp-prod-db-password"
}CLI flags (
--provider,--vault-url,--profile) override$configvalues in the map file.
API_KEY=abc123
DB_PASSWORD=secret456- Each variable found in both
.envand mapping file is pushed to the corresponding secret path. - No files are modified locally.
- Use
--provider=azureor$config.providerin the map file to push to Azure Key Vault instead of AWS SSM. - Use the
--vault-urlflag or$config.vaultUrlfor the Azure Key Vault URL. - Use the
--profileflag for different AWS accounts (AWS only).
Permissions: Your cloud identity must have write access to secrets. See Set Up IAM Permissions for AWS and Azure setup.
Sync your local .env variables to your cloud provider using a mapping file and mapping JSON.
graph LR
A[.env File] --> |Variables & Values| B[Envilder]:::core
C[Mapping File] --> |Secret Paths| B
D[Cloud Credentials]:::cloud --> B
B --> E[AWS SSM / Azure Key Vault]:::cloud
classDef cloud fill:#ffcc66,color:#000000,stroke:#333,stroke-width:1.5px;
classDef core fill:#1f3b57,color:#fff,stroke:#ccc,stroke-width:2px;
Example:
If your .env file contains:
API_KEY=abc123
DB_PASSWORD=secret456
And your param-map.json file contains:
{
"API_KEY": "/myapp/api/key",
"DB_PASSWORD": "/myapp/db/password"
}Running this command:
envilder --push --envfile=.env --map=param-map.jsonWill push:
- Value
abc123to SSM path/myapp/api/key - Value
secret456to SSM path/myapp/db/password
Push a single environment variable directly to your cloud provider without using any files.
graph LR
A[Command Line Arguments] --> B[Envilder]:::core
C[Cloud Credentials]:::cloud --> B
B --> D[AWS SSM / Azure Key Vault]:::cloud
classDef cloud fill:#ffcc66,color:#000000,stroke:#333,stroke-width:1.5px;
classDef core fill:#1f3b57,color:#fff,stroke:#ccc,stroke-width:2px;
Example:
envilder --push --key=API_KEY --value=abc123 --secret-path=/myapp/api/keyWill push:
- Value
abc123to secret path/myapp/api/key
| Option | Description |
|---|---|
--push |
Required: Enables push mode |
--provider |
Optional: Cloud provider aws (default) or azure |
--vault-url |
Optional: Azure Key Vault URL (overrides $config.vaultUrl) |
--profile |
Optional: AWS CLI profile to use (AWS only) |
--envfile |
Required: Path to your local .env file |
--map |
Required: Path to your parameter mapping JSON file |
| Option | Description |
|---|---|
--push |
Required: Enables push mode |
--provider |
Optional: Cloud provider aws (default) or azure |
--vault-url |
Optional: Azure Key Vault URL (overrides $config.vaultUrl) |
--profile |
Optional: AWS CLI profile to use (AWS only) |
--key |
Required: Environment variable name |
--value |
Required: Value to store in your cloud provider |
--secret-path |
Required: Full secret path in your cloud provider |
Push from .env file (multiple variables):
envilder --push --envfile=.env --map=param-map.jsonWith AWS profile:
envilder --push --envfile=.env.prod --map=param-map.json --profile=prod-accountAzure Key Vault (via $config in map file):
envilder --push --envfile=.env --map=azure-param-map.jsonAzure Key Vault (via CLI flags):
envilder --push --provider=azure --vault-url=https://my-vault.vault.azure.net --envfile=.env --map=param-map.jsonSingle variable push:
envilder --push --key=API_KEY --value=secret123 --secret-path=/my/pathWith AWS profile:
envilder --push --key=API_KEY --value=secret123 --secret-path=/my/path --profile=dev