Secrets - ZWRM

Secrets are encrypted environment variables injected into your VMs at runtime. Use them for API keys, database credentials, and other sensitive values.

For non-sensitive config, use the [env] section in zwrm.toml instead.

Set a secret

zwrm secrets set <NAME> <VALUE>

You can also use = syntax:

zwrm secrets set DATABASE_URL=postgres://user:pass@host/db

Secret names must start with a letter or underscore and contain only letters, numbers, and underscores.

List secrets

zwrm secrets list

Shows secret names, versions, status (staged or deployed), and last update time. Values are never displayed.

Remove a secret

zwrm secrets unset <NAME>

Bulk import from a file

Load secrets from a .env file:

zwrm secrets add --from-file .env

Empty lines and comments (lines starting with #) are skipped.

Common flags

All secrets subcommands accept:

Flag	Type	Default	Description
`--app`	string	from `zwrm.toml`	Application name
`--app-id`	string	—	Application UUID

Examples

zwrm secrets set API_KEY "sk-1234567890"
zwrm secrets set REDIS_URL=redis://localhost:6379 --app my-app
zwrm secrets list
zwrm secrets unset OLD_SECRET
zwrm secrets add --from-file .env.production

SSH Volumes

​Set a secret

​List secrets

​Remove a secret

​Bulk import from a file

​Common flags

​Examples

Set a secret

List secrets

Remove a secret

Bulk import from a file

Common flags

Examples