CI/CD & containers
The pattern for every automated environment is the same: provide a service token, point the
CLI at your API, and either run your command with secrets injected or export them. No
passphrase is involved.
Store the token in your platform's secret store as SEEKRIT_TOKEN, and grant it only the
environments that job needs.
GitHub Actions
jobs:
deploy:
runs-on: ubuntu-latest
env:
SEEKRIT_TOKEN: ${{ secrets.SEEKRIT_TOKEN }}
SEEKRIT_API_URL: https://api.your-seekrit.example
steps:
- uses: actions/checkout@v4
- run: npm install -g @seekrit/cli
- run: seekrit run -- ./deploy.sh # secrets injected into the process
Docker
Prefer injecting secrets at runtime, not baking them into an image. Pass the token in and let the entrypoint fetch secrets:
# entrypoint.sh
#!/bin/sh
exec seekrit run -- "$@"
docker run --rm \
-e SEEKRIT_TOKEN="$SEEKRIT_TOKEN" \
-e SEEKRIT_API_URL="https://api.your-seekrit.example" \
your-image ./start-server
If you must materialize a file (for tools that read .env), write it inside the container at
startup and keep it out of any image layer:
seekrit export --format dotenv > /run/secrets.env
Never seekrit export into a build stage that gets committed to an image layer. Fetch secrets
at container start, into a tmpfs or process environment.
Kubernetes
Store the token in a Kubernetes Secret and reference it as an environment variable; run your app through the CLI:
env:
- name: SEEKRIT_TOKEN
valueFrom:
secretKeyRef:
name: seekrit-token
key: token
- name: SEEKRIT_API_URL
value: https://api.your-seekrit.example
command: ["seekrit", "run", "--"]
args: ["./start-server"]
AI agent sandboxes
Ephemeral environments — like the throwaway sandboxes an AI coding agent spins up — are a natural fit: create a short-lived environment, grant a scoped token, and let the agent's process read secrets through the CLI without ever seeing long-lived credentials. Revoke the token when the sandbox is torn down.
A dedicated agent-proxy that swaps tokenized placeholders for real credentials on outbound requests (so an agent never sees secret values at all) is on the roadmap. The grant/wrap model already supports it — a proxy is just another principal.