بنقرة واحدة
env
Manage environment variables and secrets with flow (always use Flow env store)
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Manage environment variables and secrets with flow (always use Flow env store)
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Always edit/create GitHub PR bodies from a markdown file; never inline escaped newlines.
Enforce tight Codex/Claude delivery loop with Bun-first testing, skill sync/reload, and commit quality gates.
| name | env |
| description | Manage environment variables and secrets with flow (always use Flow env store) |
| source | flow-default |
Flow provides a secure way to manage environment variables across projects.
.env files for secrets unless they are injected via f env.f env get or run via f env run.Add a [storage] section to your project's flow.toml:
[storage]
provider = "myflow.sh"
[[storage.envs]]
name = "local"
description = "Local development"
variables = [
{ key = "DATABASE_URL" },
{ key = "API_KEY" },
{ key = "SECRET_TOKEN", default = "" },
]
Use f env set to store values:
# Set individual env vars
f env set API_KEY=abc123
f env set DATABASE_URL="postgres://..."
# Values are stored in ~/.config/flow/env-local/personal/production.env
# Pull all env vars for the current environment
f env pull
# Show current env vars
f env list
# Get specific var
f env get API_KEY
| Command | Description |
|---|---|
f env set KEY=value | Store an env var |
f env pull | Pull env vars to local .env file |
f env push | Push local .env to cloud |
f env list | List env vars for this project |
f env get KEY | Get specific env var(s) |
f env keys | Show configured env keys from flow.toml |
f env setup | Interactive env setup |
f env guide | Guided prompt to set required vars |
f env run <cmd> | Run command with env vars injected |
Flow supports multiple environments:
[[storage.envs]]
name = "local"
variables = [{ key = "DATABASE_URL" }]
[[storage.envs]]
name = "staging"
variables = [{ key = "DATABASE_URL" }]
[[storage.envs]]
name = "production"
variables = [{ key = "DATABASE_URL" }]
[storage]
provider = "myflow.sh"
[[storage.envs]]
name = "local"
description = "Spotify API credentials"
variables = [
{ key = "SPOTIFY_CLIENT_ID" },
{ key = "SPOTIFY_CLIENT_SECRET" },
{ key = "SPOTIFY_ACCESS_TOKEN" },
{ key = "SPOTIFY_REFRESH_TOKEN", default = "" },
]
Then:
# Set your credentials (example values)
f env set SPOTIFY_CLIENT_ID=example_client_id
f env set SPOTIFY_CLIENT_SECRET=example_client_secret
# Run CLI with env vars injected
f env run bun run src/main.ts now
# Or pull to .env first
f env pull
source .env
bun run src/main.ts now
When writing Flow tasks, prefer:
MY_TOKEN="$(FLOW_ENV_BACKEND=local f env get --personal MY_TOKEN -f value 2>/dev/null || true)"
if [ -z "${MY_TOKEN:-}" ]; then
echo "MY_TOKEN missing. Save it with envnew MY_TOKEN=..."
exit 1
fi
export MY_TOKEN
Use Flow's OTP command to fetch TOTP codes from 1Password Connect:
f otp get <vault> <item> [--field <label>]
Requires:
OP_CONNECT_HOSTOP_CONNECT_TOKEN (env or Flow personal env store)~/.config/flow/env-local/personal/production.envf env pullFlow uses a token stored in ~/.config/flow/auth.toml to authenticate. If you haven't authenticated:
f auth login
~/.config/flow/f env push.env files to git (add to .gitignore)f env run to inject vars without creating .env files