Private beta — invite only. Request access

Getting started

The 5-minute path from "I just signed up" to "I just injected my secrets into a running process".

Sign in

Auth is managed by Huudis — one account works across every Forjio product. Go to /login and sign in, or sign up at /signup.

Secronna is in private beta. If your account isn't on the allowlist yet, the dashboard will tell you — request access and we'll flip it on.

Get an API key

Everything below authenticates with a Bearer token. Create a per-workspace API key in the dashboard under Settings → API keys; it looks like sk_live_xxx. Export it so the examples pick it up:

export SECRONNA_TOKEN="sk_live_xxx"

1. Create a project

A project is the top-level container. One per app or repo is typical.

curl -X POST https://secronna.com/api/v1/projects \
  -H "Authorization: Bearer $SECRONNA_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "Web"}'

The response's data.id (e.g. proj_...) is your project id.

2. Create an environment

Environments slice a project into production, staging, etc.

curl -X POST https://secronna.com/api/v1/projects/proj_xxx/environments \
  -H "Authorization: Bearer $SECRONNA_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "production"}'

Keep the returned data.id (e.g. env_...).

3. Write a secret

Writing a key mints a new immutable version. Write it again later and you get version 2, 3, … — old versions are never overwritten.

curl -X PUT https://secronna.com/api/v1/environments/env_xxx/secrets \
  -H "Authorization: Bearer $SECRONNA_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"key": "DATABASE_URL", "value": "postgres://user:pass@host/db"}'

4. Reveal it

Listing secrets returns keys only. Reading a value back is an explicit, audited reveal — every reveal is written to the audit log.

# List keys (no values):
curl https://secronna.com/api/v1/environments/env_xxx/secrets \
  -H "Authorization: Bearer $SECRONNA_TOKEN"

# Reveal one secret's value (current version):
curl -X POST https://secronna.com/api/v1/secrets/sec_xxx/reveal \
  -H "Authorization: Bearer $SECRONNA_TOKEN"

5. Run a process with your secrets injected

The CLI's secronna run fetches every secret in an environment and injects it into a child process's environment — nothing touches disk.

npm install -g @forjio/secronna-cli
secronna auth login          # Huudis device flow

# Inject env_xxx's secrets, then run your app:
secronna run --env env_xxx -- node server.js

Under the hood this is the same "reveal every key into a {KEY: value} map" that the SDKs expose as fetchSecrets — so each key produces one secret.reveal audit entry.

What's next

  • The API reference — every endpoint in detail.
  • The SDKs — typed clients for Node, Python, and Go.
  • The security model — how your values are encrypted and audited.