Getting started
The 5-minute path from "I just signed up" to "I just injected my secrets into a running process".
Sign in
Auth is managed by Huudis — one account works across every Forjio product. Go to /login and sign in, or sign up at /signup.
Secronna is in private beta. If your account isn't on the allowlist yet, the dashboard will tell you — request access and we'll flip it on.
Get an API key
Everything below authenticates with a Bearer token. Create a
per-workspace API key in the dashboard under Settings → API keys;
it looks like sk_live_xxx. Export it so the examples pick it up:
export SECRONNA_TOKEN="sk_live_xxx"
1. Create a project
A project is the top-level container. One per app or repo is typical.
curl -X POST https://secronna.com/api/v1/projects \
-H "Authorization: Bearer $SECRONNA_TOKEN" \
-H "Content-Type: application/json" \
-d '{"name": "Web"}'
The response's data.id (e.g. proj_...) is your project id.
2. Create an environment
Environments slice a project into production, staging, etc.
curl -X POST https://secronna.com/api/v1/projects/proj_xxx/environments \
-H "Authorization: Bearer $SECRONNA_TOKEN" \
-H "Content-Type: application/json" \
-d '{"name": "production"}'
Keep the returned data.id (e.g. env_...).
3. Write a secret
Writing a key mints a new immutable version. Write it again later and you get version 2, 3, … — old versions are never overwritten.
curl -X PUT https://secronna.com/api/v1/environments/env_xxx/secrets \
-H "Authorization: Bearer $SECRONNA_TOKEN" \
-H "Content-Type: application/json" \
-d '{"key": "DATABASE_URL", "value": "postgres://user:pass@host/db"}'
4. Reveal it
Listing secrets returns keys only. Reading a value back is an explicit, audited reveal — every reveal is written to the audit log.
# List keys (no values):
curl https://secronna.com/api/v1/environments/env_xxx/secrets \
-H "Authorization: Bearer $SECRONNA_TOKEN"
# Reveal one secret's value (current version):
curl -X POST https://secronna.com/api/v1/secrets/sec_xxx/reveal \
-H "Authorization: Bearer $SECRONNA_TOKEN"
5. Run a process with your secrets injected
The CLI's secronna run fetches every secret in an environment and
injects it into a child process's environment — nothing touches disk.
npm install -g @forjio/secronna-cli
secronna auth login # Huudis device flow
# Inject env_xxx's secrets, then run your app:
secronna run --env env_xxx -- node server.js
Under the hood this is the same "reveal every key into a {KEY: value}
map" that the SDKs expose as fetchSecrets — so each key produces one
secret.reveal audit entry.
What's next
- The API reference — every endpoint in detail.
- The SDKs — typed clients for Node, Python, and Go.
- The security model — how your values are encrypted and audited.