SDKs
Secronna ships typed SDKs in three languages, all wrapping the same REST
API. Each client is constructed with a { baseUrl, token } config, has
one method per endpoint, unwraps the { data, error, meta } envelope for
you, and throws/returns a typed error on any non-2xx response.
All three also ship a fetchSecrets convenience that reveals every
secret in an environment and returns a { KEY: value } map — the shape
you'd inject into a process environment.
JavaScript / TypeScript
npm install @forjio/secronna
import { SecronnaClient } from "@forjio/secronna";
const client = new SecronnaClient({ token: process.env.SECRONNA_TOKEN! });
const project = await client.createProject({ name: "Web" });
const env = await client.createEnvironment(project.id, { name: "production" });
await client.setSecret(env.id, { key: "DATABASE_URL", value: "postgres://…" });
const keys = await client.listSecrets(env.id); // keys only
const revealed = await client.revealSecret(keys[0].id); // audited reveal
// Pull the whole environment into a { KEY: value } map:
const secrets = await client.fetchSecrets(env.id);
// { DATABASE_URL: "postgres://…" }
Errors throw SecronnaError (with .status, .code, .requestId).
Python
pip install forjio-secronna
from forjio_secronna import SecronnaClient
client = SecronnaClient(token="sk_live_xxx")
project = client.create_project(name="Web")
env = client.create_environment(project["id"], name="production")
client.set_secret(env["id"], key="DATABASE_URL", value="postgres://…")
keys = client.list_secrets(env["id"]) # keys only
revealed = client.reveal_secret(keys[0]["id"]) # audited reveal
# Pull the whole environment into a {KEY: value} dict:
secrets = client.fetch_secrets(env["id"])
# {"DATABASE_URL": "postgres://…"}
Errors raise SecronnaError (with .status, .code, .request_id).
Go
go get github.com/hachimi-cat/secronna-go
import "github.com/hachimi-cat/secronna-go"
c := secronna.New(secronna.Config{Token: os.Getenv("SECRONNA_TOKEN")})
project, err := c.CreateProject(ctx, "Web")
env, err := c.CreateEnvironment(ctx, project.ID, "production")
_, err = c.SetSecret(ctx, env.ID, "DATABASE_URL", "postgres://…")
keys, err := c.ListSecrets(ctx, env.ID) // keys only
revealed, err := c.RevealSecret(ctx, keys[0].ID, 0) // 0 = current version
// Pull the whole environment into a map[KEY]value:
secrets, err := c.FetchSecrets(ctx, env.ID)
// map[DATABASE_URL:postgres://…]
Errors return *secronna.Error (with .Status, .Code, .RequestID);
use errors.As to inspect it.
CLI
npm install -g @forjio/secronna-cli
secronna auth login
The CLI authenticates via the Huudis device flow and stores its session
at ~/.secronna/session.json. secronna run --env <envId> -- <command>
injects an environment's secrets into a child process — see
getting started.