A Vexly project is either anonymous or claimed. Anonymous projects let you (or an agent) start with zero friction; claiming attaches a project to a workspace, makes it private, and brings access control.
Anonymous projects
Running vexly init without being signed in creates an
anonymous project. While a project is anonymous:
- Anyone who knows the project id can push and pull its secrets — no account required.
- Anyone can claim it.
Because anonymous projects are open, don’t store anything truly private in them — treat their contents as shared until the project is claimed. Anonymous projects are also temporary: an unclaimed project is deleted 30 days after its last activity, with no warning. Claim a project to keep it.
Signing in
Claiming and working with claimed projects requires an account:
vexly login # sign in through your browser
vexly whoami # show who you're signed in as for this server
vexly logout # clear stored credentials for this server
Claiming a project
vexly claim attaches the current anonymous project to your workspace,
turning it into a private, access-controlled project. You must be logged in and
run it from the project directory:
vexly login
vexly claim
If you belong to more than one workspace, pass --workspace <slug> to choose
where it lands; omit it and the CLI lists your workspaces. Once claimed, normal
access control applies — only members with access can push, pull, or manage it.
Working with a team
Collaboration is simply workspace membership — there’s no separate “join” step in the CLI. Once a project is claimed into a workspace, you invite people into that workspace (in Studio), and a member automatically has access to its projects. A teammate just:
- is invited into the workspace,
- clones the repo (which includes the committed
.vexlyfile with the project id), and - starts working — their account already has access.
Visibility: private vs. anonymous access
A claimed project is private by default — only workspace members can reach it. You can optionally turn on anonymous access for an individual environment to let anyone with the project id pull it, no account required. This is for values that aren’t really secret: an open-source project’s default config, sandbox keys, or sample credentials.
So access has two independent dimensions per environment:
- Visibility — private (members only; the default once claimed) or anonymous (anyone with the project id can pull).
- Access mode — readable (can be pulled into
.env) or run-only (can only be injected viavexly run).
A few things to keep in mind:
- An unclaimed project is anonymous by nature; claiming makes it private by default, and anonymous access is then a deliberate, per-environment opt-in.
- On a claimed project, anonymous access grants pull only — pushing and managing always require workspace membership.
- Because anonymous access is off by default for claimed projects, committing
.vexly(with the project id) is safe even in a public repo: the id alone grants nothing unless you’ve explicitly enabled anonymous access.
Visibility and access mode are configured in Studio.
Commands
| Command | What it does |
|---|---|
vexly login | Sign in through your browser. |
vexly logout | Clear stored credentials for this server. |
vexly whoami | Show the signed-in identity for this server. |
vexly claim [--workspace <slug>] | Attach the current anonymous project to your workspace. |
Next
- Access modes — readable vs run-only.
- Files & git — what to commit and what to gitignore.
- Agent & CI access — tokens for automation.