This walks you from nothing to running your app with its secrets injected from the cloud. You don’t need an account to start.

1. Install the CLI

The installer drops a single standalone binary — no Node or other runtime required:

curl -fsSL https://get.vexly.dev/install.sh | sh

Check it’s working:

vexly version

2. Create a project

From your project directory:

vexly init

This creates a Vexly project and writes a .vexly file (the project id, server, and default environment). Commit .vexly — it holds no secrets, and it’s what lets a teammate clone the repo and immediately talk to the same project.

If you’re not signed in, vexly init creates an anonymous project so you can start right away. New projects come with a development and a production environment; production is the default.

3. Store a secret

Secrets live in the cloud environment, not in a local file. Set one with KEY=value:

vexly set DATABASE_URL=postgres://localhost/myapp

List the keys in the environment (values are masked):

vexly ls
# KEY           VALUE
# DATABASE_URL  ***

To declare a key you’ll fill in later, set it without a value:

vexly set STRIPE_SECRET_KEY

4. Run your app with secrets injected

vexly run fetches the environment’s secrets and injects them into your command’s environment — nothing is written to disk:

vexly run -- npm start

Use -- to separate Vexly’s arguments from your command’s. The command’s exit code passes straight through, so vexly run is safe in scripts and CI.

Wire it into your scripts so secrets are always present:

{
  "scripts": {
    "dev": "vexly run -- vite",
    "start": "vexly run -- node server.js"
  }
}

5. Ask someone to fill in a secret

When a value should come from a human — and never land in an agent’s chat — mint a request link (requires vexly login):

vexly request STRIPE_SECRET_KEY
# prints a shareable link (expires in 24h)

Send them the link. They open it, paste the value, and it goes straight to the cloud environment — ready the next time you vexly run or vexly pull.

A note on .env

Vexly never commits your secrets. If you keep a local .env for any reason, make sure it’s gitignored — vexly init does not modify .gitignore for you.

Next