CLI Overview
Commands
Section titled “Commands”| Command | Description |
|---|---|
envpkt init | Generate an envpkt.toml template |
envpkt audit | Check credential health against lifecycle policies |
envpkt inspect | Display a structured view of the config |
envpkt resolve | Resolve catalog references into a flat config |
envpkt fleet | Scan directory tree and aggregate health |
envpkt exec | Pre-flight audit, inject secrets, run a command |
envpkt env scan | Auto-discover credentials from shell environment |
envpkt env check | Bidirectional drift detection |
envpkt env export | Output export statements for sourcing secrets |
envpkt shell-hook | Output shell function for ambient warnings |
envpkt mcp | Start the MCP server |
Global Options
Section titled “Global Options”All commands support:
--help— Show help for the command--version— Show envpkt version
Config Resolution
Section titled “Config Resolution”Commands that read envpkt.toml (audit, inspect, resolve, exec, env check, env export) follow this resolution chain:
- Explicit
-c path/to/envpkt.tomlflag envpkt.tomlin the current working directory- Search upward through parent directories
If a catalog field is present, it’s resolved relative to the config file’s directory.
Exit Codes
Section titled “Exit Codes”| Code | Meaning |
|---|---|
0 | Healthy — all secrets pass audit |
1 | Degraded — some secrets have warnings |
2 | Critical — expired or missing secrets |
See Exit Codes reference for details.