envpkt exec
Run a pre-flight audit, inject secrets from fnox into the environment, then execute a subprocess command.
envpkt exec [options] -- <command...>Options
Section titled “Options”| Option | Description | Default |
|---|---|---|
-c, --config <path> | Path to envpkt.toml | Auto-detected |
--profile <profile> | fnox profile to use | — |
--skip-audit | Skip the pre-flight audit | false |
--no-check | Skip the pre-flight audit (alias) | false |
--warn-only | Warn on critical audit but do not abort | false |
--strict | Abort on any non-healthy secret | false |
Examples
Section titled “Examples”# Audit then runenvpkt exec -- node server.js
# Skip the auditenvpkt exec --skip-audit -- npm start
# Strict mode: abort if any secret is not healthyenvpkt exec --strict -- ./deploy.sh
# Use a specific fnox profileenvpkt exec --profile staging -- node server.jsExecution Flow
Section titled “Execution Flow”- Load
envpkt.toml(resolve catalog if present) - Run audit (unless
--skip-audit) - Check audit result against policy (
--strict/--warn-only) - Inject secrets from fnox into subprocess environment
- Execute the command
Requires fnox integration or sealed packets for secret injection.