This guide is for team/advanced secrets management using Infisical.
Personal development? Just copy
.env.exampleto.env.localand fill in your values. See CONTRIBUTING.md for the full setup guide.
- Team sync: Share secrets securely across team members
- Auto-refresh: The
.bin/bunwrapper automatically syncs secrets to.env.local - No manual copying: Secrets stay up-to-date with a 15-minute cache
- direnv: Required for the bun wrapper to work
- macOS:
brew install direnv - Ubuntu/Debian:
sudo apt install direnv - Hook it into your shell
- macOS:
direnv allowThis adds .bin/ to your PATH so the Infisical sync wrapper runs automatically.
npm install -g @infisical/cli
infisical init
infisical login
# Select "US" region when prompted- Browser opens automatically to https://app.infisical.com
- Login with your email
- Select or create your organization and project
- Copy the token from browser and paste in terminal
# Load all variables from .env.example as a starting point
infisical secrets set --file .env.example
# Fix the database password to match Docker
infisical secrets set DATABASE_URL=postgresql://manicode_user_local:secretpassword_local@localhost:5432/manicode_db_localbun run dev # Secrets auto-sync to .env.local- The
.bin/bunwrapper checks if.env.localneeds refreshing - If stale (>15 min) or missing, it syncs from Infisical
- Bun then loads
.env.localautomatically
| Problem | Solution |
|---|---|
| Token won't paste | Right-click → paste |
| Session expired | Run infisical login again |
| Can't navigate menus | Use arrow keys ↓ ↑ |
| Infisical not working | Fall back to manual .env.local |
# Set a single secret
infisical secrets set MY_API_KEY=abc123
# Delete the local cache to force refresh
rm .env.local
bun run dev # Re-syncs from Infisical