Skip to content
Calvery Vault

Environments

Environment adalah namespace di dalam team. Satu secret name bisa punya value berbeda per environment.

Default environments

Calvery tidak pakai hardcoded list — environment cuma tag string di secret. Convention umum:

  • production
  • staging
  • development
  • test

Kamu bisa bikin custom seperti qa, preview-pr-123, demo, dll.

Use case umum

DATABASE_URL per stage

Nameproductionstagingdevelopment
DATABASE_URLpostgres://prod-db...postgres://staging-...postgres://localhost/myapp

SDK default baca production:

const calvery = new Calvery({ token, team: 'acme' })
await calvery.get('DATABASE_URL')  // production

Override per-call:

await calvery.get('DATABASE_URL', { environment: 'staging' })

Atau ganti default di constructor:

const calvery = new Calvery({ token, team: 'acme', environment: 'staging' })

CI/CD integration

GitHub Actions — per branch

.github/workflows/deploy.yml
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4


      - name: Tentukan environment
        id: env
        run: |
          if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
            echo "env=production" >> $GITHUB_OUTPUT
          else
            echo "env=staging" >> $GITHUB_OUTPUT
          fi


      - name: Load secrets
        run: |
          npx -y @calvery/sdk inject --env ${{ steps.env.outputs.env }} >> $GITHUB_ENV
        env:
          CVSM_TOKEN: ${{ secrets.CVSM_TOKEN }}

Vercel — per deployment target

Vercel bedakan production, preview, development native — mapping 1-to-1:

next.config.mjs
import { Calvery } from '@calvery/sdk'


const env = process.env.VERCEL_ENV === 'production' ? 'production' :
            process.env.VERCEL_ENV === 'preview'    ? 'staging' :
                                                       'development'


await new Calvery({
  token: process.env.CVSM_TOKEN!,
  team: 'acme',
  environment: env,
}).inject()

Rename / delete environment

Environment cuma tag string — tidak ada tabel terpisah. Cara “delete”:

  1. List semua secret di environment: dashboard → filter env → lihat
  2. Update env mereka ke tujuan baru, atau delete semua

Belum ada bulk operation di dashboard (v0.1). Coming v0.3.

Convention rekomendasi

3-tier simple

production
staging
development

4-tier dengan QA

production
staging
qa
development

Preview environments (untuk Vercel/Netlify-style flow)

production
staging
preview-pr-123
preview-pr-456

Pakai sistem tag dinamis + cleanup cron untuk preview environments.

Multi-region

production-sg
production-jp
staging-sg

Role per environment (v0.3+)

Currently v0.1: role user berlaku di seluruh team — tidak ada “Member di dev, Viewer di prod”.

v0.3 planned: scoped roles — user X bisa write di development tapi cuma read di production. Track issue di github.com/RenzyArmstrong/Calvery-Vault/issues/1.

Audit log filter

Log include environment di metadata JSON:

{
  "action": "read",
  "resource": "secret",
  "metadata": "{\"environment\":\"production\"}"
}

Dashboard audit page filter by env coming v0.2.