Quick Start
Create a project and manage secrets.
1. Install the CLI
curl -fsSL https://redshiftapp.com/install | sh The verified installer supports Linux and macOS on x64 and arm64.
2. Authenticate
redshift login
# Choose local nsec or NIP-46 authentication.
# Use redshift login --connect for client-initiated NostrConnect pairing. NIP-07 is the preferred browser-dashboard method. It is not a CLI login option. Never share your nsec; anyone with it can access your secrets.
3. Set Up Your Directory
cd your-project
redshift setup
# Select or create a project and environment.
# Creates redshift.yaml This creates redshift.yaml with identifiers, not secret values:
project: my-app
environment: development
relays:
- wss://relay.damus.io redshift.yaml contains project, environment, and relay identifiers—not
secret values. Decide whether to commit it according to the repository's environment policy.
4. Add Secrets
redshift secrets set DATABASE_URL "postgres://localhost/mydb"
redshift secrets set API_KEY "sk-..."
redshift secrets
# Values are redacted by default:
# DATABASE_URL ********
# API_KEY ********
# Reveal one value only with explicit acknowledgement:
redshift secrets get API_KEY --raw Plaintext is displayed only when explicitly requested with --raw; keep
raw output out of logs and captured terminals.
5. Run Your Application
redshift run -- npm start
redshift run -- python app.py
redshift run -- go run main.go Secrets are injected into the child process environment and are not printed by Redshift.