Docs

Quick Start

Create a project and manage secrets.

1. Install the CLI

curl -fsSL https://redshiftapp.com/install | sh

The verified installer supports Linux and macOS on x64 and arm64.

2. Authenticate

redshift login
# Choose local nsec or NIP-46 authentication.
# Use redshift login --connect for client-initiated NostrConnect pairing.

NIP-07 is the preferred browser-dashboard method. It is not a CLI login option. Never share your nsec; anyone with it can access your secrets.

3. Set Up Your Directory

cd your-project
redshift setup
# Select or create a project and environment.
# Creates redshift.yaml

This creates redshift.yaml with identifiers, not secret values:

project: my-app
environment: development
relays:
  - wss://relay.damus.io

redshift.yaml contains project, environment, and relay identifiers—not secret values. Decide whether to commit it according to the repository's environment policy.

4. Add Secrets

redshift secrets set DATABASE_URL "postgres://localhost/mydb"
redshift secrets set API_KEY "sk-..."
redshift secrets

# Values are redacted by default:
# DATABASE_URL  ********
# API_KEY       ********

# Reveal one value only with explicit acknowledgement:
redshift secrets get API_KEY --raw

Plaintext is displayed only when explicitly requested with --raw; keep raw output out of logs and captured terminals.

5. Run Your Application

redshift run -- npm start
redshift run -- python app.py
redshift run -- go run main.go

Secrets are injected into the child process environment and are not printed by Redshift.

Next Steps