lct / guides / secrets-and-env
GitHub

Secrets And Env

Keep sensitive data encrypted and environment variables reproducible.

Track secrets safely

Add secret files so they are encrypted when gathered:

lct secrets add ~/.ssh/id_rsa  
lct secrets add ~/.claude.json

During lct gather, secrets are encrypted into remote/secrets and flagged if untracked items are detected.

Manage environment variables

Store machine-specific environment values in the shared env file and reload them into your shell:

lct env set OPENAI_API_KEY sk-...  
lct env list  
lct env reload

Use lct env unset NAME to remove entries. Combine with lct reload in your shell profile to make values available on login.

Keep secrets separate from config

Keep API keys in lct secrets and lct env, while keeping public configuration in config.yaml. This allows you to push the remote repository without exposing sensitive data.