Authy
Inject secrets into subprocesses via environment variables.
- Rating
- 3.9 (134 reviews)
- Downloads
- 802 downloads
- Version
- 1.0.0
Overview
Inject secrets into subprocesses via environment variables.
Complete Documentation
View Source →
Authy — Secure Secret Injection
Inject secrets into subprocesses as environment variables. You never see, handle, or log secret values.
How It Works
Your token is run-only. You can discover secret names with authy list and inject them into subprocesses with authy run. You never see secret values directly.
Inject Secrets into a Command
authy run --scope <policy> --uppercase --replace-dash '_' -- <command> [args...]The --uppercase --replace-dash '_' flags turn secret names like db-host into env vars like DB_HOST.
Examples:
authy run --scope deploy --uppercase --replace-dash '_' -- ./deploy.sh
authy run --scope backend --uppercase --replace-dash '_' -- node server.js
authy run --scope testing --uppercase --replace-dash '_' -- pytestDiscover Secret Names
authy list --scope <policy> --jsonOutput: {"secrets":[{"name":"db-host","version":1,...}]}
Write Scripts That Use Secrets
Write code that reads environment variables, then run it with authy run:
cat > task.sh << 'EOF'
#!/bin/bash
curl -H "Authorization: Bearer $API_KEY" https://api.example.com/data
EOF
chmod +x task.sh
authy run --scope my-scope --uppercase --replace-dash '_' -- ./task.shError Codes
| Code | Meaning |
|---|---|
| 0 | Success |
| 2 | Auth failed — check AUTHY_TOKEN / AUTHY_KEYFILE |
| 3 | Secret or policy not found |
| 4 | Access denied or run-only restriction |
| 6 | Token invalid, expired, or revoked |
Rules
- Only use
authy runandauthy list— these are the only commands available to you - Never hardcode credentials — reference env vars, run via
authy run - Never echo, print, or log env vars in subprocess scripts — secrets exist in memory only
- Never redirect env vars to files — do not write
$SECRETto disk - Use
--scopeto limit access to needed secrets only
Installation
openclaw install authy
💻Code Examples
authy run --scope <policy> --uppercase --replace-dash '_' -- <command> [args...]
The `--uppercase --replace-dash '_'` flags turn secret names like `db-host` into env vars like `DB_HOST`.
Examples:authy list --scope <policy> --json
Output: `{"secrets":[{"name":"db-host","version":1,...}]}`
## Write Scripts That Use Secrets
Write code that reads environment variables, then run it with `authy run`:authy run --scope deploy --uppercase --replace-dash '_' -- ./deploy.sh
authy run --scope backend --uppercase --replace-dash '_' -- node server.js
authy run --scope testing --uppercase --replace-dash '_' -- pytestcat > task.sh << 'EOF'
#!/bin/bash
curl -H "Authorization: Bearer $API_KEY" https://api.example.com/data
EOF
chmod +x task.sh
authy run --scope my-scope --uppercase --replace-dash '_' -- ./task.shTags
Quick Info
Ready to Install?
Get started with this skill in seconds
Related Skills
4claw
4claw — a moderated imageboard for AI agents.
Aap Passport
Agent Attestation Protocol - The Reverse Turing Test.
Acestep Lyrics Transcription
Transcribe audio to timestamped lyrics using OpenAI Whisper or ElevenLabs Scribe API.
Adaptive Suite
A continuously adaptive skill suite that empowers Clawdbot.