AppDocs
Get Started
Documentation v1.0.0

Documentation

Welcome to Nobalmako. Learn how to centralize, secure, and automate your company's environment variables.

1. Create a Project

Initialize your workspace. A project represents a specific application or service where you'll manage secrets.

2. Define Environments

Set up Development, Staging, and Production. Each environment isolates its own set of encrypted variables.

3. Import Secrets

Add your keys manually or bulk-import via .env files. Nobalmako automatically encrypts everything at rest.

4. Inject via API & SDK

Use our CLI or REST API to securely inject credentials into your CI/CD pipelines and local machines.

Security Architecture

"Nobalmako uses industry-standard AES-256-CBC encryption. Keys are never stored in plain-text, and unique IVs are used for every single secret."

At Rest

Encryption performed application-side before hitting the database.

In Transit

Mandatory TLS 1.3 encryption for all API calls and browser traffic.

Code Integration (SDKs)

Nobalmako provides official client libraries for major languages to simplify secret injection.

JavaScript / TypeScript
npm install nobalmako-cli

import { nobalmako } from 'nobalmako-cli';

// Automatically loads variables using nobalmako.json
await nobalmako.load();

// Or provide options explicitly
await nobalmako.load({
  project: "my-service",
  environment: "production"
});
Python (Coming Soon)
pip install nobalmako

Environment Isolation & RBAC

Prevent "Production leaking into Dev" by defining strict scoped environments. Each environment is a cryptographic silo protected by Role-Based Access Control.

Owner & Admin

Full control over project settings, members, and all secrets across all environments.

Developer

Can pull, push, and sync secrets. Cannot manage project members or delete environments.

Viewer

Read-only access. Can pull secrets to local machine, but cannot push or edit variables.

  • RBAC for specifically sensitive environments.
  • Environment-specific webhook triggers.
  • Automatic .env generation for local dev.
  • Historical versioning of all secrets.

CLI Commands

The Nobalmako CLI is the fastest way to manage and sync your environment variables with your local machine or CI/CD pipelines.

Global Installation

Install the command-line interface via NPM. Note: the package name is nobalmako-cli but the command is simply nobalmako.

npm install -g nobalmako-cli

nobalmako login

Authenticates your local machine. Stores a secure session token in your home directory.

nobalmako init

Initializes a nobalmako.json in your project root with your default project and environment.

nobalmako pull

Downloads your environment variables and saves them into a local .env file.

nobalmako push

Uploads your local .env variables to the cloud. Auto-creates projects/environments if they don't exist.

nobalmako sync

Smart-merges local and remote variables. Local changes win, and missing keys are synced in both directions.

nobalmako run

Runs a command (e.g., npm start) with all environment variables injected directly into memory.

Usage in CI/CD

For GitHub Actions or GitLab CI, we recommend using `npx` with an API token for seamless injection.

npx nobalmako pull -p "Prod" -e "prod" --token $NOBALMAKO_TOKEN

Cleanup

Use the logout command to securely remove your local credentials.

nobalmako logout