storemyapi
Guides

Team Workflows

Share and manage secrets across your team with projects, environments, and access controls.

Team Workflows

storemyapi supports team collaboration for managing shared secrets. Here's how to set up effective team workflows.

Shared projects

Every team member with access to a project can read and write its keys. The typical setup:

# Lead creates the project
storemyapi projects create --name "backend-api" \
  --description "All backend service keys"

# Each team member authenticates with their own account
storemyapi login

# Everyone can now access the project's keys
storemyapi keys list -p backend-api

Environment separation

Use environments to enforce separation between development and production secrets:

EnvironmentWho accessesTypical keys
developmentAll developersTest/sandbox API keys, local DB URLs
stagingDevelopers + QAStaging service keys
productionCI/CD + ops teamLive API keys, production DB URLs
# Developer pulls dev keys
storemyapi env pull -p backend-api -e development -o .env.local

# CI pulls production keys
storemyapi env pull -p backend-api -e production -o .env

Onboarding new developers

When a new developer joins, getting them set up takes seconds:

# 1. They install the CLI
brew install storemyapi

# 2. Authenticate
storemyapi login

# 3. Pull dev environment
storemyapi env pull -p backend-api -e development -o .env.local

# 4. Start coding
npm run dev

No more Slack messages asking for API keys. No more shared password managers for development secrets.

Project-local config

Add a .storemyapi file to your repository so team members don't need to remember project names:

{
  "project": "backend-api",
  "environment": "development"
}
# .gitignore — do NOT ignore .storemyapi (it contains no secrets)
# .env*        <-- ignore these
# .storemyapi  <-- commit this

Now every team member can simply run:

storemyapi env pull -o .env.local

Audit trail

Every key access is logged. Team leads can review who accessed what:

storemyapi audit list -p backend-api --last 7d
TIME                 USER              ACTION         KEY
2026-02-17 10:30     jane@company.com  key.accessed   STRIPE_SECRET_KEY
2026-02-17 09:15     bob@company.com   key.created    NEW_SERVICE_KEY
2026-02-16 16:45     ci-bot            key.accessed   DATABASE_URL

Or check the web dashboard audit log at /dashboard/audit for a richer view with filtering and metadata.

Secret rotation

When rotating a key:

# 1. Update the key
storemyapi keys set STRIPE_SECRET_KEY "sk_live_new_value..." \
  -p backend-api -e production

# 2. Redeploy (CI pulls the new value automatically)
git commit --allow-empty -m "chore: rotate STRIPE_SECRET_KEY" && git push

# 3. Verify the old key is gone from the audit log
storemyapi audit list -p backend-api --filter key.updated

Every team member's next env pull will get the updated value. No manual coordination needed.

CI/CD Integration

Use storemyapi in your CI/CD pipelines to inject secrets at build and deploy time.

On this page

Team WorkflowsShared projectsEnvironment separationOnboarding new developersProject-local configAudit trailSecret rotation