Skip to main content

Team Secret Sharing

Sync secrets across your team using the cloud.

Prerequisites

  1. Create an account at app.dotsetlabs.com
  2. Authenticate: dotset login

Push Secrets to Cloud

dotset secrets sync --push
This uploads your encrypted secrets to the cloud. They remain encrypted — we never see your values.

Pull Secrets from Cloud

dotset secrets sync --pull
Downloads secrets from the cloud and merges with your local store.

Workflow

Setting Up a New Team Member

  1. Clone the repository
  2. Initialize native storage: dotset secrets init
  3. Get the project key from your team (securely!)
  4. Login: dotset login
  5. Pull secrets: dotset secrets sync --pull
Security First: Share your project key securely (e.g., 1Password, Bitwarden). Never share it in plaintext channels like Slack or email.

Updating Secrets

# Add or update secret in native storage
dotset secrets set NEW_API_KEY "..."

# Push to team
dotset secrets sync --push

Why Sync Native Storage?

While Shield can pull secrets from AWS or .env files, Native Storage with Cloud Sync is the best way to manage environment-specific credentials that need to be shared across a development team without relying on external infrastructure.

Benefits

  • Zero-Infrastructure: No need to manage AWS IAM roles for every developer.
  • Offline Access: Secrets are encrypted on your local machine.
  • Audit Logs: See who updated which secret and when (Business plan).