Generic CI Integration
Mantle works with any CI/CD system that can run Node.js. This guide covers the universal approach.
Requirements
- Node.js 18+ available in your CI environment
- npm or ability to run global npm packages
Universal Setup
The pattern is the same for any CI system:
# 1. Install Mantle globally
npm install -g @dotsetlabs/cli
# 2. Run your command with protection
dotset mantle run --mode redact -- your-command-here
Environment Variables
Mantle automatically detects secrets from environment variables with common prefixes:
| Prefix | Examples |
|---|
API_ | API_KEY, API_SECRET |
SECRET_ | SECRET_KEY, SECRET_TOKEN |
TOKEN_ | TOKEN_AUTH, TOKEN_DEPLOY |
KEY_ | KEY_PRIVATE, KEY_API |
PASSWORD | PASSWORD, DB_PASSWORD |
PRIVATE_ | PRIVATE_KEY |
AWS_ | AWS_SECRET_ACCESS_KEY |
Mantle also detects secrets by pattern matching (AWS keys, GitHub tokens, etc.) regardless of variable names.
Using .env Files
If your CI creates a .env file, Mantle detects it automatically:
# Create .env from CI secrets
echo "DATABASE_URL=$DATABASE_URL" > .env
echo "API_KEY=$API_KEY" >> .env
# Mantle reads .env automatically
dotset mantle run --mode redact -- npm test
Docker-Based CI
If your CI uses Docker, include Mantle in your image or install during build:
FROM node:20-alpine
# Install Mantle globally
RUN npm install -g @dotsetlabs/cli
WORKDIR /app
COPY . .
RUN npm ci
# Run with protection
CMD ["dotset", "mantle", "run", "--mode", "redact", "--", "npm", "start"]
# Generic CI config structure
steps:
- name: Build and Test
image: node:20
commands:
- npm install -g @dotsetlabs/cli
- npm ci
- dotset mantle run --mode redact -- npm test
environment:
DATABASE_URL: ${DATABASE_URL}
DOTSET_API_TOKEN: ${DOTSET_API_TOKEN}
Protection Modes
| Mode | Behavior | Use Case |
|---|
detect | Warn but show secrets | Audit existing logs |
redact | Replace with [REDACTED] | Recommended for most CI |
block | Suppress entire line | High-security environments |
# Detection only (audit mode)
dotset mantle run --mode detect -- npm test
# Redaction (recommended)
dotset mantle run --mode redact -- npm test
# Full blocking
dotset mantle run --mode block -- npm test
Generating Compliance Reports
Add --report to generate an HTML audit artifact:
dotset mantle run --mode redact --report -- npm test
# Creates: mantle-report.html
Offline / Air-Gapped Environments
Mantle works fully offline with no cloud dependencies:
# Mantle works completely offline
dotset mantle run --mode redact -- npm test
- Protection works using built-in patterns
- No data is sent anywhere
- No account or API key required
Troubleshooting
Mantle not detecting secrets
- Check that secrets are available as environment variables
- Try explicit provider selection:
--providers dotenv,environment
- Verify secret values are long enough (minimum 8 characters)
CI times out during install
Cache the npm global packages directory. Most CI systems support caching ~/.npm.
Exit code issues
Mantle preserves the exit code of your command. If your command fails, Mantle exits with the same code.
For detailed examples, see our platform-specific guides:
