Caddi
Sign inSign up

caddi env

Per-environment env-var management. Writes to Vercel through Caddi so every change lands in the audit log.

list

bash
caddi env list --env dev

# NAME                     TYPE     VALUE
# DATABASE_URL             secret   ********
# NEXT_PUBLIC_SITE_URL     plain    https://meridian-dev.preview.northstar.dev
# RESEND_API_KEY           secret   ********
# STRIPE_SECRET_KEY        secret   ********

Without --env, lists all three environments side-by-side and highlights drift.

set

bash
caddi env set DATABASE_URL "postgres://..." --env dev --secret
caddi env set NEXT_PUBLIC_SITE_URL "https://meridian.studio" --env production

Use --secret when the value should be write-once (never readable after create). Public values can be read back any time.

unset

bash
caddi env unset RESEND_API_KEY --env staging

copy

bash
# Copy all vars from staging to dev
caddi env copy --from staging --to dev

# Copy a single var
caddi env copy STRIPE_SECRET_KEY --from production --to staging
Secrets are copied through Caddi’s key-wrap layer — the plaintext never lands in your shell. You will see the value masked in the CLI output.

diff

bash
caddi env diff --from staging --to production

# Only in staging:   FEATURE_FLAG_AB
# Only in production: ANALYTICS_KEY
# Drift:              NEXT_PUBLIC_SITE_URL  (preview vs custom domain — expected)

pull

bash
# Write the dev env into a local .env file
caddi env pull --env dev .env.local

Only public vars are written by default — pass --include-secrets if you really need the secrets locally (an audit log entry is created).

Next

Env-var concepts →