Store and retrieve custom secrets in the OS keychain. Secrets are available to your functions at runtime and during deploy — the CLI injects them from the keychain so you never put secret values in source files.
Secrets are stored under the sinch-cli service in the OS keychain with a custom- prefix. Key names must be uppercase letters, numbers, and underscores only (e.g., API_KEY, DATABASE_PASSWORD).
List all custom secrets by key name. Values are not shown.
sinch secrets listAdd or update a secret in the OS keychain. If the key already exists, the value is updated.
sinch secrets add <KEY> <VALUE>Add a blank entry in your .env (e.g., ELEVENLABS_API_KEY=) so the runtime and deploy process know to load this key from the keychain.
Retrieve a secret from the keychain. The value is hidden by default.
sinch secrets get <KEY> [--show]Remove a secret from the keychain. Requires confirmation unless --force is passed.
Aliases: remove, rm
sinch secrets delete <KEY> [-f, --force]Remove all custom secrets from the keychain. Requires confirmation unless --force is passed.
sinch secrets clear [-f, --force]