Getting Started

Build without secrets leaking

XtraSecurity is a unified secrets management platform. It replaces insecure local config files with a Zero-Trust Injection Layer that works across your CLI, Team, and Production.

NOTE

New to Secrets Management?
XtraSecurity keeps your passwords (API keys, DB URLs) in the cloud. They are only "injected" into your app when you run it. If your computer is stolen or your code is leaked, your secrets remain safe.
End-to-end encrypted
Zero-trust access
Audit every access
0

Get the VS Code Extension

Before we start, install the official extension to get real-time security scanning and secret auto-completion.

Download for VS Code
1

Install the CLI

The XtraSecurity CLI is the primary interface for managing secrets across your entire environment.

>_Terminal
npm install -g xtra-cli
Verify installation:
>_Terminal
xtra --version
# xtra-cli v2.4.0
2

Authenticate

Connect your local machine to XtraSecurity using SSO or a static access key.

>_Auth
xtra login --sso

TIP

SSO is recommended for team environments. Use access keys only for CI/CD pipelines and service accounts.
3

Initialize Your Project

Link your repository to the Xtra cloud secrets engine. This creates an .xtra.json config file.

>_Setup
xtra init

TIP

Run xtra secrets ls to view your active secrets after initialization.

REFERENCE

Secrets live only in the child process environment — never written to disk or exposed in logs.
XtraSecurity LogoXtraSecurity