Secrets

Blocks can reference secrets with ${secrets.KEY} in their configuration. Stackie resolves these references at startup by searching multiple sources in priority order:

Environment variables — includes values from the companion .secrets.yml file (loaded automatically)
.env file in the working directory
.dev.vars file in the working directory (Cloudflare Workers format)

The first source that contains the key wins.

Companion Secrets File

Place a *.secrets.yml file next to your stack file. Stackie loads it automatically when the stack starts:

# dev.secrets.yml (loaded automatically with dev.yml)
secrets:
  DB_PASSWORD: "local-dev-password"
  API_KEY: "sk-test-abc123"

Using Secrets in Block Config

Reference secrets in your stack file’s init or env sections:

my-project:
  blocks:
    stackie.postgres:
      vars:
        POSTGRES_PASSWORD: "${secrets.DB_PASSWORD}"

Keep .secrets.yml files out of version control. Add *.secrets.yml to your .gitignore.