Integration Tokens

While a credential permits push and pull across ALL environments, an IT token does not. IT tokens can ONLY pull and only for a single environment.

This means you cannot create an IT token to pull both staging secrets and production secrets. You instead have to generate two separate IT tokens - one for production and one for staging. This is by design to further protect your secrets and practice the principle of least privilege.

How can I get an IT token? They are auto-generated for you when you add an integration to an environment.


Here's an example of what an IT Token looks like:


Here's an example of it put to use:

$ npx dotenv-vault pull --dotenvMe it_e3811a4…


You can generate an IT token by adding an integration to an environment.