/

Multi-Environment Setup

Environment isolation

ByteHide Secrets allows you to store different values for the same secret key across multiple environments. This ensures proper isolation between development, staging, and production configurations.

Understanding Environments

Environments allow you to manage separate sets of secrets for different stages of your application lifecycle:

  • Development: Used during local development
  • Staging: For testing before production deployment
  • Production: For your live application
  • Custom environments: Create any custom environment you need

Creating Environments

Environments are created in the ByteHide cloud panel:

  1. Navigate to your project
  2. Go to the Settings tab
  3. In the Environments section, click Add
  4. Enter a name for your environment (e.g., "staging")
  5. Optionally connect a repository to this environment
  6. Click Save

Environment Management

Setting Environment-Specific Secrets

Once you've created environments, you can set environment-specific values for each secret key:

  1. Go to the Keys tab in your project
  2. Click Create secret to add a new secret
  3. Enter a key name (e.g., "database-connection")
  4. Add values for each environment
  5. Click Save

Multi-Environment Secret

Accessing Environment-Specific Secrets

Set Environment at Initialization

The most common approach is to set the environment when initializing the SDK:

// Set environment via environment variable
// BYTEHIDE_SECRETS_ENVIRONMENT=production
ManagerSecrets.Initialize();

// Or directly (not recommended for production)
ManagerSecrets.UnsecureInitialize("your-token", "production");

// Now all secret requests will use "production" environment
var connectionString = Products.Secrets.Get("database-connection"); // Gets production value

Specify Environment for Individual Requests

You can also override the environment for specific requests:

// Initialize with default environment (e.g., development)
ManagerSecrets.Initialize();

// Get secrets from specific environments
var devConnection = await Products.Secrets.GetAsync("database-connection", environment: "development");
var stagingConnection = await Products.Secrets.GetAsync("database-connection", environment: "staging");
var prodConnection = await Products.Secrets.GetAsync("database-connection", environment: "production");

Environment Configuration in Different Scenarios

Local Development

// .NET CLI/Visual Studio - environment variables
// On Windows (PowerShell):
$env:BYTEHIDE_SECRETS_TOKEN = "your-token"
$env:BYTEHIDE_SECRETS_ENVIRONMENT = "development"

// On macOS/Linux:
export BYTEHIDE_SECRETS_TOKEN=your-token
export BYTEHIDE_SECRETS_ENVIRONMENT=development

ASP.NET Core Development

In appsettings.Development.json:

{
  "ByteHide": {
    "Environment": "development"
  }
}

In Startup.cs:

public void ConfigureServices(IServiceCollection services)
{
    var environment = Configuration["ByteHide:Environment"] ?? "development";
    
    // Initialize ByteHide with the environment
    ManagerSecrets.Initialize(); // Will read from env vars
    
    // Register as singleton
    services.AddSingleton<ISecretProvider>(new ByteHideSecretProvider(environment));
}

CI/CD Pipeline

In your CI/CD workflows, set the appropriate environment:

# GitHub Actions example
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      # ...
      - name: Set ByteHide Environment
        run: |
          # For staging branch
          if [[ "${{ github.ref }}" == "refs/heads/develop" ]]; then
            echo "BYTEHIDE_SECRETS_ENVIRONMENT=staging" >> $GITHUB_ENV
          # For main branch
          elif [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
            echo "BYTEHIDE_SECRETS_ENVIRONMENT=production" >> $GITHUB_ENV
          else
            echo "BYTEHIDE_SECRETS_ENVIRONMENT=development" >> $GITHUB_ENV
          fi

Best Practices

Environment Naming Convention

Use consistent environment names across your organization:

  • development (or dev)
  • testing (or test)
  • staging (or stg)
  • production (or prod)

Value Consistency

Maintain the same key structure across environments with different values:

api-key:
  - development: "sk_test_123"
  - staging: "sk_test_456"
  - production: "sk_live_789"

Environment Validation

Validate that the environment exists:

public static async Task ValidateEnvironment(string environment)
{
    try 
    {
        // Try to get any secret with this environment
        await Products.Secrets.GetAsync("api-key", environment: environment);
        return true;
    }
    catch (EnvironmentNotFoundException)
    {
        throw new Exception($"ByteHide environment '{environment}' does not exist");
    }
}

Next Steps

Previous
Access Secrets
Next
Managing Secrets