Docs / CLI Reference

CLI Reference

Every SlickEnv command, its usage, flags, and examples.

slickenv init

Initialise a project directory and link it to a SlickEnv project and environment.

$ slickenv init [--project <name>] [--env <environment>]
FlagDescription
--projectProject name (prompted if omitted)
--envEnvironment name, e.g. development, staging, production

slickenv push

Push local .env variables to the remote store. Creates a new version.

$ slickenv push [--message <msg>] [--force]
FlagDescription
--message, -mVersion message describing the change
--forceSkip conflict detection and overwrite remote

slickenv pull

Pull the latest version from the remote store and write it to your local .env file.

$ slickenv pull [--version <number>] [--force]
FlagDescription
--version, -vPull a specific version instead of latest
--forceOverwrite local .env without conflict check

slickenv status

Show the current sync status: whether your local .env matches the remote version.

$ slickenv status

Project:     my-project
Environment: development
Local:       14 variables
Remote:      v7 — 14 variables
Status:      ✓ In sync

slickenv versions

List all versions of the current environment with timestamps, variable counts, and messages.

$ slickenv versions [--limit <n>]

slickenv diff

Compare your local .env against the remote version. Shows added, removed, and changed variables.

$ slickenv diff

+ NEW_API_KEY=sk_live_xyz789
- OLD_API_KEY=sk_live_abc123
~ DATABASE_URL
    Local:  postgres://localhost:5432/myapp_dev
    Remote: postgres://prod-db:5432/myapp

slickenv rollback

Restore a previous version as the current local .env.

$ slickenv rollback <version>

$ slickenv rollback v5
✓ Rolled back to v5 — .env updated with 12 variables.

slickenv share

Generate a one-time share link for the current environment. The link expires after one use or after the specified duration.

$ slickenv share [--expires <duration>]

$ slickenv share --expires 1h
✓ Share link created (expires in 1 hour):
  https://env.slickspender.com/s/abc123xyz
FlagDescription
--expiresExpiration duration, e.g. 1h, 24h, 7d (default: 24h)

slickenv export

Export the current environment to a file in .env, JSON, or YAML format.

$ slickenv export [--format <env|json|yaml>] [--output <path>]
FlagDescription
--format, -fOutput format: env, json, yaml (default: env)
--output, -oOutput file path (default: stdout)

slickenv login

Authenticate with SlickEnv via GitHub or Google OAuth. Opens your browser and stores the token in your system keychain.

$ slickenv login

slickenv logout

Sign out and remove stored credentials from your system keychain.

$ slickenv logout
✓ Signed out.

slickenv scan

Scan for leaked secrets using 53 built-in patterns covering AWS, Stripe, GitHub, OpenAI, Anthropic, JWT tokens, database URLs, private keys, and more. Outputs a security score from 0–100.

$ slickenv scan [--files] [--git] [--mcp] [--ai-generated] [--ci] [--fix] [--severity <level>]

  ✗ STRIPE_SECRET_KEY   stripe_live_key  (critical)  .env:3
  ⚠ DATABASE_URL        postgres://...   (high)      .env:8

  Score: 42/100  —  1 critical, 1 high
FlagDescription
--filesScan all files in the current directory (default: .env only)
--gitScan git-tracked files only
--mcpScan MCP config files (mcp.json, .mcp/)
--ai-generatedScan AI-generated code files specifically
--ciCI mode — exit 1 if any critical or high findings
--fixInteractive mode to resolve findings
--severityFilter by severity: critical, high, medium, info

slickenv git scan

Search your entire git commit history for secrets using all 53 patterns. Finds secrets that were committed and later deleted — they still exist in history.

$ slickenv git scan

  → Scanning 1,247 commits for 53 secret patterns...

  ✗ AWS_SECRET_KEY    found in 3 commits (oldest: 8 months ago)
  ✗ STRIPE_SECRET_KEY found in 1 commit  (6 months ago)

  2 secret types exposed in git history

slickenv git audit

Display a visual timeline of commits that contain secrets, including the commit hash, author, date, and which secret patterns were found.

$ slickenv git audit

slickenv git clean

Guided BFG Repo-Cleaner wrapper that permanently removes secrets from git history. Walks you through: backup → BFG clean → git gc → force-push.

$ slickenv git clean

  Step 1/4: Creating backup...           ✓
  Step 2/4: Running BFG Repo-Cleaner...  ✓
  Step 3/4: Running git gc...            ✓
  Step 4/4: Ready to force-push         (manual step — see instructions)

slickenv git protect

Install a pre-commit hook that blocks any commit containing secrets. Runs automatically before every git commit — no action required after installation.

$ slickenv git protect

  ✓ Pre-commit hook installed at .git/hooks/pre-commit
  → Hook will block commits containing secrets (53 patterns)

slickenv ai protect

Generate AI tool ignore files so that Cursor, Claude Code, GitHub Copilot, Windsurf, and Continue.dev cannot read your .env file or other secret files.

$ slickenv ai protect

  ✓ .cursorignore     created
  ✓ .claudeignore     created
  ✓ .copilotignore    created
  ✓ .aiexclude        created

  AI tools can no longer read .env, .env.*, or secret files

slickenv ai status

Show which AI coding tools are currently protected and which ignore files exist in the current project.

$ slickenv ai status

  Tool              Ignore File        Status
  Cursor            .cursorignore      ✓ Protected
  Claude Code       .claudeignore      ✓ Protected
  GitHub Copilot    .copilotignore     ✗ Not protected
  Windsurf          .aiexclude         ✗ Not protected

slickenv run

Run a command with slickenv://KEY references resolved to their real values. Values are injected only into the child process environment — never written to disk.

$ slickenv run -- <command>

# Example: resolve references in an app startup command
$ slickenv run -- node server.js

# Your code uses references instead of real values:
# DATABASE_URL=slickenv://DATABASE_URL
# STRIPE_KEY=slickenv://STRIPE_KEY

slickenv --help

Display help information for any command.

$ slickenv --help
$ slickenv push --help