Command: phala envs encrypt
Syntax
Description
Encrypt environment variables for a CVM (sealed, only readable inside TEE)Arguments
| Argument | Description |
|---|---|
<cvm_id>? | CVM identifier (UUID, app_id, instance_id, or name) |
Options
| Option | Description |
|---|---|
-e, --env <value> | Environment variable (KEY=VALUE) or env file path (repeatable) |
-n, --no-newline | Do not print trailing newline (useful for piping) |
Global Options
| Option | Description |
|---|---|
-h, --help | Show help information for the current command |
-v, --version | Show CLI version |
--api-token TOKEN, --api-key TOKEN | API token for authenticating with Phala Cloud |
-j, --json, --no-json | Output in JSON format |
-i, --interactive | Enable interactive mode |
--cvm-id <value> | CVM identifier (UUID, app_id, instance_id, or name) |
--profile PROFILE | Temporarily use a different auth profile for this command |
--api-version <value> | API version to use (e.g. 2025-10-28, 2026-01-21) |
Examples
- Encrypt inline variables
- Encrypt from env file
- Encrypt with CVM from phala.toml
- Pipe to file for later use
- Pipe without trailing newline