import { encryptEnvVars, parseEnvVars } from "@phala/cloud";
// Get the encryption key from KMS
const { public_key } = await client.getAppEnvEncryptPubKey({
kms: "ethereum-mainnet",
app_id: "0x1234abcd...",
});
// Encrypt environment variables
const envVars = parseEnvVars("API_KEY=secret\nDB_URL=postgres://...");
const encrypted = await encryptEnvVars(envVars, public_key);
// Use the encrypted env in commitCvmProvision or updateCvmEnvs
await client.commitCvmProvision({
app_id: "0x1234abcd...",
compose_hash: provision.compose_hash,
encrypted_env: encrypted,
env_keys: ["API_KEY", "DB_URL"],
});
