edit
Interactive editing of encrypted environment variables using your preferred editor.
Synopsis
Section titled “Synopsis”kiln edit [options]The edit command provides a secure, interactive way to modify multiple environment variables by temporarily decrypting the file into a secure temporary location for editing.
Options
Section titled “Options”--file,-f: Environment file to edit (default:default)--editor: Editor to use (overridesEDITORenvironment variable)
Examples
Section titled “Examples”Basic Editing
Section titled “Basic Editing”kiln edit# Opens default environment file in $EDITORSpecific Environment File
Section titled “Specific Environment File”kiln edit --file productionkiln edit --file stagingCustom Editor
Section titled “Custom Editor”kiln edit --editor vimkiln edit --editor "code --wait"Editor Configuration
Section titled “Editor Configuration”Environment Variable
Section titled “Environment Variable”The command uses the EDITOR environment variable by default:
export EDITOR=vimkiln edit
# Orexport EDITOR="code --wait"kiln editSupported Editors
Section titled “Supported Editors”- vim/nvim:
export EDITOR=vim - emacs:
export EDITOR=emacs - nano:
export EDITOR=nano - VS Code:
export EDITOR="code --wait" - Sublime:
export EDITOR="subl --wait"
The --wait flag is important for GUI editors to ensure kiln waits for the editor to close before processing changes.
File Format
Section titled “File Format”The temporary file uses standard environment variable format:
# Environment Variables# Format: KEY=value
DATABASE_URL=postgresql://localhost:5432/myappAPI_KEY=sk-1234567890abcdefDEBUG_MODE=trueLOG_LEVEL=info
# Comments are preservedREDIS_URL=redis://localhost:6379Format Rules
Section titled “Format Rules”- One variable per line:
KEY=value - Comments start with
# - Empty lines are ignored
- No quotes needed unless value contains special characters
- Multiline values not supported (use
\nfor newlines)
Security Features
Section titled “Security Features”Temporary File Handling
Section titled “Temporary File Handling”- Creates temporary file in secure location (
/dev/shmon Linux if available) - File permissions set to 0600 (owner read/write only)
- Automatic cleanup on completion or interruption
- Memory-backed filesystem for additional security
Signal Handling
Section titled “Signal Handling”The command handles interruption gracefully:
Ctrl+Cduring editing safely removes temporary fileSIGTERMtriggers secure cleanup- Editor process termination is monitored
Memory Safety
Section titled “Memory Safety”- Decrypted content is wiped from memory after editing
- Temporary file is securely deleted
- No sensitive data persists after command completion
Change Detection
Section titled “Change Detection”Modification Tracking
Section titled “Modification Tracking”- Compares file modification time before and after editing
- Only saves changes if the file was actually modified
- Preserves original file if no changes are made
Validation
Section titled “Validation”Before saving changes, the command validates:
- Environment variable name format
- File syntax and parsing
- Access permissions for the target file
Error Handling
Section titled “Error Handling”Editor Not Found
Section titled “Editor Not Found”kiln edit# Error: configuration error: no editor specified (set EDITOR environment variable or use --editor flag)Invalid Editor
Section titled “Invalid Editor”kiln edit --editor nonexistent# Error: configuration error: editor 'nonexistent' not found in PATH (check editor installation and PATH)Syntax Errors
Section titled “Syntax Errors”# If you save invalid syntax in the editor:# Error: invalid environment file format: line 5: invalid formatAccess Denied
Section titled “Access Denied”kiln edit --file production# Error: security error: access denied for 'production' (check file permissions in kiln.toml)Workflow Examples
Section titled “Workflow Examples”Development Configuration
Section titled “Development Configuration”kiln edit --file development# Opens editor with development variables# Add: DEBUG_MODE=true# Add: LOG_LEVEL=debugProduction Setup
Section titled “Production Setup”kiln edit --file production# Opens editor for production variables# Add: DATABASE_URL=postgresql://prod-server/myapp# Add: JWT_SECRET=very-secure-secret# Add: DEBUG_MODE=falseBulk Updates
Section titled “Bulk Updates”kiln edit --file staging# Efficient way to update multiple related variables:# - Update API endpoints# - Rotate multiple secrets# - Adjust configuration parametersEditor Integration
Section titled “Editor Integration”VS Code Configuration
Section titled “VS Code Configuration”# Set up VS Code for kiln editingexport EDITOR="code --wait"
# Or add to your shell profile:echo 'export EDITOR="code --wait"' >> ~/.bashrcVim Configuration
Section titled “Vim Configuration”# Vim is synchronous by defaultexport EDITOR=vim
# Or for neovim:export EDITOR=nvimCustom Editor Scripts
Section titled “Custom Editor Scripts”# Create wrapper script for complex editor setupscat > ~/.local/bin/kiln-editor << 'EOF'#!/bin/bash# Custom editor for kiln with syntax highlightingvim -c 'set ft=sh' "$1"EOF
chmod +x ~/.local/bin/kiln-editorexport EDITOR=kiln-editorPerformance Considerations
Section titled “Performance Considerations”Large Environment Files
Section titled “Large Environment Files”- Decryption time scales with file size
- Editor loading time depends on variable count
- Memory usage proportional to total content size
Frequent Editing
Section titled “Frequent Editing”For repeated edits:
- Consider using
setfor single variable updates - Use
editfor bulk changes and initial setup - Remember that each edit re-encrypts the entire file
Best Practices
Section titled “Best Practices”Security
Section titled “Security”- Use secure editors that don’t create backup files in insecure locations
- Clear editor history if it might contain sensitive values
- Monitor temporary file location to ensure secure storage
- Verify access control before editing sensitive environments
Workflow
Section titled “Workflow”- Backup before major changes using
exportcommand - Validate syntax carefully before saving
- Use comments to document variable purposes
- Group related variables logically in the file
Editor Setup
Section titled “Editor Setup”- Configure editor wait behavior for GUI editors
- Disable auto-save to prevent premature saves
- Set up syntax highlighting for environment files
- Configure secure temporary directories if needed
Troubleshooting
Section titled “Troubleshooting”Editor Doesn’t Wait
Section titled “Editor Doesn’t Wait”# Problem: Editor opens and kiln immediately processes empty file# Solution: Add --wait flag for GUI editorsexport EDITOR="code --wait"Permission Issues
Section titled “Permission Issues”# Problem: Cannot create temporary file# Solution: Check /tmp permissions or specify different TMPDIRexport TMPDIR=~/.cache/kilnSyntax Errors
Section titled “Syntax Errors”# Problem: Invalid format after editing# Solution: Check for missing = signs, invalid characters in names# Valid: API_KEY=value# Invalid: api-key=value (hyphens not allowed)Signal Handling
Section titled “Signal Handling”# If editor process becomes detached:# 1. Find editor process: ps aux | grep editor# 2. Kill gracefully: kill -TERM <pid># 3. Clean up manually if needed: rm /tmp/kiln-edit-*Integration with Development Workflow
Section titled “Integration with Development Workflow”Pre-commit Hooks
Section titled “Pre-commit Hooks”# Validate environment files before commits#!/bin/bashfor env_file in .env.*; do if ! kiln edit --file "${env_file%.env}" --editor "true"; then echo "Invalid environment file: $env_file" exit 1 fidoneIDE Integration
Section titled “IDE Integration”# VS Code task for editing environment{ "version": "2.0.0", "tasks": [ { "label": "Edit Environment", "type": "shell", "command": "kiln edit --file ${input:environmentFile}", "group": "build" } ]}