run
Execute commands with decrypted environment variables automatically injected.
Synopsis
Section titled “Synopsis”kiln run [options] -- <command> [args...]The run command decrypts environment variables and executes the specified command with those variables injected into the process environment, providing seamless integration with existing applications.
Arguments
Section titled “Arguments”<command>: Command to execute (required)[args...]: Arguments to pass to the command
Options
Section titled “Options”--file,-f: Environment file to use (default:default)--dry-run: Show environment variables without running command--timeout: Command execution timeout (e.g.,30s,5m,1h)--workdir: Working directory for command execution--shell: Run command through shell (/bin/sh -c)
Examples
Section titled “Examples”Basic Command Execution
Section titled “Basic Command Execution”kiln run -- node server.jskiln run -- python manage.py runserverkiln run -- ./myapp --port 8080With Specific Environment
Section titled “With Specific Environment”kiln run --file production -- ./deploy.shkiln run --file development -- npm startDry Run
Section titled “Dry Run”kiln run --dry-run -- node server.js# Would execute: node server.js# Environment file: default# Variables: 3# DATABASE_URL=postgresql://localhost:5432/myapp# API_KEY=sk-1234567890abcdef# DEBUG_MODE=trueWith Timeout
Section titled “With Timeout”kiln run --timeout 30s -- ./slow-processkiln run --timeout 5m -- npm testCustom Working Directory
Section titled “Custom Working Directory”kiln run --workdir /app -- ./run.shkiln run --workdir ./backend -- npm startShell Execution
Section titled “Shell Execution”kiln run --shell -- 'echo "Database: $DATABASE_URL"'kiln run --shell -- 'for i in {1..3}; do echo "API: $API_KEY"; done'Environment Variable Injection
Section titled “Environment Variable Injection”Process Environment
Section titled “Process Environment”The command inherits the current environment and adds/overrides with decrypted variables:
# Current environmentexport NODE_ENV=developmentexport PATH=/usr/bin:/bin
# kiln adds decrypted variableskiln run -- node -e 'console.log(process.env)'# Output includes: NODE_ENV, PATH, DATABASE_URL, API_KEY, etc.Variable Precedence
Section titled “Variable Precedence”- kiln decrypted variables (highest priority)
- Existing environment variables
- System default variables
Secure Handling
Section titled “Secure Handling”- Variables are injected directly into process memory
- No intermediate files or shell variable exports
- Automatic cleanup when command completes
Command Execution
Section titled “Command Execution”Direct Execution
Section titled “Direct Execution”By default, commands are executed directly without shell interpretation:
kiln run -- myapp --config /etc/myapp.conf# Executes: execve("myapp", ["myapp", "--config", "/etc/myapp.conf"], env)Shell Execution
Section titled “Shell Execution”With --shell, commands are interpreted by /bin/sh:
kiln run --shell -- 'echo "Starting with DB: $DATABASE_URL"'# Executes: execve("/bin/sh", ["/bin/sh", "-c", "echo \"Starting with DB: $DATABASE_URL\""], env)Path Resolution
Section titled “Path Resolution”- Relative paths are resolved from working directory
./and../prefixes are supported- Commands are found using
PATHenvironment variable
Error Handling
Section titled “Error Handling”Command Not Found
Section titled “Command Not Found”kiln run -- nonexistent-command# Error: command failed: exec: "nonexistent-command": executable file not found in $PATHAccess Denied
Section titled “Access Denied”kiln run --file production -- ./app# Error: security error: access denied for 'production' (check file permissions in kiln.toml)Command Timeout
Section titled “Command Timeout”kiln run --timeout 5s -- sleep 10# Error: command failed: context deadline exceededExit Code Propagation
Section titled “Exit Code Propagation”kiln run -- falseecho $? # 1 (command exit code preserved)
kiln run -- exit 42echo $? # 42 (custom exit codes preserved)Signal Handling
Section titled “Signal Handling”Interrupt Handling
Section titled “Interrupt Handling”Ctrl+C(SIGINT) is forwarded to the running command- Graceful shutdown allows command cleanup
- kiln waits for command termination before exiting
Process Group Management
Section titled “Process Group Management”- Commands run in their own process group
- Signal forwarding ensures proper cleanup
- Timeout handling uses context cancellation
Integration Patterns
Section titled “Integration Patterns”Application Startup
Section titled “Application Startup”# Web applicationkiln run --file production -- gunicorn app:app
# Background workerkiln run --file production -- celery worker -A myapp
# Database migrationkiln run --file production -- ./manage.py migrateDevelopment Workflow
Section titled “Development Workflow”# Start development serverkiln run --file dev -- npm run dev
# Run tests with test environmentkiln run --file test -- npm test
# Database setupkiln run --file dev -- ./setup-db.shDeployment Scripts
Section titled “Deployment Scripts”# Deploy applicationkiln run --file production --timeout 10m -- ./deploy.sh
# Health checkkiln run --file production --timeout 30s -- ./health-check.sh
# Backup operationkiln run --file production -- ./backup.shContainer Integration
Section titled “Container Integration”# Docker container with environmentkiln run --file production -- docker run --rm myapp:latest
# Docker Compose with injected variableskiln run --shell -- 'docker-compose up -d'
# Kubernetes jobkiln run --file production -- kubectl apply -f job.yamlWorkflow Examples
Section titled “Workflow Examples”Multi-Environment Deployment
Section titled “Multi-Environment Deployment”#!/bin/bashenvironments=("staging" "production")
for env in "${environments[@]}"; do echo "Deploying to $env..." if kiln run --file "$env" --timeout 5m -- ./deploy.sh; then echo "✓ $env deployment successful" else echo "✗ $env deployment failed" exit 1 fidoneDevelopment Server Management
Section titled “Development Server Management”# Start all serviceskiln run --file dev -- docker-compose up -d database redissleep 5
kiln run --file dev -- ./migrate.shkiln run --file dev -- npm run buildkiln run --file dev -- npm startTesting Pipeline
Section titled “Testing Pipeline”# Unit testskiln run --file test -- npm run test:unit
# Integration tests with databasekiln run --file test -- npm run test:integration
# End-to-end testskiln run --file test --timeout 10m -- npm run test:e2eBackup and Maintenance
Section titled “Backup and Maintenance”# Database backupkiln run --file production --timeout 30m -- pg_dump $DATABASE_URL > backup.sql
# Log rotationkiln run --file production -- ./rotate-logs.sh
# Certificate renewalkiln run --file production -- certbot renewPerformance Considerations
Section titled “Performance Considerations”Startup Overhead
Section titled “Startup Overhead”- File decryption time (typically <100ms)
- Process creation overhead
- Environment variable injection cost
Memory Usage
Section titled “Memory Usage”- Environment variables loaded into process memory
- No additional memory overhead beyond command requirements
- Automatic cleanup after command completion
Concurrent Execution
Section titled “Concurrent Execution”# Parallel execution with different environmentskiln run --file staging -- ./task.sh &kiln run --file production -- ./task.sh &waitBest Practices
Section titled “Best Practices”Security
Section titled “Security”- Use specific environment files for different security contexts
- Avoid shell execution unless necessary to prevent injection attacks
- Set appropriate timeouts to prevent resource exhaustion
- Monitor command execution in production environments
Reliability
Section titled “Reliability”- Handle command failures appropriately in scripts
- Use timeouts for long-running operations
- Validate environment before critical operations
- Log command execution for debugging
Development Workflow
Section titled “Development Workflow”# Development script with error handling#!/bin/bashset -euo pipefail
echo "Starting development environment..."
# Start dependencieskiln run --file dev -- docker-compose up -d
# Wait for servicessleep 10
# Run migrationsif ! kiln run --file dev --timeout 2m -- ./migrate.sh; then echo "Migration failed" exit 1fi
# Start applicationkiln run --file dev -- npm startTroubleshooting
Section titled “Troubleshooting”Command Not Executing
Section titled “Command Not Executing”# Check if command existswhich mycommand
# Check working directorykiln run --dry-run -- pwd
# Check environment variableskiln run --dry-run -- env | grep DATABASEPermission Issues
Section titled “Permission Issues”# Check file permissionsls -la ./myapp
# Run with explicit pathkiln run -- /usr/local/bin/myapp
# Check working directory permissionskiln run --workdir /tmp -- ./myappEnvironment Problems
Section titled “Environment Problems”# Verify environment file accesskiln export --file production >/dev/null
# Check specific variableskiln get DATABASE_URL --file production
# Validate configurationkiln info --file production --verifySignal Handling Issues
Section titled “Signal Handling Issues”# Test signal forwardingkiln run -- sleep 60 # Press Ctrl+C to test
# Check process cleanupps aux | grep myapp # Should show no orphaned processesAdvanced Usage
Section titled “Advanced Usage”Custom Signal Handling
Section titled “Custom Signal Handling”# Wrapper script for graceful shutdown#!/bin/bashcleanup() { echo "Cleaning up..." # Custom cleanup logic exit 0}trap cleanup SIGTERM SIGINT
kiln run --file production -- ./appEnvironment Debugging
Section titled “Environment Debugging”# Debug environment setupkiln run --shell -- 'env | grep -E "(DATABASE|API|DEBUG)" | sort'
# Check specific variable availabilitykiln run --shell -- 'test -n "$DATABASE_URL" && echo "DB configured" || echo "DB missing"'Complex Command Composition
Section titled “Complex Command Composition”# Pipeline with environmentkiln run --shell -- 'curl -H "Authorization: Bearer $API_KEY" https://api.example.com/data | jq .'
# Conditional executionkiln run --shell -- 'if [ "$DEBUG_MODE" = "true" ]; then echo "Debug enabled"; fi'