Team Setup
Essential patterns and examples for setting up kiln in team environments with proper access control and security boundaries.
Initial Project Setup
Section titled “Initial Project Setup”Team Lead Configuration
Section titled “Team Lead Configuration”# Generate project keykiln init key --path ./keys/admin.key
# Create team configurationkiln init config \ --recipients "admin=$(cat ./keys/admin.key.pub)" \ --recipients "alice=ssh-ed25519 AAAAC3..." \ --recipients "bob=age1234...abcd"Multi-Environment Structure
Section titled “Multi-Environment Structure”[recipients]admin = "age1admin...key"alice = "ssh-ed25519 AAAAC3..."bob = "age1bob...key"deploy-bot = "ssh-rsa AAAAB3..."
[groups]developers = ["alice", "bob"]admins = ["admin"]automation = ["deploy-bot"]
[files.development]filename = "dev.env"access = ["*"]
[files.staging]filename = "staging.env"access = ["developers", "admins"]
[files.production]filename = "prod.env"access = ["admins", "automation"]Environment Initialization
Section titled “Environment Initialization”Development Environment
Section titled “Development Environment”# Accessible to all team memberskiln set --from-file configs/dev-base.json --file development{ "NODE_ENV": "development", "DATABASE_URL": "postgresql://localhost:5432/app_dev", "LOG_LEVEL": "debug", "DEBUG": true}Production Environment
Section titled “Production Environment”# Restricted access with secure valueskiln set DATABASE_URL --file productionkiln set JWT_SECRET --file productionkiln set API_KEY --file productionKey Distribution
Section titled “Key Distribution”Secure Key Sharing
Section titled “Secure Key Sharing”# Team members generate their own keys
# Share public key securely (Slack, email, etc.)cat ~/.ssh/kiln_key.pubPublic Key Collection
Section titled “Public Key Collection”# Create team keys directorymkdir -p keys/team
# Collect public keysecho "ssh-ed25519 AAAAC3..." > keys/team/alice.pubecho "ssh-ed25519 AAAAC3..." > keys/team/bob.pubecho "age1234...abcd" > keys/team/charlie.pubAccess Verification
Section titled “Access Verification”Team Access Test
Section titled “Team Access Test”# Verify each member can access appropriate environmentsteam_members=("alice" "bob" "charlie")environments=("development" "staging" "production")
for member in "${team_members[@]}"; do echo "Testing access for $member:" for env in "${environments[@]}"; do if kiln info --file "$env" --key "keys/$member.key" --verify 2>/dev/null; then echo " ✓ $env" else echo " ✗ $env" fi donedoneBest Practices
Section titled “Best Practices”Security Boundaries
Section titled “Security Boundaries”- Development: Open access for rapid iteration
- Staging: Developer + admin access for testing
- Production: Admin-only access with automation exceptions
Key Management
Section titled “Key Management”- Personal keys for individual access
- Service keys for automation (CI/CD, deployments)
- Emergency admin keys with restricted distribution
Configuration Management
Section titled “Configuration Management”# Version control patterngit add kiln.toml *.env keys/*.pubgit add -N keys/*.key # Track but never commit private keysecho "keys/*.key" >> .gitignoreTroubleshooting
Section titled “Troubleshooting”Common Setup Issues
Section titled “Common Setup Issues”Public key format errors:
# Verify key formatssh-keygen -l -f alice.pubage-keygen -y alice.keyAccess verification failures:
# Check configuration syntaxkiln info --file developmentkiln info --verifyGroup membership issues:
# Validate group referencesgrep -A 10 "\[groups\]" kiln.tomlgrep -A 10 "\[recipients\]" kiln.toml