Skip to content
cuenv Documentation

cuenv

Two commands. Type-safe environments. Secrets that never leak. Tasks that run in parallel.
Quick Start View on GitHub

The Problem

Section titled “The Problem”

You’ve been here before: secrets in .env files that get committed, “works on my machine” bugs, CI pipelines that can’t run in parallel, and copy-paste task definitions with no validation.

cuenv fixes this with two primitives.

Two Primitives

Section titled “Two Primitives”

cuenv exec --

Run any command with validated environment variables and secrets resolved at runtime. Never store credentials on disk.

Terminal window
cuenv exec -- npm start
cuenv exec -e production -- ./deploy.sh

cuenv task

Run named tasks with automatic dependency resolution, parallel execution, and content-aware caching.

Terminal window
cuenv task build
cuenv task -e staging deploy

Why This Matters

Section titled “Why This Matters”

Secrets Never Leak

Secrets are fetched at runtime from 1Password, AWS, GCP, Vault—never written to disk, never exported to your shell, redacted from logs.

Validate Before You Run

CUE constraints catch NODE_ENV: "prod" typos before they become runtime failures. Type-safe configuration for your entire team.

Parallel by Default

Object keys run in parallel. Arrays run sequentially. Dependencies are respected. Your CI gets faster automatically.

Works Everywhere

Shell integration loads your environment when you cd into a project. Nix integration provisions tools automatically.

See It In Action

Section titled “See It In Action”
package cuenv


import "github.com/cuenv/cuenv/schema"


schema.#Cuenv


env: {
    NODE_ENV: "development" | "staging" | "production"


    // Secrets resolved at runtime, never stored
    DB_PASSWORD: schema.#OnePasswordRef & {
        ref: "op://vault/database/password"
    }
}


tasks: {
    // These run in parallel
    test: {
        unit:        { command: "npm", args: ["run", "test:unit"] }
        integration: { command: "npm", args: ["run", "test:e2e"] }
        lint:        { command: "npm", args: ["run", "lint"] }
    }


    // This waits for test to complete
    build: {
        command:   "npm"
        args:      ["run", "build"]
        dependsOn: ["test"]
    }
}

Status

Section titled “Status”

Core Engine

Complete. Fast CUE evaluation with Rust performance.

CLI + Tasks

Alpha. exec and task commands in active development.

Secrets + Shell

In development. Secret resolvers and shell integration coming soon.

Get Started

Section titled “Get Started”