Bundles
Bundles are named collections of keys that help you organize environment variables by project, environment, or purpose.
What is a Bundle?
A bundle groups related keys together under a meaningful name:
- Example:
dev/api- Development environment for API service - Example:
prod/database- Production database credentials - Example:
staging/frontend- Staging environment for frontend app
Bundle Structure
Each bundle contains:
- Name - Unique identifier (e.g.,
dev/api,prod/db) - Description - Optional documentation
- Attached Keys - References to keys in your library
- Key Order - Custom ordering (optional)
Benefits
Organization
- Group keys by environment (dev, staging, prod)
- Separate keys by service (api, frontend, worker)
- Organize by purpose (database, auth, features)
Reusability
- Same key can be in multiple bundles
- Update key once, affects all bundles
Convenience
- Request entire bundle with one CLI command
- Approve and inject all variables at once
Creating Bundles
Via Web UI
- Go to https://env.cat/bundles
- Click "+ Create Bundle"
- Fill in details:
- Name:
dev/api(use/for namespacing) - Description: "Development environment for API service"
- Name:
- Click "Create"
Naming Best Practices
Use hierarchical names:
✅ dev/api
✅ staging/frontend
✅ prod/database
✅ team-alpha/service-x
❌ dev_api
❌ api-dev
❌ DevAPI
Common patterns:
{environment}/{service}
- dev/api
- staging/api
- prod/api
{team}/{project}
- team-alpha/mobile-app
- team-beta/analytics
{service}/{environment}
- api/dev
- api/prod
- frontend/dev
Via API
curl -X POST https://env.cat/api/v1/bundles \
-H "Content-Type: application/json" \
-d '{
"name": "dev/api",
"description": "Development environment for API service"
}'
Attaching Keys
Method 1: From Bundle Page
- Open your bundle (e.g., https://env.cat/bundles/dev-api)
- Click "Attach Keys"
- Select keys from your library:
DATABASE_URLREDIS_URLAPI_KEYPORT
- Click "Attach"
Method 2: From Key Page
- Go to a key detail page
- Click "Add to Bundle"
- Select bundle (e.g.,
dev/api) - Click "Add"
Reordering Keys
Drag and drop keys to reorder them. The order affects:
- CLI output (variables exported in order)
- .env file generation
- Approval UI display
Example order:
1. DATABASE_URL (infrastructure first)
2. REDIS_URL
3. API_KEY (auth keys)
4. JWT_SECRET
5. PORT (config last)
6. LOG_LEVEL
Managing Bundles
View Bundle Details
- Go to https://env.cat/bundles
- Click on a bundle name
- See:
- All attached keys (values masked)
- Key count
- Created/updated timestamps
- "Try It Out" terminal
Edit Bundle
- Open bundle details page
- Click "Edit"
- Update name or description
- Click "Save"
Note: Renaming a bundle updates its identifier. CLI commands using the old name will fail until updated.
Delete Bundle
Warning: This removes the bundle but does NOT delete the keys (they remain in your library).
- Open bundle details page
- Click "Delete"
- Confirm deletion
Keys can be reused in other bundles or new bundles.
Detach Keys
Remove a key from a bundle without deleting it:
- Open bundle details page
- Click the × next to a key
- Confirm detachment
The key remains in your library and other bundles.
Using Bundles
Request via CLI
Request all keys in a bundle:
envcat get --bundle dev/api --api-base https://env.cat
Output:
export DATABASE_URL='postgres://...'
export REDIS_URL='redis://...'
export API_KEY='sk_live_abc123'
export PORT='3000'
Request Specific Keys
Request only some keys from a bundle:
envcat get --bundle dev/api --keys DATABASE_URL,REDIS_URL --api-base https://env.cat
Output:
export DATABASE_URL='postgres://...'
export REDIS_URL='redis://...'
Write to .env File
envcat get --bundle dev/api --api-base https://env.cat --file .env
Creates .env:
DATABASE_URL=postgres://...
REDIS_URL=redis://...
API_KEY=sk_live_abc123
PORT=3000
Import & Export
Export Bundle
Format: ENV
- Open bundle details page
- Click "Export" → ".env"
- Choose:
- Masked (default):
DATABASE_URL=•••••••• - Revealed (dev mode):
DATABASE_URL=postgres://...
- Masked (default):
Download: dev-api.env
Format: JSON
{
"name": "dev/api",
"description": "Development environment",
"keys": [
{
"name": "DATABASE_URL",
"value": "postgres://...",
"is_secret": true
},
{
"name": "PORT",
"value": "3000",
"is_secret": false
}
]
}
Import from File
From .env:
- Go to bundles page
- Click "Import" → "From .env"
- Upload file or paste contents:
DATABASE_URL=postgres://...
API_KEY=sk_live_abc123
PORT=3000 - Specify bundle name (e.g.,
imported/from-env) - Mark secrets (toggle "Secret" for sensitive values)
- Click "Import"
env.cat will:
- Create keys in your library (if they don't exist)
- Create the bundle
- Attach all keys to the bundle
From JSON:
Similar to .env import, but with structured data including is_secret flags.
Try It Out
Every bundle has a "Try It Out" terminal for testing the CLI flow without leaving your browser.
How it works:
- Open bundle details page
- Click "Try It Out"
- Terminal drawer opens with pre-filled command:
envcat get --bundle dev/api --api-base https://env.cat - Click "Run"
- CLI runs in browser (simulated)
- Approval page opens automatically
- Approve → see variables injected
Perfect for:
- Testing the approval flow
- Verifying bundle contents
- Demoing to team members
- Learning CLI commands
Bundle Patterns
By Environment
dev/api - Development API
staging/api - Staging API
prod/api - Production API
Use case: Same keys, different values per environment.
By Service
api/database - API database credentials
api/redis - API cache credentials
api/auth - API auth keys
Use case: Separate concerns within one service.
By Team
team-alpha/mobile
team-beta/web
team-gamma/backend
Use case: Multi-tenant setup with team isolation.
By Purpose
database/postgres - PostgreSQL credentials
database/mongo - MongoDB credentials
cache/redis - Redis credentials
auth/jwt - JWT secrets
Use case: Organize by infrastructure component.
Advanced Features
Bundle Templates
Coming soon:
- Save bundle as template
- Create new bundles from templates
- Share templates across tenants
Version History
Coming soon:
- Track bundle changes over time
- Rollback to previous key sets
- Audit who changed what
Bundle Sharing
Coming soon (SaaS):
- Share bundles with team members
- Role-based access (read-only, edit)
- Audit logs for bundle access
Troubleshooting
Can't Create Bundle
Issue: "Bundle name already exists"
Solution:
- Bundle names must be unique within your tenant
- Use a different name or namespace (e.g.,
dev/api-v2) - Or delete the existing bundle first
Bundle Empty After Import
Issue: Imported .env but bundle has no keys
Solution:
- Check .env file format (KEY=VALUE, no quotes needed)
- Ensure file isn't empty
- Look for import errors in UI toast notifications
CLI Can't Find Bundle
Issue: envcat get --bundle dev/api returns "not found"
Solution:
- Verify bundle name matches exactly (case-sensitive)
- Check you're logged into correct tenant
- Ensure
--api-basepoints to correct environment
Best Practices
Naming
- Use consistent naming conventions across team
- Include environment in name (
dev/,prod/) - Use
/for logical grouping - Keep names short but descriptive
Organization
- One bundle per service + environment combo
- Separate secrets from config when possible
- Document bundle purpose in description field
Security
- Don't create "all secrets" bundles (reduce blast radius)
- Use specific bundles for specific purposes
- Regularly audit bundle contents
- Remove unused bundles
Workflow
- Create dev bundles first (test the flow)
- Clone to staging/prod (update values)
- Use CLI to verify all bundles work
- Document bundle relationships
Next Steps
Now that you understand bundles:
- Approval Flow - Learn how secrets are delivered
- Try It Out - Test the CLI in your browser
- CLI Reference - Master CLI commands
- Keys Guide - Deep dive into key management
Need Help?
- Quick Start - Get up and running fast
- API Reference - Bundles API documentation
- GitHub Discussions - Community help