Vault Ingest — login

Authenticate with admin credentials.

Use backup code instead

First-time OTP setup

Confirm admin credentials to start enrollment:

Add this account to your authenticator app:

📱 Open in OTP app

Tap on mobile to launch Authy / FreeOTP / Google Authenticator / 1Password / Aegis already pre-filled.

Or scan the QR code (if you're on desktop, or your app doesn't auto-open)

Or enter manually:

After adding the account, enter the 6-digit code it generates:

⚠ Save these backup codes NOW

Each is single-use and shown only once. They unlock the account if you lose your OTP app.


    

      
      
    

    

      
    

    

  







  

    
Vault Ingest

    
    
    
  

  
Paste a .env file. The tool classifies each variable as secret or config, lets you override, then writes secrets to Vault and returns the two env vars (VAULT_SECRETS + VAULT_ENV_NAMES) ready to paste into the deploy stack.


  
  

    
1. Paste .env

    
    

      
    

    

      
      
    

    

    

  


  
  

    
2. Review classification

    
Tap any value to reveal it. Change the type via the dropdown if the LLM guessed wrong. Secrets are yellow, configs are blue.

    

    

    

      
      
    

    

  


  
  

    
3. Done — Vault is the source of truth

    


    
Paste these into the deploy stack's env file

    

      Both secrets and configs now live in Vault under
      secret/<folder>/<key> (secrets) and
      secret/<folder>/config/<key> (configs).
      The 4 lines below are pointers — eas-runtime-core's
      vault-fetch.sh resolves them at container start.
    

    

    

      
      
    


    
Or the complete cleaned .env

    
Same content with header comments — drop into /data/env/<app>.env as-is.