leash dev
Run your local dev server with this app's configured source secrets injected into the process environment of whichever runtime your stack uses (Node, Python, Go, Ruby, Rust). Same values your deployed Cloud Run revision sees — without copying them into .env.local.
Usage
$ leash dev
✓ Synced 3 required keys from .env.example
✓ Resolved 3 secrets from 1 source
Starting `npm run dev` with 3 secrets injected...
From a directory with .leash/config.json (created by leash init). The CLI:
- Reads keys from
.env.example(the manifest). - POSTs the key list to the platform so it knows what this app needs.
- Pulls resolved values from your org's sources.
- Auto-detects your project type and runs the right dev command (Node, Python, Go, Rails, Rust), with the secrets injected into its environment.
Auto-detected dev commands
| Marker in cwd | Command run |
|---|---|
package.json | npm run dev |
manage.py | python3 manage.py runserver |
app.py / main.py | python3 <file> |
Gemfile | bundle exec rails server |
go.mod | go run . |
Cargo.toml | cargo run |
Pass an explicit command
Use -- to override auto-detection:
$ leash dev -- npm run start
Skip secret injection
To run without fetching secrets (and without the dependency on the platform):
$ leash dev --no-secrets
Useful when the platform is unreachable or you're intentionally testing with empty values.
leash dev vs your usual dev command
Both flows are supported. The difference is just how the process environment gets populated at startup (read via process.env in Node, os.environ in Python, os.Getenv in Go, etc.).
| Your native dev command | leash dev | |
|---|---|---|
| Static env values | From your .env.local (or whatever your stack reads on boot) | Pulled from org sources at start |
leash.env.get() values (TypeScript SDK) | Runtime fetch, same as prod | Runtime fetch, same as prod |
| Onboarding cost | Need to seed .env.local once | Nothing — values follow the org |
TypeScript only: type process.env from your manifest
Run leash secrets types to generate a leash-secrets.d.ts file that types process.env against the keys in your .env.example. For non-TS stacks the manifest still drives injection — there's just no codegen step.
Sample run
$ leash dev✓ Synced 4 required keys from .env.example✓ Resolved 4 secrets from 1 sourceStarting `npm run dev` with 4 secrets injected...> next devready started server on 0.0.0.0:3000
Related
- Local dev — the canonical local-dev flow (this command is one option in step 3).
- Secrets — the manifest model and how the platform resolves keys against org sources.
- App env vars — the full source model: Native, Doppler, 1Password, GCP SM, etc.