SDK

Env vars

Fetch env vars at runtime — database URLs, API keys, anything your app needs to know. Resolved through your org's configured secret source so you can rotate without redeploying.

Use it

import { LeashIntegrations } from '@leash/sdk/integrations'

const client = new LeashIntegrations({
  apiKey: process.env.LEASH_API_KEY,
})

// Single key
const dbUrl = await client.getEnv('DATABASE_URL')

// All keys for this app
const env = await client.getEnv()
console.log(env.DATABASE_URL, env.STRIPE_KEY)

Where the values come from

Org owners configure a secret source on the dashboard. Options:

Native — type values directly into Leash. Encrypted with the org's KMS key. Free on every plan.
External sources (Growth+) — point Leash at your existing Doppler / 1Password / Bitwarden / Infisical / GCP Secret Manager. Leash never stores the secret value, only a token to fetch it.

getEnv is the same call regardless of source. Rotation in your source takes effect on the next call (results are cached for the lifetime of the client instance).

Failure modes

api_key_required — missing or invalid X-API-Key header. Check that LEASH_API_KEY is set.
not_found — the key isn't configured in the org's secret source. Returns null (single-key form) or omits the key from the dictionary (all-keys form).
source_unreachable — the external secret source (e.g. Doppler) is down or rejected the org's token. Owners get notified via the dashboard.