Developer Tutorials

Learn by Doing
Copy-Paste Ready Examples

Step-by-step tutorials with working code examples for every platform

5-Minute Quick Start

Get your first secret loaded in 5 minutes

Installation & First Secret
1

Install the CLI

npm install -g xtra-cli
2

Authenticate

xtra login
3

Create a Secret

xtra secret create --name "api-key" --value "your-secret-here"
4

Retrieve the Secret

xtra secret get api-key

Platform-Specific Tutorials

Beginner5 min
Secure API Keys in Node.js
Load and use secrets safely in Node.js applications
Node.jsAPI KeysEnvironment Variables
// 1. Install CLI npm install -g xtra-cli // 2. Authenticate xtra login // 3. Load secret in Node.js const { XtraClient } = require('@xtrasecurity/sdk-node'); const client = new XtraClient({ projectId: process.env.PROJECT_ID, apiKey: process.env.API_KEY, }); // Get secret const apiKey = await client.getSecret('stripe-live-key'); // Use in your app const stripe = require('stripe')(apiKey);
Intermediate10 min
Docker Secrets Management
Inject secrets into Docker containers securely
DockerContainersOrchestration
# Dockerfile with XtraSecurity init FROM node:18-alpine # Install XtraSecurity CLI RUN npm install -g xtra-cli WORKDIR /app COPY package*.json ./ RUN npm ci --only=production COPY . . # Load secrets at runtime CMD ["xtra", "run", "--", "node", "app.js"] # In your app.js: const secret = await client.getSecret('db-password'); console.log('Connected to database');
Intermediate8 min
CI/CD with GitHub Actions
Use XtraSecurity in your GitHub Actions workflows
GitHubCI/CDAutomation
name: Deploy on: push: branches: [main] jobs: deploy: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 # Load secrets from XtraSecurity - name: Get Deployment Secrets env: XTRA_API_KEY: ${{ secrets.XTRA_API_KEY }} XTRA_PROJECT_ID: ${{ secrets.XTRA_PROJECT_ID }} run: | xtra login --api-key $XTRA_API_KEY --project $XTRA_PROJECT_ID PROD_DB_PASSWORD=$(xtra get prod-db-password) echo "DB_PASS=$PROD_DB_PASSWORD" >> $GITHUB_ENV - name: Deploy to Production env: DB_PASSWORD: ${{ env.DB_PASS }} run: ./deploy.sh
Advanced15 min
Kubernetes Secret Injection
Inject XtraSecurity secrets into Kubernetes pods
KubernetesK8sOrchestration
apiVersion: v1 kind: ConfigMap metadata: name: xtra-init data: init.sh: | #!/bin/sh xtra get prod-db-password > /secrets/db-password xtra get stripe-api-key > /secrets/stripe-key --- apiVersion: v1 kind: Pod metadata: name: app-pod spec: containers: - name: app image: myapp:latest env: - name: XTRA_API_KEY valueFrom: secretKeyRef: name: xtra-creds key: api-key volumeMounts: - name: secrets mountPath: /secrets initContainers: - name: xtra-init image: node:18-alpine command: ["/bin/sh", "/scripts/init.sh"] env: - name: XTRA_API_KEY valueFrom: secretKeyRef: name: xtra-creds key: api-key volumeMounts: - name: scripts mountPath: /scripts - name: secrets mountPath: /secrets volumes: - name: scripts configMap: name: xtra-init - name: secrets emptyDir: {}

Video Walkthroughs

Getting Started with XtraSecurity

3:4512.5K views

Rotating Secrets in Production

8:208.3K views

Kubernetes Integration Setup

15:105.2K views

Best Practices

🔄 Rotate Regularly
  • Rotate secrets every 90 days minimum
  • Auto-rotate critical secrets every 30 days
  • Keep audit trail of all rotations
🔐 Never Hardcode
  • Always load from environment variables
  • Use .env.example without actual values
  • Never commit secrets to git
📝 Audit Everything
  • Enable audit logging for all secret access
  • Review access patterns monthly
  • Alert on unusual activity
🔑 Manage Permissions
  • Use least-privilege access control
  • Separate prod and dev secrets
  • Review team membership quarterly

Ready to Get Started?

Follow one of our tutorials to secure your first secret in minutes