Share Secrets with Your Team

In this short guide you’ll learn how to:

  1. Create a shared workspace
  2. Invite your team and share secrets with them

Before you begin

Before you start, make sure you have completed the following steps:

  1. Install the SecretHub CLI for your OS.
  2. Sign up for a SecretHub account.

Getting help

Come chat with us on Discord or email us at

Step 1: Create a shared workspace

To collaborate with team members, you need a shared workspace. To create one, run the org init command:

secrethub org init

You will be asked to type in a name for your organization. Pick something short and recognizable, e.g. your company name.

Similar to your personal workspace, you can create repositories in a shared workspace. Create one now, you will use it later to share secrets with your team:

secrethub repo init your-company/start

Let’s add a few directories and secrets to the repository so we have something to share:

secrethub mkdir your-company/start/dev
echo "Hello Development" | secrethub write your-company/start/dev/hello
secrethub mkdir your-company/start/prd
echo "Hello Production" | secrethub write your-company/start/prd/hello

Step 2: Invite your team

It’s no fun working alone, so let’s invite some team members. SecretHub user accounts are personal accounts that are not tied to a single organization. This means that your team members need to have created an account before you can invite them to your organization.

For the purpose of this guide, let’s say your teammate Alice signed up with the username alice. Now that you have a friend on SecretHub, you can invite her to your organization workspace using the org invite command:

secrethub org invite your-company alice

Next, let’s invite Alice to collaborate on the start repository:

secrethub repo invite your-company/start alice

Finally, to instantly share all dev secrets with Alice, you can create an access rule:

secrethub acl set your-company/start/dev/ alice read

Alice can now read all secrets in the your-company/start/dev directory, including the hello secret:

secrethub read your-company/start/hello

Under the hood all the encryption has been taken care of.

To allow her to also write to the dev directory, change the access rule to write permissions:

secrethub acl set your-company/start/dev/ alice write

With the access rule in place, she can now both read the secret and write a new version of it.

Naturally, this is only a small subset of what you can do with shared workspaces but you get the gist. Kick the tires for a bit, invite more team members and check how this could work for you.

Next steps

You’ve now covered the bases of managing your organization within SecretHub.

To learn more, check out these resources:

Finally, to get your organization back to a clean state, you can remove the start repository used in this guide by running:

secrethub repo rm your-company/start

And you’re done. Happy coding!