> ## Documentation Index
> Fetch the complete documentation index at: https://capy.sc/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Encrypted Secrets for PHP, Java, Elixir, Deno & More

> Use Capy with any runtime — PHP, Java, .NET, Elixir, Deno, Bun, shell. capy run -- <command> injects decrypted env vars and forwards signals to your process.

`capy run` has you covered. It decrypts `.env` in memory and spawns your command with the plaintext values injected as environment variables. It works with anything that reads env vars - PHP, Elixir, Java, .NET, Deno, Bun, static binaries, shell scripts.

## The pattern

```bash theme={null}
capy run -- <your command> [args...]
```

Capy:

1. Reads the local `.env` file.
2. Decrypts every `capy:…` snippet using your project key.
3. Spawns the child process with the decrypted values in its environment.
4. Forwards signals (`SIGINT`, `SIGTERM`, `SIGHUP`) and the child's exit code.

The plaintext lives only in the child process's memory - never on disk.

## Examples

```bash theme={null}
# PHP
capy run -- php -S localhost:8000

# Elixir / Phoenix
capy run -- mix phx.server

# Java
capy run -- java -jar app.jar

# .NET
capy run -- dotnet run

# Deno
capy run -- deno run --allow-env app.ts

# Shell script that reads $DATABASE_URL
capy run -- ./deploy.sh
```

## In containers

`capy run` works as the entrypoint of a Docker container as long as the deploy key is available at runtime. See [Deploying](/using/deploying) for how to inject the key.

```dockerfile theme={null}
CMD ["capy", "run", "--", "python", "app.py"]
```

## What's next

<Card title="Running your app" icon="play" href="/using/running-your-app" horizontal>
  Signals, exit codes, and env precedence in detail.
</Card>
