> ## Documentation Index
> Fetch the complete documentation index at: https://capy.sc/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Rust Secrets Management: Encrypted Env for Cargo

> Wrap cargo run and cargo test with Capy to inject encrypted environment variables into your Rust binaries — no plaintext at rest, no SDK changes needed.

Use `capy run` to decrypt `.env` and pass the plaintext values to your binary. Your code reads env vars with `std::env::var` or crates like `envy`.

<Steps>
  <Step title="Install the CLI">
    <CodeGroup>
      ```bash brew theme={null}
      brew install capysc/tap/capy
      ```

      ```bash npm theme={null}
      npm install -g @capysc/cli
      ```

      ```bash bun theme={null}
      bun add -g @capysc/cli
      ```
    </CodeGroup>
  </Step>

  <Step title="Sync your secrets">
    ```bash theme={null}
    capy
    ```
  </Step>

  <Step title="Run your app">
    ```bash theme={null}
    capy run -- cargo run
    capy run -- ./target/release/my-binary
    capy run -- cargo test
    ```

    Read env vars the standard way:

    ```rust theme={null}
    use std::env;

    let db_url = env::var("DATABASE_URL").expect("DATABASE_URL not set");
    ```
  </Step>

  <Step title="Invite a teammate">
    ```bash theme={null}
    capy invite teammate@example.com
    ```
  </Step>

  <Step title="Deploy">
    ```bash theme={null}
    capy deploy
    ```
  </Step>
</Steps>

## What's next

<Card title="Running your app" icon="play" href="/using/running-your-app" horizontal>
  The full story on `capy run`.
</Card>
