--- title: Hep.gg Secrets JavaScript SDK (LLM) description: Pull Hep.gg Secrets into process.env via the unified hepgg package (drop-in for hepgg-secrets). --- # Hep.gg Secrets SDK (hepgg package) One-shot, dotenv-style injector. Subpath: `hepgg/secrets`. Drop-in successor to the standalone `hepgg-secrets` package (same exports). Part of the unified `hepgg` package. Node 20+. ## Install npm install hepgg --registry https://npm.hep.gg ## API import { config, get, all } from "hepgg/secrets"; // config is also the default export await config(options) -> Record fetches secrets, injects into process.env get(name) -> string | undefined from last config(), falling back to process.env all() -> Record everything loaded by the last config() options (each has an env-var fallback): url string default https://hep.gg/api/v1/secrets/pull (HEPGG_SECRETS_URL) env string required for project-wide tokens (HEPGG_SECRETS_ENV) token string hsk_ pull token (HEPGG_SECRETS_TOKEN) key string E2EE passphrase/recovery key, E2EE only (HEPGG_SECRETS_KEY) keys string[] only fetch these names; default whole env override boolean default false; overwrite existing process.env cache boolean|string default true; encrypted last-good cache, or a path timeoutMs number default 8000 quiet boolean default false; suppress the cache-fallback warning Behavior: on network/server failure, falls back to the encrypted last-good cache if present. E2EE projects decrypt locally with `key`; the key is never sent. ## Migration from hepgg-secrets Change the import only: - from: import { config } from "hepgg-secrets"; - to: import { config } from "hepgg/secrets"; ## Part of the hepgg package Also provides: hepgg/id, hepgg/sms, hepgg/email, hepgg/uploader, hepgg/paste, hepgg/ai, hepgg/login, hepgg/logger (logger docs: https://docs.teamhydra.dev/docs/logger/getting-started). Full secrets reference: /llms/secrets/pull-api, /llms/secrets/package.