Makefile Patterns
Replace doppler run -- or infisical run -- with skret run -- in your Makefiles.
Basic Replacement
Section titled “Basic Replacement”# Before (Doppler)up-app: doppler run -- docker compose up -d app
# After (skret)up-app: skret run -- docker compose up -d appPer-Service Targets
Section titled “Per-Service Targets”A common pattern: one make target per service, each injecting secrets before starting:
.PHONY: up-app down-app up-worker down-worker
up-app: skret run -- docker compose up -d app
down-app: docker compose down app
up-worker: skret run -- docker compose up -d worker
down-worker: docker compose down workerNote: down targets do not need secrets, so no skret run -- wrapper.
Environment Overrides
Section titled “Environment Overrides”Use --env to target specific environments:
.PHONY: deploy-prod deploy-dev test-integration
deploy-prod: skret --env=prod run -- docker compose up -d
deploy-dev: skret --env=dev run -- docker compose up -d
test-integration: skret --env=dev run -- go test -tags=integration ./...Environment names follow whatever you defined in .skret.yaml. Two envs (prod + dev) is the minimum most teams need; add staging/qa/preview/etc. only when the workflow genuinely requires the split.
Export to .env for Tools That Need It
Section titled “Export to .env for Tools That Need It”Some tools require a .env file instead of environment variables:
.PHONY: env-file
env-file: skret env > .env
dev: skret env > .env docker compose up -d @echo "Started with secrets in .env"
clean: rm -f .env docker compose downMultiple Providers in One Makefile
Section titled “Multiple Providers in One Makefile”If your project uses different secret sources per environment:
environments: prod: provider: aws path: /myapp/prod region: us-east-1 dev: provider: local file: ./.secrets.dev.yaml# Uses local provider (no AWS credentials needed)dev: skret --env=dev run -- go run ./cmd/server
# Uses AWS SSM (requires AWS credentials)prod: skret --env=prod run -- ./serverMigration Checklist
Section titled “Migration Checklist”- Replace all
doppler run --withskret run -- - Replace all
infisical run --withskret run -- - Remove
DOPPLER_TOKEN/INFISICAL_TOKENfrom your environment - Run
skret initin each project root - Verify:
make up-<service>works as before