Quick Start

This guide walks you through storing and retrieving your first secret in 3 minutes.

Step 1: Install

curl -fsSL https://getarcan.dev/install.sh | sh

See Installation for other methods (Homebrew, Docker, from source).

Step 2: Start the Server

arcan server

On first run, Arcan automatically:

Generates a master encryption key at ~/.arcan/data/master.key
Creates a SQLite database at ~/.arcan/data/arcan.db
Generates TLS certificates (CA + server cert)
Starts listening on https://localhost:9797

Step 3: Store a Secret

Open a new terminal and store a secret:

arcan kv set DATABASE_URL "postgres://user:pass@db:5432/myapp"

The secret is encrypted with AES-256-GCM before being written to the database.

Step 4: Retrieve It

arcan kv get DATABASE_URL

Output:

postgres://user:pass@db:5432/myapp

Step 5: Export as .env

arcan kv export

Output:

DATABASE_URL="postgres://user:pass@db:5432/myapp"

What's Next

Organize with realms: arcan realm create myapp "My Application" then use -r myapp on commands
Use environments: arcan kv set API_KEY "sk-abc" -r myapp -e prod
Inject into processes: arcan kv run -r myapp -e prod -- node server.js
Set up SSO: arcan auth setup for OIDC, SAML, or LDAP
Docker integration: arcan docker compose -r myapp -e prod to generate .env files
Kubernetes: See External Secrets Operator
Run diagnostics: arcan doctor to verify all subsystems

Useful Commands

# List all secrets
arcan kv list

# Delete a secret
arcan kv delete OLD_KEY

# Create an API token
arcan token create --name ci --scopes read,write

# Check server health
curl -sk https://localhost:9797/api/v1/health

Step 1: Install​

Step 2: Start the Server​

Step 3: Store a Secret​

Step 4: Retrieve It​

Step 5: Export as .env​

What's Next​

Useful Commands​