FREE & OPEN SOURCE

Keychain-first credential management.

Secure, systematic environment bootstrapping for multi-channel DTC brands. Every API key stored in Apple Keychain, validated with smoke tests, protected by pre-commit hooks. 30+ services supported.

Clone from GitHub See how it works ↓

~/project — /setup-environment

$ /setup-environment

✓ Project namespace: ecomx
✓ Keychain access granted

→ Stripe: sk_live_•••••••• stored
→ Shopify: shpat_•••••••• stored
→ Vercel: prj_•••••••• stored
→ OpenAI: sk-•••••••• stored

✓ 4/4 smoke tests passed
✓ Pre-commit hooks installed
✓ .env.example generated

30+ services. One workflow.

Every credential your project needs — acquired, validated, and secured in a single session.

Infrastructure

GitHub · Vercel · Supabase · Cloudflare · GoDaddy

E-Commerce

Shopify (full admin: products, orders, customers, themes, content)

Payments

Stripe · Omise (Opn) · PayPal · Shopify Payments

Marketing & Ads

Meta (Facebook + Instagram + Ads) · Google Ads

Analytics & Email

GA4 · Klaviyo

Communication

Gmail · Google Drive · Gorgias · Twilio

AI / LLM

OpenAI · Anthropic · xAI (Grok) · Gemini

Design & Ops

Figma · Canva · FreePik · Milanote · Notion · Sentry · QuickBooks

Five steps. Zero guesswork.

STEP 01

Service Inventory

Select which services your project needs from a visual checklist.

STEP 02

Keychain Namespace

Create a project-scoped namespace in Apple Keychain — encrypted at rest, biometric unlock.

STEP 03

Credential Acquisition

Walk through each service: dashboard URL → key generation → format validation → Keychain storage.

STEP 04

Smoke Tests

Verify every connection works with per-service health checks before moving on.

STEP 05

Security Hardening

Pre-commit secret scanning, credential lifecycle tracking, AI context rules.

Four security tiers.

Public

NEXT_PUBLIC_SHOPIFY_STORE_DOMAINSafe to expose

Private

VERCEL_ORG_IDServer-side only

Secret

OPENAI_API_KEYAPI key — billable

Nuclear

STRIPE_SECRET_KEY — can spend real moneyCan spend real money

Three commands. Five minutes.

Clone, open the workflow, and let your AI agent walk you through it.

The workflow runs interactively. Your agent will prompt you service by service, help you acquire credentials, store them in Keychain, and validate each connection.

Terminal

# Clone and run the setup workflow
$ git clone https://github.com/ecomxco/setup-environment.git
$ cd setup-environment

# Open WORKFLOW.md in your AI agent
$ /setup-environment

Stop managing .env files. Start managing secrets properly.

Clone the repo. Run the workflow. Every API key encrypted in Apple Keychain in minutes.

Clone from GitHub Read the methodology →

How it works.

macOS · Apple Keychain · Node ≥ 18 · Any AI assistant · MIT License