export_secrets
Export secrets from qring-mcp as .env or JSON files. Filter by keys or tags, collapse superposition for specific environments, and choose global or project scope.
Instructions
Export secrets as .env or JSON format. Collapses superposition. Supports filtering by specific keys or tags.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| format | No | Output format | env |
| keys | No | Only export these specific key names | |
| tags | No | Only export secrets with any of these tags | |
| scope | No | Scope: global or project | |
| projectPath | No | Project root path for project-scoped secrets | |
| env | No | Environment for superposition collapse (e.g., dev, staging, prod) |
Implementation Reference
- src/core/keyring.ts:352-407 (handler)The function `exportSecrets` retrieves secrets, filters them, collapses superposition based on the environment, and formats the output as either `.env` or JSON.
export function exportSecrets( opts: KeyringOptions & { format?: "env" | "json"; keys?: string[]; tags?: string[] } = {}, ): string { const format = opts.format ?? "env"; const env = resolveEnv(opts); let entries = listSecrets(opts); const source = opts.source ?? "cli"; if (opts.keys?.length) { const keySet = new Set(opts.keys); entries = entries.filter((e) => keySet.has(e.key)); } if (opts.tags?.length) { entries = entries.filter((e) => opts.tags!.some((t) => e.envelope?.meta.tags?.includes(t)), ); } const merged = new Map<string, string>(); const globalEntries = entries.filter((e) => e.scope === "global"); const projectEntries = entries.filter((e) => e.scope === "project"); for (const entry of [...globalEntries, ...projectEntries]) { if (entry.envelope) { const decay = checkDecay(entry.envelope); if (decay.isExpired) continue; const value = collapseValue(entry.envelope, env); if (value !== null) { merged.set(entry.key, value); } } } logAudit({ action: "export", source, detail: `format=${format}` }); if (format === "json") { const obj: Record<string, string> = {}; for (const [key, value] of merged) { obj[key] = value; } return JSON.stringify(obj, null, 2); } const lines: string[] = []; for (const [key, value] of merged) { const escaped = value .replace(/\\/g, "\\\\") .replace(/"/g, '\\"') .replace(/\n/g, "\\n"); lines.push(`${key}="${escaped}"`); } return lines.join("\n"); } - src/mcp/server.ts:262-294 (registration)Registration of the `export_secrets` tool within the MCP server.
server.tool( "export_secrets", "Export secrets as .env or JSON format. Collapses superposition. Supports filtering by specific keys or tags.", { format: z .enum(["env", "json"]) .optional() .default("env") .describe("Output format"), keys: z .array(z.string()) .optional() .describe("Only export these specific key names"), tags: z .array(z.string()) .optional() .describe("Only export secrets with any of these tags"), scope: scopeSchema, projectPath: projectPathSchema, env: envSchema, }, async (params) => { const output = exportSecrets({ ...opts(params), format: params.format as "env" | "json", keys: params.keys, tags: params.tags, }); if (!output.trim()) return text("No secrets matched the filters", true); return text(output); }, );