.ov.yaml

import { Aside } from ‘@astrojs/starlight/components’;

`.ov.yaml` auto-detection is coming in a future release. Today, set your default app with `ov app use ` and pass `--app` where needed.

.ov.yaml will be an optional project config file that lives in your repository root. When present, it will eliminate the need to pass --app on every command and tell ov run and ov mcp serve which secrets to inject automatically.

---

Planned format

.ov.yaml

# OpaqueVault project config. Safe to commit — contains no secrets.

app: my-saas          # app name in OpaqueVault

# Optional: which secrets to inject with `ov run` and vault_run.
# If omitted, all secrets in the app are injected.
secrets:
  - DATABASE_URL
  - STRIPE_SECRET_KEY
  - SENDGRID_API_KEY

---

Current alternative

Until .ov.yaml is supported, set your default app once:

ov app use my-saas

Then all commands target my-saas without any flags:

ov secret set DATABASE_URL
ov secret list
ov run --secrets DATABASE_URL -- ./migrate

To target a different app for a single command, use --app:

ov secret list --app payments-service
ov run --secrets DATABASE_URL --app payments-service -- ./migrate