Quick Start
This guide walks you through storing and retrieving your first secret in 5 minutes.
Step 1: Install
curl -fsSL https://getarcan.dev/install.sh | sh
See Installation for other methods (Homebrew, Docker, from source).
Step 2: Start the Server
arcan server
On first run, Arcan automatically:
- Generates a master encryption key
- Creates a local database
- Generates TLS certificates (CA + server cert)
- Runs the first-time setup wizard
Step 3: Complete First-Time Setup
The setup wizard runs automatically on the first start. It will:
- Create an admin user — enter your email and password
- Generate an API token — a persistent
arc_token for CLI access - Save CLI config — token and server URL saved for future CLI commands
After setup completes, the server starts listening on https://localhost:8443.
Step 4: Store a Secret
Open a new terminal and store a secret:
arcan kv set DATABASE_URL "postgres://user:pass@db:5432/myapp"
The secret is encrypted with AES-256-GCM before being written to the database.
Step 5: Retrieve It
arcan kv get DATABASE_URL
Output:
postgres://user:pass@db:5432/myapp
Step 6: Export as .env
arcan kv export
Output:
DATABASE_URL="postgres://user:pass@db:5432/myapp"
What's Next
- Organize with realms:
arcan realm create myapp "My Application"then use-r myappon commands - Use environments:
arcan kv set API_KEY "sk-abc" -r myapp -e prod - Inject into processes:
arcan kv run -r myapp -e prod -- node server.js - Set up SSO:
arcan auth setupfor OIDC, SAML, or LDAP - Docker integration:
arcan docker compose -r myapp -e prodto generate.envfiles - Kubernetes: See External Secrets Operator
- Run diagnostics:
arcan doctorto verify all subsystems
Useful Commands
# List all secrets
arcan kv list
# Delete a secret
arcan kv delete OLD_KEY
# Create an API token
arcan token create --name ci --scopes read,write
# Check server health
curl -sk https://localhost:8443/api/v1/health