Usage Examples
Unlock the full potential of ZMS with these real-world implementation patterns.
🚀 The Bootstrap Pattern (Node.js/Express)
This is the recommended way to secure your production applications. Instead of storing a .env file on disk, you inject secrets directly into memory.
1. Project Setup
ZMS_TOKEN=zms_st_dev_abc123...2. Update package.json
Wrap your start script with the ZMS runner:
{
"scripts": {
"start": "zms run -- node server.js"
}
}3. Access in Code
Secrets are automatically injected into process.env. No dotenv required!
const dbUrl = process.env.DATABASE_URL;
// ZMS has already decrypted and injected this.🤖 AI Agent Workflow (MCP)
Empower your AI assistants to manage infrastructure without ever seeing plaintext secrets.
Scenario: Automatic Secret Migration
Instruct your agent:
“scan my .env.local and sync all secrets to the ‘Project X’ vault under the ‘api’ service using ZMS MCP. Then, delete the local .env.local content and replace it with the ZMS_TOKEN provided by the vault.”
Outcome: The agent uses bulk_save_secrets and provision_project to move credentials into the Zero-Trust vault, leaving your disk clean.
🐍 Python Integration (CLI Wrapper)
ZMS works with any language by wrapping the execution process.
zms run -- python app.pyInside app.py:
import os
db_url = os.environ.get('DATABASE_URL')
# Perfectly secure, injected at runtime.⚡ Next.js Implementation
For Next.js, use zms run during the build or dev process to ensure all NEXT_PUBLIC_ and private secrets are available.
# Production Build
zms run -- pnpm build
# Local Development
zms run -- pnpm dev[!TIP] Always use
zms run --to ensure your environment is clean and secrets are strictly scoped to the current execution context.