Repos and Secrets
TabTabTab supports repo setup from both the Web IDE and the CLI. Use the Web IDE when you want clone, project open, and Secret Manager in one flow. Use the CLI when you're already in a terminal or scripting onboarding for a teammate.
Either way, secrets are captured once and replayed into future environments. You don't have to paste your OpenRouter, Anthropic, OpenAI, or app-specific keys into every new VM.
Web IDE flow
Click the plus button in the left sidebar, choose Add Repository, enter an HTTPS Git URL, and choose the destination directory. TabTabTab clones the repo, opens it in the sidebar, registers it with the control plane when possible, and moves to Secret Manager.
Secret Manager detects repo-scoped env files, ignores templates such as .env.example, supports bulk KEY=value paste, writes local env files, backs values up to TabTabTab, and flags drift such as local-only, missing-locally, backup failed, and delete failed so you know when the cloud copy and the local copy diverge.
CLI flow
Register a local repository:
cd /path/to/repo
tabtabtab repo add .
Preview without saving:
tabtabtab repo add . --dry-run
Skip env discovery or accept the default classification without review:
tabtabtab repo add . --skip-env
tabtabtab repo add . --yes
List registered repos and re-run onboarding:
tabtabtab repo list
tabtabtab repo list --json
tabtabtab repo onboard
tabtabtab repo onboard --repo <repo-id-or-name>
Manage captured env vars from the CLI:
tabtabtab repo env list
tabtabtab repo env list --reveal
tabtabtab repo env add API_BASE_URL=https://api.example.com --plain
tabtabtab repo env add OPENAI_API_KEY=sk-example --source .env.local --secret
tabtabtab repo env rm API_BASE_URL --yes
What's stored where
Plain env vars and secrets are encrypted at rest in the TabTabTab control plane and written to the matching .env file when the repo is set up in a new environment. Nothing is committed to your git repo. If you ever want to walk away, tabtabtab repo env list --reveal gives you everything back.