Troubleshooting
Exit Codes
Section titled “Exit Codes”skret uses structured exit codes to indicate the type of failure:
| Code | Name | Description | Common Cause |
|---|---|---|---|
| 0 | Success | Operation completed | — |
| 1 | Generic error | Unclassified failure | Unexpected runtime error |
| 2 | Config error | Configuration problem | .skret.yaml not found, invalid schema |
| 3 | Provider error | Backend failure | AWS SSM unreachable, API error |
| 4 | Auth error | Authentication failed | Missing/expired AWS credentials |
| 5 | Not found | Secret does not exist | Wrong key name or path |
| 6 | Conflict error | Resource conflict | Key already exists (with --on-conflict=fail) |
| 7 | Network error | Connectivity issue | No internet, DNS failure, timeout |
| 8 | Validation error | Invalid input | Value exceeds 4 KB limit, bad key format |
| 125 | Exec error | Process execution failed | Command not found in skret run -- |
Check exit codes in scripts:
skret get DATABASE_URLecho "Exit code: $?"
# Or handle specificallyif ! skret run -- make up-app; then echo "skret failed with code $?"fiDebug Logging
Section titled “Debug Logging”Enable verbose output with SKRET_LOG:
# Debug level -- shows configuration resolution (provider, path)SKRET_LOG=debug skret list
# JSON format for structured log parsingSKRET_LOG=debug SKRET_LOG_FORMAT=json skret get DATABASE_URLLog levels: debug, info (default), warn, error.
Logs go to stderr, command output goes to stdout. This means you can safely pipe output:
# Logs visible on stderr, only the secret value on stdoutSKRET_LOG=debug skret get DATABASE_URL > secret.txtCommon Errors
Section titled “Common Errors”.skret.yaml not found (exit 2)
Section titled “.skret.yaml not found (exit 2)”Error: failed to discover configuration: .skret.yaml not foundFix: Run skret init in your project root, or ensure .skret.yaml exists somewhere between your current directory and the git root.
skret init --provider=aws --path=/myapp/prod --region=us-east-1Invalid config schema (exit 2)
Section titled “Invalid config schema (exit 2)”Error: config: unsupported version "2" (expected "1")Fix: Check .skret.yaml syntax. The version field must be "1".
No environment specified (exit 2)
Section titled “No environment specified (exit 2)”Error: resolve: no environment specified (use --env or set default_env)Fix: Either set default_env in .skret.yaml or pass --env:
skret --env=prod listAWS credentials not found (exit 4)
Section titled “AWS credentials not found (exit 4)”Error: failed to initialize provider "aws": no valid credential sources foundFix: Ensure AWS credentials are available. Check:
# Verify credentials are configuredaws sts get-caller-identity
# Or set environment variablesexport AWS_ACCESS_KEY_ID=...export AWS_SECRET_ACCESS_KEY=...export AWS_REGION=us-east-1See Authentication for all credential methods.
Secret not found (exit 5)
Section titled “Secret not found (exit 5)”Error: failed to get secret "DATABASE_URL": secret not foundFix: Verify the secret exists under the configured path:
# List all secrets to see what's availableskret list
# Check you're using the right environmentskret --env=prod listAccess denied (exit 4)
Section titled “Access denied (exit 4)”Error: AccessDeniedException: User: arn:aws:iam::123456789012:user/devis not authorized to perform: ssm:GetParameterFix: Your IAM policy does not allow access to this path. Update the IAM policy to include the SSM path prefix. See Authentication - IAM Policies.
Value too large (exit 8)
Section titled “Value too large (exit 8)”Error: validation: value size 5120 bytes exceeds maximum 4096 bytes for standard parametersFix: AWS SSM Standard parameters have a 4 KB limit. Options:
- Reduce the secret value size
- Split into multiple secrets
- Use Advanced parameters (cost: $0.05/month per parameter)
Throttling (exit 7)
Section titled “Throttling (exit 7)”Error: ThrottlingException: Rate exceededFix: AWS SSM has a 40 TPS limit for GetParameter* calls. skret retries with exponential backoff automatically. If this persists:
- Reduce concurrent calls
- Use
skret run --(single batch call) instead of individualskret getcalls - Request a quota increase in AWS Service Quotas
Command not found in skret run (exit 125)
Section titled “Command not found in skret run (exit 125)”Error: exec: "mycommand": executable file not found in $PATHFix: Ensure the command exists and is in your PATH:
which mycommandskret run -- /full/path/to/mycommandEnvironment Variable Conflicts
Section titled “Environment Variable Conflicts”skret merges secrets into the existing environment. Existing env vars take precedence over secrets from the provider. This is intentional (user control).
To debug which values are being injected:
# See all secrets that would be injected (dotenv format)skret env
# Compare with current environmentskret env | sort > /tmp/skret-secrets.txtenv | sort > /tmp/current-env.txtdiff /tmp/skret-secrets.txt /tmp/current-env.txtReporting Issues
Section titled “Reporting Issues”If you encounter an unexpected error:
- Run with
SKRET_LOG=debugand capture the full output - Check the exit code
- Open an issue at github.com/n24q02m/skret/issues with the debug log (redact any secret values)