Package Exports
- @elding/sdk
- @elding/sdk/dist/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@elding/sdk) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
@elding/sdk
Your API keys are never in your code or in a .env file. Elding keeps them, your code calls the API normally, and the real key is injected at the last moment.
The same code works in dev and in prod. You change nothing.
npm install @elding/sdk⚠️ Elding warning: always use the scoped name
@elding/sdk.npm install elding(without the@elding/scope) installs an unrelated third-party package, not Elding.
Quickstart (2 min)
1. Sign in and choose your set
npx elding login # opens the browser, signs you in
npx elding init # creates .elding.json (links this project to a set)2. Write your code
configure() replaces your real key. 1st argument = the secret name in Elding, 2nd = the API domain.
import OpenAI from "openai";
import { configure } from "@elding/sdk";
const openai = new OpenAI(
await configure("OPENAI_API_KEY", "https://api.openai.com")
);
// use openai normally, the real key is never in your code3. Run
npx elding proxy -- npm run devThat's it. The key never enters your application.
In production (Vercel, server, CI)
No proxy in prod. Elding fetches the key at runtime. You don't change your code, you just add 2 environment variables:
ELDING_REFRESH_TOKEN=eld_rt_... # generate it in the dashboard → API keys
ELDING_SET_ID=... # your set's id (set page)And... that's all. The same configure("OPENAI_API_KEY", "https://api.openai.com") works.
The SDK reads these 2 variables automatically. Keep these exact names (
ELDING_REFRESH_TOKEN,ELDING_SET_ID) and you have no option to pass.
How to get the 2 keys
| Variable | Where to find it |
|---|---|
ELDING_REFRESH_TOKEN |
Dashboard → API keys → New key (shown only once) |
ELDING_SET_ID |
Open your set in the dashboard, the id is in the URL |
The 2 functions
configure(name, domain) — for any HTTP API key (OpenAI, Mistral, Stripe, Resend…).
You pass it directly to the provider's SDK:
const openai = new OpenAI(await configure("OPENAI_API_KEY", "https://api.openai.com"));secret(name) — for everything else (DATABASE_URL, JWT_SECRET, REDIS_URL…).
Returns the raw value, wiped from memory after 5 min.
import { secret } from "@elding/sdk";
const dbUrl = await secret("DATABASE_URL");Dev vs prod, at a glance
| Dev | Prod | |
|---|---|---|
| Command | elding proxy -- npm run dev |
npm run build && npm start |
| Mechanism | local proxy | runtime fetch |
| To configure | elding login + elding init |
ELDING_REFRESH_TOKEN + ELDING_SET_ID |
| Your code | identical | identical |
Rules
- Never hardcode a key, never in
process.env, never in the URL. - A key that goes into an HTTP request →
configure(name, "https://…"). - Any other secret →
secret(name).