Deploy And Operations
Deploy your application and manage environments, secrets, logs, and platform access.
kizaki deploy
Compiles, bundles, uploads, migrates, and reloads your application in a single step. The pipeline runs in order and stops at the first failure.
kizaki deploy
kizaki deploy --env stagingOptions
| Flag | Description |
|---|---|
--env <name> | Target environment. Defaults to production. |
--yes | Skip the confirmation prompt. |
--allow-destructive | Allow destructive migration changes (column drops, type changes). Without this, destructive changes halt the deploy. |
--dry-run | Show what would happen without deploying. |
--allow-destructive is deliberate friction. Destructive schema changes require explicit opt-in.
kizaki deploy --env staging --allow-destructivePreview
kizaki deploy --dry-runkizaki rollback
Reverts to a previous deployment version.
kizaki rollback
kizaki rollback --env staging
kizaki rollback --to-version 12Options
| Flag | Description |
|---|---|
--env <name> | Target environment. Defaults to production. |
--to-version <n> | Version to roll back to. Defaults to the previous version. |
Rollback restores application code and artifact. It does not reverse database migrations. If a migration dropped a column the previous code depends on, the rollback fails at runtime. Plan migrations with rollback compatibility in mind.
kizaki env
Each environment gets its own database, secret scope, and subdomain. Environments are isolated.
kizaki env create staging
kizaki env list
kizaki env delete staging| Command | Description |
|---|---|
env create <name> | Create a new environment. |
env list | List all environments. |
env delete <name> | Delete an environment and its resources. |
kizaki secrets
Secrets are encrypted at rest, scoped per app and environment, and injected into the function runtime at deploy time.
kizaki secrets set STRIPE_SECRET_KEY sk_live_... --env production
kizaki secrets list --env production
kizaki secrets delete STRIPE_SECRET_KEY --env production| Command | Description |
|---|---|
secrets set <NAME> <VALUE> | Create or update a secret. |
secrets list | List secret names (values are never shown). |
secrets delete <NAME> | Remove a secret. |
--env <name> — target environment (defaults to dev).
Changing a secret does not affect the running deployment. The new value takes effect on the next deploy. To rotate urgently, set the secret and redeploy.
Naming convention: UPPER_SNAKE_CASE.
kizaki logs
Structured application logs across all components.
kizaki logs --env production --tail
kizaki logs --env production --filter "level=error" -n 50| Flag | Description |
|---|---|
--tail | Stream logs in real time. |
--filter <expr> | Filter by field (level=error, source=function, path=/api/projects). |
--env <name> | Target environment. Defaults to production. |
-n <count> / --limit <count> | Number of entries (default: 100). |
kizaki keys
Platform keys authenticate CI pipelines and automation to the Kizaki platform. They are not application credentials.
kizaki keys create --scope deploy:write --name "CI pipeline"
kizaki keys list
kizaki keys revoke <id>| Command | Description |
|---|---|
keys create --scope <scope> --name <label> | Create a token. Scopes: deploy:write, secrets:read, secrets:write. |
keys list | List active tokens. |
keys revoke <id> | Revoke a token immediately. |
Using Keys in CI
KIZAKI_TOKEN=<token> kizaki deploy --env staging --yesThree Kinds of Credentials
| Credential | Purpose | Managed by |
|---|---|---|
| Secrets | Runtime config — API keys, database URLs, third-party tokens | kizaki secrets |
| Keys | Platform access for CI and automation | kizaki keys |
| API Keys | Application-level HTTP access for external callers | kizaki api-keys |
Secrets live inside the function runtime. Keys authenticate tools that operate on the platform. API keys authenticate external systems calling your application's routes. Do not reuse credentials across these categories.
Related guide: Deploy Your App