ironrun run <command-id> looks up the command in ironrun.yml, resolves its secrets from your configured provider, runs the command with those secrets injected into the child process environment, and streams output with every secret value replaced by [REDACTED]. The agent — and anything else reading stdout or stderr — never sees the raw credential values.
Usage
Flags
Override the active environment for this single run. The switch applies only to this invocation; the project’s configured active environment is unchanged afterward.
Path to the policy file. Accepts a relative or absolute path.
What happens under the hood
1
Secret resolution
ironrun reads
ironrun.yml, finds the command by ID, and resolves each secret reference through the configured provider (encrypted vault, 1Password, Doppler, Infisical, envfile, or env).2
Child process exec
The command is executed directly — no shell in between.
argv is a literal list, so injected values can never be re-expanded, piped, or glob-expanded unexpectedly.3
Output redaction
All stdout and stderr from the child process passes through a redactor before being forwarded. The literal secret value, its base64 encoding, its hex encoding, its URL-encoded form, and any high-entropy tokens that match are all replaced with
[REDACTED].4
Exit code passthrough
The child process exit code is returned directly. ironrun exits with the same code, so your CI pipeline or shell script sees exactly what the command returned.
Output truncation
Ifmax_bytes is set for a command in ironrun.yml, total output (stdout + stderr combined) is capped at that limit. When the cap is reached, ironrun prints the following message to stderr and the child process is terminated:
max_bytes in your policy:
Example
DATABASE_URL during setup, you would see [REDACTED] in its place — the connection string never reaches your terminal, your shell history, or any agent transcript.
Error messages
ironrun run is equivalent to ironrun exec. The exec alias exists for scripts that prefer it, but run is the canonical form.