Refactor: Replace --stage with --env throughout codebase

- Changed all command options from --stage to --env for consistency
- Updated Settings class to use 'envs' property instead of 'stages'
- Renamed all stage-related methods and properties to use env terminology
- Updated Vue components and API endpoints to use env instead of stage
- Refactored shell commands and tab completion for env terminology
- Updated all documentation to reflect the new --env option
- Renamed component files (VaultStageSelector -> VaultEnvSelector, etc.)
- All 653 tests passing with zero failures

Author: jszobody

README.md

@@ -11,7 +11,7 @@
 - **🔐 Multi-Vault Support** - AWS SSM Parameter Store and AWS Secrets Manager
 - **🖥️ Web UI** - Modern browser-based interface for visual secret management
 - **🚀 Interactive Shell** - Context-aware shell with tab completion for rapid secret management
-- **🌍 Environment Isolation** - Separate secrets by stage (local, staging, production)
+- **🌍 Environment Isolation** - Separate secrets by environment (local, staging, production)
 - **📝 Template Management** - Create, validate, and process templates with placeholders
 - **🔄 Bulk Operations** - Import, export, copy, and diff secrets across environments
 - **🤝 Team Collaboration** - Share secret management with proper access controls
@@ -31,19 +31,19 @@ composer require stechstudio/keep
 ./vendor/bin/keep shell
 
 # Set a secret
-./vendor/bin/keep set DB_PASSWORD "secret" --stage=production
+./vendor/bin/keep set DB_PASSWORD "secret" --env=production
 
 # Export to .env
-./vendor/bin/keep export --stage=production --file=.env
+./vendor/bin/keep export --env=production --file=.env
 
 # Create template from existing secrets
-./vendor/bin/keep template:add .env.template --stage=production
+./vendor/bin/keep template:add .env.template --env=production
 
 # Use template with placeholders to generate .env file
-./vendor/bin/keep export --stage=production --template=env/production.env --file=.env
+./vendor/bin/keep export --env=production --template=env/production.env --file=.env
 
 # Runtime injection - execute with secrets, no .env file created
-./vendor/bin/keep run --vault=ssm --stage=production -- npm start
+./vendor/bin/keep run --vault=ssm --env=production -- npm start
 ```
 
 ## Interactive Shell
@@ -86,10 +86,10 @@ Keep includes a modern web interface for visual secret management:
 
 The Web UI provides:
 - **Visual secret management** with search and filtering
-- **Diff matrix view** comparing secrets across stages/vaults
+- **Diff matrix view** comparing secrets across environments/vaults
 - **Export functionality** with live preview
 - **Import wizard** for .env files with conflict resolution
-- **Settings management** for vaults and stages
+- **Settings management** for vaults and environments
 - **Real-time validation** and error handling
 
 ## Documentation

docs/TROUBLESHOOTING.md

@@ -68,7 +68,7 @@ location.reload()
 **Debug**:
 ```bash
 # Test vault access via CLI
-keep list --vault=aws --stage=production
+keep list --vault=aws --env=production
 
 # Check AWS credentials
 aws sts get-caller-identity
@@ -90,13 +90,13 @@ aws sts get-caller-identity
 #### Values Not Updating
 **Check**:
 - Changes saved successfully (check for errors)
-- Correct vault/stage selected
+- Correct vault/env selected
 - No caching (refresh page)
 
 **Debug**:
 ```bash
 # Verify via CLI
-keep get MY_SECRET --vault=aws --stage=prod
+keep get MY_SECRET --vault=aws --env=prod
 ```
 
 #### Masked Values Won't Unmask
@@ -169,15 +169,15 @@ DEBUG=1 keep server
 ```bash
 # Test API directly
 curl -H "X-Auth-Token: <token>" \
-     http://localhost:4000/api/secrets?vault=aws&stage=local
+     http://localhost:4000/api/secrets?vault=aws&env=local
 ```
 
 ## Performance Issues
 
 ### Slow Response Times
 **Optimize**:
 - Reduce number of secrets per vault
-- Use specific vault/stage combinations
+- Use specific vault/env combinations
 - Close unused browser tabs
 
 ### High Memory Usage
@@ -200,7 +200,7 @@ top -p $(pgrep -f "php.*server.php")
 - Test with `keep verify`
 
 ### "Secret not found"
-- Verify correct vault/stage
+- Verify correct vault/env
 - Check key exists
 - Ensure proper permissions
 

docs/WEB_UI.md

@@ -32,22 +32,22 @@ The main Secrets view provides:
 - **Quick actions** menu for each secret:
   - Edit value
   - Rename key
-  - Copy to different stage
+  - Copy to different env
   - View history
   - Delete with confirmation
-- **Vault/Stage selector** to switch contexts
+- **Vault/Environment selector** to switch contexts
 - **Import wizard** for bulk importing from .env files
 
 ### Diff View
 
-Compare secrets across stages and vaults:
+Compare secrets across envs and vaults:
 - **Matrix view** showing all secrets across selected environments
 - **Visual indicators**:
   - ✓ Present and matching
   - ⚠️ Present but different
   - ✗ Missing
 - **Inline editing** directly from diff cells
-- **Multi-select** for comparing specific vault/stage combinations
+- **Multi-select** for comparing specific vault/env combinations
 - **Export diff** to CSV for reporting
 
 ### Export
@@ -80,18 +80,18 @@ Manage Keep configuration:
 #### General Settings
 - Application name
 - Secret namespace prefix
-- Default vault and stage
+- Default vault and env
 
 #### Vaults Management
 - Add new vault configurations
 - Edit existing vault settings
 - Test vault permissions
 - Delete unused vaults
 
-#### Stages Management
-- Add custom stages
-- Remove stages (except system defaults)
-- Reorder stage priority
+#### Environment Management
+- Add custom envs
+- Remove envs (except system defaults)
+- Reorder env priority
 
 ## Navigation
 
@@ -173,7 +173,7 @@ composer build
 
 ### Optimization Tips
 - Use search to filter large secret lists
-- Select specific vault/stage combinations in diff view
+- Select specific vault/env combinations in diff view
 - Export filtered results instead of all secrets
 - Close unused browser tabs (each maintains connection)
 

docs/guide/aws-authentication.md

@@ -89,7 +89,7 @@ aws configure sso
 aws sso login --profile myproject
 
 # Keep uses the SSO session automatically
-keep show --stage=local
+keep show --env=local
 ```
 
 ### Production Environment
@@ -103,7 +103,7 @@ When running on EC2, ECS, or Lambda, use IAM roles:
 # The AWS SDK automatically uses the instance role
 
 # In your deployment script:
-keep export --stage=production --output=.env
+keep export --env=production --output=.env
 php artisan config:cache
 ```
 
@@ -155,7 +155,7 @@ jobs:
           aws-region: us-east-1
 
       - run: |
-          vendor/bin/keep export --stage=production --output=.env
+          vendor/bin/keep export --env=production --output=.env
           # Deploy your application
 ```
 
@@ -166,7 +166,7 @@ jobs:
 deploy:
   script:
     # Using GitLab's AWS integration
-    - vendor/bin/keep export --stage=production --output=.env
+    - vendor/bin/keep export --env=production --output=.env
   id_tokens:
     AWS_TOKEN:
       aud: https://gitlab.com

docs/guide/cli/index.md

@@ -25,10 +25,10 @@ Keep's CLI is primarily designed for scripting, CI/CD pipelines, and automated d
 # GitHub Actions example
 - name: Deploy with secrets
   run: |
-    keep run --vault=ssm --stage=production -- npm run deploy
+    keep run --vault=ssm --env=production -- npm run deploy
 
 # Jenkins example
-sh 'keep export --stage=production --file=.env --overwrite'
+sh 'keep export --env=production --file=.env --overwrite'
 sh 'docker build --secret id=env,src=.env .'
 sh 'rm -f .env'  # Clean up
 ```
@@ -40,10 +40,10 @@ sh 'rm -f .env'  # Clean up
 keep copy --only="API_*" --from=staging --to=production
 
 # Import from backup
-keep import backup.env --stage=disaster-recovery --overwrite
+keep import backup.env --env=disaster-recovery --overwrite
 
 # Export filtered secrets
-keep export --stage=production --only="PUBLIC_*" --file=public.env
+keep export --env=production --only="PUBLIC_*" --file=public.env
 ```
 
 ### Environment Provisioning
@@ -52,21 +52,21 @@ keep export --stage=production --only="PUBLIC_*" --file=public.env
 #!/bin/bash
 # Setup new environment with secrets
 
-STAGE=$1
-if [ -z "$STAGE" ]; then
-  echo "Usage: $0 <stage>"
+ENV=$1
+if [ -z "$ENV" ]; then
+  echo "Usage: $0 <env>"
   exit 1
 fi
 
 # Copy base configuration
-keep copy --only="*" --from=template --to=$STAGE
+keep copy --only="*" --from=template --to=$ENV
 
 # Set environment-specific values
-keep set DATABASE_URL "postgres://db-$STAGE.internal/app" --stage=$STAGE --force
-keep set API_URL "https://api-$STAGE.example.com" --stage=$STAGE --force
+keep set DATABASE_URL "postgres://db-$ENV.internal/app" --env=$ENV --force
+keep set API_URL "https://api-$ENV.example.com" --env=$ENV --force
 
 # Validate
-keep show --stage=$STAGE
+keep show --env=$ENV
 ```
 
 ## Scripting Best Practices
@@ -76,16 +76,16 @@ keep show --stage=$STAGE
 #!/bin/bash
 set -euo pipefail
 
-keep set API_KEY "$NEW_KEY" --stage=production --force
-keep run --stage=production -- npm run deploy
+keep set API_KEY "$NEW_KEY" --env=production --force
+keep run --env=production -- npm run deploy
 ```
 
 ### Use Force Flags for Automation
 ```bash
 # Avoid interactive prompts in scripts
-keep set KEY "value" --stage=production --force
-keep delete OLD_KEY --stage=staging --force
-keep export --stage=production --file=.env --overwrite
+keep set KEY "value" --env=production --force
+keep delete OLD_KEY --env=staging --force
+keep export --env=production --file=.env --overwrite
 ```
 
 ### Validate Before Production Changes
@@ -100,10 +100,10 @@ keep copy --only="*" --from=staging --to=production --overwrite
 ### Handle Secrets Securely
 ```bash
 # Never log secret values
-keep show --stage=production  # Masked by default
+keep show --env=production  # Masked by default
 
 # Clean up exported files
-keep export --stage=production --file=.env
+keep export --env=production --file=.env
 trap "rm -f .env" EXIT
 # ... use .env file ...
 ```
@@ -114,13 +114,13 @@ For production deployments, use `keep run` to inject secrets without writing to
 
 ```bash
 # Laravel deployment
-keep run --vault=ssm --stage=production -- php artisan config:cache
+keep run --vault=ssm --env=production -- php artisan config:cache
 
 # Node.js application
-keep run --vault=ssm --stage=production --template -- npm start
+keep run --vault=ssm --env=production --template -- npm start
 
 # Docker compose
-keep run --vault=ssm --stage=production -- docker-compose up -d
+keep run --vault=ssm --env=production -- docker-compose up -d
 ```
 
 See [Deployment & Runtime](/guide/deployment/) for comprehensive deployment strategies.
@@ -136,7 +136,7 @@ For detailed command syntax and options, see the [CLI Command Reference](./refer
 | `keep set` | Create/update secrets | Initial setup |
 | `keep get` | Retrieve single secret | Debugging |
 | `keep show` | List all secrets | Verification |
-| `keep copy` | Copy between stages/vaults | Promotion |
+| `keep copy` | Copy between environments/vaults | Promotion |
 | `keep diff` | Compare environments | Pre-deployment check |
 | `keep import` | Import from files | Migration |
 | `keep export` | Export to files | Legacy apps |
@@ -151,29 +151,29 @@ For detailed command syntax and options, see the [CLI Command Reference](./refer
 ```yaml
 - name: Deploy with Keep
   run: |
-    keep run --vault=ssm --stage=${{ github.ref_name }} -- ./deploy.sh
+    keep run --vault=ssm --env=${{ github.ref_name }} -- ./deploy.sh
 ```
 
 ### GitLab CI
 ```yaml
 deploy:
   script:
-    - keep export --stage=production --file=.env --overwrite
+    - keep export --env=production --file=.env --overwrite
     - docker build -t myapp .
     - rm -f .env
 ```
 
 ### Jenkins Pipeline
 ```groovy
 stage('Deploy') {
-  sh 'keep run --vault=ssm --stage=production -- npm run deploy'
+  sh 'keep run --vault=ssm --env=production -- npm run deploy'
 }
 ```
 
 ### Kubernetes Secrets
 ```bash
 # Generate secret manifest
-keep export --stage=production --format=json | \
+keep export --env=production --format=json | \
   kubectl create secret generic app-secrets --from-file=secrets.json=/dev/stdin
 ```