Problem

When encrypting secrets with set-default --secret for a specific environment (e.g., production), the CLI was using the wrong encryption key. It would fall back to the default environment's key instead of using the environment-specific key.

Root Cause

The API returns environment IDs as strings (e.g., "1085"), but the code was using strict equality (===) to compare with Number.parseInt(environmentId, 10), which returns a number. This caused the comparison to always fail:

"1085" === 1085  // false

Fix

Changed the comparison to use string comparison:

String(env.id) === String(environmentId)

Now when setting a secret in production, it correctly uses PREFAB_SECRET_KEY_PROD instead of falling back to PREFAB_SECRET_KEY.

Changes

• Fixed environment ID comparison in src/util/encryption.ts
• Added user-visible log message showing which env var is used for encryption
• Removed verbose debug logging

Testing

Verified that:

1. Setting a secret in production now uses the correct PREFAB_SECRET_KEY_PROD env var
2. The encrypted value can be successfully decrypted by the Node client
3. The user sees which env var was used for encryption