From the creator of DOTENV 20.4k

Secure .env files.

Run anywhere. Encrypt secrets. Commit safely.

Start Free See Team Security
Google Daytona Browser Use
Supabase PayPal
Tencent shadcn/ui shadcn/ui
NASA Amazon Web Services

Free like Docker

Start with the CLI. Upgrade when your team needs guardrails.

Use dotenvx locally, in CI, and across your stack for free. No account required. Add team controls when shared secrets need policy.

Run Anywhere

Whether you're using Node, Python, Ruby, Docker, CI, or AI agents, dotenvx works the same way. No custom integrations required. It just works – anywhere.

“It has cross-platform and cross-language support so you can use it with Node.js, Python, Ruby, Go, Rust, and more.”

Rebecca Deprey Rebecca Software Engineer 
$ echo "HELLO=Dotenvx" > .env
$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
$ dotenvx run -- node index.js
⟐ injected env (1) from .env
Hello Dotenvx

Encrypt Secrets

Add encryption to your .env files with a single command. Generate a public/private keypair and keep plaintext secrets out of source control.

“You can deploy env files to prod now? Creators of dotenv have been working on dotenvx which encrypts your env variables.”

Zaid Zaid Founder, Scira.ai 
$ dotenvx encrypt
$ cat .env
#/-------------------[DOTENV_PUBLIC_KEY]--------------------/
#/            public-key encryption for .env files          /
#/       [how it works](https://dotenvx.com/encryption)     /
#/----------------------------------------------------------/
DOTENV_PUBLIC_KEY="03d4b0d392c92320fe751163293282bc434f38d7fe72a0429c3e449f312abd5121"

# .env
HELLO=encrypted:BH1SPwuO10wBx/V1in3L9Hgkcap75QKIiMXUXqniJDd9xA6WJwvWedyuvRk0M1HdZt9MlvFMUHrqmuwzE0dPDEcpvx4MIMhSJzzSyGbwdFniJ1pjqjEqjRkQfdroB6iOVZR8UmsyaJcz/18=

Commit Safely

Commit encrypted .env files to git while private keys stay separate. Keep the workflow developers already love, without shipping plaintext secrets.

“Dotenvx is the strongest option for sharing .env files. It’s a tool that lets you commit .env files to Git while keeping them encrypted. Same convenience, almost zero leak risk.”

コムテ Comte Founder, Izanami 
$ dotenvx encrypt
$ git add .env
$ git commit -m "add encrypted env"
[main 9f1c2a0] add encrypted env
1 file changed, 7 insertions(+)

Ready for Agents

Let agents inspect, edit, and run your project without handing plaintext secrets to prompts or model context.

agent scans repo
project/
├─ app.js
├─ package.json
└─ .env

# .env
OPENAI_API_KEY=encrypted:BH1SPw...
DATABASE_URL=encrypted:Qk92...

agent context
No plaintext secrets found

Dotenvx is a really smart concept. Instead of plaintext .envs, secrets are encrypted files. Agents can't read them, and they're shippable to cloud runners with a single key.

Ben Holmes Ben Holmes Warp Dev Rel Lead

Built because
.env files still matter.

I love .env files.

They work everywhere: local development, CI, containers, servers, cloud platforms, and even agents. Easy to get started with, yet flexible enough for advanced use cases, few tools are as practical as they are elegant.

But they've had a downside. Plaintext. Plaintext secrets have spread quietly across laptops, repositories, CI systems, chat messages, screenshots, and production machines. But the answer is not replacing them, a universal standard with more complicated platforms and solutions. The answer is securing them.

That's why I built dotenvx and why I continue to build it. I care about .env files and want to see them secured. I want to see them have a bright future and you along with them.

Thank you and please enjoy dotenvx.

Scott Motte Scott Motte Creator of dotenv and dotenvx

When secrets become a team workflow

Local keys are enough when you work alone.

Teams need approvals, access logs, rotation, and policy.

TEAM SECURITY

Armored
Keys

Private keys. Off device. Under guard.

Learn more See Pricing