Run Anywhere
dotenvx works the same across every language, framework, and platform – inject your env at runtime with dotenvx run -- your-cmd
.
Multiple Environments
Run multiple environments. Create a .env.production file and load it with dotenvx run --env-file=.env.production -- your-cmd
. It's straightforward, yet flexible.
Encrypt Secrets
Encrypt your secrets to a .env.vault
file. Only you hold the decryption keys – protecting you from data breaches like the CircleCI breach.
10x. better.
Increased tooling and features to make dotenv 10x better.
Run anywhere
Cross-platform–works everywhere
Multi-environment
Switch environments easily
Encrypted envs
Encrypt your envs for deploy
Variable expansion
Add the value of another variable in your .env
Multiple .env files
Compose multiple .env files flexibly
Multi-line values
Add multi-line secrets like public keys
Debug
Debug server and local envs with built-in debugging
Contextual help
Built-in next steps when something goes wrong
Append .gitignore
Append to .gitignore in one command
Generate .env.example
Generate .env.example in one command
Prebuild
Prevent building .env files into docker images
Precommit
Prevent committing .env files to code
Personal envs
Set personal environment variables
Command substitution
Add the output of a command in your .env
Scan
Scan and protect for secrets
Get/Set
Conveniently get/set single variables
Monorepo
First-class monorepo support
Sharing
betaSecurely share envs across your team
From the creator of dotenv. Trusted by millions of developers worldwide.
Frequently asked questions
-
The .env.vault file is an encrypted version of your .env file. It is paired with a decryption key called the DOTENV_KEY. The DOTENV_KEY is set on your server or cloud hosting provider and the .env.vault file is committed to code.
-
Yes. AES-256 GCM encryption was developed for the needs of US Government agencies like the CIA. AES-256 takes billions of years to crack using current computing technology. Your secrets are much more likely to be leaked by a third-party. This is why we are so committed to this technology while everyone else is focused on syncing secrets to third-party integrations. We see a better way.
-
In the CircleCI breach the attacker accessed environment variables only. They could not access codebases. To steal your .env.vault secrets, an attacker needs need both – the decryption key AND the encrypted .env.vault file.
-
Not officially, but our goal is towards that. We're building things in a way that a cloud service is not necessary. As long as you can generate a .env.vault file you can use the technology. It is open to all.
-
The .env.vault file and its encryption algorithm is language-agnostic so it works with any language.
Can't find the answer you're looking for? Send us an email at [email protected] team. We'd love to hear from you.