Run Anywhere
dotenvx works the same across every language, framework, and platform – inject your env at runtime with dotenvx run -- your-cmd
.
Multiple Environments
Create a .env.production file and use dotenvx run -f .env.production
to load it. It's straightforward, yet flexible.
Encryption
Add encryption to your .env files with a single command. Run dotenvx encrypt.
#/ public-key encryption for .env files /
#/ [how it works](https://dotenvx.com/encryption) /
#/------------------------------------------------------/
DOTENV_PUBLIC_KEY="03f8b376234c4f2f0445f392a12e80f3a84b4b0d1e0c3df85c494e45812653c22a"
# Database configuration
DB_HOST="encrypted:BNr24F4vW9CQ37LOXeRgOL6QlwtJfAoAVXtSdSfpicPDHtqo/Q2HekeCjAWrhxHy VHAB3QTg4fk9VdIoncLIlu1NssFO6XQXN5fnIjXRmp5pAuw7xwqVXe/1lVukATjG0kXR4SHe45s4Tb6fEjs"
DB_PORT="encrypted:BOCHQLIOzrq42WE5zf431xIlLk4iRDn1/hjYBg5kkYLQnL9wV2zEsSyHKBfH3mQdv8w4 EhXiF4unXZi1nYqdjVp4/BbAr777ORjMzyE 3QN1ik1F2 W5DZHBF9Uwj69F4D7f8A="
DB_USER="encrypted:BP6jIRlnYo5LM6/n8GnOAeg4RJlPD6ZN/HkdMdWfgfbQBuZlo44idYzKApdy0znU3TSoF5rcppXIMkxFFuB6pS0U4HMG/jl46lPCswl3vLTQ7Gx5EMT6YwE6pfA88AM77/ebQZ6y0L5t"
DB_PASSWORD="encrypted:BMycwcycXFFJQHjbt1i1IBS7C31Fo73wFzPolFWwkla09SWGy3QU1rBvK0YwdQmbuJuztp9JhcNLuc0wUdlLZVHC4/E6q/K7oPULNPxC5K1LwW4YuX80Ngl6Oy13Twero864f2DXXTNb"
DB_NAME="encrypted:BGtVHZBbvHmX6J J xm 73SnUFpqd2AWOL6/mHe1SCqPgMAXqk8dbLgqmHiZSbw4D6VquaYtF9safGyucClAvGGMzgD7gdnXGB1YGGaPN7nTpJ4vE1nx8hi1bNtNCr5gEm7z pdLq1IsH4vPSH4O7XBx"
# API Keys
API_KEY="encrypted:BD9paBaun2284WcqdFQZUlDKapPiuE/ruoLY7rINtQPXKWcfqI08vFAlCCmwBoJIvd2Nv3ACiSCA672wsKeJlFJTcRB6IRRJ fPBuz2kvYlOiec7EzHTT8EVzSDydFun5R5ODfmN"
STRIPE_API_KEY="encrypted:BM6udWmFsPaBzlND0dFBv7R55JiaA cZnbun8DaVNrEvO 8/k lsXbZQ0bCPks8kUsdD2qrSp/tii0P8gVJ/gp pdDuhdcJj91hxJ7nzSFf6h0ofRb38/2WHFhxg77XExxzui1s3w42Z"
# Email Configuration
EMAIL_HOST="encrypted:BOzlZJy9QQONa4h8jj0CSZg0JHbDp/T96bxC39ildVfc1rMgDHOfgqZCaWaTMYjTF69UxkgN3tSOGOp0N78QYDuIIJ4RZbHYdxmqXmuvcn3wvBIqn ubL/bf1Vc3yURbVwdTNvM/JhL3YN0tdikO"
EMAIL_USER="encrypted:BCW0xkE7RfJYJk7Dcb3lRdwvEyzBSoZmDQxWr72JjOb1yBx1XS9gcDOFFIHlD78lBweUNDl4dfaqyuuFBGzI/gdQ8ua4y9w2tOIDDNztd XpWUAtKeDVqcOTJiEqv7e241hi/F6EZcYC2oUlfYH "
EMAIL_PASSWORD="encrypted:BA0Rnsy9DQi2y90GbFnqD7coqG4V5ob48gXVrYqZhy0vrki3su/t9JFNG omBHCeUICjqyKB2XY059xxSs4xQW G /RI7ygpB8oxiq5mT52qYpXch36mMgRFppBIi4SoB2YQZ0ANHgWv"
# Logging
LOG_LEVEL="encrypted:BKmgv5E7/l1FnSaGWYWBPxxagdgN KSEaB va3PePjwEp7CqW6PlysrweZq49YTB5Fbc3UN/akLVn1RZ2AO4PyTVqgYYGBwerjpJiou9R2KluNV3T4j0bhsAkBochg3YpHcw3RX/"
10x. better.
Increased tooling and features to make dotenv 10x better.
Run anywhere
Cross-platform–works everywhere
Multi-environment
Switch environments easily
Encrypted envs
Encrypt your envs for deploy
Variable expansion
Add the value of another variable in your .env
Multiple .env files
Compose multiple .env files flexibly
Multi-line values
Add multi-line secrets like public keys
Debug
Debug server and local envs with built-in debugging
Contextual help
Built-in next steps when something goes wrong
Append .gitignore
Append to .gitignore in one command
Generate .env.example
Generate .env.example in one command
Prebuild
Prevent building .env files into docker images
Precommit
Prevent committing .env files to code
Personal envs
Set personal environment variables
Command substitution
Add the output of a command in your .env
Scan
Scan and protect for secrets
Get/Set
Conveniently get/set single variables
Monorepo
First-class monorepo support
Sharing
betaSecurely share envs across your team
From the creator of dotenv. Trusted by millions of developers worldwide.
Frequently asked questions
-
A DOTENV_PUBLIC_KEY (encryption key) and a DOTENV_PRIVATE_KEY (decryption key) are generated using the same public-key cryptography as Bitcoin. The DOTENV_PRIVATE_KEY is set on your server or cloud hosting provider and your encrypted .env file is committed safely to code.
-
Yes. Secp256k1 asymmetric encryption is used in many cryptographically secure technologies like Bitcoin. It would take on the order of billions of years to crack using current technology - similar to AES-256.
-
In the CircleCI breach the attacker accessed environment variables only. They could not access codebases. To steal your encrypted .env secrets, an attacker needs need both – the private decryption key AND the encrypted .env files.
Can't find the answer you're looking for? Send us an email at [email protected] team. We'd love to hear from you.