Dotenv Vault extends the proven & trusted foundation of dotenv, adding new standards .env.me and .env.vault. Together, these new standards let you sync and deploy your .env files – quickly & securely. Stop sharing them over insecure channels like Slack and email, and never lose an important .env file again. All from the same people that pioneered dotenv.
# install locally (recommended)
npm install dotenv-vault --save
Dotenv Vault extends .env
so a much of this will purposely be familiar with a few new commands to learn.
.env
holds your project's development secrets. It should NEVER be committed to code..env.me
authenticates you to sync your .env file. It should NEVER be committed to code..env.vault
is a local encrypted vault of your secrets across all environments. It can and SHOULD be committed safely to code.
Create a .env
file in the root of your project:
S3_BUCKET="YOURS3BUCKET"
SECRET_KEY="YOURSECRETKEYGOESHERE"
As early as possible in your application, import and configure dotenv-vault:
require('dotenv-vault').config()
console.log(process.env) // remove this after you've confirmed it working
That's it. process.env
now has the keys and values you defined in your .env
file:
require('dotenv-vault').config()
...
s3.getBucketCors({Bucket: process.env.S3_BUCKET}, function(err, data) {})
For the next steps, you will need your own Dotenv Account.
Usage is similar to git. Run the command:
npx dotenv-vault new
Follow those instructions and then run:
npx dotenv-vault login
Then run push and pull:
npx dotenv-vault push
npx dotenv-vault pull
Great! You just synced your .env file. Commit your .env.vault
file to code, and tell your teammates to run npx dotenv-vault pull
.
Dotenv Vault comes with 4 environments by default - development, ci, staging, and production.
You can push and pull from these environments as well.
Let's set up your production environment.
npx dotenv-vault open production
Edit the values and save.
You need to fully set up your .env.vault file next. Run the command:
npx dotenv-vault build
npx dotenv-vault buildkeys
That's it!
Details coming soon.
Details coming soon.
Dotenv Vault, just like Dotenv, exposes two functions:
config
parse
config
will read and decrypt your .env.vault
file, parse the contents, assign it to
process.env
,
and return an Object with a parsed
key containing the loaded content or an error
key if it failed.
This happens of DOTENV_KEY
is set. If DOTENV_KEY
is not set, config
fallsback to reading your .env
file.
const result = dotenv.config()
if (result.error) {
throw result.error
}
console.log(result.parsed)
You can additionally, pass options to config
.
COMING SOON!
Default: path.resolve(process.cwd(), '.env')
Specify a custom path if your file containing environment variables is located elsewhere.
require('dotenv').config({ path: '/custom/path/to/.env' })
COMING SOON!
Default: utf8
Specify the encoding of your file containing environment variables.
require('dotenv').config({ encoding: 'latin1' })
Default: false
Turn on logging to help debug why certain keys or values are not being set as you expect.
require('dotenv').config({ debug: process.env.DEBUG })
Default: false
Override any environment variables that have already been set on your machine with values from your .env file.
require('dotenv').config({ override: true })
The engine which parses the contents of your file containing environment variables is available to use. It accepts a String or Buffer and will return an Object with the parsed keys and values.
const dotenv = require('dotenv')
const buf = Buffer.from('BASIC=basic')
const config = dotenv.parse(buf) // will return an object
console.log(typeof config, config) // object { BASIC : 'basic' }
Default: false
Turn on logging to help debug why certain keys or values are not being set as you expect.
const dotenv = require('dotenv')
const buf = Buffer.from('hello world')
const opt = { debug: true }
const config = dotenv.parse(buf, opt)
// expect a debug message because the buffer is not in KEY=VAL form