Dotenv Vault extends the proven & trusted foundation of dotenv, adding new standards .env.me and .env.vault. Together, these new standards let you sync and deploy your .env files – quickly & securely. Stop sharing them over insecure channels like Slack and email, and never lose an important .env file again. All from the same people that pioneered dotenv.
# install locally (recommended)
npm install dotenv-vault --saveDotenv Vault extends .env so a much of this will purposely be familiar with a few new commands to learn.
.envholds your project's development secrets. It should NEVER be committed to code..env.meauthenticates you to sync your .env file. It should NEVER be committed to code..env.vaultis a local encrypted vault of your secrets across all environments. It can and SHOULD be committed safely to code.
Create a .env file in the root of your project:
S3_BUCKET="YOURS3BUCKET"
SECRET_KEY="YOURSECRETKEYGOESHERE"As early as possible in your application, import and configure dotenv-vault:
require('dotenv-vault').config()
console.log(process.env) // remove this after you've confirmed it workingThat's it. process.env now has the keys and values you defined in your .env file:
require('dotenv-vault').config()
...
s3.getBucketCors({Bucket: process.env.S3_BUCKET}, function(err, data) {})For the next steps, you will need your own Dotenv Account.
Usage is similar to git. Run the command:
npx dotenv-vault newFollow those instructions and then run:
npx dotenv-vault loginThen run push and pull:
npx dotenv-vault push
npx dotenv-vault pullGreat! You just synced your .env file. Commit your .env.vault file to code, and tell your teammates to run npx dotenv-vault pull.
Dotenv Vault comes with 4 environments by default - development, ci, staging, and production.
You can push and pull from these environments as well.
Let's set up your production environment.
npx dotenv-vault open productionEdit the values and save.
You need to fully set up your .env.vault file next. Run the command:
npx dotenv-vault buildnpx dotenv-vault buildkeysThat's it!
Details coming soon.
Details coming soon.
Dotenv Vault, just like Dotenv, exposes two functions:
configparse
config will read and decrypt your .env.vault file, parse the contents, assign it to
process.env,
and return an Object with a parsed key containing the loaded content or an error key if it failed.
This happens of DOTENV_KEY is set. If DOTENV_KEY is not set, config fallsback to reading your .env file.
const result = dotenv.config()
if (result.error) {
throw result.error
}
console.log(result.parsed)You can additionally, pass options to config.
COMING SOON!
Default: path.resolve(process.cwd(), '.env')
Specify a custom path if your file containing environment variables is located elsewhere.
require('dotenv').config({ path: '/custom/path/to/.env' })COMING SOON!
Default: utf8
Specify the encoding of your file containing environment variables.
require('dotenv').config({ encoding: 'latin1' })Default: false
Turn on logging to help debug why certain keys or values are not being set as you expect.
require('dotenv').config({ debug: process.env.DEBUG })Default: false
Override any environment variables that have already been set on your machine with values from your .env file.
require('dotenv').config({ override: true })The engine which parses the contents of your file containing environment variables is available to use. It accepts a String or Buffer and will return an Object with the parsed keys and values.
const dotenv = require('dotenv')
const buf = Buffer.from('BASIC=basic')
const config = dotenv.parse(buf) // will return an object
console.log(typeof config, config) // object { BASIC : 'basic' }Default: false
Turn on logging to help debug why certain keys or values are not being set as you expect.
const dotenv = require('dotenv')
const buf = Buffer.from('hello world')
const opt = { debug: true }
const config = dotenv.parse(buf, opt)
// expect a debug message because the buffer is not in KEY=VAL form