01
Encrypt
dotenvx encryptOne-line upgrade
Install and use it in code just like dotenv.
// index.js
require('@dotenvx/dotenvx').config()
// or import '@dotenvx/dotenvx/config' // for esm
console.log(`Hello ${process.env.HELLO}`)
npm install @dotenvx/dotenvx --save
Your .env file — encrypted.
Commit encrypted secrets to git while keeping decryption keys separate.
Built on public-key cryptography.
Dotenvx encrypts each secret individually using ECIES public-key encryption. Encrypted .env files can be safely committed to Git while decryption keys remain separate.
Built for secure .env workflows.
Keep the simplicity of .env files while adding encryption, auditing, and rotation.
02
Inject
dotenvx run -- your-command$ dotenvx run -- npm start ⟐ injecting env (14) from .env
03
Scope
dotenvx run -f .env.production
.env
.env.production
.env.ci
04
Audit
git diff .env*+ DATABASE_URL="encrypted:..."
+ OPENAI_API_KEY="encrypted:..."
05
Rotate
dotenvx rotate
DOTENV_PRIVATE_KEY
v3
→
v4
Built because .env files still matter.
A message from the creator of dotenv and dotenvx.
Developers use environment files because they are simple.
They work everywhere: local development, CI, containers, servers, and cloud platforms. They became part of modern software because they reduced friction instead of adding to it.
But simplicity came with a cost. Plaintext secrets spread quietly across laptops, repositories, CI systems, chat messages, screenshots, and production machines.
We believe the answer is not abandoning environment files. The answer is securing them properly.
Dotenvx extends the environment file workflow with encryption, auditing, rotation, and runtime injection while preserving the simplicity that made .env successful in the first place.
As software becomes increasingly autonomous, secrets become increasingly valuable. API keys, credentials, tokens, and signing keys are now operational infrastructure. They deserve stronger protection.
That is what we are building with Dotenvx.
- Scott Motte
Creator of dotenv and dotenvx
Developers are keeping .env — and encrypting it.
Developers are installing dotenvx 6.5 million times a week on npm to secure local development, CI, cloud infrastructure, and software agents.
Ben Holmes
@BHolmesDev
dotenvx is really smart concept.
Instead of plaintext .env’s, secrets are encrypted files. Agents can't read them, and they're shippable to cloud runners with a single key.
11:58 AM · Mar 4, 2026 · 65.9K views
21
26
426
505
コムテ
@commte
Show translation
.env 共有は dotenvxが最強 .env を暗号化したまま Git にコミットできるツール 便利さそのまま+漏洩リスクほぼゼロ ・平文 .env を配らなくていい ・GitHub に上げても解読されない ・チーム開発で共有がラク
1:08 AM · Dec 3, 2025 · 505.3K views
3
346
2K
1.9K
Kristian Freeman
@kristianfreeman
Dotenvx looks like an interesting upgrade to .env Automatic encrypting of each value, almost identical usage in CLI and API Rails does something similar - though the whole file is encrypted!
10:25 AM · Jul 3, 2024 · 652 views
1
3
10
3
mizchi
@mizchi
Show translation
.env とAIの問題、dotenvx がもっと普及したらいいと思う
6:49 AM · Mar 3, 2026 · 43.8K views
82
640
726
Zaid
@zaidmukaddam
you can deploy env files to prod now? creators of dotenv have been working on dotenvx which encrypts your env variables so llms can’t read them, basically it keeps secrets from leaking into prompts or model context
10:53 AM · Jul 4, 2025 · 6,760 views
9
10
154
71
Kenn Ejima
@kenn
Show translation
今まで1passwordで.envを共有してたけど、dotenvxを使えば.env自体を暗号化してgit管理できるようになることを知ってこれに乗り換えることにした。 管理対象が秘密鍵1個だけになるのでメンバーの入れ替わりなどでAPI Keyを個別にローテーションする手間もなくなる。 時代は進化している!
8:58 PM · Mar 29, 2025 · 250.5K views
1
154
1.3K
1.1K