Documentation
Advanced
Become a power user of dotenvx.
CLI ๐
Advanced CLI commands.
- run - Variable Expansion
- run - Command Substitution
- run - Shell Expansion
- run -f
- run --env HELLO=String
- run --overload
- DOTENV_PRIVATE_KEY=key run
- DOTENV_PRIVATE_KEY_PRODUCTION=key run
- DOTENV_PRIVATE_KEY_CI=key run
- DOTENV_PRIVATE_KEY=key DOTENV_PRIVATE_KEY_PRODUCTION=key run - Combine Multiple
- run --verbose
- run --debug
- run --quiet
- run --log-level
- run --strict
- run --convention=nextjs
- run --convention=flow
- run -fk
- get KEY
- get KEY -f
- get KEY --env
- get KEY --overload
- get KEY --strict
- get KEY --convention=nextjs
- get KEY --convention=flow
- get (json)
- get --format shell
- get --format eval
- get --all
- get --all --pretty-print
- set KEY value
- set KEY value -f
- set KEY "value with spaces"
- set KEY -- "- + * รท"
- set KEY value --plain
- encrypt
- encrypt -f
- encrypt -fk
- encrypt -k
- encrypt -ek
- encrypt --stdout
- decrypt
- decrypt -f
- decrypt -fk
- decrypt -k
- decrypt -ek
- decrypt --stdout
- keypair
- keypair -f
- keypair -fk
- keypair DOTENV_PRIVATE_KEY
- keypair --format shell
- ls
- ls directory
- ls -f
- ls -ef
- rotate
- rotate -f
- rotate -fk
- rotate -k
- rotate --stdout
Extensions ๐
CLI extensions.
- ext genexample
- ext genexample -f
- ext genexample directory
- ext gitignore
- ext gitignore --pattern
- ext precommit
- ext precommit --install
- ext prebuild
Library ๐ฆ
Use dotenvx directly in code.
- config()
- config(path: ['.env.local', '.env'])
- config(overload: true)
- config(strict: true)
- config(ignore: ['.env.missing', '.env'])
- config(envKeysFile: '../../.env.keys')
- parse(src)
- parse(src, {processEnv:})
- parse(src, {privateKey:})
- set(KEY, value)
- get(KEY)
Whitepaper ๐
Dotenvx: Reducing Secrets Risk with Cryptographic Separation
Abstract. An ideal secrets solution would not only centralize secrets but also contain the fallout of a breach. While secrets managers offer centralized storage and distribution, their design creates a large blast radius, risking exposure of thousands or even millions of secrets. We propose a solution that reduces the blast radius by splitting secrets management into two distinct components: an encrypted secrets file and a separate decryption key.
...