Armor

Production

Ready to deploy to production? Here's how with dotenvx and dotenvx armor.

Deploying to production with dotenvx armor is the same as deploying with dotenvx.

Add production environment

Create .env.production file.

# .env.production
HELLO="production"

Encrypt production

$ dotenvx encrypt -f .env.production

Your .env.production file is now encrypted, and you have a .env.keys file.

.env.production

#/-------------------[DOTENV_PUBLIC_KEY]--------------------/
#/            public-key encryption for .env files          /
#/       [how it works](https://dotenvx.com/encryption)     /
#/----------------------------------------------------------/
DOTENV_PUBLIC_KEY_PRODUCTION="025a54defaeff32caa2bbe60537b88b5b89716eade6df08418d7a68f5c4f742be6"

# .env.production
HELLO="encrypted:BD+uttK9iBuXnfx6HukDK06IGk0pQARwivtxM+ZiePvhRxHyQL3UD0sf0ayLw/P5Y/BED//zRiTlUf6nENuu7QhNJ24g3uADfrDfhvYi/MOHjmfKyRiu+yOxSw6e+c0yRNukS+n8SxONnec="

.env.keys

#/------------------!DOTENV_PRIVATE_KEYS!-------------------/
#/ private decryption keys. DO NOT commit to source control /
#/     [how it works](https://dotenvx.com/encryption)       /
#/----------------------------------------------------------/

# .env.production
DOTENV_PRIVATE_KEY_PRODUCTION="424d0ea072eb17c6bee9b4b42ff6333513cf128ea3d5d60ccf79246ca7c3f786"

We're ready to inject the encrypted .env.production secrets into the app on boot.

Set decryption key

Set DOTENV_PRIVATE_KEY_PRODUCTION on your production server using the production key in your .env.keys file.

Run dotenvx

With DOTENV_PRIVATE_KEY_PRODUCTION set on your server, run dotenvx ahead of your app boot process.

$ dotenvx run -- your-command

Dotenvx will decrypt your secrets just-in-time and inject them into your application process.

See guides for more detailed guides.