Docs
Guides

Trigger.dev

Use dotenvx with Trigger.dev

Find code examples for this guide on GitHub.

Initial setup

First, complete the trigger.dev quickstart steps so you end up with a trigger/example.ts file like this.

trigger/example.ts

import { logger, task, wait } from "@trigger.dev/sdk/v3";

export const helloWorldTask = task({
  id: "hello-world",
  // Set an optional maxDuration to prevent tasks from running indefinitely
  maxDuration: 300, // Stop executing after 300 secs (5 mins) of compute
  run: async (payload: any, { ctx }) => {
    logger.log("Hello, world!", { payload, ctx });

    await wait.for({ seconds: 5 });

    return {
      message: "Hello, world!",
    }
  },
});

Install dotenvx

Install dotenvx.

$ npm install @dotenvx/dotenvx --save

And configure dotenvx in trigger/example.ts.

trigger/example.ts

import { logger, task, wait } from "@trigger.dev/sdk/v3";
import dotenv from "@dotenvx/dotenvx";

// Load environment variables
dotenv.config({path: ".env.production"});

export const helloWorldTask = task({
  id: "hello-world",
  // Set an optional maxDuration to prevent tasks from running indefinitely
  maxDuration: 300, // Stop executing after 300 secs (5 mins) of compute
  run: async (payload: any, { ctx }) => {
    // Use process.env
    logger.log(`Hello, ${process.env.HELLO}!`, { payload, ctx });

    await wait.for({ seconds: 5 });

    return {
      message: `Hello, ${process.env.HELLO}!`, // Use process.env
    }
  },
});

Add production environment

Create .env.production in the root of your project.

# .env.production
HELLO="production"

Encrypt production

dotenvx encrypt -f .env.production

Your .env.production file is now encrypted, and you have a .env.keys file.

.env.production

#/-------------------[DOTENV_PUBLIC_KEY]--------------------/
#/            public-key encryption for .env files          /
#/       [how it works](https://dotenvx.com/encryption)     /
#/----------------------------------------------------------/
DOTENV_PUBLIC_KEY_PRODUCTION="025a54defaeff32caa2bbe60537b88b5b89716eade6df08418d7a68f5c4f742be6"

# .env.production
HELLO="encrypted:BD+uttK9iBuXnfx6HukDK06IGk0pQARwivtxM+ZiePvhRxHyQL3UD0sf0ayLw/P5Y/BED//zRiTlUf6nENuu7QhNJ24g3uADfrDfhvYi/MOHjmfKyRiu+yOxSw6e+c0yRNukS+n8SxONnec="

.env.keys

#/------------------!DOTENV_PRIVATE_KEYS!-------------------/
#/ private decryption keys. DO NOT commit to source control /
#/     [how it works](https://dotenvx.com/encryption)       /
#/----------------------------------------------------------/

# .env.production
DOTENV_PRIVATE_KEY_PRODUCTION="424d0ea072eb17c6bee9b4b42ff6333513cf128ea3d5d60ccf79246ca7c3f786"

You SHOULD commit .env.production to code. It is now encrypted, safe, and recommended to do so. But DO NOT commit .env.keys to code. Keep them somewhere safe like 1password or dotenvx ops.

Run your task

Run your task in Trigger's UI.

Your env is successfully injected using the encrypted contents of .env.production.

cloud.trigger.dev

Visit the dashboard and it says Hello production.

Great job!

You succesfully add encryption to your .env files. This is safer than scattering your secrets across third-party platforms and tools. When you need to update a secret, run dotenvx set KEY value and redeploy.