Lock Up

Lock a private key in .env.keys with a local passphrase.

$ dotenvx lock up

Here's what a locked key looks like:

# .env.keys
DOTENV_PRIVATE_KEY=locked:02f5b97ad58b49ae324cd4e7937bc19b251d006b31cacf46f789eeaf03f923cedc:AZIPDxKqjPLiGl5b4CqVGbR3CIBDUcqHthGaoeWLoUvxbTHJkj3jGoGWGaxFSDUJGQUmWDaExRzxKpVydYF_7qiWr1ecqksOFho5t3EMwKbqX2-y-LZO9K3a4SJaYAjDJXpn3NwG4vAt1oLmGA

Choose a strong passphrase. If an attacker gets your .env.keys file, they can try to brute force the locked private key offline.

For stronger security, use Armor.

Specify files with -f and -fk.

$ dotenvx lock up -f .env.production -fk .env.keys