Lock Up
Lock a private key in .env.keys with a local passphrase.
$ dotenvx lock up
Here's what a locked key looks like:
# .env.keys
DOTENV_PRIVATE_KEY=locked:02f5b97ad58b49ae324cd4e7937bc19b251d006b31cacf46f789eeaf03f923cedc:AZIPDxKqjPLiGl5b4CqVGbR3CIBDUcqHthGaoeWLoUvxbTHJkj3jGoGWGaxFSDUJGQUmWDaExRzxKpVydYF_7qiWr1ecqksOFho5t3EMwKbqX2-y-LZO9K3a4SJaYAjDJXpn3NwG4vAt1oLmGA
Choose a strong passphrase. If an attacker gets your .env.keys file, they can try to brute force the locked private key offline.
For stronger security, use Armor.
Specify files with -f and -fk.
$ dotenvx lock up -f .env.production -fk .env.keys