Runtime Decryption

Decrypt encrypted values just in time at runtime.

Use dotenvx run to inject encrypted and plaintext values into a process just in time.

This command reads the private key, decrypts each encrypted value, and injects the result into process.env.

// index.js
console.log(`Hello ${process.env.HELLO}`)

$ dotenvx run -- node index.js
⟐ injected env (2) from .env
Hello Dotenvx

The application receives normal environment variables. It does not need to know whether a value came from plaintext or ciphertext.