Docs
Pro
PRO

New project

Create a project on dotenvx-pro.

Watch the Video Tutorial 📺

On GitHub

Create (or use) a repository with .env file.

$ mkdir projectx
$ echo "HELLO=World" > .env

Encrypt it.

$ dotenvx encrypt
✔ encrypted (.env)

Add .env.keys to .gitignore.

$ git init .
$ echo ".env.keys" >> .gitignore
$ git add .
$ git commit -am "initial commit"
$ git remote add origin [email protected]:motdotla/projectx.git
$ git push -u origin main

Now on GitHub, your project should have one (or more) encrypted .env file(s).

github.com

On Pro

Push .env.keys–creating your project on dotenvx.

$ dotenvx-pro push
✔ pushed (.env)

You might have to run $ dotenvx-pro sync first–so that the cli has knowledge of your organization.

View the project.

$ dotenvx-pro open
press Enter to open [https://pro.dotenvx.com/gh/motdotla/projectx]... (Y/n)
✔ opened [motdotla/projectx]

It opens your web browser.

pro.dotenvx.com

Click .env.keys–to view the contents of your .env.keys file.

pro.dotenvx.com

Important to note, the DOTENV_PRIVATE_KEY is now encrypted. This is an additional security feature native to dotenvx-pro. It is encrypted with your organization's public key.

Private Key

Next, check your source code–the .env.keys file has been deleted locally.

$ ls -1A
.env
.git/
.gitignore

This is by design! Your project's keys are now fully managed by dotenvx-pro. 🏆

To view the private key, use the pro keypair command.

$ dotenvx-pro keypair --pp
{
  "DOTENV_PUBLIC_KEY": "03cde813f7888ad1bf9e23f3f36e1f6ce23a63e8d0a024d6ecdfdba2fd4918659e",
  "DOTENV_PRIVATE_KEY": "e38b906d2992e1c80054c934501221ff679473577214c5b78c73b89b178147c1"
}

Run/Get

Inject (and get) your values with dotenvx like you always have. dotenvx-pro piggy backs on the dotenvx run/get commands.

$ dotenvx-pro get -pp
{
  "DOTENV_PUBLIC_KEY": "03cde813f7888ad1bf9e23f3f36e1f6ce23a63e8d0a024d6ecdfdba2fd4918659e",
  "HELLO": "World"
}

Conclusion

Using dotenvx-pro you've:

  1. Removed the risk of keeping .env.keys locally
  2. Added encryption to your private keys
  3. Converted your private keys to fully managed

All in just a couple commands. I'd say that's Professional. 🏆

Next let's add a teammate–so they can seamlessly make use of the private key.

Bonus

Where are these stored? They are encrypted and stored locally, using zero-knowledge architecture. You can check the encrypted contents tree with pro settings storetree.

$ dotenvx-pro settings storetree
├─ .env
└─ pro.dotenvx.com
   ├─ user-1-organization-1.json
   ├─ user-1-private-key.json
   └─ user-1.json