Documentation
Pro
PRO

New project

Create a project on dotenvx pro.

On GitHub

Create (or use) a repository with .env file.

$ mkdir projectx
$ echo "HELLO=World" > .env

Encrypt it.

$ dotenvx encrypt
βœ” encrypted (.env)

Add .env.keys to .gitignore.

$ git init .
$ echo ".env.keys" >> .gitignore
$ git add .
$ git commit -am "initial commit"
$ git remote add origin [email protected]:motdotla/projectx.git
$ git push -u origin main

Now on GitHub, your project should have one (or more) encrypted .env file(s).

github.com

On Pro

Push .env.keys–creating your project on dotenvx.

$ dotenvx pro push
βœ” pushed (.env)

You might have to run $ dotenvx pro sync first–so that the cli has knowledge of your organization.

View the project.

$ dotenvx pro open
press Enter to open [https://pro.dotenvx.com/gh/motdotla/projectx]... (Y/n)
βœ” opened [motdotla/projectx]

It opens your web browser.

pro.dotenvx.com

Click .env.keys–to view the contents of your .env.keys file.

pro.dotenvx.com

Important to note, the DOTENV_PRIVATE_KEY is now encrypted. This is an additional security feature native to dotenvx pro. It is encrypted with your organization's public key.

Private Key

Next, check your source code–the .env.keys file has been deleted locally.

$ ls -1A
.env
.git/
.gitignore

This is by design! Your project's keys are now fully managed by dotenvx pro. πŸ†

To view the private key, use the pro keypair command.

$ dotenvx pro keypair --pp
{
  "DOTENV_PUBLIC_KEY": "03cde813f7888ad1bf9e23f3f36e1f6ce23a63e8d0a024d6ecdfdba2fd4918659e",
  "DOTENV_PRIVATE_KEY": "e38b906d2992e1c80054c934501221ff679473577214c5b78c73b89b178147c1"
}

Run/Get

Inject (and get) your values with dotenvx like you always have. dotenvx pro piggy backs on the dotenvx run/get commands.

$ dotenvx pro get -pp
{
  "DOTENV_PUBLIC_KEY": "03cde813f7888ad1bf9e23f3f36e1f6ce23a63e8d0a024d6ecdfdba2fd4918659e",
  "HELLO": "World"
}

Conclusion

Using dotenvx pro you've:

  1. Removed the risk of keeping .env.keys locally
  2. Added encryption to your private keys
  3. Converted your private keys to fully managed

All in just a couple commands. I'd say that's Professional. πŸ†

Next let's add a teammate–so they can seamlessly make use of the private key.

Bonus

Where are these stored? They are encrypted and stored locally, using zero-knowledge architecture. You can check the encrypted contents tree with pro settings storetree.

$ dotenvx pro settings storetree
β”œβ”€ .env
└─ pro.dotenvx.com
   β”œβ”€ user-1-organization-1.json
   β”œβ”€ user-1-private-key.json
   └─ user-1.json