| 📍 NOTE |
|---|
| RubyGems (the GitHub org, not the website) suffered a hostile takeover in September 2025. |
| Ultimately 4 maintainers were hard removed and a reason has been given for only 1 of those, while 2 others resigned in protest. |
| It is a complicated story which is difficult to parse quickly. |
| Simply put - there was active policy for adding or removing maintainers/owners of rubygems and bundler, and those policies were not followed. |
| I'm adding notes like this to gems because I don't condone theft of repositories or gems from their rightful owners. |
| If a similar theft happened with my repos/gems, I'd hope some would stand up for me. |
| Disenfranchised former-maintainers have started gem.coop. |
| Once available I will publish there exclusively; unless RubyCentral makes amends with the community. |
| The "Technology for Humans: Joel Draper" podcast episode by reinteractive is the most cogent summary I'm aware of. |
| See here, here and here for more info on what comes next. |
| What I'm doing: A (WIP) proposal for bundler/gem scopes, and a (WIP) proposal for a federated gem server. |
☯️ Dotenv::Merge
if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.
if ci_badges.map(&:color).all? { it == "green"} 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.
🌻 Synopsis
Dotenv::Merge is a standalone Ruby module that intelligently merges two versions of a dotenv (.env) file. It's like a smart "git merge" specifically designed for environment configuration files. Built on top of ast-merge, it shares the same architecture as prism-merge for Ruby source files.
Key Features
- Dotenv-Aware: Understands dotenv file format (KEY=value, comments, exports)
- Intelligent: Matches environment variables by key name
- Comment-Preserving: Comments and blank lines are preserved in their context
- Freeze Block Support: Respects freeze markers (default:
dotenv-merge:freeze/dotenv-merge:unfreeze) for merge control - customizable to match your project's conventions - Full Provenance: Tracks origin of every line
- Standalone: Minimal dependencies - just
ast-merge - Customizable:
signature_generator- callable custom signature generatorspreference- setting of:template,:destination, or a Hash for per-node-type preferencesnode_splitter- Hash mapping node types to callables for per-node-type merge customization (see ast-merge docs)add_template_only_nodes- setting to retain variables that do not exist in destinationfreeze_token- customize freeze block markers (default:"dotenv-merge")
Supported Line Types
| Line Type | Format | Matching Behavior |
|---|---|---|
| Assignment | KEY=value |
Variables match by key name |
| Export | export KEY=value |
Treated as assignment with export flag |
| Comment | # comment text |
Preserved in context |
| Blank | (empty line) | Preserved for readability |
| Double-quoted | KEY="value with\nescapes" |
Escape sequences processed |
| Single-quoted | KEY='literal value' |
No escape processing |
| Inline comment | KEY=value # comment |
Comment stripped from value |
Example
require "dotenv/merge"
template = File.read("template.env")
destination = File.read("destination.env")
merger = Dotenv::Merge::SmartMerger.new(template, destination)
result = merger.merge
File.write("merged.env", result.to_s)
Part of a gem family
| Gem | File Type | Parser |
|---|---|---|
| ast-merge | Text | internal |
| prism-merge | Ruby | Prism |
| psych-merge | YAML | Psych |
| json-merge | JSON | tree-sitter-json |
| jsonc-merge | JSONC | ⚠️ tree-sitter-jsonc (PoC) |
| bash-merge | Shell | tree-sitter-bash |
| rbs-merge | RBS Types | RBS |
| dotenv-merge | Dotenv | internal |
| toml-merge | TOML | tree-sitter-toml |
| markdown-merge | Markdown | base classes |
| markly-merge | Markdown | Markly (cmark-gfm) |
| commonmarker-merge | Markdown | Commonmarker (Comrak) |
Example implementations for the gem templating use case:
| Gem | Purpose |
|---|---|
| kettle-dev | Gem templating tool |
| kettle-jem | Gem template library |
Configuration
merger = Dotenv::Merge::SmartMerger.new(
template_content,
dest_content,
# Which version to prefer when variables match
# :destination (default) - keep destination values
# :template - use template values
preference: :destination,
# Whether to add template-only variables to the result
# false (default) - only include variables that exist in destination
# true - include all template variables
add_template_only_nodes: false,
# Token for freeze block markers
# Default: "dotenv-merge"
# Looks for: # dotenv-merge:freeze / # dotenv-merge:unfreeze
freeze_token: "dotenv-merge",
# Custom signature generator (optional)
# Receives an EnvLine, returns a signature array or nil
signature_generator: ->(line) { [:env, line.key] if line.assignment? },
)
Basic Usage
Simple Merge
require "dotenv/merge"
# Template defines the structure
template = "# Database configuration\nDATABASE_URL=postgres://localhost/myapp_dev\nDATABASE_POOL=5\n\n# API keys\nAPI_KEY=your_api_key_here\nAPI_SECRET=your_secret_here\n"
# Destination has customizations
destination = "# Database configuration\nDATABASE_URL=postgres://production.example.com/myapp\nDATABASE_POOL=25\n\n# Custom setting not in template\nCUSTOM_SETTING=my_value\n"
merger = Dotenv::Merge::SmartMerger.new(template, destination)
result = merger.merge
puts result
Using Freeze Blocks
Freeze blocks protect sections from being overwritten during merge:
# Database configuration
DATABASE_URL=postgres://localhost/myapp_dev
# dotenv-merge:freeze Custom API credentials
API_KEY=my_secret_production_key
API_SECRET=super_secret_value
# dotenv-merge:unfreeze
# Other settings
DEBUG=false
Content between # dotenv-merge:freeze and # dotenv-merge:unfreeze markers is preserved from the destination file, regardless of what the template contains.
Adding Template-Only Variables
merger = Dotenv::Merge::SmartMerger.new(
template,
destination,
add_template_only_nodes: true,
)
result = merger.merge
# Result includes variables from template that don't exist in destination
The *-merge Gem Family
This gem is part of a family of gems that provide intelligent merging for various file formats:
| Gem | Format | Parser | Description |
|---|---|---|---|
| ast-merge | Text | internal | Shared infrastructure for all *-merge gems |
| prism-merge | Ruby | Prism | Smart merge for Ruby source files |
| psych-merge | YAML | Psych | Smart merge for YAML files |
| json-merge | JSON | tree-sitter-json | Smart merge for JSON files |
| jsonc-merge | JSONC | tree-sitter-jsonc | ⚠️ Proof of concept; Smart merge for JSON with Comments |
| bash-merge | Bash | tree-sitter-bash | Smart merge for Bash scripts |
| rbs-merge | RBS | RBS | Smart merge for Ruby type signatures |
| dotenv-merge | Dotenv | internal (dotenv) | Smart merge for .env files |
| toml-merge | TOML | tree-sitter-toml | Smart merge for TOML files |
| markly-merge | Markdown | Markly | Smart merge for Markdown (CommonMark via libcmark-gfm) |
| commonmarker-merge | Markdown | Commonmarker | Smart merge for Markdown (CommonMark via comrak) |
💡 Info you can shake a stick at
| Tokens to Remember |   |
|---|---|
| Works with JRuby |   |
| Works with Truffle Ruby |   |
| Works with MRI Ruby 3 |     |
| Support & Community |     |
| Source |     |
| Documentation |      |
| Compliance |      |
| Style |     |
| Maintainer 🎖️ |      |
... 💖 |
    🧊 🐙 🛖 🧪 |
Compatibility
Compatible with MRI Ruby 3.2.0+, and concordant releases of JRuby, and TruffleRuby.
| 🚚 Amazing test matrix was brought to you by | 🔎 appraisal2 🔎 and the color 💚 green 💚 |
|---|---|
| 👟 Check it out! | ✨ github.com/appraisal-rb/appraisal2 ✨ |
Federated DVCS
Find this repo on federated forges (Coming soon!)
| Federated [DVCS][💎d-in-dvcs] Repository | Status | Issues | PRs | Wiki | CI | Discussions | |-------------------------------------------------|-----------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------| | 🧪 [kettle-rb/dotenv-merge on GitLab][📜src-gl] | The Truth | [💚][🤝gl-issues] | [💚][🤝gl-pulls] | [💚][📜gl-wiki] | 🐭 Tiny Matrix | ➖ | | 🧊 [kettle-rb/dotenv-merge on CodeBerg][📜src-cb] | An Ethical Mirror ([Donate][🤝cb-donate]) | [💚][🤝cb-issues] | [💚][🤝cb-pulls] | ➖ | ⭕️ No Matrix | ➖ | | 🐙 [kettle-rb/dotenv-merge on GitHub][📜src-gh] | Another Mirror | [💚][🤝gh-issues] | [💚][🤝gh-pulls] | [💚][📜gh-wiki] | 💯 Full Matrix | [💚][gh-discussions] | | 🎮️ [Discord Server][✉️discord-invite] | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |Enterprise Support 
Available as part of the Tidelift Subscription.
Need enterprise-level guarantees?
The maintainers of this and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift] - 💡Subscribe for support guarantees covering _all_ your FLOSS dependencies - 💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar] - 💡Tidelift pays maintainers to maintain the software you depend on!📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers Alternatively: - [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] - [![Get help from me on Upwork][👨🏼🏫expsup-upwork-img]][👨🏼🏫expsup-upwork] - [![Get help from me on Codementor][👨🏼🏫expsup-codementor-img]][👨🏼🏫expsup-codementor]
✨ Installation
Install the gem and add to the application's Gemfile by executing:
bundle add dotenv-merge
If bundler is not being used to manage dependencies, install the gem by executing:
gem install dotenv-merge
🔒 Secure Installation
For Medium or High Security Installations
This gem is cryptographically signed, and has verifiable [SHA-256 and SHA-512][💎SHA_checksums] checksums by [stone_checksums][💎stone_checksums]. Be sure the gem you install hasn’t been tampered with by following the instructions below. Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate: ```console gem cert --add <(curl -Ls https://raw.github.com/galtzo-floss/certs/main/pboling.pem) ``` You only need to do that once. Then proceed to install with: ```console gem install dotenv-merge -P HighSecurity ``` The `HighSecurity` trust profile will verify signed gems, and not allow the installation of unsigned dependencies. If you want to up your security game full-time: ```console bundle config set --global trust-policy MediumSecurity ``` `MediumSecurity` instead of `HighSecurity` is necessary if not all the gems you use are signed. NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine.⚙️ Configuration
merger = Dotenv::Merge::SmartMerger.new(
template,
destination,
# When conflicts occur, prefer template or destination values
preference: :template, # or :destination (default)
# Add entries that only exist in template
add_template_only_nodes: true, # default: false
)
Signature Match Preference
Control which source wins when both files have the same key:
:template- Template values replace destination values- Version files (
VERSION=2.0.0should replaceVERSION=1.0.0) - API endpoint updates (
API_URL=https://new-api.example.com)
- Version files (
:destination(default) - Destination values are preserved- Local development settings
- Project-specific customizations
Template-Only Nodes
Control whether to add entries that only exist in the template:
true- Add new entries from template- New required environment variables
- New configuration options
false(default) - Skip template-only entries- Template has placeholder values
- Destination is authoritative
🔧 Basic Usage
Simple Merge
require "dotenv/merge"
template = File.read("template.env")
destination = File.read("destination.env")
merger = Dotenv::Merge::SmartMerger.new(template, destination)
result = merger.merge
File.write("merged.env", result)
Working with Freeze Blocks
Freeze blocks protect sections of your .env file from being modified during merges:
# << FREEZE: project_secrets
DATABASE_URL=postgresql://localhost/myapp_dev
SECRET_KEY_BASE=my_local_secret_key_value
# >> FREEZE: project_secrets
# These entries can be updated by template
API_VERSION=v2
Adding Template-Only Entries
# Template introduces a new required variable
template = "DATABASE_URL=postgresql://localhost/template_db\nNEW_FEATURE_FLAG=enabled\n"
destination = "DATABASE_URL=postgresql://localhost/myapp_dev\n"
merger = Dotenv::Merge::SmartMerger.new(
template,
destination,
add_template_only_nodes: true,
)
result = merger.merge
# Result includes DATABASE_URL from destination + NEW_FEATURE_FLAG from template
🦷 FLOSS Funding
While kettle-rb tools are free software and will always be, the project would benefit immensely from some funding. Raising a monthly budget of... "dollars" would make the project more sustainable.
We welcome both individual and corporate sponsors! We also offer a wide array of funding channels to account for your preferences (although currently Open Collective is our preferred funding platform).
If you're working in a company that's making significant use of kettle-rb tools we'd appreciate it if you suggest to your company to become a kettle-rb sponsor.
You can support the development of kettle-rb tools via GitHub Sponsors, Liberapay, PayPal, Open Collective and Tidelift.
| 📍 NOTE |
|---|
| If doing a sponsorship in the form of donation is problematic for your company from an accounting standpoint, we'd recommend the use of Tidelift, where you can get a support-like subscription instead. |
Open Collective for Individuals
Support us with a monthly donation and help us continue our activities. [Become a backer]
NOTE: kettle-readme-backers updates this list every day, automatically.
No backers yet. Be the first!
Open Collective for Organizations
Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]
NOTE: kettle-readme-backers updates this list every day, automatically.
No sponsors yet. Be the first!
Another way to support open-source
I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small. Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions. I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈 cats).
If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in bundle fund.
I’m developing a new library, floss_funding, designed to empower open-source developers like myself to get paid for the work we do, in a sustainable way. Please give it a look.
Floss-Funding.dev: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags
🔐 Security
See SECURITY.md.
🤝 Contributing
If you need some ideas of where to help, you could work on adding more code coverage, or if it is already 💯 (see below) check reek, issues, or PRs, or use the gem and think about how it could be better.
We so if you make changes, remember to update it.
See CONTRIBUTING.md for more detailed instructions.
🚀 Release Instructions
See CONTRIBUTING.md.
Code Coverage
🪇 Code of Conduct
Everyone interacting with this project's codebases, issue trackers,
chat rooms and mailing lists agrees to follow the .
🌈 Contributors
Made with contributors-img.
Also see GitLab Contributors: https://gitlab.com/kettle-rb/dotenv-merge/-/graphs/main
⭐️ Star History
📌 Versioning
This Library adheres to .
Violations of this scheme should be reported as bugs.
Specifically, if a minor or patch version is released that breaks backward compatibility,
a new version should be immediately released that restores compatibility.
Breaking changes to the public API will only be introduced with new major versions.
dropping support for a platform is both obviously and objectively a breaking change
—Jordan Harband (@ljharb, maintainer of SemVer) in SemVer issue 716
I understand that policy doesn't work universally ("exceptions to every rule!"), but it is the policy here. As such, in many cases it is good to specify a dependency on this library using the Pessimistic Version Constraint with two digits of precision.
For example:
spec.add_dependency("dotenv-merge", "~> 1.0")
📌 Is "Platform Support" part of the public API? More details inside.
SemVer should, IMO, but doesn't explicitly, say that dropping support for specific Platforms is a *breaking change* to an API, and for that reason the bike shedding is endless. To get a better understanding of how SemVer is intended to work over a project's lifetime, read this article from the creator of SemVer: - ["Major Version Numbers are Not Sacred"][📌major-versions-not-sacred]See CHANGELOG.md for a list of releases.
📄 License
The gem is available as open source under the terms of
the MIT License .
See LICENSE.txt for the official Copyright Notice.
© Copyright
-
Copyright (c) 2025 Peter H. Boling, of
Galtzo.com
🤑 A request for help
Maintainers have teeth and need to pay their dentists. After getting laid off in an RIF in March, and encountering difficulty finding a new one, I began spending most of my time building open source tools. I'm hoping to be able to pay for my kids' health insurance this month, so if you value the work I am doing, I need your support. Please consider sponsoring me or the project.
To join the community or get help 👇️ Join the Discord.
To say "thanks!" ☝️ Join the Discord or 👇️ send money.
💌 
Please give the project a star ⭐ ♥.
Thanks for RTFM. ☺️