dotenv-vault
Dotenv Vault extends the proven & trusted foundation of dotenv, with a .env.vault
file.
This new standard lets you sync your .env files – quickly & securely. Stop sharing them over insecure channels like Slack and email, and never lose an important .env file again.
Installation
Rails
Add this line to the top of your application's Gemfile:
gem 'dotenv-vault-rails'
And then execute:
$ bundle
Usage
.env
Basic usage begins just like dotenv.
Add your application configuration to your .env
file in the root of your project:
S3_BUCKET=YOURS3BUCKET
SECRET_KEY=YOURSECRETKEYGOESHERE
Whenever your application loads, these variables will be available in ENV
:
config.fog_directory = ENV['S3_BUCKET']
.env.vault
Usage is similar to git. In the same directory as your .env
file, run the command:
npx dotenv-vault new
Follow those instructions and then run:
$ npx dotenv-vault login
Then run push and pull:
$ npx dotenv-vault push
$ npx dotenv-vault pull
That's it!
You just synced your .env
file. Commit your .env.vault
file to code, and tell your teammates to run npx dotenv-vault pull
.
Multiple Environments
Run the command:
$ npx dotenv-vault open production
It will open up an interface to manage your production environment variables.
Deploy Anywhere
Build your encrypted .env.vault
:
$ npx dotenv-vault build
Safely commit and push your changes:
$ git commit -am "Updated .env.vault"
$ git push
Obtain your DOTENV_KEY
:
$ npx dotenv-vault keys
Set DOTENV_KEY
on your infrastructure. For example, on Heroku:
$ heroku config:set DOTENV_KEY="dotenv://:[email protected]/vault/.env.vault?environment=production"
All set! When your app boots, it will recognize a DOTENV_KEY
is set, decrypt the .env.vault
file, and load the variables to ENV
.
FAQ
What happens if DOTENV_KEY
is not set?
Dotenv Vault gracefully falls back to dotenv when DOTENV_KEY
is not set. This is the default for development so that you can focus on editing your .env
file and save the build
command until you are ready to deploy those environment variables changes.
Should I commit my .env
file?
No. We strongly recommend against committing your .env
file to version control. It should only include environment-specific values such as database passwords or API keys. Your production database should have a different password than your development database.
Should I commit my .env.vault
file?
Yes. It is safe and recommended to do so. It contains your vault identifier at the vault provider (in this case dotenv.org) and contains your encrypted values.
Can I share the DOTENV_KEY
?
No. It is the key that unlocks your encrypted environment variables. Be very careful who you share this key with. Do not let it leak.
Contributing
- Fork it
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Added some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request
Changelog
See CHANGELOG.md
License
MIT