Sync .env files

sync .env files between machines, environments, and team members–from the creator of dotenv ★ 17.9k

Create Dotenv Account Documentation Pricing

Self-funded and profitable ⋅ Trusted by tens of thousands of companies worldwide

Works with a single command

You don't need to install anything to use dotenv-vault. No error prone binaries to install, infra to maintain, or custom code to write. It just works – with a single command.

"I love how easy it is to get started in a snap. I'm using it to sync between my pc and laptop."

Faisal Abidi – Lead Software Engineer

npx dotenv-vault push

Multiple Environments

After you've pushed your .env file, you can manage your secrets across multiple environments. Open an environment to view and edit its environment variables.

"I've been using dotenv for a few years, but only now have I come across dotenv-vault. I'm excited to start using it and replace my instance of hashicorp vault."

Brian Patino – Software Engineer III

Integrates Everywhere

Integrates everywhere you already write, test, build, and deploy your code. Generate your encrypted .env.vault file, commit that safely to code, and deploy. There's nothing else like it.

"I went from 'not knowing what this even is' to 'integrated into my project' within 5 minutes. Having each cli command tell me the next step was super helpful."

Anthony Lukach – Cloud Engineer

+more

I've been thinking about building exactly this for ages, was doing some market research for how to do it properly and found that you had, well, nailed it.

Josh McKenty

Cofounder of OpenStack

Teams love it

Each month, hundreds more software teams start using dotenv-vault.

FirstVet trusts dotenv-vault to keep their secrets safe while helping you keep your pets healthy. With their app, you can talk to a vet online at the click of a button.

Honeylove, a YC company, makes body-shaping apparel designed to make you feel more confident and improve your posture. When it comes to their security posture, they choose dotenv-vault.

When it comes to SecretOps, Supernova, one of the world's premier DesignOps solutions, uses dotenv-vault.

Sound is a collaborative music discovery platform built on web3 technology and values. For their secrets, they trust dotenv-vault.

Alameda County is one of the most innovative counties in the United States. Home to 1.7 million people, in cities like Berkeley and Oakland, they use and trust dotenv-vault.

Built on blockchain technology, Snackclub is a gaming community that uses dotenv-vault to keep their secrets safe.

5 Million+ users trust Zengaming's Tradeit.gg and Lootbear.com products. dotenv-vault helps support these users by powering Zengaming's secrets.

HappyMoney is a unicorn-sized company that has raised almost $200 million dollars. For keeping their secrets safe, they chose dotenv-vault among all other alternatives.

Sungage Financial innovates in the solar space - making it so more people can have solar. To innovate on their secrets they use dotenv-vault.

Ligonier Ministries provides content and resources for Christians. Their team coordinates securely sharing secrets using dotenv-vault.

Edtech Unicorn LEAD trusts dotenv-vault with its developer secrets. Their software makes excellent education affordable and accessible to all Indians.

100M+ visitors per year use Vio.com to get a better deal on travel and accomodation. It takes a lot of software to do this and it is dotenv-vault that powers the secrets for that software.

From the same people that pioneered dotenv. Trusted by millions of developers worldwide.

Create Dotenv Account

Frequently asked questions

: dotenv-vault is the only secrets manager that works with .env files instead of against them.
: Other secrets managers make you replace your environment variables with remote API calls. This means you must rewrite your code, lock yourself into proprietary software, and possibly introduce new attack vectors to your software (It's generally easier for attackers to intercept your web traffic than to gain access to your file system.)
: Your secrets go through a ten-step process to split their parts, encrypt those parts, and tokenize them into your project's vault. This includes using AES-GCM encryption - trusted by governments to transport top secret information. Read more about the ten-step process on the security page.
: The .env.vault file is an encrypted version of your .env file. It is paired with a decryption key called the DOTENV_KEY. The DOTENV_KEY is set on your server or cloud hosting provider and the .env.vault file is committed to code.
: Yes. AES-256 GCM encryption was developed for the needs of US Government agencies like the CIA. AES-256 takes billions of years to crack using current computing technology. Your secrets are much more likely to be leaked by a third-party. This is why we are so committed to this technology while everyone else is focused on syncing secrets to third-party integrations. We see a better way.
: In the CircleCI breach the attacker accessed environment variables only. They could not access codebases. To steal your .env.vault secrets, an attacker needs need both – the decryption key (stored as an environment variable), AND the encrypted .env.vault file.
: Not officially, but our goal is towards that. We're building things in a way that a cloud service is not necessary. As long as you can generate a .env.vault file you can use the technology. It is open to all.
: The .env.vault file and its encryption algorithm is language-agnostic so technically it works with any language. We've built convenience libraries for it in a handful of languages and are adding more as requested. See the docs for a complete list.
: See the install page. You can use npx, brew, and more.

Can’t find the answer you’re looking for? Send us an email at [email protected] team. We'd love to hear from you.

Create Dotenv Account