Tutorials

Integrate Everywhere

Run dotenv-vault build

Open terminal, enter your project's root directory (where your .env.vault file is), and run dotenv-vault build.

$ npx dotenv-vault build

Your .env.vault file should now look something like this.

DOTENV_VAULT=vlt_509ada...
DOTENV_VAULT_DEVELOPMENT="Z53YGRqDcfkQZ..."
DOTENV_VAULT_CI="Ib3n/NKbTVO..."
DOTENV_VAULT_STAGING="up1/d3F13uCKrbsU..."
DOTENV_VAULT_PRODUCTION="oJ6qWV1erwlU1TP4..."

As you can see, your environment variables are encrypted per environment.

Set DOTENV_KEY

The DOTENV_KEY decrypts the encrypted values from DOTENV_VAULT_PRODUCTION. Run dotenv-vault keys production.

$ npx dotenv-vault keys production

That will output your DOTENV_KEY.

dotenv://:[email protected]/vault/.env.vault?environment=production

Set DOTENV_KEY on your infrastructure. For example, on Heroku:

$ heroku config:set DOTENV_KEY='dotenv://:[email protected]/vault/.env.vault?environment=production'

Require dotenv >= 16.1.0

The last step is to require dotenv >= 16.1.0 into your code.

As early as possible in your application, import and configure dotenv:

require('dotenv').config()
console.log(process.env) // remove this after you've confirmed it working

Note: Other languages like Ruby, Python, PHP, etc are also supported.

That's it!

When your app boots, it will recognize the DOTENV_KEY, decrypt the .env.vault file, and load the variables to ENV. If a DOTENV_KEY is not set (like during development on your local machine) it will fall back to regular dotenv.