Dotenvx
3K posts

Dotenvx
@dotenvx
A secure dotenv–from the creator of `dotenv`. @motdotla


Can you call yourself a real developer if you don't have thousands of .env files? Introducing improvements to `dotenvx ls`. $ dotenvx ls Find all .env files on your machine. Then do something with them. Hell, give it to Codex or Claude to run for you! Just tell it to use dotenvx's newest ls command with the json flag.

You can now natively store your private keys in your OS secrets manager. Just run: $ dotenvx native up You get your private key securely stored to your OS secrets manager like macOS Keychain. Agents can't read it and can't unlock it without your permission. Available in Dotenvx 2.0.









You can now lock up your private keys. Just run: $ dotenvx lock up You get an encrypted and passphrase protected private key. Agents can't read it and can't unlock it. Available in Dotenvx 2.0.

dotenvx now supports the option to have unencrypted keys mixed in. Just append with _PLAIN. HELLO="world" # will be encrypted HELLO_PLAIN="plain" # will not be encrypted Additionally I just pushed a fix so that dotenvx precommit and prebuild respect this.


アーカイブをアップしているのでよかったらどうぞ! .envをそのまま使っている人は結構リスクです。 dotenvxを使うのは最低ラインで、さらに一歩進めてzero diskでの対策方法などを画面共有しながら使い方まで紹介しています!

@STP48315 @GreatGoban @cyber_rekk You should be using dotenvx to encrypt your .env files so even if this happens AND it gets past your pre-commit hooks (which I assume you have) AND it gets past your secret scanning GitHub action (which I assume you have) it’s still of very little use to an attacker.


Ok, all the metadata is now surfaced. Basic functionality is complete and now we'll polish, document, and market.





