DEV Community

Adarsh BP
Adarsh BP

Posted on

The Problems with dotenv and How dotenvx Solves Them

Managing environment variables is crucial but can be fraught with challenges. The traditional dotenv approach, while popular, has notable shortcomings:

  • Leaking Your .env File: This is the most significant risk, potentially exposing sensitive information.
  • Juggling Multiple Environments: Managing different configurations for development, testing, and production can be cumbersome.
  • Inconsistency Across Platforms: Behavior can vary depending on the operating system or environment.

Introducing dotenvx: A Comprehensive Solution

dotenvx addresses these issues effectively with three key features: Run Anywhere, Multiple Environments, and Encryption.

1. Run Anywhere: Consistency Across Platforms
dotenvx ensures consistent behavior across all languages, frameworks, and platforms. By using the command dotenvx run -- your-cmd, you can inject your environment variables at runtime, ensuring uniformity.

Example:

$ echo "Name=Adarsh" > .env
$ echo "console.log('Name' + process.env.Name)" > index.js

$ node index.js
Name undefined # without dotenvx

$ dotenvx run -- node index.js
Name Adarsh # with dotenvx
Enter fullscreen mode Exit fullscreen mode

This consistency means your Python, Node.js, and Rust applications will behave the same way when using dotenvx. Install dotenvx via npm, brew, curl, docker, Windows, and more.

2. Multiple Environments: Simplified Environment Management
Managing multiple environments is straightforward with dotenvx. Create different .env files for each environment and use the -f flag to specify which one to load.

Example:

$ echo "HELLO=production" > .env.production
$ echo "console.log('Hello ' + process.env.HELLO)" > index.js

$ dotenvx run -f .env.production -- node index.js
[dotenvx][info] loading env (1) from .env.production
Hello production
Enter fullscreen mode Exit fullscreen mode

You can also compose multiple environments by using multiple -f flags:

$ echo "HELLO=local" > .env.local
$ echo "HELLO=World" > .env
$ echo "console.log('Hello ' + process.env.HELLO)" > index.js

$ dotenvx run -f .env.local -f .env -- node index.js
[dotenvx] injecting env (1) from .env.local, .env
Hello local
Enter fullscreen mode Exit fullscreen mode

This flexibility cleanly solves the problem of juggling multiple environments.

3. Encryption: Securing Your .env Files
The most groundbreaking feature of dotenvx is the ability to encrypt your .env files with a single command, significantly enhancing security.

Example:

$ dotenvx encrypt
✔ encrypted (.env)
#/-------------------[DOTENV_PUBLIC_KEY]--------------------/
#/            public-key encryption for .env files          /
#/       [how it works](https://dotenvx.com/encryption)     /
#/----------------------------------------------------------/
DOTENV_PUBLIC_KEY="03f8b376234c4f2f0445f392a12e80f3a84b4b0d1e0c3df85c494e45812653c22a"

# Database configuration
DB_HOST="encrypted:BNr24F4vW9CQ37LOXeRgOL6QlwtJfAoAVXtSdSfpicPDHtqo/Q2HekeCjAWrhxHy+VHAB3QTg4fk9VdIoncLIlu1NssFO6XQXN5fnIjXRmp5pAuw7xwqVXe/1lVukATjG0kXR4SHe45s4Tb6fEjs"
DB_PORT="encrypted:BOCHQLIOzrq42WE5zf431xIlLk4iRDn1/hjYBg5kkYLQnL9wV2zEsSyHKBfH3mQdv8w4+EhXiF4unXZi1nYqdjVp4/BbAr777ORjMzyE+3QN1ik1F2+W5DZHBF9Uwj69F4D7f8A="
DB_USER="encrypted:BP6jIRlnYo5LM6/n8GnOAeg4RJlPD6ZN/HkdMdWfgfbQBuZlo44idYzKApdy0znU3TSoF5rcppXIMkxFFuB6pS0U4HMG/jl46lPCswl3vLTQ7Gx5EMT6YwE6pfA88AM77/ebQZ6y0L5t"
DB_PASSWORD="encrypted:BMycwcycXFFJQHjbt1i1IBS7C31Fo73wFzPolFWwkla09SWGy3QU1rBvK0YwdQmbuJuztp9JhcNLuc0wUdlLZVHC4/E6q/K7oPULNPxC5K1LwW4YuX80Ngl6Oy13Twero864f2DXXTNb"
DB_NAME="encrypted:BGtVHZBbvHmX6J+J+xm+73SnUFpqd2AWOL6/mHe1SCqPgMAXqk8dbLgqmHiZSbw4D6VquaYtF9safGyucClAvGGMzgD7gdnXGB1YGGaPN7nTpJ4vE1nx8hi1bNtNCr5gEm7z+pdLq1IsH4vPSH4O7XBx"

# API Keys
API_KEY="encrypted:BD9paBaun2284WcqdFQZUlDKapPiuE/ruoLY7rINtQPXKWcfqI08vFAlCCmwBoJIvd2Nv3ACiSCA672wsKeJlFJTcRB6IRRJ+fPBuz2kvYlOiec7EzHTT8EVzSDydFun5R5ODfmN"
STRIPE_API_KEY="encrypted:BM6udWmFsPaBzlND0dFBv7R55JiaA+cZnbun8DaVNrEvO+8/k+lsXbZQ0bCPks8kUsdD2qrSp/tii0P8gVJ/gp+pdDuhdcJj91hxJ7nzSFf6h0ofRb38/2WHFhxg77XExxzui1s3w42Z"

# Logging
LOG_LEVEL="encrypted:BKmgv5E7/l1FnSaGWYWBPxxagdgN+KSEaB+va3PePjwEp7CqW6PlysrweZq49YTB5Fbc3UN/akLVn1RZ2AO4PyTVqgYYGBwerjpJiou9R2KluNV3T4j0bhsAkBochg3YpHcw3RX/"
Enter fullscreen mode Exit fullscreen mode

dotenvx generates a DOTENV_PUBLIC_KEY for encryption and a DOTENV_PRIVATE_KEY for decryption using public-key cryptography. This means even if your .env file is leaked, the information remains secure without the decryption key.

Conclusion

dotenvx significantly improves the management of environment variables by addressing the three major issues with the traditional dotenv approach. With consistent behavior across platforms, easy management of multiple environments, and robust encryption, dotenvx sets a new standard for configuration management.

Head over to the official documentation of dotenvxfor detailed example and guide

Top comments (0)

Read next

vivekalhat profile image

Scaling databases with AWS RDS and read replicas

Vivek Alhat -

sukuru_naga_sai_srinivasu profile image

Kubernetes-project-using-an-EKS-cluster

SNS-Srinivasu -

veescript profile image

Frontend Technologies

Kehinde Ebunola -

nft_research profile image

What Is BC-404: A Comprehensive Guide to the Latest Deflationary NFT Standard

NFT Research -