POC-share-dot-env-securely

The .env files not only contain configuration parameters, in some cases they can contain secrets as well. This is why it is not recommended to upload this type of files to the repositories, even if it is private. This file can also coexist with others that can be called differently: .env.development, .env.staging, etc...

This time we are going to work with the dotenv-vault CLI to encrypt the content of our .env and upload the encrypted content to the repository.

npm install --save-dev dotenv-vault

In this next step we will generate the private key to store the content of our beloved .env encrypted in the .env.vault file

npx dotenv-vault@latest local build

The previous command will have generated a file called .env.keys that will contain the encryption and decryption key. This key is rotating and is updated every time we launch the previous command.

You may have noticed that the .env file is not the only one that is ignored when new commits are made to the repository. Now .env.keys is also in the .gitignore file.

You are ready now for shareing the vault with your team. They would need to decrypt that now. Make sure your share the file .env.keys securely with them. In any other way they would not be able to decrypt the content from .env.vault

Let's say that your key value is equal to dotenv://:key_toor@dotenv.local/vault/.env.vault?environment=development

npx dotenv-vault@latest local decrypt dotenv://:key_toor@dotenv.local/vault/.env.vault?environment=development

Congratulations! You have decrypted the content of the vault. That values can be stored now on a plain .env file for being used on your project.