What are You Looking for?

Secure Environment Variables using dotenvx – Node.js, Python & Java

Managing environment variables securely is a critical aspect of modern software development. Traditional methods like dotenv have served developers well but come with limitations, especially in terms of security and cross-platform compatibility. Enter dotenvx, the next-generation tool designed to overcome these challenges.

This comprehensive guide will walk you through the installation, configuration, and programmatic access of environment variables using dotenvx in Node.js, Python, Ruby, and Java. Learn how to leverage encrypted environment variables, ensure secure configuration management, and streamline your development process across multiple platforms.

dotenvx

1. Key Features of dotenvx?

dotenvx offers several key advantages:

  1. Encrypted Environment Variables: Protect sensitive data by encrypting your .env files.
  2. Cross-Platform Compatibility: Works seamlessly across different programming languages and frameworks.
  3. Multi-Environment Support: Easily manage configurations for different environments (e.g., development, staging, production).
  4. Variable Expansion: Use other environment variables within an environment file.
  5. Debugging Tools: Built-in features for debugging local and server environments.
  6. Multi-Line Values: Store multi-line secrets like public keys securely.

 

2. Installation

dotenvx can be installed using various methods depending on your setup and preferences.

Using curl:

curl -sfS https://dotenvx.sh/install.sh | sh

Using Npm:

npm install @dotenvx/dotenvx --save

Using Homebrew:

brew install dotenvx/brew/dotenvx

Using Windows

32-bit installer: https://github.com/dotenvx/dotenvx/releases
64-bit installer: https://github.com/dotenvx/dotenvx/releases

 

3. Configuration

dotenvx uses a pair of public and private keys to securely encrypt and decrypt environment variables. Here’s how these keys are created and used:

  1. Create an .env file: Place your configuration variables in a .env file. 
    DB_USER=my_user
DB_PASSWORD=my_password
  2. Generate Keys: When you first run the convert command, dotenvx generates a pair of public and private keys. 
    dotenvx convert -f .env

    This command will:

    • Encrypts the .env file, which looks like 
      DB_USER=encrypted:BP6jIRlnYo5LM6/n8GnOAeg4RJlPD6ZN/HkdMdWfgfbQBuZlo44idYzKApdy0znU3TSoF5rcppXIMkxFFuB6pS0U4HMG/jl46lPCswl3vLTQ7Gx5EMT6YwE6pfA88AM77/ebQZ6y0L5t
DB_PASSWORD=encrypted:BMycwcycXFFJQHjbt1i1IBS7C31Fo73wFzPolFWwkla09SWGy3QU1rBvK0YwdQmbuJuztp9JhcNLuc0wUdlLZVHC4/E6q/K7oPULNPxC5K1LwW4YuX80Ngl6Oy13Twero864f2DXXTNb
DOTENV_PUBLIC_KEY=your_generated_public_key
    • Creates a new file .env.keys which contains the DOTENV_PRIVATE_KEY variable. 
      DOTENV_PRIVATE_KEY=your_generated_private_key

DOTENV_PUBLIC_KEY is used to encrypt environment variables. This key is safe to be included in the encrypted .env file because it cannot be used to decrypt the variables.

DOTENV_PRIVATE_KEY is used to decrypt the environment variables. This key must be kept secret and not committed to version control.

Note: You can safely commit your encrypted .env to the repository, but ensure that the .env.keys file is excluded from version control.

4. Programmatic Access

dotenvx can be used in various programming languages to load environment variables securely.

  1. Set the Private Key: The DOTENV_PRIVATE_KEY must be set as an environment variable in the environment where your application will run. 
    export DOTENV_PRIVATE_KEY=your_generated_private_key
  2. Run the Application: Use dotenvx to run your application, ensuring that it decrypts the variables using the private key.

4.1 Node.js

  1. Install dotenvx: 
    npm install @dotenvx/dotenvx --save
  2. Run the application with dotenvx

    export DOTENV_PRIVATE_KEY=your_generated_private_key
dotenvx run -- node your_app.js
  3. Usage in your Node.js application 
    require('@dotenvx/dotenvx').config();

console.log(`Database User: ${process.env.DB_USER}`);
console.log(`Database Password: ${process.env.DB_PASSWORD}`);

     

4.2 Python

  1. Install dotenvx: 
    pip install python-dotenvx
  2. Run the application with dotenvx 
    export DOTENV_PRIVATE_KEY=your_generated_private_key
dotenvx run -- python your_app.py
  3. Usage in your Python application: 
    import os
from dotenvx import load_dotenv

load_dotenv()

print(f"Database User: {os.getenv('DB_USER')}")
print(f"Database Password: {os.getenv('DB_PASSWORD')}")

 

4.3 Ruby

  1. Install dotenvx: 
    gem install dotenvx
  2. Run the application with dotenvx 
    export DOTENV_PRIVATE_KEY=your_generated_private_key
dotenvx run -- ruby your_app.rb

     

  3. Usage in your Ruby application: 
    require 'dotenvx/load'

puts "Database User: #{ENV['DB_USER']}"
puts "Database Password: #{ENV['DB_PASSWORD']}"

     

4.4 Java

  1. Download the JAR 
    curl -L -o dotenvx.jar "https://github.com/dotenvx/dotenvx/releases/latest/download/dotenvx.jar"
  2. Run the application with dotenvx 
    export DOTENV_PRIVATE_KEY=your_generated_private_key
dotenvx run -- java -jar your_app.jar
  3. Usage in your Java application: 
    import io.github.dotenvx.Dotenvx;

public class Main {
    public static void main(String[] args) {
        Dotenvx.load();
        System.out.println("Database User: " + System.getenv("DB_USER"));
        System.out.println("Database Password: " + System.getenv("DB_PASSWORD"));
    }
}

Conclusion

By using dotenvx, you can securely manage your environment variables across different platforms and languages, ensuring that sensitive data remains protected. The use of public and private keys for encryption and decryption adds an additional layer of security, making dotenvx a robust choice for modern application development. For more detailed instructions and examples, refer to the dotenvx official documentation

ByRavishanker Kusuma
Updated on