Managing environment variables securely is a critical aspect of modern software development. Traditional methods like dotenv have served developers well but come with limitations, especially in terms of security and cross-platform compatibility. Enter dotenvx, the next-generation tool designed to overcome these challenges.
This comprehensive guide will walk you through the installation, configuration, and programmatic access of environment variables using dotenvx in Node.js, Python, Ruby, and Java. Learn how to leverage encrypted environment variables, ensure secure configuration management, and streamline your development process across multiple platforms.
1. Key Features of dotenvx?
dotenvx offers several key advantages:
- Encrypted Environment Variables: Protect sensitive data by encrypting your .env files.
- Cross-Platform Compatibility: Works seamlessly across different programming languages and frameworks.
- Multi-Environment Support: Easily manage configurations for different environments (e.g., development, staging, production).
- Variable Expansion: Use other environment variables within an environment file.
- Debugging Tools: Built-in features for debugging local and server environments.
- Multi-Line Values: Store multi-line secrets like public keys securely.
2. Installation
dotenvx can be installed using various methods depending on your setup and preferences.
Using curl:
curl -sfS https://dotenvx.sh/install.sh | sh
Using Npm:
npm install @dotenvx/dotenvx --save
Using Homebrew:
brew install dotenvx/brew/dotenvx
Using Windows
32-bit installer: https://github.com/dotenvx/dotenvx/releases 64-bit installer: https://github.com/dotenvx/dotenvx/releases
3. Configuration
dotenvx uses a pair of public and private keys to securely encrypt and decrypt environment variables. Here’s how these keys are created and used:
- Create an .env file: Place your configuration variables in a .env file.
DB_USER=my_user DB_PASSWORD=my_password
- Generate Keys: When you first run the
convert
command, dotenvx generates a pair of public and private keys.dotenvx convert -f .env
This command will:
- Encrypts the
.env
file, which looks likeDB_USER=encrypted:BP6jIRlnYo5LM6/n8GnOAeg4RJlPD6ZN/HkdMdWfgfbQBuZlo44idYzKApdy0znU3TSoF5rcppXIMkxFFuB6pS0U4HMG/jl46lPCswl3vLTQ7Gx5EMT6YwE6pfA88AM77/ebQZ6y0L5t DB_PASSWORD=encrypted:BMycwcycXFFJQHjbt1i1IBS7C31Fo73wFzPolFWwkla09SWGy3QU1rBvK0YwdQmbuJuztp9JhcNLuc0wUdlLZVHC4/E6q/K7oPULNPxC5K1LwW4YuX80Ngl6Oy13Twero864f2DXXTNb DOTENV_PUBLIC_KEY=your_generated_public_key
- Creates a new file
.env.keys
which contains theDOTENV_PRIVATE_KEY
variable.DOTENV_PRIVATE_KEY=your_generated_private_key
- Encrypts the
DOTENV_PUBLIC_KEY
is used to encrypt environment variables. This key is safe to be included in the encrypted .env
file because it cannot be used to decrypt the variables.
DOTENV_PRIVATE_KEY
is used to decrypt the environment variables. This key must be kept secret and not committed to version control.
Note: You can safely commit your encrypted .env
to the repository, but ensure that the .env.keys
file is excluded from version control.
4. Programmatic Access
dotenvx can be used in various programming languages to load environment variables securely.
- Set the Private Key: The
DOTENV_PRIVATE_KEY
must be set as an environment variable in the environment where your application will run.export DOTENV_PRIVATE_KEY=your_generated_private_key
- Run the Application: Use
dotenvx
to run your application, ensuring that it decrypts the variables using the private key.
4.1 Node.js
- Install dotenvx:
npm install @dotenvx/dotenvx --save
- Run the application with dotenvx
export DOTENV_PRIVATE_KEY=your_generated_private_key dotenvx run -- node your_app.js
- Usage in your Node.js application
require('@dotenvx/dotenvx').config(); console.log(`Database User: ${process.env.DB_USER}`); console.log(`Database Password: ${process.env.DB_PASSWORD}`);
4.2 Python
- Install dotenvx:
pip install python-dotenvx
- Run the application with dotenvx
export DOTENV_PRIVATE_KEY=your_generated_private_key dotenvx run -- python your_app.py
- Usage in your Python application:
import os from dotenvx import load_dotenv load_dotenv() print(f"Database User: {os.getenv('DB_USER')}") print(f"Database Password: {os.getenv('DB_PASSWORD')}")
4.3 Ruby
- Install dotenvx:
gem install dotenvx
- Run the application with dotenvx
export DOTENV_PRIVATE_KEY=your_generated_private_key dotenvx run -- ruby your_app.rb
- Usage in your Ruby application:
require 'dotenvx/load' puts "Database User: #{ENV['DB_USER']}" puts "Database Password: #{ENV['DB_PASSWORD']}"
4.4 Java
- Download the JAR
curl -L -o dotenvx.jar "https://github.com/dotenvx/dotenvx/releases/latest/download/dotenvx.jar"
- Run the application with dotenvx
export DOTENV_PRIVATE_KEY=your_generated_private_key dotenvx run -- java -jar your_app.jar
- Usage in your Java application:
import io.github.dotenvx.Dotenvx; public class Main { public static void main(String[] args) { Dotenvx.load(); System.out.println("Database User: " + System.getenv("DB_USER")); System.out.println("Database Password: " + System.getenv("DB_PASSWORD")); } }
Conclusion
By using dotenvx, you can securely manage your environment variables across different platforms and languages, ensuring that sensitive data remains protected. The use of public and private keys for encryption and decryption adds an additional layer of security, making dotenvx a robust choice for modern application development. For more detailed instructions and examples, refer to the dotenvx official documentation