# dotenvx — Secure Environment Variable Management from the Creator of dotenv

> Encrypt, manage, and inject environment variables across all your environments. dotenvx extends the original dotenv with encryption, multiple environment support, and a universal CLI that works with any language or framework.

## Install

Save the content below to `.claude/skills/` or append to your `CLAUDE.md`:

# dotenvx — Secure Environment Variable Management from the Creator of dotenv

## Quick Use
```bash
# Install
curl -sfS https://dotenvx.sh | sh
# Encrypt your .env file
dotenvx encrypt
# Run any command with injected vars
dotenvx run -- node index.js
```

## Introduction
dotenvx is the next evolution of the original dotenv package, built by the same creator. It adds end-to-end encryption so you can safely commit .env files to version control, manage multiple environments (development, staging, production) from a single tool, and inject variables into any process regardless of language or framework.

## What dotenvx Does
- Encrypts .env files with AES-256-GCM so they can be committed to git safely
- Supports multiple .env files per environment (.env.production, .env.staging, etc.)
- Injects environment variables into any command via a universal run wrapper
- Works across all languages and frameworks without per-ecosystem plugins
- Provides a decryption key management workflow for team collaboration

## Architecture Overview
dotenvx is a standalone CLI binary (written in JavaScript, distributed via npm, curl, or Homebrew). It reads .env files, decrypts them using a DOTENV_PRIVATE_KEY, and injects the resulting key-value pairs into the child process environment. Encryption uses AES-256-GCM with per-file public/private key pairs. The encrypted .env file contains ciphertext that can only be decrypted with the corresponding private key, which is stored separately or in CI secrets.

## Self-Hosting & Configuration
- Install via curl one-liner, npm, Homebrew, or Docker
- Run `dotenvx encrypt` to encrypt an existing .env file in place
- Store the private decryption key in your CI/CD secrets or a key management service
- Use `dotenvx run -f .env.production -- command` to load specific environments
- Supports .env.vault format for backward compatibility with dotenv-vault users

## Key Features
- Encrypted .env files can be safely committed to version control alongside code
- Language-agnostic CLI wraps any command: Node, Python, Ruby, Go, Rust, or shell scripts
- Multiple environment files replace complex per-environment secret injection setups
- No SaaS dependency; everything runs locally with keys you control
- Drop-in replacement for the original dotenv workflow with zero migration pain

## Comparison with Similar Tools
- **dotenv** — the original library; dotenvx adds encryption and multi-environment support
- **Infisical** — full secrets management platform with UI; dotenvx is a lightweight CLI
- **SOPS** — encrypts arbitrary files; dotenvx is purpose-built for .env with a simpler workflow
- **HashiCorp Vault** — enterprise secrets infrastructure; dotenvx targets developer workflow simplicity
- **1Password CLI** — tied to 1Password; dotenvx uses standalone encryption with no external service

## FAQ
**Q: Can I commit encrypted .env files to a public repository?**
A: Yes. The files are encrypted with AES-256-GCM. Without the private key, the contents are unreadable.

**Q: How do team members get the decryption key?**
A: Share the DOTENV_PRIVATE_KEY through a secure channel (password manager, encrypted message). In CI, store it as a secret environment variable.

**Q: Does dotenvx work with my existing .env files?**
A: Yes. Run `dotenvx encrypt` on any standard .env file to encrypt it in place. The `dotenvx run` command handles decryption transparently.

**Q: What happens if I lose the private key?**
A: The encrypted .env file cannot be decrypted without it. Keep a backup of your private keys in a secure location.

## Sources
- https://github.com/dotenvx/dotenvx
- https://dotenvx.com/docs

---
Source: https://tokrepo.com/en/workflows/dotenvx-secure-environment-variable-management-creator-08927ce4
Author: Script Depot