Documentation
.env.keys
`.env.keys` holds your private decryption keys.
Format
.env.keys
#/------------------!DOTENV_PRIVATE_KEYS!-------------------/
#/ private decryption keys. DO NOT commit to source control /
#/ [how it works](https://dotenvx.com/encryption) /
#/----------------------------------------------------------/
# .env
DOTENV_PRIVATE_KEY="ccc387ba193a315cbcd1ad7d8d007e6124763894554418e7c90b7dbcd7edca23"
# .env.production
DOTENV_PRIVATE_KEY_PRODUCTION="d4d2e22102c58f741cdddacaf69a1a64751fc014aafb90de0f1e7e6cb4d08330"
Some quick takeaways:
- It uses the
.envformat DOTENV_PRIVATE_KEYcontains the decryption key for.envDOTENV_PRIVATE_KEY_PRODUCTIONcontains the decryption key for.env.production
Encryption
secp256k1 is the public-key encryption algorithm used to generate the public/private key pair.
Generating
It's auto-generated when running dotenvx set KEY value.
$ dotenvx set HELLO World
◈ encrypted HELLO (.env)
Do not commit .env.keys to source code. Keep them somewhere safe like 1Password or Armor ⛨.
History
The .env.keys file originally came out of development work on dotenv-vault in early 2023. It's current format came out about during an effort in May 2024 to support encryption without the ability to decrypt.