{"id":24263914,"url":"https://github.com/andreijiroh-dev/dotenvx-secretstore","last_synced_at":"2026-02-24T15:36:25.320Z","repository":{"id":247644677,"uuid":"825079677","full_name":"andreijiroh-dev/dotenvx-secretstore","owner":"andreijiroh-dev","description":"A git-backed experiment with using dotenvx for managing CI/prod secrets.","archived":false,"fork":false,"pushed_at":"2024-07-25T07:23:29.000Z","size":107,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-15T22:47:31.418Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/andreijiroh-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-06T17:57:12.000Z","updated_at":"2024-07-25T07:23:33.000Z","dependencies_parsed_at":"2024-07-25T08:41:26.447Z","dependency_job_id":"43e6845e-429a-4101-970d-a82849240125","html_url":"https://github.com/andreijiroh-dev/dotenvx-secretstore","commit_stats":null,"previous_names":["andreijiroh-dev/dotenvx-secretstore"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreijiroh-dev%2Fdotenvx-secretstore","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreijiroh-dev%2Fdotenvx-secretstore/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreijiroh-dev%2Fdotenvx-secretstore/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreijiroh-dev%2Fdotenvx-secretstore/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/andreijiroh-dev","download_url":"https://codeload.github.com/andreijiroh-dev/dotenvx-secretstore/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245417643,"owners_count":20611979,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-15T08:53:42.058Z","updated_at":"2025-10-27T13:37:39.085Z","avatar_url":"https://github.com/andreijiroh-dev.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# `@ajhalili2006/dotenvx-secretstore`\n\nA git-backed experiment with using dotenvx for managing CI/prod secrets. Kinda\nsimilar to using `gopass`, but without the GPG/SSH key wrangling and web-based\ndashboard chaos.\n\n## Related projects\n\n* [`dotenv-tools`](./tools/) - CLI tool to manage repositories like tbis one (accessible locally via `npm run cli` at project root directory)\n* [`dotenv-keys` shell hook and function](./contrib/shell-hooks/)\n* [GitHub Actions integration](https://github.com/andreijiroh-dev/dotenvx-action)\n\n## Rationale\n\nI am currently a Doppler user for safekeeping secrets, but plan to switch to\n`dotenvx` and use plain git for audit logs. The plan is simple or complex\ndepending on who asked. In a nutshell:\n\n* Store `.env` files in a central repository like this for auditing and ease of management\n* Store the private keys securely in Doppler or straight to CI secrets setting.\n* In each CI job, pull project-specifics and load them using `dotenvx` cli\n\n## Requirements\n\n* `dotenvx` cli for setup and maintenance (also accessible via `dotenv-tools dotenvx`)\n* basically `git` for everything else and `bash` + `nodejs` for the tools here\n\n## Usage\n\n### First Use Setup\n\n```bash\n# install dotenvx (optional)\ncurl -fsSL https://scripts.andreijiroh.xyz/tools/dotenvx | bash -s -- --directory=$HOME/.local/bin\n\n# setup project-specifics\nnpm run cli -- projects add \u003cproject-name\u003e [--copy-ci-secrets|--commit]\n\n# push to project's .env file, optionally\nnpm run cli -- secrets push --repo-path=/path/to/local-copy [--upload-dotenv-keys=\u003cgh|glab|doppler\u003e|--no-commit] \u003cproject-name|meta\u003e [optional-env-file]\n```\n\n### Managing secrets\n\n```bash\ncd projects/\u003cproject-name\u003e # or stay in root directory for meta\n\n# add a secret via dotenvx\ndotenvx set [-f .env.ci [--plain] --] NAME somerandomtexthere\n\n# push to repo to sync\n./bin/push-secrets --repo-path=/path/to/local-copy [--upload-dotenv-keys=\u003cgh|glab|doppler\u003e|--no-commit] \u003cproject-name|meta\u003e [optional-env-file]\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandreijiroh-dev%2Fdotenvx-secretstore","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandreijiroh-dev%2Fdotenvx-secretstore","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandreijiroh-dev%2Fdotenvx-secretstore/lists"}