{"id":24725095,"url":"https://github.com/en-atul/dotenv-vault-decrypt","last_synced_at":"2026-04-16T10:02:27.971Z","repository":{"id":160919641,"uuid":"635685339","full_name":"en-atul/dotenv-vault-decrypt","owner":"en-atul","description":"Assist in decrypting the vault keys and converting them into corresponding environment variables, which will then be saved to a .env file.","archived":false,"fork":false,"pushed_at":"2023-07-05T16:34:30.000Z","size":31,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-09-17T03:55:04.559Z","etag":null,"topics":["angular","dotenv","front-end-development","frontend","nextjs","reactjs","svelte","vault","vue"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/en-atul.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-05-03T08:31:18.000Z","updated_at":"2023-07-07T06:58:25.000Z","dependencies_parsed_at":null,"dependency_job_id":"b01234cd-74c6-4fd7-96d4-0708a2fd9213","html_url":"https://github.com/en-atul/dotenv-vault-decrypt","commit_stats":null,"previous_names":["en-atul/dotenv-vault-decrypt","atul15r/dotenv-vault-decrypt"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/en-atul/dotenv-vault-decrypt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/en-atul%2Fdotenv-vault-decrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/en-atul%2Fdotenv-vault-decrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/en-atul%2Fdotenv-vault-decrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/en-atul%2Fdotenv-vault-decrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/en-atul","download_url":"https://codeload.github.com/en-atul/dotenv-vault-decrypt/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/en-atul%2Fdotenv-vault-decrypt/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31880884,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-16T09:23:21.276Z","status":"ssl_error","status_checked_at":"2026-04-16T09:23:15.028Z","response_time":69,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["angular","dotenv","front-end-development","frontend","nextjs","reactjs","svelte","vault","vue"],"created_at":"2025-01-27T13:16:46.750Z","updated_at":"2026-04-16T10:02:27.949Z","avatar_url":"https://github.com/en-atul.png","language":"JavaScript","funding_links":["https://github.com/sponsors/motdotla"],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\u003ch1\u003eSecure Frontend Environment Variables\u003c/h1\u003e\n\u003cp\u003e\n \u003csup\u003e\n \u003ca href=\"https://github.com/sponsors/motdotla\"\u003edotenv-vault-decrypt is inherited from Dotenv\u003c/a\u003e\n \u003c/sup\u003e\n\u003c/p\u003e\n\u003csup\u003eSpecial thanks to:\u003c/sup\u003e\n\u003cbr\u003e\n\u003cbr\u003e\n\u003ca href=\"https://www.warp.dev/?utm_source=github\u0026utm_medium=referral\u0026utm_campaign=dotenv_p_20220831\"\u003e\n \u003cdiv\u003e\n \u003cimg src=\"https://raw.githubusercontent.com/motdotla/dotenv/master/dotenv.svg\" alt=\"dotenv\" width=\"100\" /\u003e\n\n \u003c/div\u003e\n \u003cb\u003eDotenv is a zero-dependency module that loads environment variables from a .env file into process.env.\u003c/b\u003e\n \n\u003c/a\u003e\n\u003cbr/\u003e\n\n\u003cdiv\u003e\n \u003csup\u003eDotenv Vault Decrypt helps to decrypt the vault keys into environment variables. [Stop Adding Multiple Environment Variables on Development Platform i.e. Gitlab/Netlify/BitBucket]\u003c/sup\u003e\n \u003c/div\u003e\n\u003csup\u003eSupports all javascript Framework/Library\u003c/sup\u003e\n\n[![My Skills](https://skillicons.dev/icons?i=react,nextjs,vue,nuxt,angular,svelte)](https://skillicons.dev)\n\n\u003cbr\u003e\n\u003chr\u003e\n\u003cbr\u003e\n\u003c/div\u003e\n\n# `dotenv-vault-decrypt`\n\nDotenv Vault Decrypt package helps to generate `.env` (i.e. environment variables) file [`process.env`](https://nodejs.org/docs/latest/api/process.html#process_process_env) at build time for frontend framework/library by encrypting vault keys using one of the specific environment key.\n\n![npm version](https://img.shields.io/npm/v/dotenv-vault-decrypt.svg?style=flat-square)\n[![install size](https://img.shields.io/badge/dynamic/json?url=https://packagephobia.com/v2/api.json?p=dotenv-vault-decrypt\u0026query=$.install.pretty\u0026label=install%20size\u0026style=flat-square)](https://packagephobia.now.sh/result?p=dotenv-vault-decrypt)\n[![npm bundle size](https://img.shields.io/bundlephobia/minzip/axios?style=flat-square)](https://bundlephobia.com/package/axios@latest)\n[![npm downloads](https://img.shields.io/npm/dm/dotenv-vault-decrypt.svg?style=flat-square)](https://npm-stat.com/charts.html?package=dotenv-vault-decrypt) [![npm version](https://badge.fury.io/js/dotenv-vault-decrypt.svg)](https://badge.fury.io/js/dotenv-vault-decrypt)\n\n- [šŸŒ± Install](#-install)\n- [šŸ—ļø Usage (.env)](#%EF%B8%8F-usage)\n- [šŸš€ Deploying (.env.vault) šŸ†•](#-deploying)\n- [šŸŒ“ How it Works](#-examples)\n\n## šŸŒ± Install\n\n```bash\n# install locally (recommended)\nnpm install dotenv-vault-decrypt --save\n\n#yarn\nyarn add dotenv-vault-decrypt\n```\n\n## šŸŒ“ How it Works\n\n**Note: Secure environment variables technique.**\n\nDon't scatter your secrets across multiple platforms and tools. Use a `.env.vault` file.\n\nThe `.env.vault` file encrypts your secrets and decrypts them just-in-time on boot of your application. It uses a `DOTENV_KEY` environment variable that you set on your cloud platform or server. If there is a secrets breach, an attacker only gains access to your decryption key, not your secrets. They would additionally have to gain access to your codebase, find your .env.vault file, and decrypt it to get your secrets. This is much harder and more time consuming for an attacker.\n\nIt works in 3 easy steps.\n\n### 1. Create .env.ENVIRONMENT files\n\nIn addition to your `.env` (development) file, create a `.env.ci`, `.env.staging`, and `.env.production` file.\n\n(Have a custom environment? Just append it's name. For example, `.env.prod`.)\n\nPut your respective secrets in each of those files, just like you always have with your `.env` files. These files should NOT be committed to code.\n\n### 2. Generate .env.vault file\n\nRun the build command to generate your `.env.vault` file.\n\n```\n$ npx dotenv-vault local build\n```\n\nThis command will read the contents of each of your `.env.*` files, encrypt them, and inject the encrypted versions into your `.env.vault` file. For example:\n\n```\n# .env.vault (generated with npx dotenv-vault local build)\nDOTENV_VAULT_DEVELOPMENT=\"X/GOMD7h/Fygjyq3+K2zbdyTBUBVA+mLivaSebqDMnLAencDGu9YvJji\"\nDOTENV_VAULT_CI=\"SNnKvHTezcd0B8L+81lhcig+6GfkRxnlrgS1GG/2tJZ7KghOEJnM\"\nDOTENV_VAULT_PRODUCTION=\"FudgivxdMrCKOKUeN+QieuCAoGiC2MstXL8JU6Pp4ILYu9wEwfqe4ne3e2jcVys=\"\nDOTENV_VAULT_STAGING=\"CZXrvrTusPLJlgm62uEppwCKZt6zEr4TGwlP8Z0McJd7I8KBF522JnhT9/8=\"\n```\n\nCommit your `.env.vault` file safely to code. It SHOULD be committed to code.\n\n### 3. Set DOTENV_KEY\n\nThe build command also created a `.env.keys` file for you. This is where your `DOTENV_KEY` decryption keys live per environment.\n\n```\n# DOTENV_KEYs (generated with npx dotenv-vault local build)\nDOTENV_KEY_DEVELOPMENT=\"dotenv://:key_fc5c0d276e032a1e5ff295f59d7b63db75b0ae1a5a82ad411f4887c23dc78bd1@dotenv.local/vault/.env.vault?environment=development\"\nDOTENV_KEY_CI=\"dotenv://:key_c6bc0b1269b53ee852b269c4ea6d82d82619081f2faddb1e05894fbe90c1ef46@dotenv.local/vault/.env.vault?environment=ci\"\nDOTENV_KEY_STAGING=\"dotenv://:key_09ec9bfe7a4512b71b3b1ab12aa2f843f47b8c9dc7d0d954e206f37ca125da69@dotenv.local/vault/.env.vault?environment=staging\"\n```\n\nšŸš€ Deploying\n\n```\n\"scripts\": {\n \"start\": \"react-scripts start\",\n \"start:dev\": \"env-cmd -f .env.development react-scripts start\",\n \"start:staging\": \"env-cmd -f .env.staging react-scripts start\",\n \"start:prod\": \"env-cmd -f .env.production react-scripts start\",\n \"build\": \"dotenv-vault-decrypt \u0026\u0026 react-scripts build\", \u003c---ADD Script---\n \"test\": \"react-scripts test\",\n \"eject\": \"react-scripts eject\"\n },\n\n```\n\nGo to your web server or cloud platform and set the environment variable `DOTENV_KEY` with the production value. For example, in heroku I'd run the following command.\n\n```\nheroku config:set DOTENV_KEY=dotenv://:key_bfa00115ecacb678ba44376526b2f0b3131aa0060f18de357a63eda08af6a7fe@dotenv.local/vault/.env.vault?environment=production\n```\n\nThen deploy your code. On boot, the `dotenv` library (\u003e= 16.1.0) will see that a `DOTENV_KEY` is set and use its value to decrypt the production contents of the `.env.vault` file and inject them into your process.\n\nNo more scattered secrets across multiple platforms and tools.\n\n\u003cbr\u003e\n\u003chr\u003e\n\u003cbr\u003e\n\n## šŸ—ļø Usage ( Test in local environment )\n\nAfter generating files `.env.keys` \u0026 `.env.vault` file, create a `.env` file in the root of your project and add one of your environments key (i.e. DOTENV_KEY_STAGING) in `.env`.\n\n\\*hint (make sure to rename the key to DOTENV_KEY)\n\n.env file should look like this:\n\n```\nDOTENV_KEY=\"dotenv://:key_1bc2a65a28c76273f8755h545ho548f551c5ac0aca70fba37c9@dotenv.local/vault/.env.vault?environment=staging\"\n```\n\nthen run script `npm run build`, you can also generate environment variables in `.env` file using other script.\n\nafter the script runs, `.env` file should be filled with environment variables of the specified environment.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fen-atul%2Fdotenv-vault-decrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fen-atul%2Fdotenv-vault-decrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fen-atul%2Fdotenv-vault-decrypt/lists"}