Community Contribution: dotenv-vault-rs

You can now use .env.vault files with Rust thanks to Rust dev and Dotenv community member Mark Lagae!

Find it at minebomber/dotenv-vault-rs. We use it in all our Rust guides.

python-dotenv-vault CVE-2023-38325

[email protected] bumps cryptography to 41.0.3 or higher to patch high severity CVE-2023-38325.

Thank you to community member Rob Aleck for the PR.

Community Contribution: dotenv-vault-laravel

You can now use .env.vault files with Laravel thanks to Laravel expert and Dotenv community member David Cochrum!

Find it at davidcochrum/dotenv-vault-laravel. We use it in all our Laravel guides.

Full Edit mode

Now you can fully edit your .env files from the UI. It’s riskier than editing individual keys, but sometimes you just want to fully paste in a pre-existing .env file. Use with care.

Transfer ownership

Need to transfer ownership of your organization to another team member? Now you can.

Find the transfer form in the Danger Zone of your Organization Settings page.

Added PHP support

We added php support for .env.vault files.

Docs adds features

Docs now includes a section where you can view and better understand features.

Organization Activity Feed (beta/premium)

See a history of your team’s pushes, pulls, secret changes, and more.

Four new quickstart guides

We added four new quickstart guides to Dotenv’s docs.

My Activity Feed (beta)

Your account now includes an activity feed of your latest actions. See a history of your pushes, pulls, logins, and more.

Blog Launched

We have launched our blog. You can get the rss feed at

Experimental Dark Mode

You can now toggle on dark mode. It is experimental at the moment so ymmv (your mileage might vary).

Compare Environments

You can now compare environments from a single page.

Dedicated Deploy Page

Each of your projects now has a dedicated deploy page.

Edit Quote Format

Edit an environment variable’s quote format in the UI.

Click the edit button next to your secret, then click Advanced Settings, and then at the top right edit the quote format.

Dotenv 16.1.0 Released

[email protected] released.

BIG release with first-class support for .env.vault files.

dotenv RC Candidate 2

Release Candidate 2 for [email protected] is released. It inludes a slew of additional functionality.

Spanish language README

We added a README in Español. Thank you to Francisco Hernandez for this contribution.

Visit for more details.

Windows Installer

Prefer to install dotenv-vault as an executable on Windows, rather than npx? Now you can.

32-bit installer

64-bit installer

Visit /install for more details.

Homebrew Binary

Prefer to install dotenv-vault with homebrew, rather than npx? Now you can.

$ brew install dotenv-org/brew/dotenv-vault

Then use the commands directly on your cli:

dotenv-vault help

Visit /install for more details.

[email protected]

Node 16 (and greater) is now required to use dotenv-vault 1.22 (and greater).

If you have an older version of node that you cannot upgrade, please install dotenv-vault via the homebrew or windows installer or similar.

Library changelog

GitHub Pages

We’ve moved our www site to GitHub pages. This includes all docs.

Anyone can suggest edits here.

Golang .env.vault support

If you’re a Golang developer you can now use .env.vault files with your deployments.

Install godotenvvault:

go get

And as early as possible in your application, import and configure it:

package main

import (


func main() {
  err := godotenvvault.Load()
  if err != nil {
    log.Fatal("Error loading .env file")

  s3Bucket := os.Getenv("S3_BUCKET")
  secretKey := os.Getenv("SECRET_KEY")

  // now do something with s3 or whatever

Visit for more details.

NodeJS .env.vault support

dotenv is getting first-class native support for decrypting .env.vault files.

It’s currently released as an RC candidate. Once released, dotenv will be deprecated.

dotenv-vault local commands

You can now run the following three commands to generate your own .env.vault file, without relying on to do it for. It works by managing all your secrets completely locally.

Upgrade to [email protected] to use them. You can read more about these commands here.

New Website

We’ve redesigned the www site to better describe the benefits of using dotenv-vault.

Our goal is toward better explaining the innovation around .env.vault and how it benefits developers, dev ops teams, and CSOs.

GitHub Add-on

Auto-build your encrypted .env.vault file on each environment change.

It can become a chore to run npx dotenv-vault build each time you are ready to deploy new secret changes. Let GitHub do it for you with this automation add-on.

Billing Improvements

Billing teams will be happy. We’ve added:

Dotenv VSCode Rust Support

Added Rust support to dotenv-vscode.

Updated to 0.20.0.

Dotenv VSCode now has syntax, auto-cloaking, auto-completion, and in-code secret peeking for the following languages:

DOTENV_KEY rotation for dotenv-vault-rails

Added support for rotating DOTENV_KEY in dotenv-vault-rails.

Update to 0.10.0 or greater to support key rotation in Ruby and Rails.

Pull Request

Smarter Encrypted Builds

Now, npx dotenv-vault build regenerates itself only if there are changes.

This increases security and improves DX.

It improves security by minimizing the chance of a nonce collision - which would expose your DOTENV_KEY. (Please note this is still incredibly rare. You would have to rebuild your .env.vault file a few billion times before this might occur. Nonetheless, we prefer to minimize the possibility.)

It improves DX because it follows the principle of least surprise. You will see your .env.vault file change only after you’ve changed your values.

python-dotenv-vault further extended

python-dotenv-vault has extended support for:

These changes put python-dotenv-vault at parity with dotenv.


Decryption support for .env.vault files has been added to Python. If you’re using Flask, Django, FastAPI, or plain ol’ Python, you can use Dotenv Vault with it.

Check it out at python-dotenv-vault and tell your Python friends.

Rotate Dotenv Key

Rotate your DOTENV_KEY with the following command:

$ npx dotenv-vault rotatekey production


  1. Update DOTENV_KEY by comma-appending the new value
  2. Rebuild and deploy your .env.vault file
  3. Update DOTENV_KEY by removing the old value

See docs for more information. Supported for NodeJS library. Ruby and Python support coming soon.

New Integrations

We added a handful of new integrations. What should we add next?

Spam Protection with Turnstile

We swapped our honeypot spam protection mechanism for Cloudflare Turnstile. It is more reliable at catching spam and the experience is still good – no annoying captchas identifying traffic signs.

New Docs

We have updated our /docs site. It’s built with Jekyll. This way we’ve been able to make it public on GitHub – making it easy to edit.

Integrate Everywhere

Integrate Everywhere™ is our new approach to integrations. It works everywhere you can deploy your code. No more brittle integrations coordinating API calls. Instead, build and encrypt your local .env.vault file, commit it to code, and deploy. There’s nothing else like it.

$ npx dotenv-vault build
$ git commit -am "Add .env.vault"
$ git push

Unlimited Projects

You can now create an unlimited amount of projects.

Multiple Environments

Manage your secrets across multiple environments.