Netlify with Node.js
Learn how to configure Netlify with Dotenv Vault in a simple Node.js web app. This tutorial assumes you are already familiar with
.env files and know how to sync them.
You can find a complete example repo here.
netlify.toml file in the
root folder of your project to set your Netlify settings there. You can use several environment contexts to the deployment setup to load their corresponding secrets and commands. Instead of pulling Vault variables to local storage, you can access them directly by adding the
-m parameter, followed by the unique
me_ identifier from your
// netlify.toml [build] command = "npm run build"
Start by installing the
dotenv-vault-core package with
npm install dotenv-vault-core --save
Make a reference to the Vault package as early as possible in your
index.js code to steer clear from any plausible conflicts moving forward.
// index.js require('dotenv-vault-core').config() console.log(process.env) // for debugging purposes. remove when ready.
Build the Vault
Before you start, double check you are logged in and that your Vault is synced locally. If everything checks out, you can move forward and build your Vault using
npx dotenv-vault build.
npx dotenv-vault build
Upon successful Vault build, you will be able to access its decryption keys, without which you will not be able to interact with protected environment variables. You can retrieve the key for a specific environment by running
npx dotenv-vault keys with the environment in question added at the back.
When you fetch a key, it will return as a long URI that is quite easy to recognize, as it starts with
?environment= and the environment you have chosen will be always at the back.
npx dotenv-vault keys production remote: Listing .env.vault decryption keys... done dotenv://:[email protected]/vault/.env.vault?environment=production
Once you have the appropriate key secured, you can move over to your Netlify project panel to open Site settings. There, you must look for the Build & deploy section and specifically its Environment child, where you can Edit variables. Insert
DOTENV_KEY in the key slot and place the decryption key you retrieved earlier as the value.
Commit and push
Commit those changes safely to code and deploy to Netlify.
When the build runs, it will recognize the
DOTENV_KEY, decrypt the .env.vault file, and load the
production environment variables to
ENV. If a
DOTENV_KEY is not set when developing on local machine, for example, it will fall back to standard Dotenv functionality.
You’ll know things worked correctly when you see
'Loading .env from encrypted .env.vault' in your Netlify logs.