← docs

Infrastructure tokens

Written by Mot

Infrastructure tokens, also known as IT tokens, are limited access tokens.

While a .env.me credential permits push and pull across ALL environments, an IT token does not. IT tokens can ONLY pull and only for a single environment.

This means you cannot create an IT token to pull both staging secrets and production secrets. You instead have to generate two separate IT tokens - one for production and one for staging. This is by design to further protect your secrets and practice the principle of least privilege.

How can I get an IT token? They are auto-generated for you when you add infrastructure to an environment.


Here's an example of what an IT Token looks like:


Here's an example of it put to use:

npx dotenv-vault pull --dotenvMe it_e3811a4…


You can generate an IT token by adding infrastructure to an environment.

Learn more about security for dotenv-vault.