1 minute reading time

On this page


Integrate Everywhere

Integrate everywhere you deploy your code, with dotenv-vault.

Run dotenv-vault build

Open terminal, enter your project’s root directory (where your .env.vault file is), and run dotenv-vault build.

$ npx dotenv-vault build

Your .env.vault file should now look something like this.


As you can see, your environment variables are encrypted per environment.


The DOTENV_KEY decrypts the encrypted values from DOTENV_VAULT_PRODUCTION. Run dotenv-vault keys production.

$ npx dotenv-vault keys production

That will output your DOTENV_KEY.

dotenv://:[email protected]/vault/.env.vault?environment=production

Set DOTENV_KEY on your infrastructure. For example, on Heroku:

$ heroku config:set DOTENV_KEY=dotenv://:[email protected]/vault/.env.vault?environment=production

Require dotenv >= 16.1.0

The last step is to require dotenv >= 16.1.0 into your code.

As early as possible in your application, import and configure dotenv:

console.log(process.env) // remove this after you've confirmed it working

Note: Other languages like Ruby, Python, PHP, etc are also supported.

That’s it!

When your app boots, it will recognize the DOTENV_KEY, decrypt the .env.vault file, and load the variables to ENV. If a DOTENV_KEY is not set (like during development on your local machine) it will fall back to regular dotenv.