A proven security model, with multiple layers of protection.
To you, the reader:
Security is an evermoving target - an arms race. But that doesn't mean it should be hard to use. Good design can make complex things simple, and that is what we are after at Dotenv.
Dotenv is a security tool. It has been since it was first developed in 2013. We saw developers struggling to keep their secrets safe so we pioneered the .env security file format standard. The design led to a better Developer Security Experience - which led to safer secrets for millions of developers. Today, we are taking that to the next logical step.
What is the problem with .env files today? The world has changed. Developers manage secrets at greater scale than a decade ago. .env files are not easily shareable between machines, environments, and team members. As a result, developers share secrets over Slack, email, and other messaging services. It's not scaleable and is a security risk. For a CTO or CSO it is a risk they should not take.
So, today, we are extending the .env file format to support syncing across machines, environments, and team members. It's an exciting development and we welcome you to go on this journey with us.
Founder & CTO
🏆 Layer 1 Protection
Others are attempting to do away with the .env file. We think that is a mistake. It has a security track record par excellence.
🔐 Layer 2 Protection
Use dotenv-vault to prepare your project for Dotenv Vault. It generates a Project Identifier and a Credential.
Generating… .env.project and .env.me