Integrate EnvKey with your Go projects to keep api keys, credentials, and other configuration securely and automatically in sync for developers and servers.
go get github.com/envkey/envkeygo
First, generate an
ENVKEY in the EnvKey App. Then set
ENVKEY=..., either in a gitignored
.env file in the root of your project (in development) or in an environment variable (on servers).
Then load your EnvKey configuration in
// main.go import ( "os" _ "github.com/envkey/envkeygo" ) // assuming you have GITHUB_TOKEN set in EnvKey token := os.Getenv("GITHUB_TOKEN") // this will stay in sync
envkeygo will not overwrite existing environment variables or additional variables set in a
.env file. This can be convenient for customizing environments that otherwise share the same configuration. You can also use sub-environments in the EnvKey App for this purpose.
envkeygo caches your encrypted config in development so that you can still use it while offline. Your config will still be available (though possibly not up-to-date) the next time you lose your internet connection. If you do have a connection available, envkeygo will always load the latest config. Your cached encrypted config is stored in
For caching purposes, this package assumes you're in development mode if a
.env file exists in the root of your project.
x509 error / ca-certificates
On a stripped down OS like Alpine Linux, you may get an
x509: certificate signed by unknown authority error when envkeygo attempts to load your config. envkey-fetch (which envkeygo wraps) tries to handle this by including its own set of trusted CAs via gocertifi, but if you're getting this error anyway, you can fix it by ensuring that the
ca-certificates dependency is installed. On Alpine you'll want to run:
apk add --no-cache ca-certificates
For more on EnvKey in general:
Read the docs.
Read the integration quickstart.
Read the security and cryptography overview.