Integrate EnvKey with your Go projects to keep api keys, credentials, and other configuration securely and automatically in sync for developers and servers.
This repo is mirrored in two locations:
go get github.com/envkey/envkeygo/v2
If you haven't already, download and install EnvKey from our website, then create a new org. Next, follow the ~1 minute integration quickstart to init an app with a
.envkey file (for connecting development) or generate a server
ENVKEY (for connecting a server).
Now load your EnvKey configuration in
// main.go import ( "os" _ "github.com/envkey/envkeygo/v2" ) // assuming you have GITHUB_TOKEN set in EnvKey token := os.Getenv("GITHUB_TOKEN") // this will stay in sync
envkeygo will not overwrite existing environment variables or additional variables set in the
.env file you loaded your
ENVKEY from. This can be convenient for customizing environments that otherwise share the same configuration. You can also use branches or local overrides for this purpose.
envkeygo can cache your encrypted config in development so that you can still use it while offline. Your config will still be available (though possibly not up-to-date) the next time you lose your internet connection. If you do have a connection available, envkeygo will always load the latest config. Your cached encrypted config is stored in
To turn on caching, set a
ENVKEY_SHOULD_CACHE=1 environment variable when running your program (not in your EnvKey config):
Using a language-specific library like this one is the easiest and fastest method of integrating with EnvKey. However, the envkey-source executable, which this library wraps, provides additional options and functionality when used directly from the command line. Features such as automatic reloads and change hooks are not available in EnvKey's language-specific SDKs. If you're comfortable with the command line, need additional flexibility, or want to maximize EnvKey's potential, consider using envkey-source directly.
ENVKEY / .env file / .envkey file resolution order and precedence
ENVKEYenvironment variable has highest precedence.
ENVKEYenvironment variable isn't set, the library searches for either a
ENVKEYset) or a
.envkeyfile (JSON with
appIdset), starting in the current directory then checking recursively upwards. The file found at the lowest depth (i.e., closest to the current directory) is chosen. If both files are found at the same depth, the
.envfile takes precedence.
.envfile with an
ENVKEYset in it still hasn't been found, check for
ENVKEYis found, overrides are still applied, unless an existing environment variable is already set, in which case that takes precedence. If an
.envkeyis found, no further lookup for
.envabove this location occurs.
x509 error / ca-certificates
On a stripped down OS like Alpine Linux, you may get an
x509: certificate signed by unknown authority error when attempting to load your config. You can fix it by ensuring that the
ca-certificates dependency is installed. On Alpine you'll want to run:
apk add --no-cache ca-certificates
For more on EnvKey in general:
Read the docs.
Read the integration quickstart.
Read the security and cryptography overview.
Need help? Have questions, feedback, or ideas?
Post an issue, start a discussion, or email us: firstname.lastname@example.org.