From 33c8e37978e2b1b434f0ca5088d81e7ae583fe70 Mon Sep 17 00:00:00 2001 From: Scott Motte Date: Mon, 29 May 2023 16:14:33 -0700 Subject: [PATCH] Update README --- README.md | 57 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 30 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 35a00575..47c46fac 100644 --- a/README.md +++ b/README.md @@ -61,13 +61,6 @@ Dotenv is a zero-dependency module that loads environment variables from a `.env ## 🌱 Install - -
-how to use dotenv video tutorial -youtube/@dotenvorg -
- - ```bash # install locally (recommended) npm install dotenv --save @@ -77,6 +70,13 @@ Or installing with yarn? `yarn add dotenv` ## 🏗ī¸ Usage + +
+how to use dotenv video tutorial +youtube/@dotenvorg +
+ + Create a `.env` file in the root of your project: ```dosini @@ -193,44 +193,47 @@ You need to deploy your secrets in a cloud-agnostic manner? Use a `.env.vault` f -**Note: Currently released as RC Candidate [dotenv@16.1.0-rc2](https://www.npmjs.com/package/dotenv/v/16.1.0-rc2)** +**Note: Currently RC Candidate [dotenv@16.1.0-rc2](https://www.npmjs.com/package/dotenv/v/16.1.0-rc2)** -Install the dotenv-vault cli ([github.com/dotenv-org/dotenv-vault](https://github.com/dotenv-org/dotenv-vault)). +Install [dotenv-vault](https://github.com/dotenv-org/dotenv-vault#-install). -```shell +```bash $ brew install dotenv-org/brew/dotenv-vault ``` -Generate your `.env.vault` file. +Encrypt your `.env.vault` file. -```shell -$ dotenv-vault local build +```bash +$ dotenv-vault build ``` -This creates two files: - -* `.env.vault` - encrypted .env file -* `.env.keys` - decryptions keys - -Boot using `.env.vault`. +Fetch your production `DOTENV_KEY`. +```bash +$ dotenv-vault keys production ``` -$ DOTENV_KEY= npm start -[dotenv@16.1.0][INFO] Loading env from encrypted .env.vault +Set `DOTENV_KEY` on your server. + +```bash +# heroku example +heroku config:set DOTENV_KEY=dotenv://:key_1234â€Ļ@dotenv.org/vault/.env.vault?environment=production ``` -Great! Next, set the `DOTENV_KEY` on your server. For example in heroku: +Commit your `.env.vault` file safely to code and deploy. -```shell -$ heroku config:set DOTENV_KEY= +```bash +$ git add .env.vault +$ git commit -am "Update .env.vault" +$ git push +$ git push heroku main # heroku example ``` -Commit your `.env.vault` file safely to code and deploy. +That's it! On deploy, your `.env.vault` file will be decrypted and its secrets injected as environment variables – just in time. -Your `.env.vault` is decrypted on boot, its environment variables injected, and your app works as expected. +See GitHub dotenv-vault README for more details. -Congratulations, your secrets are now much safer than scattered across multiple servers and cloud providers! This [blog post](https://dotenv.org) goes into a full Hello World example. +ℹī¸ **A note from Mot**: Until recently, we did not have an opinion on how and where to store your secrets in production. We now strongly recommend generating a `.env.vault` file. It's the best way to prevent your secrets from being scattered across multiple servers and cloud providers – protecting you from breaches like the [CircleCI breach](https://techcrunch.com/2023/01/05/circleci-breach/). Also it unlocks interoperability WITHOUT native third-party integrations. Third-party integrations are [increasingly risky](https://coderpad.io/blog/development/heroku-github-breach/) to our industry. They may be the 'du jour' of today, but we imagine a better future with `.env.vault` files. ## 🌴 Manage Multiple Environments