npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

dotenv-store

v1.0.3

Published

A secure environment variables manager that encrypts and stores environment variables in a file, keeping your sensitive data safe

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

omkar273omkar273

Keywords

envenvironmentvariablesencryptsecurestoragesecretssecurity

Readme

dotenv-store

A secure environment variables manager that encrypts and stores environment variables in a file, keeping your sensitive data safe.

Why dotenv-store?

Environment variables are commonly used to store sensitive information like API keys, database credentials, and other secrets. However, storing these variables in plain text .env files can be risky, especially in shared development environments or when accidentally committed to version control.

dotenv-store solves this problem by:

  1. Encrypting your environment variables with strong encryption algorithms
  2. Storing the encrypted data in a file that can be safely committed to version control
  3. Decrypting the variables only when needed, using a secure key that stays on your local machine

This approach allows you to:

  • Share configuration across your team without exposing secrets
  • Safely commit encrypted environment files to version control
  • Protect sensitive data from accidental exposure
  • Manage different environment configurations securely

Keeping Your Secrets Safe

In modern development, we often need to share configuration across team members while keeping sensitive data secure. Here's why dotenv-store is essential for your project:

🔒 Security First

Traditional .env files are plain text and can be accidentally committed to version control or exposed in various ways. dotenv-store encrypts your sensitive data with industry-standard algorithms, ensuring that even if the encrypted file is exposed, your secrets remain secure.

👥 Team Collaboration

With dotenv-store, you can safely commit the encrypted environment file to your repository, allowing team members to share the same configuration. Only those with the encryption key (which is never committed) can decrypt the variables.

🚀 DevOps Friendly

Simplify your CI/CD pipelines by securely managing environment variables across different environments. Use different keys for different environments to maintain separation of concerns.

🛡️ Compliance Ready

For projects that need to comply with security regulations (like GDPR, HIPAA, etc.), dotenv-store helps you implement proper security controls around sensitive configuration data.

Installation

# Install globally
npm install -g dotenv-store

# Or run with npx
npx dotenv-store [command] [options]

# Or install as a dev dependency in your project
npm install --save-dev dotenv-store

Quick Start

1. Initialize dotenv-store in your project

npx dotenv-store init

This will:

  • Create a random encryption key and store it in .env.store.key
  • Add the key file to .gitignore to prevent it from being committed
  • Create a configuration file with default settings
  • Add npm scripts to your package.json for easy usage

2. Add your environment variables to .env

# .env
API_KEY=your_secret_api_key
DATABASE_URL=your_database_connection_string
JWT_SECRET=your_jwt_secret

3. Encrypt your environment variables

npx dotenv-store encrypt

This will encrypt your .env file and store the encrypted data in .env.store.

4. Commit the encrypted file to version control

git add .env.store
git commit -m "Add encrypted environment variables"

5. Decrypt when needed

npx dotenv-store decrypt

This will decrypt the variables and save them to .env.store.decrypted.

Configuration

dotenv-store uses a simple configuration file (dotenv-store.config.json) to store your preferences. The default configuration looks like this:

{
  "env-filepath": ".env",
  "store-file-path": ".env.store",
  "decrypted-file-path": ".env.store.decrypted",
  "key-file-path": ".env.store.key",
  "algorithm": "aes"
}

You can customize these settings by editing the configuration file or by using command-line options.

Command Line Usage

Initialize

# Basic initialization with default settings
npx dotenv-store init

# Customize the initialization
npx dotenv-store init --algorithm aes-256-cbc --key-file custom-key.key

Encrypt

# Encrypt using default settings
npx dotenv-store encrypt

# Customize encryption
npx dotenv-store encrypt --env-file custom.env --store-file custom.enc

Decrypt

# Decrypt using default settings
npx dotenv-store decrypt

# Customize decryption
npx dotenv-store decrypt --store-file custom.enc --decrypted-file custom.dec

List Variables

# List encrypted variables
npx dotenv-store list

Set Key

# Generate and set a random encryption key
npx dotenv-store set-key

# Set a specific encryption key
npx dotenv-store set-key --key your-secret-key

Using with npm Scripts

After initialization, you can use the npm scripts added to your package.json:

# Encrypt
npm run env:encrypt

# Decrypt
npm run env:decrypt

Security Best Practices

  1. Never commit your .env.store.key file to version control
  2. Keep your key secure and share it through secure channels with your team
  3. Rotate keys periodically for enhanced security
  4. Use a strong algorithm like aes-256-cbc for highly sensitive data

Detailed CLI Options

Initialize Options

| Option | Description | Default | | ------------------------- | --------------------------------- | -------------------------- | | --config <file> | Path to configuration file | dotenv-store.config.json | | --algorithm <algorithm> | Encryption algorithm to use | aes | | --key-file <file> | Path to key file | .env.store.key | | --env-file <file> | Path to .env file | .env | | --store-file <file> | Path to store encrypted variables | .env.store | | --decrypted-file <file> | Path to store decrypted variables | .env.store.decrypted |

Encrypt Options

| Option | Description | Default | | ----------------------------- | --------------------------------- | -------------------------- | | --config <file> | Path to configuration file | dotenv-store.config.json | | -k, --key <key> | Encryption key | - | | -f, --key-file <file> | Path to key file | .env.store.key | | -a, --algorithm <algorithm> | Encryption algorithm | aes | | -e, --env-file <file> | Path to .env file | .env | | -s, --store-file <file> | Path to store encrypted variables | .env.store |

Decrypt Options

| Option | Description | Default | | ----------------------------- | ---------------------------------- | -------------------------- | | --config <file> | Path to configuration file | dotenv-store.config.json | | -k, --key <key> | Encryption key | - | | -f, --key-file <file> | Path to key file | .env.store.key | | -s, --store-file <file> | Path to encrypted store file | .env.store | | -d, --decrypted-file <file> | Path to output decrypted variables | .env.store.decrypted |

List Options

| Option | Description | Default | | ------------------------- | ---------------------------- | -------------------------- | | --config <file> | Path to configuration file | dotenv-store.config.json | | -k, --key <key> | Encryption key | - | | -f, --key-file <file> | Path to key file | .env.store.key | | -s, --store-file <file> | Path to encrypted store file | .env.store |

Set Key Options

| Option | Description | Default | | ------------------- | -------------------------- | -------------------------- | | --config <file> | Path to configuration file | dotenv-store.config.json | | -k, --key <key> | Encryption key to store | Random generated key | | -f, --file <file> | Key file path | .env.store.key |

Command Shortcuts

| Command | Shortcut | Description | | --------- | -------- | ---------------------------------------------- | | init | i | Initialize dotenv-store in the current project | | encrypt | e | Encrypt environment variables | | decrypt | d | Decrypt environment variables | | list | l | List environment variables | | set-key | k | Set the encryption key in a key file |

Encryption Details

dotenv-store supports multiple encryption algorithms to secure your environment variables:

  • aes (default) - AES encryption with 256-bit key
  • aes-256-cbc - AES in CBC mode with 256-bit key
  • tripledes - Triple DES encryption
  • rabbit - Rabbit stream cipher
  • rc4 - RC4 stream cipher

The encryption process:

  1. Converts your environment variables to a JSON string
  2. Encrypts the string using the selected algorithm and your secret key
  3. Stores the encrypted data in a file that can be safely committed to version control

When you encrypt environment variables, dotenv-store automatically includes information about which algorithm was used in the encrypted file itself. This means you don't need to remember or specify which algorithm was used when decrypting - dotenv-store will automatically use the correct algorithm.

Key Management

dotenv-store requires an encryption key to encrypt and decrypt your environment variables. You have two options:

  1. Store the key in a file (recommended):

    • Generate a key with npx dotenv-store set-key
    • The key is stored in .env.store.key by default
    • Add this file to your .gitignore to keep it secure
    • Share this key securely with your team members

  2. Provide the key directly:

    • Pass the key with the --key option
    • This is less secure but useful for CI/CD environments

Important: If no key file is found and no key is provided, dotenv-store will show an error with instructions on how to create a key.

License

MIT