Comment by n31l
2 days ago
Agreed, and it's nice and easy for anyone already using `.env` files, although the private key used to decrypt the dotenvx key-values is itself a secret.
2 days ago
Agreed, and it's nice and easy for anyone already using `.env` files, although the private key used to decrypt the dotenvx key-values is itself a secret.
Yeah i don't understand this. You still need to secure your .env.keys file same as you would be doing with a standard .env. Is the benefit just that you can track it with git?
Standard .env is unencrypted, while a dotenvx .env file has plaintext keys and encrypted values. Anyone with access to the repo would also need the DOTENVX_PRIVATE_KEY variable to decrypt the env file.
One key deployed to your hosts means adding new secrets doesn't take operations effort. Also, the process uses a public/private key pair, so adding a new variable doesn't expose existing variables.