Dotenv Provider
The Dotenv provider stores secrets in local .env files for development setups and compatibility with existing tools.
File Format
Section titled “File Format”Standard dotenv format with KEY=VALUE pairs:
DATABASE_URL=postgresql://localhost/mydbAPI_KEY=sk-1234567890DEBUG=true # Comments supported
# Multi-line values must be quotedPRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----MIIEpAIBAAKCAQEA...-----END RSA PRIVATE KEY-----"Configuration
Section titled “Configuration”URI Syntax
Section titled “URI Syntax”# Default (.env in current directory)dotenv
# Custom pathsdotenv:.env.localdotenv:config/.envdotenv:/absolute/path/.envEnvironment Variable
Section titled “Environment Variable”export SECRETSPEC_PROVIDER=dotenv:.env.local# Initialize from existing .env$ secretspec init --from .env
# Set a secret$ secretspec set DATABASE_URL --provider dotenvEnter value for DATABASE_URL: postgresql://localhost/mydb
# Run with secrets$ secretspec run --provider dotenv -- npm start
# Use different files for different environments$ secretspec run --provider dotenv:.env.production -- node server.jsSecurity
Section titled “Security”⚠️ Warning: Secrets are stored in plain text. Use only for development and always add .env files to .gitignore.