Dotenvx

Unclaimed

Secure your .env files with encryption, from the creator of the original dotenv.

Encryption

Visit Website

FreemiumVisit Website

TL;DR - Dotenvx

Encrypts .env files to secure sensitive environment variables.
Open-source and built by the creator of the original dotenv.
Offers cross-platform compatibility and supports multiple environments.

Pricing: Free plan available

Best for: Growing teams

Pros & Cons

Pros

Enhances security by encrypting sensitive environment variables.
Easy to integrate into existing development workflows.
Open-source and actively maintained by the original dotenv creator.
Supports various advanced use cases like multi-environment and command substitution.
Trusted by large organizations and government entities.

Cons

Requires managing encryption and decryption keys.
Commercial features are not free.

Preview

Key Features

Encrypted .env filesCross-platform compatibility (Run Anywhere)Multi-environment supportVariable expansionCommand substitutionPrecommit / Prebuild hooksStrong cryptography (ECIES)Optional commercial Dotenvx Ops tooling

Pricing Plans

Free Trial

Core

Free

Open source software
Standalone, no cloud needed
You manage the private keys
Encryption
Run Anywhere
Multiple Environments
Secrets-as-Code
Variable expansion
Command substitution
Support: None
License: BSD-3

PRO

$299/month billed annually

Extended 75-day free trial
Fixed price no per-user charges
Unlimited secrets
Unlimited users
Fully managed private keys securely synced with zero-knowledge encryption
Team permissions to control access
Includes syncing to Chrome Extension
Includes syncing to VS Code Extension
24/7/365 customer support
Personal onboarding with our founder
Encryption
Run Anywhere
Multiple Environments
Secrets-as-Code
Variable expansion
Command substitution
Cloak-Zero
Web UI
Access Controls
PR Reviews
Env-Radar
Compliance Alerts
Rotation
Push/Pull
Version History
Audit Logs
Support: Email
License: Commercial

PRO (monthly)

$349/month

Extended 75-day free trial
Fixed price no per-user charges
Unlimited secrets
Unlimited users
Fully managed private keys securely synced with zero-knowledge encryption
Team permissions to control access
Includes syncing to Chrome Extension
Includes syncing to VS Code Extension
24/7/365 customer support
Personal onboarding with our founder
Encryption
Run Anywhere
Multiple Environments
Secrets-as-Code
Variable expansion
Command substitution
Cloak-Zero
Web UI
Access Controls
PR Reviews
Env-Radar
Compliance Alerts
Rotation
Push/Pull
Version History
Audit Logs
Support: Email
License: Commercial

Enterprise

$1299/month billed annually

Encryption
Run Anywhere
Multiple Environments
Secrets-as-Code
Variable expansion
Command substitution
Cloak-Zero
Web UI
Access Controls
PR Reviews
Env-Radar
Compliance Alerts
Rotation
Push/Pull
Version History
Audit Logs
Support: Email
License: Commercial

View full pricing

About Dotenvx

By Toolradar Team·Updated Mar 17, 2026

Dotenvx is an open-source tool designed to encrypt .env files, addressing the security vulnerabilities associated with plaintext environment variables. Developed by the creator of the original dotenv, it allows developers to encrypt sensitive information within their .env files, significantly reducing the attack surface while maintaining the convenience of using environment variables. It integrates seamlessly into existing workflows, requiring only a simple change from `dotenv` to `@dotenvx/dotenvx`. This tool is ideal for developers, teams, and organizations that handle sensitive configuration data, such as database credentials, API keys, and email server settings, across various environments. By providing strong cryptography and supporting multiple environments, dotenvx helps prevent data breaches and enhances the overall security posture of applications. It's trusted by major companies and government departments for its robust security features.

How we evaluate tools →Source: dotenvx.com

Reviews

No reviews yet. Be the first to review Dotenvx!

Write a Review

Best Dotenvx Alternatives

Top alternatives based on features, pricing, and user needs.

AWS Secrets ManagerPaid

AWS service for storing and rotating secrets securely

See all Encryption tools →

Explore More

Best Encryption Tools

Dotenvx FAQ

How does dotenvx encrypt sensitive information within .env files?

Dotenvx employs Elliptic Curve Integrated Encryption Scheme (ECIES) to encrypt each secret individually. This process uses a unique ephemeral key for each secret, which can then be decrypted using a long-term private key.

What is the purpose of the DOTENV_PUBLIC_KEY and DOTENV_PRIVATE_KEY in dotenvx?

The DOTENV_PUBLIC_KEY is used for encrypting secrets within your .env files. Conversely, the DOTENV_PRIVATE_KEY is essential for decrypting these secrets and is designed to be securely stored, ideally in a cloud secrets manager.

Can dotenvx manage different sets of environment variables for various deployment stages?

Yes, dotenvx supports multiple environments, allowing users to easily switch between configurations. This is achieved by utilizing different .env files, such as .env, .env.production, and others, to manage environment-specific variables.

What is the primary security benefit of using dotenvx compared to traditional plaintext .env files?

Dotenvx significantly reduces the attack surface of .env files by encrypting their contents. This cryptographic separation ensures that even if an encrypted .env file is compromised, the secrets remain protected without the corresponding decryption key.

Which organizations are currently using or recommending dotenvx for their operations?

Dotenvx is adopted by a wide range of organizations including PayPal, NASA, AWS, Supabase, and Facebook. AWS specifically recommends it with AWS Amplify, and Supabase requires it for their Branching feature.

Source: dotenvx.com