dotlock is a powerful command-line tool designed to securely manage and encrypt your .env files, allowing safe committing to Git and effortless sharing within teams. This tool utilizes a shared passphrase to encrypt multiple .env files into a single, compact .dotlock vault file, ensuring that sensitive information remains secure and offline.

Key Features

• Easy Initialization: Quickly encrypt all .env files with a single command.
• Commit Safely: Protects sensitive data with built-in Git integration.
• Seamless Usage Across Machines: Unlock your environment on any machine with minimal effort.
• Enhanced Security: Utilizes industry-standard encryption techniques:
  • Encryption: Employs Argon2id for key derivation and AES-256-GCM for encryption.
  • Key Storage: Caches derived keys securely to ensure ease of use.
  • Auto-Locking: Automatically re-locks encrypted files upon committing changes.
• Comprehensive Commands:
  • dotlock init: Detect and encrypt .env files.
  • dotlock lock [env]: Encrypt specified environment files.
  • dotlock unlock [env]: Decrypt files from the vault.
  • dotlock diff [env1] [env2]: Easily compare different environments.
  • dotlock ls: View a list of environments stored in the vault.
  • dotlock doctor: Check the health of the setup.
  • dotlock scan: Identify hardcoded secrets in your codebase.

CI/CD Integration

Integrate dotlock seamlessly into your CI/CD processes by setting the DOTLOCK_PASSPHRASE environment variable. This allows for automated unlocking of the encrypted environment without compromising security.

Conclusion

With dotlock, developers can maintain the confidentiality of their environment configurations while using Git without the risk of exposing sensitive data. This tool offers a straightforward and efficient approach to managing encrypted environment variables, making it an invaluable asset for teams prioritizing security.