Guides

Quickstart

ENV is a secrets management service with end-to-end encryption. This guide walks through initializing your app to manage secrets with your team.

Suggest Edits

ENV is Hyphen’s built-in secrets management service, designed with end-to-end encryption to ensure the highest level of security for your sensitive data. Hyphen never has access to your secret values or your encryption key at any point, ensuring that only you and your team can view or manage your secrets.

Your data is always stored fully encrypted, and Hyphen never sees or generates the encryption keys. These keys are created locally on your machine as 256-character long random strings.

The encryption keys are used in conjunction with OpenSSL’s AES-256-CBC symmetric encryption cipher to keep your data fully encrypted at all times.

Prerequisites

Before getting started with ENV service, ensure you have:

  • Signed up for a Hyphen account and have access to an organization

Install the CLI

To get started, download and install the Hyphen CLI using the following command:

macOS/Linux

sh -c "$(curl -fsSL https://cdn.hyphen.ai/install/install.sh)"

Windows

powershell -c "irm https://cdn.hyphen.ai/install/install.ps1 | iex"

Sign in to your Hyphen Account

After installation, sign in to your Hyphen account by running:

hx auth

This will open a browser window to log in. If the window doesn’t open, copy and paste the URL from the terminal into your browser.

Initialize your project

To start using Hyphen ENV with your app, you need to initialize the app and set up encryption keys. This step creates a record of the app within your Hyphen organization and stores the secret encryption key on your machine in a .hxkey file.

Navigate to your app’s directory and run:

hx init <app-name>

You will receive a confirmation message indicating that the app has been successfully initialized, similar to the following:

App successfully initialized  
App Name: quick-start-app  
App AlternateId: quick-start-app  
App ID: app_6709694e54fc37367966d0ce  
Organization ID: org_66f30abb67ebc6bb0c5e0af7

Manage Your .env Files

Once initialized, Hyphen will create several .env files in your app’s directory. Use these files to store environment-specific secrets:

  • .env: default secrets stored here will apply to all environments
  • .env.development: in the development environment, secrets defined here override secrets in .env
  • .env.production: in the production environment, secrets defined here override secrets .env
  • .env.local: in your local development environment, secrets defined here override the default secrets .env (this file is not synced with Hyphen)

Encrypt and Push Secrets to Hyphen

Once you’ve added your secrets to the appropriate .env files, you need to encrypt them and push them to Hyphen. Run the following command:

hx push

You will receive confirmation for each environment that’s been pushed. If you’ve updated the default, development, and production environments, the response will look like:

Local environments: default, development, production  
Environments pushed: default, development, production

Note: .env.local is never pushed to Hyphen.

Updated about 17 hours ago