Quickstart
ENV is a secrets management service with end-to-end encryption. This guide walks through initializing your app to manage secrets with your team.
ENV is Hyphen’s built-in secrets management service, designed with end-to-end encryption to ensure the highest level of security for your sensitive data. Hyphen never has access to your secret values or your encryption key at any point, ensuring that only you and your team can view or manage your secrets.
Your data is always stored fully encrypted, and Hyphen never sees or generates the encryption keys. These keys are created locally on your machine as 256-character long random strings.
The encryption keys are used in conjunction with OpenSSL’s AES-256-CBC symmetric encryption cipher to keep your data fully encrypted at all times.
Prerequisites
Before getting started with ENV service, ensure you have:
- Signed up for a Hyphen account and have access to an organization
Install the CLI
To get started, download and install the Hyphen CLI using the following command:
macOS/Linux
sh -c "$(curl -fsSL https://cdn.hyphen.ai/install/install.sh)"
Windows
powershell -c "irm https://cdn.hyphen.ai/install/install.ps1 | iex"
Sign in to your Hyphen Account
After installation, sign in to your Hyphen account by running:
hx auth
This will open a browser window to log in. If the window doesn’t open, copy and paste the URL from the terminal into your browser.
Initialize your project
To start using Hyphen ENV with your app, you need to initialize the app and set up encryption keys. This step creates a record of the app within your Hyphen organization and stores the secret encryption key on your machine in a .hxkey
file.
Navigate to your app’s directory and run:
hx init <app-name>
You will receive a confirmation message indicating that the app has been successfully initialized, similar to the following:
App successfully initialized
App Name: quick-start-app
App AlternateId: quick-start-app
App ID: app_6709694e54fc37367966d0ce
Organization ID: org_66f30abb67ebc6bb0c5e0af7
Manage Your .env Files
Once initialized, Hyphen will create several .env files in your app’s directory. Use these files to store environment-specific secrets:
.env
: default secrets stored here will apply to all environments.env.development
: in the development environment, secrets defined here override secrets in .env.env.production
: in the production environment, secrets defined here override secrets .env.env.local
: in your local development environment, secrets defined here override the default secrets .env (this file is not synced with Hyphen)
Encrypt and Push Secrets to Hyphen
Once you’ve added your secrets to the appropriate .env files, you need to encrypt them and push them to Hyphen. Run the following command:
hx push
You will receive confirmation for each environment that’s been pushed. If you’ve updated the default, development, and production environments, the response will look like:
Local environments: default, development, production
Environments pushed: default, development, production
Note: .env.local is never pushed to Hyphen.
Updated 23 days ago