Guides

Version Control

Hyphen automatically tracks and stores every revision of your secrets by default

Suggest Edits

How Version Control Works

Every time you update and push your .env files using Hyphen, a new revision is created. These revisions are securely stored and can be reverted to at any time, allowing for full traceability of secret changes.

Note: Due to Hyphen’s End-to-End Encryption (E2EE), we cannot display the exact differences between two revisions. However, we can show the number of secrets and file size of each version to help you gauge whether information was added or removed.

Viewing revisions in the Hyphen app

To view the history of your secrets and their respective revisions, navigate to the app and select the environment (i.e. default, development, production). This will open a view that lists the versions history.

ENV version history example for the development environment for an app named "demo-app"

ENV version history example for the development environment for an app named "demo-app"

The file size and secrets count give you an indication of whether secrets were added or removed in that revision, even though the contents are not displayed due to encryption.

Viewing revisions in the Hyphen CLI

To view the history of your secrets and their respective revisions using the cli, use the following command:

hx env list <environment>

Replace <environment> with the specific environment ID you wish to inspect. This command will return a list of past versions for that environment, displaying key details like version ID, secret count, file size, and publish date.ive IDs, secret count, size, and publish date.

Example output:

demo-app [development] env versions

ID: env_6706f8d9f7b6dd133e94fc11
Version: 13
Secrets Count: 22
Size: 342 bytes
Published: 10/10/2024 8:41:56 AM

ID: env_6706f8d9f7b6dd133e94fc11
Version: 12
Secrets Count: 19
Size: 309 bytes
Published: 10/10/2024 8:41:04 AM

...

Restore a previous version's secret data

Hyphen uses immutable versioning, meaning you cannot directly roll back to a previous version. However, you can pull the encrypted data from a past version and push it as a new version. To do this:

Retrieve the secret data from the desired version

Use the following command to pull down the secrets from a specific version:

hx pull <environment> <version-number>

Replace <environment> with the environment you are working with and <version-id> with the ID of the version you want to restore.

Push the fetched data as a new version

Once the previous version’s data is fetched, you can push it as a new version using the command:

hx push

This will encrypt and push the retrieved secrets as the latest version in Hyphen.

Example:

# Fetch the secrets from version 12 for the development environment
hx pull development 12

# Push it as a new version
hx push

This process allows you to effectively revert without altering the integrity of your version history.

Updated 4 days ago