Olivia
Online
Dotenvx
@dotenvx
A secure dotenv–from the creator of `dotenv`. @motdotla
LA & SF
Joined March 2022
12 Following
928 Followers
2.9K Posts
A glimpse of what is coming next to Armor ⛨.
For those entrusted with secrets.
Two years on.
A lot of visual work today. Seems counterintuitive in the increasing agentic world but my gut tells me the opposite.
One of the greats instrumental in the development of @npm cli - without which dotenv would not even exist.
Keep .env. Encrypt it.
enkripsi file .env sekarang harus jadi standar, karena AI Agent kadang bisa akses. O iya ini aku pake Dotenvx
Who to follow
bu kinoshita
@bukinoshita
co-founder & cto @resend (YC W23) and building https://t.co/90EcxsnQRj and https://t.co/s2tIDl8nlL
Gillian Morris
@gillianim
Co-write https://t.co/TCvPI5i071. Founder @hitlist_app (RIP). Contributor @HarvardBiz @bopinion @StartupGrind.
RedSwitches
@RedswitchesS
A global Bare-Metal Cloud Provider specializing in managed high-compute, bandwidth-intensive & storage-optimized solutions for Startups, SMBs & Enterprises.
Out of an abundance of caution our major npm packages now ignore-scripts=true.
We have our SOC 2 controls all in place and monitored excepting one - the internal audit. We start that on Monday.
@shunsuke_kudo_ Ok, great. This also might be helpful: https://t.co/xAtgnTkabs
Polygon (@0xPolygon) has started using @dotenvx. Keep the .env. Encrypt the secrets.
https://t.co/0MjUSKS6uf
Keep .env. Encrypt the secrets.
環境変数管理、ずっと「平文をローカルに置く→事故がこわいし共有が面倒」だった。
そこで導入したdotenvx が今のところいい感じ。
.env ファイルを暗号化して git 管理、復号鍵はKeychain なんかに逃がす構成にした。
Railway にも push できるので、共有も楽!めっちゃ便利。
May all our followers find great success and safe secrets!
Keep the .env workflow developers already trust and add encryption.
Encrypt and armor your .env files, friends.
🚨 TrapDoor supply chain attack hits npm, PyPI, and Crates-io.
https://t.co/SYnR0fcJCr
34 malicious packages across 384 versions were used to steal crypto wallets, SSH keys, cloud credentials, and developer secrets from crypto, DeFi, Solana, and AI environments.
The malware abused npm hooks, Python imports, and Rust build scripts for execution and persistence.
@tonyjunkes thank you for the follow. May you wield the sharp knife and sturdy armor of dotenvx. ⛨
I built dtx — a minimal CLI on top of @dotenvx for easily switching and running encrypted environment variables.
Made with some vibe coding along the way.
https://t.co/kowvveUlrL
@codyschneider Don’t forget to encrypt it with dotenvx or similar
SOC 2 Status Update. We go to internal audit next week.
Ok so about 2 weeks into the SOC 2 process with @oneleet and we made the right choice.
I wanted a compliance solution that:
1. Organized policies and controls into practical language rather than "audit speak"
2. Mapped those controls tightly to audit requirements
3. Helped me understand the process deeply so we didn't feel locked into their platform
For #1, you can already start seeing the results on our trust page. Even the control categories are more practical and developer-friendly than what I've seen elsewhere.
For #2, their platform provides clear control mappings and detailed guidance, which helped me better plan ahead for auditor requirements as I built things out.
For #3, they provide an API. We've already automated a lot ourselves and pushed evidence directly into their dashboard. I don't feel locked in at all and have been able to wire things up to our company 'brain'. But their dashboard is also very intuitive and we're still spending most of our time directly in it and happy. Their automated controls they have are also really solid and save what otherwise is a lot of screenshot gathering.
Overall, @dotenvx is in a more secure position now and we'll continue to improve thanks to @oneleet. That's good for our customers and makes me happy. Looking forward to the internal audit next, and then the real thing.
We've been very busy with SOC 2 preparation across our infrastructure and business processes, but in the meantime we did ship Team Avatars and Choose Key Storage.
$ dotenvx encrypt
If you have API keys in your code, even private repos, now is the time to double check and change them...
Did you know you can fetch a single secret with:
$ dotenvx get KEYNAME
Useful for peeking secrets or automation use cases.
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers