Quickstart
Getting started with better-env
Introduction
better-env is a simple, secure CLI tool to manage environment variables centrally on your machine using OpenPGP encryption.
Keep your secrets out of repos and out of plaintext files, loading them into apps only at runtime.
Never accidentally commit secrets again. .better-env files are fully commit-safe.
Why better-env?
Global encrypted store
All your secrets stored securely per user with OpenPGP encryption.
No plaintext files
No plaintext .env files needed in projects, no risk of accidentally committing secrets.
Per-project selection
Easy per-project selection of which keys to load configured in .better-env files.
Shell-friendly
Start a subshell with secrets or run commands with injected secrets.
Installation
Linux/MacOS
curl -fsSL https://raw.githubusercontent.com/HarishChandran3304/better-env/main/scripts/install.sh | shWindows
powershell -NoProfile -ExecutionPolicy Bypass -Command "iwr -useb https://raw.githubusercontent.com/HarishChandran3304/better-env/main/scripts/install.ps1 | iex"Setup
bnv setupYou will be prompted to setup a new OpenPGP key.
Usage
1) Store secrets (one-time)
bnv store KEY2) Import and use secrets
cd /path/to/my/project
bnv init
bnv add KEY
# Interactive shell (recommended)
bnv shell
# ... your commands here ...
exit
# One-off command
bnv run python3 main.pyThe idea is you store the secrets once in the global store, and you can import and use them in your projects whenever you want.
Core concepts
- The Global Store: A single encrypted store of all your secrets lives in the user's config directory.
- The Project Link: Each project has a
.better-envfile that lists which keys the project uses. - Two ways to use secrets:
bnv shell: start an interactive shell with secrets loadedbnv run: run a command with secrets only available to the child process
This tool is currently fully supported only for UNIX based systems. Windows has partial support. Check platforms supported for more details.