PHPackages                             dotenv-org/phpdotenv-vault - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Utility &amp; Helpers](/categories/utility)
4. /
5. dotenv-org/phpdotenv-vault

ActiveLibrary[Utility &amp; Helpers](/categories/utility)

dotenv-org/phpdotenv-vault
==========================

Load environment variables from encrypted .env.vault files

v0.2.4(2y ago)1019.5k↓42.2%4[1 PRs](https://github.com/dotenv-org/phpdotenv-vault/pulls)2BSD-3-ClausePHPPHP ^7.1.3 || ^8.0

Since Dec 15Pushed 2y ago2 watchersCompare

[ Source](https://github.com/dotenv-org/phpdotenv-vault)[ Packagist](https://packagist.org/packages/dotenv-org/phpdotenv-vault)[ RSS](/packages/dotenv-org-phpdotenv-vault/feed)WikiDiscussions master Synced today

READMEChangelog (3)Dependencies (2)Versions (13)Used By (2)

PHP dotenv-vault [![PHP version](https://camo.githubusercontent.com/eae72e9c2b14f4843500106c4d83c2e76b083c7ffdbd2f74755609ad35797caa/68747470733a2f2f62616467652e667572792e696f2f70682f646f74656e762d6f7267253246706870646f74656e762d7661756c742e737667)](https://badge.fury.io/ph/dotenv-org%2Fphpdotenv-vault)
================================================================================================================================================================================================================================================================================================================

[](#php-dotenv-vault-)

[![dotenv-vault](https://raw.githubusercontent.com/motdotla/dotenv/master/dotenv.svg)](https://raw.githubusercontent.com/motdotla/dotenv/master/dotenv.svg)

Extends the proven &amp; trusted foundation of [phpdotenv](https://github.com/vlucas/phpdotenv), with a `.env.vault` file.

The extended standard lets you load encrypted secrets from your `.env.vault` file in production (and other) environments. Brought to you by the same people that pioneered [dotenv-nodejs](https://github.com/motdotla/dotenv).

- [🌱 Install](#-install)
- [🏗️ Usage (.env)](#%EF%B8%8F-usage)
- [🚀 Deploying (.env.vault) 🆕](#-deploying)
- [🌴 Multiple Environments](#-manage-multiple-environments)
- [❓ FAQ](#-faq)
- [⏱️ Changelog](./CHANGELOG.md)

🌱 Install
---------

[](#-install)

```
$ composer require dotenv-org/phpdotenv-vault
```

🏗️ Usage
--------

[](#️-usage)

Development usage works just like [phpdotenv](https://github.com/vlucas/phpdotenv).

Add your application configuration to your `.env` file in the root of your project:

```
# .env
S3_BUCKET="dotenv"
SECRET_KEY="souper_seekret_key"
```

As early as possible in your application bootstrap process, load .env:

```
require 'vendor/autoload.php';

$dotenv = DotenvVault\DotenvVault::createImmutable([__DIR__]);
$dotenv->safeLoad();
```

When your application loads, these variables will be available in `$_SERVER`:

```
$s3_bucket = $_SERVER['S3_BUCKET'];
echo $s3_bucket;
```

🚀 Deploying
-----------

[](#-deploying)

Encrypt your environment variables by doing:

```
npx dotenv-vault local build
```

This will create an encrypted `.env.vault` file along with a `.env.keys` file containing the encryption keys. Set the `DOTENV_KEY` environment variable by copying and pasting the key value from the `.env.keys` file onto your server or cloud provider. For example in heroku:

```
heroku config:set DOTENV_KEY=
```

Commit your .env.vault file safely to code and deploy. Your .env.vault fill be decrypted on boot, its environment variables injected, and your app work as expected.

Note that when the `DOTENV_KEY` environment variable is set, environment settings will *always* be loaded from the `.env.vault` file in the project root. For development use, you can leave the `DOTENV_KEY` environment variable unset and fall back on the `dotenv` behaviour of loading from `.env`.

🌴 Manage Multiple Environments
------------------------------

[](#-manage-multiple-environments)

You have two options for managing multiple environments - locally managed or vault managed - both use [dotenv-vault](https://github.com/dotenv-org/dotenv-vault).

Locally managed never makes a remote API call. It is completely managed on your machine. Vault managed adds conveniences like backing up your .env file, secure sharing across your team, access permissions, and version history. Choose what works best for you.

#### 💻 Locally Managed

[](#-locally-managed)

Create a `.env.production` file in the root of your project and put your production values there.

```
# .env.production
S3_BUCKET="PRODUCTION_S3BUCKET"
SECRET_KEY="PRODUCTION_SECRETKEYGOESHERE"
```

Rebuild your `.env.vault` file.

```
npx dotenv-vault local build
```

View your `.env.keys` file. There is a production `DOTENV_KEY` that pairs with the `DOTENV_VAULT_PRODUCTION` cipher in your `.env.vault` file.

Set the production `DOTENV_KEY` on your server, recommit your `.env.vault` file to code, and deploy. That's it!

Your .env.vault fill be decrypted on boot, its production environment variables injected, and your app work as expected.

#### 🔐 Vault Managed

[](#-vault-managed)

Sync your .env file. Run the push command and follow the instructions. [learn more](/docs/sync/quickstart)

```
$ npx dotenv-vault push

```

Manage multiple environments with the included UI. [learn more](/docs/tutorials/environments)

```
$ npx dotenv-vault open

```

Build your `.env.vault` file with multiple environments.

```
$ npx dotenv-vault build

```

Access your `DOTENV_KEY`.

```
$ npx dotenv-vault keys

```

Set the production `DOTENV_KEY` on your server, recommit your `.env.vault` file to code, and deploy. That's it!

❓ FAQ
-----

[](#-faq)

#### What happens if `DOTENV_KEY` is not set?

[](#what-happens-if-dotenv_key-is-not-set)

Dotenv Vault gracefully falls back to [phpdotenv](https://github.com/vlucas/phpdotenv) when `DOTENV_KEY` is not set. This is the default for development so that you can focus on editing your `.env` file and save the `build` command until you are ready to deploy those environment variables changes.

#### Should I commit my `.env` file?

[](#should-i-commit-my-env-file)

No. We **strongly** recommend against committing your `.env` file to version control. It should only include environment-specific values such as database passwords or API keys. Your production database should have a different password than your development database.

#### Should I commit my `.env.vault` file?

[](#should-i-commit-my-envvault-file)

Yes. It is safe and recommended to do so. It contains your encrypted envs, and your vault identifier.

#### Can I share the `DOTENV_KEY`?

[](#can-i-share-the-dotenv_key)

No. It is the key that unlocks your encrypted environment variables. Be very careful who you share this key with. Do not let it leak.

Contributing
------------

[](#contributing)

1. Fork it
2. Create your feature branch (`git checkout -b my-new-feature`)
3. Commit your changes (`git commit -am 'Added some feature'`)
4. Push to the branch (`git push origin my-new-feature`)
5. Create new Pull Request

Changelog
---------

[](#changelog)

See [CHANGELOG.md](CHANGELOG.md)

License
-------

[](#license)

BSD-3

###  Health Score

32

—

LowBetter than 69% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity35

Limited adoption so far

Community16

Small or concentrated contributor base

Maturity48

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 84.8% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~29 days

Recently: every ~0 days

Total

12

Last Release

973d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/50d3ae43a2cd5ed130f7074523ebed9135b598e4e40701e2aebd12aaca6e3c7f?d=identicon)[dotenv](/maintainers/dotenv)

---

Top Contributors

[![motdotla](https://avatars.githubusercontent.com/u/3848?v=4)](https://github.com/motdotla "motdotla (39 commits)")[![nsnguyen](https://avatars.githubusercontent.com/u/5308282?v=4)](https://github.com/nsnguyen "nsnguyen (7 commits)")

---

Tags

dotenvenvironment-variablesphpvaultenvironmentenvdotenvconfigurationsenvironment variablesdotenv-vault

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/dotenv-org-phpdotenv-vault/health.svg)

```
[![Health](https://phpackages.com/badges/dotenv-org-phpdotenv-vault/health.svg)](https://phpackages.com/packages/dotenv-org-phpdotenv-vault)
```

###  Alternatives

[vlucas/phpdotenv

Loads environment variables from `.env` to `getenv()`, `$\_ENV` and `$\_SERVER` automagically.

13.5k640.2M6.3k](/packages/vlucas-phpdotenv)[symfony/dotenv

Registers environment variables from a .env file

3.8k243.3M2.8k](/packages/symfony-dotenv)[bnomei/kirby3-dotenv

Kirby Plugin for environment variables from .env

4149.6k2](/packages/bnomei-kirby3-dotenv)[nystudio107/dotenvy

Speed up your production sites by ditching .env for key/value variable pairs as Apache, Nginx, and shell equivalents.

317.0k](/packages/nystudio107-dotenvy)[diarmuidie/envpopulate

Tool to interactively populate a `.env` file based on an `.env.example` file whenever Composer installs or updates.

1695.7k](/packages/diarmuidie-envpopulate)[beebmx/kirby-env

Enable env variables to Kirby

2140.5k3](/packages/beebmx-kirby-env)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
