A CLI tool to push environment variables to cloud providers.
- Push
.envfiles to Vercel (more providers coming soon) - Support for reading environment variables from stdin
- Works with both encrypted (via dotenvx) and plain
.envfiles - Support for multiple environments (.env.production, .env.staging, etc.)
- Interactive or automated deployment modes
npm install -g dotenv-push# Push .env.production to Vercel (uses .vercel/project.json)
dotenv-push vercel
# Specify project ID and token
dotenv-push vercel --project abc123 --token your-vercel-token
# Push different environment file
dotenv-push vercel --env .env.staging
# Push to Vercel development environment
dotenv-push vercel --target development --env .env.development
# Push to Vercel preview environment
dotenv-push vercel --target preview --env .env.preview
# Push to a custom Vercel environment (custom environment name)
dotenv-push vercel --target staging --env .env.feature
# Skip confirmation prompts
dotenv-push vercel --yes# From a file
cat .env | dotenv-push vercel --stdin
# From dotenvx (for encrypted files)
dotenvx decrypt --env-file=.env.production --stdout | dotenv-push vercel --stdin
# From any command that outputs env format
echo "API_KEY=secret" | dotenv-push vercel --stdin --project abc123# Decrypt with dotenvx and push to Vercel
dotenvx decrypt --env-file=.env.production --stdout | dotenv-push vercel --stdin --yes
# Use with environment substitution
envsubst < .env.template | dotenv-push vercel --stdin
# Filter specific variables
grep "^NEXT_PUBLIC_" .env | dotenv-push vercel --stdin-p, --project <id>- Project ID (optional for Vercel, uses .vercel/project.json)-t, --token <token>- Provider API token-e, --env <file>- Environment file path (defaults to .env.production)--target <name>- Vercel environment target (production,preview,development, or a custom environment name, defaults toproduction)-s, --stdin- Read environment variables from stdin-y, --yes- Skip confirmation prompts-h, --help- Show help message
VERCEL_TOKEN- Vercel API token (used if --token not provided)
For Vercel, the tool will:
- Read project ID from
.vercel/project.jsonif not specified - Replace ALL environment variables for the selected Vercel environment (default: production) with the ones from your file/stdin. Supports
production,preview,development, and custom environment names. - Automatically mark sensitive variables (containing KEY, SECRET, TOKEN) as encrypted
- Plain .env files: Push unencrypted environment variables directly
- Encrypted files: Use with
dotenvx decrypt --stdoutfor encrypted variables - CI/CD pipelines: Use
--yesflag to skip confirmations - Filtered deployments: Use grep/sed to deploy only specific variables
- Node.js 18+
- Provider-specific setup (e.g., .vercel/project.json for Vercel)
# Install dependencies
npm install
# Develop with Bun
npm run dev
# Build (Bun bundler β Node-compatible ESM)
npm run build
# Run tests (Bun test runner)
npm run test
# Lint & Format (Biome)
npm run check # lint + format diagnostics
npm run lint # lint only
npm run lint:fix # apply safe lint fixes
npm run format:check # format check (no write)
npm run format # write formatted filesNote: The published CLI remains Node-compatible; dist output is built with Bun and includes a Node shebang so node can execute it. Bun is used for local dev, tests, and builds.
To publish a new version to npm, use one of the following commands:
# Patch release (0.1.0 β 0.1.1) - for bug fixes
npm version patch && git push origin main --tags
# Minor release (0.1.0 β 0.2.0) - for new features
npm version minor && git push origin main --tags
# Major release (0.1.0 β 1.0.0) - for breaking changes
npm version major && git push origin main --tagsThis updates package.json, creates a git tag, and pushes it. The GitHub Actions workflow will automatically publish to npm.
MIT