Dotenvx / Trust Center

Dotenvx

From the creator of dotenv, Dotenvx brings encryption, key separation, and fortified secret distribution to the .env workflow used by developers, startups, and enterprises worldwide.

[email protected]

Overview

Security review in progress

Policies

Internal operating policies that guide how Dotenvx protects systems, code, and customer data.

  • Information Security Program

    Ownership, review cadence, and expectations for security responsibilities.

  • Access Control

    Least-privilege access, account review, and removal of access when it is no longer required.

  • Secure Development

    Code review, dependency awareness, and security consideration before production changes.

  • Encryption and Key Separation

    Protection of secrets through encrypted files, separated keys, and careful key handling.

  • Incident Response

    Intake, triage, communication, remediation, and follow-up for security events.

Controls

Security practices currently tracked across Dotenvx systems and operations.

  • Multi-factor Authentication

    MFA is used for business-critical accounts where supported.

  • Least-privilege Access

    Access is limited to maintainers and systems with an active need.

  • Code Review

    Material code changes are reviewed before release.

  • Dependency Awareness

    Dependencies and upstream changes are reviewed as part of maintenance.

  • Secret Encryption and Key Separation

    Dotenvx supports encrypted .env files with keys stored separately.

  • TLS / HTTPS

    Public web properties are served over HTTPS.

  • Operational Monitoring

    Errors and operational events are monitored for investigation.

  • Security Contact

    Security reports can be sent to [email protected].

Subprocessors

Third-party providers used to deliver, secure, and operate Dotenvx services.

Provider Purpose
Cloudflare
DNS, traffic proxying, CDN, and network security.
GitHub
Authentication, account identity, and repository metadata.
Google Workspace
Business email, internal documentation, and security communications.
Hetzner
Application hosting and infrastructure.
Honeybadger
Error monitoring and operational diagnostics.
Postmark
Transactional email delivery and related message metadata.
Stripe
Billing, checkout, payment processing, and customer billing records.

Documents

Security artifacts and review materials.

Document Access Updated
Dotenvx Whitepaper Reducing secrets risk with cryptographic separation. Public 2025
Privacy Policy Data handling and privacy commitments. Public Current
Terms of Service Legal terms for using Dotenvx services. Public Current

Resources

Additional product and security information.

Documentation

Product guides, CLI reference, and implementation details.

View