Secure environment variable management with real-time synchronization and zero-knowledge encryption
Install the Xavren package using npm:
npm install xavrenInstall the Xavren CLI tool globally for command-line access:
For macOS/Linux (Bash):
curl -fsSL https://xavren.vercel.app/api/releases/installer | bashFor Windows (PowerShell):
iwr -useb https://xavren.vercel.app/api/releases/installer-ps | iexAfter installation, verify the CLI is working correctly:
xavren --helpXavren now includes xavcli - a new Node.js binary tool (separate from the main xavren CLI) that seamlessly integrates with your Git workflow.
Just run git push and your environment variables are automatically and securely synced to the cloud! 🎉
📦 What's the difference?
xavren - Main CLI for manual operations (installed globally)xavcli - Node.js bin for Git hooks and npm scripts (installed with package)When you run npm install xavren, the package automatically:
.git/hooks/pre-pushxavcli_postinstall before every pushOn your very first git push, you'll see an interactive prompt asking how to provide your project key:
XAVKEY💾 Your configuration is saved in .git/xav_push_config.json and you won't be prompted again on subsequent pushes!
Your environment variables are synced based on your current Git branch. Each branch gets its own isolated environment:
🌿 Branch: main
→ Syncs to production environment in cloud
🌿 Branch: develop
→ Syncs to development environment in cloud
🌿 Branch: feature/new-api
→ Syncs to feature/new-api environment in cloud
This means your production, staging, and development environments stay completely isolated! 🔒
When you run git push:
xavcli reads your local .env file✅ Your environment variables are ALWAYS synced before your code is pushed!
After the first setup, every git push is seamless:
xavcli loads your saved config from .git/xav_push_config.json# 1. Make changes to your .env file
echo "NEW_API_KEY=abc123" >> .env
echo "DB_HOST=localhost" >> .env
# 2. Commit your code changes
git add .
git commit -m "Update API configuration"
# 3. Push to Git (env vars sync automatically!)
git push
# 🎯 Behind the scenes:
# → xavcli_postinstall runs automatically
# → Detects current branch: "main"
# → Encrypts your .env variables
# → Pushes to cloud under "main" branch
# → Then pushes your code to remote
# ✅ Output you'll see:
# 🚀 Running xavcli before push on branch: main
# ✅ Environment variables pushed successfully to main branch
# Enumerating objects: 5, done.
# Counting objects: 100% (5/5), done.
# ...Use xavcli in your npm scripts to automatically pull the latest environment variables before starting your server:
{
"scripts": {
"dev": "xavcli clone --keyenv XAVKEY --write && node server.js",
"start": "xavcli clone --keyenv XAVKEY --write --branch main && node server.js",
"start:staging": "xavcli clone --keyenv XAVKEY --write --branch staging && node server.js"
}
}How it works:
xavcli clone - Downloads env vars from cloud--keyenv XAVKEY - Uses environment variable for authentication--write - Writes to your local .env file--branch - Specifies which branch's env to clone (defaults to current Git branch or "main")🎯 This ensures your local environment is always synced with the cloud before your app starts! Perfect for team collaboration and CI/CD pipelines.
If you need to change your credential method, simply delete the config file and push again:
rm .git/xav_push_config.json
git push # You'll be prompted to reconfigureBasic configuration to get started with Xavren:
import dotenv from "xavren"
dotenv.config({
env: "/path/to/.env",
key: process.env.PROJECT_KEY,
watch: true,
write: false,
onSync: (data) => {
console.log("Sync data received:", data);
},
omit: ["PROJECT_KEY"]
})Set up real-time monitoring for environment variable changes using the onSync callback:
import dotenv from "xavren"
dotenv.config({
env: "/path/to/.env",
key: process.env.PROJECT_KEY,
updateCloud: true,
sync: false,
watch: true,
onSync: (data) => {
console.log("Environment file reloaded");
console.log("All env variables:", data.list);
console.log("Changed variables:", data.changes);
},
omit: ["PROJECT_KEY"]
});| Parameter | Type | Required | Description |
|---|---|---|---|
| env | string | No | Path to the environment file to load (e.g., .env or a custom path). |
| key | string | Yes | Project key for secure access to environment management and encryption. |
| onSync | Function | No | Callback executed whenever environment variables are reloaded or changed. Receives an object with list and changes properties. |
| watch | boolean | No | Watch local .env file for changes and trigger onSync callback. Default: false |
| write | boolean | No | Write cloud environment variables to local .env file when cloning. Default: false |
| omit | string[] | No | Array of environment variable names to exclude from cloud synchronization. |
| sync | boolean | No | Force cloud environment to match local .env exactly, removing any extra cloud variables. Default: false |
| updateCloud | boolean | No | Enable synchronization of local changes to cloud. Default: true |
The onSync callback provides:
onSync: ({ list, changes }) => {
if (changes["DB_URL"]) {
console.log("Database URL updated:", changes["DB_URL"]);
reconnectDatabase(changes["DB_URL"]);
}
}Complete example for production environment with MongoDB reconnection on changes:
import mongoose from "mongoose";
import dotenv from "xavren";
let currentUri = process.env.MONGO_URI;
dotenv.config({
env: ".env.production",
key: process.env.PROJECT_KEY,
watch: true,
onSync: ({ list, changes }) => {
if (changes["MONGO_URI"]) {
connectDB(changes["MONGO_URI"]);
}
if (changes["API_KEY"]) {
refreshAPIKey(changes["API_KEY"]);
}
},
omit: ["PROJECT_KEY"]
});
async function connectDB(uri) {
try {
if (currentUri === uri && mongoose.connection.readyState === 1) {
console.log("Already connected to MongoDB");
return;
}
if (mongoose.connection.readyState !== 0) {
await mongoose.disconnect();
console.log("Disconnected from previous MongoDB connection");
}
await mongoose.connect(uri, { autoIndex: true });
currentUri = uri;
console.log("✅ MongoDB connected to new URI");
} catch (err) {
console.error("❌ MongoDB connection error:", err);
}
}
connectDB(currentUri);Use xavcli for npm scripts and Git hooks
Upload your local environment variables to the cloud using xavcli:
Using project key from environment variable (Recommended):
xavcli push --keyenv XAVKEYUsing project key directly:
xavcli push --key YOUR_PROJECT_KEYUsing key from file:
xavcli push --keyfile path/to/keyfilePush to specific branch:
xavcli push --keyenv XAVKEY --branch developForce sync (removes extra cloud variables):
xavcli push --keyenv XAVKEY --sync--keyenv VARIABLE_NAME - Use environment variable containing your project key (e.g., XAVKEY)--key YOUR_KEY - Provide project key directly--keyfile path/to/file - Path to file containing your project key--branch BRANCH_NAME - Target branch (defaults to current Git branch or 'main')--sync - Force cloud to match local exactly (removes extra cloud variables)Download environment variables from cloud to local using xavcli:
Clone using environment variable (Recommended):
xavcli clone --keyenv XAVKEY --writeClone without writing to file (just display):
xavcli clone --keyenv XAVKEYClone and write to .env file:
xavcli clone --key YOUR_PROJECT_KEY --writeUsing key from file:
xavcli clone --keyfile path/to/keyfile --writeClone from specific branch:
xavcli clone --keyenv XAVKEY --branch develop --write--keyenv VARIABLE_NAME - Use environment variable containing your project key (e.g., XAVKEY)--key YOUR_KEY - Provide project key directly--keyfile path/to/file - Path to file containing your project key--branch BRANCH_NAME - Source branch (defaults to current Git branch or 'main')--write - Write downloaded variables to local .env fileAdd xavcli clone to your package.json scripts to automatically sync environment before starting:
{
"scripts": {
"dev": "xavcli clone --keyenv XAVKEY --write && node server.js",
"start": "xavcli clone --keyenv XAVKEY --write --branch main && node server.js",
"start:staging": "xavcli clone --keyenv XAVKEY --write --branch staging && node server.js"
}
}🎯 The --branch flag defaults to your current Git branch if not specified, or falls back to "main". This ensures each environment pulls the correct variables!
View all available commands and options:
xavren --help--keyfile or --keyenv instead of passing it directly--sync carefully as it will remove cloud variables not present locally--write optionXavren takes security seriously. When a team member is removed from your project, the entire project key is automatically rotated to prevent unauthorized access.
When you remove a team member from your Xavren project dashboard, the process is initiated.
A new project key is automatically generated and all your environment data is re-encrypted with the new key.
The previous project key is immediately invalidated and can no longer be used to access your environment variables.
All remaining team members must update their local configuration with the new project key.
After a key rotation, update your configuration:
Option 1: Update Environment Variable
# Update your .env file with the new key
echo "XAVKEY=new_project_key_here" >> .envOption 2: Update Key File
# Update your key file
echo "new_project_key_here" > path/to/keyfileOption 3: Reconfigure Git Hook
# Delete the config and reconfigure on next push
rm .git/xav_push_config.json
git push # You'll be prompted to enter the new keykey) should not be logged and must be stored securely..env files when watch is enabled.omit array to prevent it from being synced.write option carefully when cloning from cloud - always backup your local .env first.git push - no separate commands needed!Check out our comprehensive guides or reach out to our support team for assistance.