Configuration

Customize EnvMark for your workflow.

Configuration Files

EnvMark uses two configuration files:

🌍

Global Configuration

~/.envmark/config.json

Shared settings: remote URL, default environment, encryption.

📁

Local Configuration

.envmark.json

Project-specific settings: project name.

Global Configuration

Located at ~/.envmark/config.json. Created automatically during envmark init.

{
  "remote": "git@github.com:team/envmark-secrets.git",
  "defaultEnv": "development",
  "encrypt": false
}

Options

Option Type Default Description
remote string required Git remote URL for the secrets repository (SSH or HTTPS)
defaultEnv string "development" Default environment when no env is specified
encrypt boolean false Enable AES-256-GCM encryption for .env files

Local Configuration

Located at .envmark.json in your project root. Version this file with your project.

{
  "project": "my-app"
}

Options

Option Type Default Description
project string directory name Project name (used as folder name in the secrets repo)

Global Directory Structure

EnvMark stores global data in ~/.envmark/:

~/.envmark/ ├── config.json # Global configuration ├── keys/ # Encryption keys (one per project) │ └── my-app.key # Key for project "my-app" └── repos/ # Cached repository clones └── <hash>/ # Clone of the secrets repo

Note: The keys/ directory contains sensitive data. Never share or backup these files insecurely.

Repository Structure

Your secrets repository follows this structure:

envmark-secrets/ (Git repository) ├── branch: main (production) │ ├── project-alpha/.env │ ├── project-beta/.env │ └── api-gateway/.env ├── branch: development │ ├── project-alpha/.env │ ├── project-beta/.env │ └── api-gateway/.env ├── branch: staging │ └── ... └── branch: qa └── ...

Each branch represents an environment. Each folder represents a project.

Environment Aliases

EnvMark supports convenient aliases for environment names:

Alias Maps to Branch
dev, development development
staging staging
qa qa
prod, production main

Custom branch names (like feature-x) are used as-is.

Git Authentication

EnvMark uses your system's Git configuration for authentication. Ensure you have:

For SSH URLs

git@github.com:team/envmark-secrets.git
  • SSH key configured and added to your Git provider
  • SSH agent running with key loaded

For HTTPS URLs

https://github.com/team/envmark-secrets.git
  • Git credential helper configured
  • Personal access token or password stored

Best Practices

🔒

Use a Private Repository

Always use a private Git repository for your secrets. Never use a public repository.

🛡️

Protect Production Branch

Enable branch protection rules on main to require reviews before changes.

🔑

Enable Encryption

For sensitive secrets, enable AES-256-GCM encryption. Share keys securely with teammates.

📝

Version .envmark.json

Commit .envmark.json to your project repo so teammates get the same config.