Today, encrypted environment-variable workflows are possible through external tools such as dotenvx, which can encrypt .env files and inject decrypted values at runtime. However, just does not currently offer a first-class or standardized way to work with such encrypted secret flows inside recipes.
It could be valuable if just provided better built-in ergonomics for consuming encrypted environment variables, whether through native support or through a well-defined integration pattern for tools like dotenvx.
This would help make secret usage inside recipes more explicit, portable, and consistent, while avoiding the need for custom wrapper scripts or ad hoc shell glue around every secret-dependent command.
Important considerations:
- secrets should never appear in output, error messages, or dry-run output
- the workflow should remain cross-platform
- plaintext secrets should not need to live in the
Justfile
- external encrypted secret providers such as
dotenvx should be easy to integrate cleanly
Today, encrypted environment-variable workflows are possible through external tools such as
dotenvx, which can encrypt.envfiles and inject decrypted values at runtime. However,justdoes not currently offer a first-class or standardized way to work with such encrypted secret flows inside recipes.It could be valuable if
justprovided better built-in ergonomics for consuming encrypted environment variables, whether through native support or through a well-defined integration pattern for tools likedotenvx.This would help make secret usage inside recipes more explicit, portable, and consistent, while avoiding the need for custom wrapper scripts or ad hoc shell glue around every secret-dependent command.
Important considerations:
Justfiledotenvxshould be easy to integrate cleanly