winget install --id=tolgamorf.env2op-cli -e env2op-cli provides two commands: - env2op: Push .env files to 1Password as Secure Notes and generate templates - op2env: Pull secrets from 1Password using templates to generate .env files
.env files to 1Password and pull them back with two simple commands.
brew tap tolgamorf/tap
brew install env2op-cli
# or in a single command:
brew install tolgamorf/tap/env2op-cli
scoop bucket add tolgamorf https://github.com/tolgamorf/scoop-bucket
scoop install env2op-cli
choco install env2op-cli
winget install tolgamorf.env2op-cli
# Using bun
bun add -g @tolgamorf/env2op-cli
# Using npm
npm install -g @tolgamorf/env2op-cli
# Using pnpm
pnpm add -g @tolgamorf/env2op-cli
# Using bun
bunx @tolgamorf/env2op-cli .env Personal "MyApp"
# Using npm
npx @tolgamorf/env2op-cli .env Personal "MyApp"
# Using pnpm
pnpm dlx @tolgamorf/env2op-cli .env Personal "MyApp"
This package provides two commands:
| Command | Description |
|---|---|
env2op | Push .env to 1Password, generate .env.tpl template |
op2env | Pull secrets from 1Password using .env.tpl template |
Push environment variables to 1Password and generate a template file.
env2op [options]
# Basic usage - creates a Secure Note and generates .env.tpl
env2op .env.production Personal "MyApp - Production"
# Custom output path for template
env2op .env Personal "MyApp" -o secrets.tpl
# Preview what would happen without making changes
env2op .env.production Personal "MyApp" --dry-run
# Store all fields as password type (hidden in 1Password)
env2op .env.production Personal "MyApp" --secret
# Skip confirmation prompts (useful for scripts/CI)
env2op .env.production Personal "MyApp" -f
| Flag | Description |
|---|---|
-o, --output | Output template path (default: .tpl) |
-f, --force | Skip confirmation prompts |
--dry-run | Preview actions without executing |
--secret | Store all fields as 'password' type (default: 'text') |
--verbose | Show op CLI output |
--update | Check for and install updates |
-v, --version | Show version |
-h, --help | Show help |
Pull secrets from 1Password to generate a .env file.
op2env [options]
# Basic usage - generates .env from .env.tpl
op2env .env.tpl
# Custom output path
op2env .env.tpl -o .env.local
# Preview without making changes
op2env .env.tpl --dry-run
# Overwrite existing .env without prompting
op2env .env.tpl -f
| Flag | Description |
|---|---|
-o, --output | Output .env path (default: template without .tpl) |
-f, --force | Overwrite without prompting |
--dry-run | Preview actions without executing |
--verbose | Show op CLI output |
--update | Check for and install updates |
-v, --version | Show version |
-h, --help | Show help |
.env file, creates a 1Password Secure Note, and generates a .tpl template.env fileYou can also use the op run command to run processes with secrets injected:
op run --env-file .env.tpl -- npm start
By default, all fields are stored as text type (visible in 1Password). Use --secret to store them as password type (hidden by default, revealed on click).
Given this .env file:
DATABASE_URL=postgres://localhost/myapp
API_KEY=sk-1234567890
DEBUG=true
Running:
env2op .env Personal "MyApp Secrets"
Creates a 1Password Secure Note with fields:
DATABASE_URL (text)API_KEY (text)DEBUG (text)And generates .env.tpl with UUID-based references (avoids naming conflicts):
DATABASE_URL=op://abc123vaultid/xyz789itemid/def456fieldid
API_KEY=op://abc123vaultid/xyz789itemid/ghi012fieldid
DEBUG=op://abc123vaultid/xyz789itemid/jkl345fieldid
You can also use env2op as a library:
import { parseEnvFile, createSecureNote, generateTemplateContent } from "@tolgamorf/env2op-cli";
const result = parseEnvFile(".env");
console.log(result.variables);
MIT