Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Sadia_A1P
1Password Team
1Password TeamIntroducing new .env file support in 1Password
Today, we’re introducing a first-of-its-kind feature available in the 1Password Desktop app.
With the new local .env file destination in 1Password Environments, you can securely use and share .env ...
sid1Password Team
1Password TeamHey seanboult,
Thank you for sharing your feedback! Glad to hear your enjoying the feature!
I'll pass your notes along to the team, and the good news is that many of these ideas are already on our radar as next-step improvements.
I did have a couple of quick follow-ups to better understand your suggestions:
The mounted .env file is generated but probably should have
- env it was loaded from
- timestamp when it was updated
- any other relevant metadata that I am not aware of
Where would you expect to see this information? Were you thinking it should appear as commented lines within the generated .env file, or surfaced somewhere in the app interface instead?
regarding git, it's probably worth mentioning that they won't be seen because git doesn't support named pipes in the docs
Good point! We do actually mention in the docs you've linked that this file will not be tracked by Git. Were you perhaps referring to some sort of message within the 1Password Desktop app itself?
locking of your vault and the env file getting removed from disk is just chefs kiss
Just to clarify, locking 1Password shouldn’t remove the local .env file. The file remains available while 1Password is locked (you’ll just be prompted to authorize reads). It’s only cleaned up when you quit 1Password, delete or disable the destination, or delete the environment itself.
Where would you expect to see this information? Were you thinking it should appear as commented lines within the generated .env file, or surfaced somewhere in the app interface instead?
Would make sense to generate the metadata and embed it as a comment header in the env file.
Good point! We do actually mention in the docs you've linked that this file will not be tracked by Git. Were you perhaps referring to some sort of message within the 1Password Desktop app itself?
I just mean that by default git wont be able to track named pipes and calling that out here could help remove ambiguity here as to why.
"Although 1Password creates this file on your device, locally mounted .env files aren't tracked by Git and therefore your secrets aren't exposed by your version control system"
Just to clarify, locking 1Password shouldn’t remove the local .env file. The file remains available while 1Password is locked (you’ll just be prompted to authorize reads). It’s only cleaned up when you quit 1Password, delete or disable the destination, or delete the environment itself.
Wow I must have seen some bug or something but swear I saw it disappear in the VSCode file tree when I locked my 1password.
Perhaps this is a feature request but really if you lock your 1password it will require another auth to get the contents visible again.
- sid
Perhaps this is a feature request but really if you lock your 1password it will require another auth to get the contents visible again.
Ya that’s right. This behaviour follows our security model and is an intentional requirement. We need your authorization to decrypt the contents of your Environment.
Once you approve access, you won’t be prompted again until 1Password locks. We keep the .env file in place even while 1Password is locked, since the locking of 1Password can happen automatically after a short period of inactivity (which users can configure). This ensures the .env files don’t disappear mid-development, unless you quit 1Password, delete the environment, or disable the destination.
