Environment Scopes
Shield supports scopes for managing secrets across different environments. This is primarily useful when working with different .env files.
Available Scopes
| Scope | Description | Example |
|---|
development | Local development (default) | Dev API keys |
staging | Staging/preview environments | Staging database |
production | Production environment | Live credentials |
How Scopes Work with Providers
Dotenv Provider
The dotenv provider automatically loads scope-specific files:
# development scope (default)
.env # Always loaded
.env.local # Always loaded (overrides .env)
.env.development # Loaded for development scope
.env.development.local # Loaded for development scope
# production scope
.env # Always loaded
.env.local # Always loaded
.env.production # Loaded for production scope
.env.production.local # Loaded for production scope
Running with a Scope
# Uses development secrets (default)
dotset shield run -- npm start
# Uses staging secrets
dotset shield run --scope staging -- npm start
# Uses production secrets
dotset shield run --scope production -- npm start
Use Cases
Local Development
# .env.development contains local dev values
dotset shield run -- npm start
CI/CD Staging
dotset shield run --scope staging -- npm test
Production Deployment
dotset shield run --scope production -- node server.js
In production CI/CD, you typically don’t need scopes since your CI platform injects the correct secrets as environment variables. Scopes are most useful for local development with .env files.
