Output Formats

Hush can output secrets in multiple formats to match what each package in your monorepo expects.

Available Formats

Format	Output File	Use Case
dotenv	.env.development / .env.production	Next.js, Vite, Expo, Remix, Node.js, etc.
wrangler	.dev.vars	Cloudflare Workers & Pages
json	.env.development.json	AWS Lambda, serverless, JSON configs
shell	.env.development.sh	CI/CD pipelines, Docker builds
yaml	.env.development.yaml	Kubernetes ConfigMaps, Docker Compose

dotenv

Standard .env file format. The most common choice for Node.js applications.

Configuration

targets:
  - name: app
    path: ./packages/app
    format: dotenv

Output

Development

File: .env.development

DATABASE_URL=postgres://localhost/mydb
API_KEY=sk_test_xxx
DEBUG=true

Production

File: .env.production

DATABASE_URL=postgres://prod-host/mydb
API_KEY=sk_live_xxx
DEBUG=false

Compatibility

Works with every major framework:

Framework	Client Prefix
Next.js	NEXT_PUBLIC_*
Vite	VITE_*
Create React App	REACT_APP_*
Vue CLI	VUE_APP_*
Nuxt	NUXT_PUBLIC_*
Astro	PUBLIC_*
SvelteKit	PUBLIC_*
Expo	EXPO_PUBLIC_*
Gatsby	GATSBY_*
Remix	(server-only)
Node.js	(any)

wrangler

Cloudflare Wrangler format for Workers development.

Configuration

targets:
  - name: api
    path: ./packages/api
    format: wrangler

Output

File: .dev.vars

DATABASE_URL=postgres://localhost/mydb
STRIPE_SECRET_KEY=sk_test_xxx
JWT_SECRET=super-secret-key

Note

The format is identical to dotenv, but the filename is .dev.vars which Wrangler expects for local development secrets.

Usage with Wrangler

# Local development reads from .dev.vars automatically
wrangler dev

# Production uses secrets set via wrangler secret
hush push  # Pushes secrets to Cloudflare

Push to Production

Hush can push secrets to Cloudflare Workers:

# Preview what would be pushed
hush push --dry-run

# Push production secrets
hush push

This runs wrangler secret put for each variable.

json

JSON object format for applications that consume JSON configuration.

Configuration

targets:
  - name: shared
    path: ./packages/shared
    format: json

Output

Development

File: .env.development.json

{
  "DATABASE_URL": "postgres://localhost/mydb",
  "API_KEY": "sk_test_xxx",
  "DEBUG": "true"
}

Production

File: .env.production.json

{
  "DATABASE_URL": "postgres://prod-host/mydb",
  "API_KEY": "sk_live_xxx",
  "DEBUG": "false"
}

Tip

All values are strings, matching how environment variables work. Parse booleans and numbers in your application if needed.

Use Cases

• Configuration files that need JSON
• Tools that read JSON config
• API responses or fixtures
• Type-safe config loading

shell

Sourceable shell script with export statements.

Configuration

targets:
  - name: scripts
    path: ./scripts
    format: shell

Output

Development

File: .env.development.sh

#!/bin/sh
export DATABASE_URL="postgres://localhost/mydb"
export API_KEY="sk_test_xxx"
export DEBUG="true"

Production

File: .env.production.sh

#!/bin/sh
export DATABASE_URL="postgres://prod-host/mydb"
export API_KEY="sk_live_xxx"
export DEBUG="false"

Usage

# Source the file to set environment variables
source .env.development.sh

# Or in a script
#!/bin/bash
source ./scripts/.env.production.sh
./deploy.sh

Use Cases

• CI/CD pipelines
• Shell scripts
• Docker build arguments
• Makefile targets

yaml

YAML format for Kubernetes ConfigMaps, Docker Compose, and other YAML-based configuration.

Configuration

targets:
  - name: k8s
    path: ./k8s
    format: yaml

Output

Development

File: .env.development.yaml

DATABASE_URL: "postgres://localhost/mydb"
API_KEY: "sk_test_xxx"
DEBUG: "true"
REDIS_URL: "redis://localhost:6379"

Production

File: .env.production.yaml

DATABASE_URL: "postgres://prod-host/mydb"
API_KEY: "sk_live_xxx"
DEBUG: "false"
REDIS_URL: "redis://prod-redis:6379"

Use Cases

• Kubernetes ConfigMaps and Secrets
• Docker Compose environment files
• Helm chart values
• Any YAML-based configuration

Creating a Kubernetes ConfigMap

# Generate the YAML
hush decrypt -e production

# Create ConfigMap from the generated file
kubectl create configmap my-app-config --from-file=k8s/.env.production.yaml

# Or use the file directly in your manifests

Docker Compose Integration

docker-compose.yml

services:
  app:
    env_file:
      - ./config/.env.development.yaml

Choosing a Format

Your Stack	Recommended Format
Next.js, Vite, CRA, Vue, Nuxt	dotenv
Astro, SvelteKit, Remix	dotenv
Expo / React Native	dotenv
Gatsby	dotenv
Cloudflare Workers & Pages	wrangler
AWS Lambda, serverless	json
Kubernetes, Docker Compose	yaml
CI/CD pipelines, shell scripts	shell
Node.js / general backend	dotenv

Multiple Formats

You can use different formats for different targets:

targets:
  # Next.js app uses dotenv
  - name: web
    path: ./apps/web
    format: dotenv
    include:
      - NEXT_PUBLIC_*

  # Cloudflare Worker uses wrangler
  - name: api
    path: ./apps/api
    format: wrangler
    exclude:
      - NEXT_PUBLIC_*

  # Lambda functions use JSON
  - name: lambda
    path: ./packages/lambda
    format: json

  # Kubernetes uses YAML
  - name: k8s
    path: ./k8s
    format: yaml
    exclude:
      - NEXT_PUBLIC_*

  # CI scripts use shell
  - name: ci
    path: ./scripts
    format: shell