@dotenvx/dotenvx 1.48.1 → 1.48.3

package/README.md

@@ -112,389 +112,389 @@ see [extended quickstart guide](https://dotenvx.com/docs/quickstart)
 
 More examples
 
-* <details><summary>TypeScript 📘</summary><br>
-
-  ```json
-  // package.json
-  {
-    "type": "module",
-    "dependencies": {
-      "chalk": "^5.3.0"
-    }
+<details><summary>TypeScript 📘</summary><br>
+
+```json
+// package.json
+{
+  "type": "module",
+  "dependencies": {
+    "chalk": "^5.3.0"
   }
-  ```
+}
+```
 
-  ```js
-  // index.ts
-  import chalk from 'chalk'
-  console.log(chalk.blue(`Hello ${process.env.HELLO}`))
-  ```
+```js
+// index.ts
+import chalk from 'chalk'
+console.log(chalk.blue(`Hello ${process.env.HELLO}`))
+```
 
-  ```sh
-  $ npm install
-  $ echo "HELLO=World" > .env
+```sh
+$ npm install
+$ echo "HELLO=World" > .env
 
-  $ dotenvx run -- npx tsx index.ts
-  Hello World
-  ```
+$ dotenvx run -- npx tsx index.ts
+Hello World
+```
 
-  </details>
-* <details><summary>Deno 🦕</summary><br>
+</details>
+<details><summary>Deno 🦕</summary><br>
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ echo "console.log('Hello ' + Deno.env.get('HELLO'))" > index.ts
+```sh
+$ echo "HELLO=World" > .env
+$ echo "console.log('Hello ' + Deno.env.get('HELLO'))" > index.ts
 
-  $ deno run --allow-env index.ts
-  Hello undefined
+$ deno run --allow-env index.ts
+Hello undefined
 
-  $ dotenvx run -- deno run --allow-env index.ts
-  Hello World
-  ```
-
-  > [!WARNING]
-  > Some of you are attempting to use the npm module directly with `deno run`. Don't, because deno currently has incomplete support for these encryption ciphers.
-  >
-  > ```
-  > $ deno run -A npm:@dotenvx/dotenvx encrypt
-  > Unknown cipher
-  > ```
-  > 
-  > Instead, use `dotenvx` as designed, by installing the cli as a binary - via curl, brew, etc.
-
-  </details>
-* <details><summary>Bun 🥟</summary><br>
-
-  ```sh
-  $ echo "HELLO=Test" > .env.test
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+$ dotenvx run -- deno run --allow-env index.ts
+Hello World
+```
 
-  $ bun index.js
-  Hello undefined
+> [!WARNING]
+> Some of you are attempting to use the npm module directly with `deno run`. Don't, because deno currently has incomplete support for these encryption ciphers.
+>
+> ```
+> $ deno run -A npm:@dotenvx/dotenvx encrypt
+> Unknown cipher
+> ```
+> 
+> Instead, use `dotenvx` as designed, by installing the cli as a binary - via curl, brew, etc.
 
-  $ dotenvx run -f .env.test -- bun index.js
-  Hello Test
-  ```
+</details>
+<details><summary>Bun 🥟</summary><br>
 
-  </details>
-* <details><summary>Python 🐍</summary><br>
+```sh
+$ echo "HELLO=Test" > .env.test
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ echo 'import os;print("Hello " + os.getenv("HELLO", ""))' > index.py
+$ bun index.js
+Hello undefined
 
-  $ dotenvx run -- python3 index.py
-  Hello World
-  ```
+$ dotenvx run -f .env.test -- bun index.js
+Hello Test
+```
 
-  see [extended python guide](https://dotenvx.com/docs/quickstart)
+</details>
+<details><summary>Python 🐍</summary><br>
 
-  </details>
-* <details><summary>PHP 🐘</summary><br>
+```sh
+$ echo "HELLO=World" > .env
+$ echo 'import os;print("Hello " + os.getenv("HELLO", ""))' > index.py
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ echo '<?php echo "Hello {$_SERVER["HELLO"]}\n";' > index.php
+$ dotenvx run -- python3 index.py
+Hello World
+```
 
-  $ dotenvx run -- php index.php
-  Hello World
-  ```
+see [extended python guide](https://dotenvx.com/docs/quickstart)
 
-  see [extended php guide](https://dotenvx.com/docs/quickstart)
+</details>
+<details><summary>PHP 🐘</summary><br>
 
-  </details>
-* <details><summary>Ruby 💎</summary><br>
+```sh
+$ echo "HELLO=World" > .env
+$ echo '<?php echo "Hello {$_SERVER["HELLO"]}\n";' > index.php
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ echo 'puts "Hello #{ENV["HELLO"]}"' > index.rb
+$ dotenvx run -- php index.php
+Hello World
+```
 
-  $ dotenvx run -- ruby index.rb
-  Hello World
-  ```
+see [extended php guide](https://dotenvx.com/docs/quickstart)
 
-  see [extended ruby guide](https://dotenvx.com/docs/quickstart)
+</details>
+<details><summary>Ruby 💎</summary><br>
 
-  </details>
-* <details><summary>Go 🐹</summary><br>
+```sh
+$ echo "HELLO=World" > .env
+$ echo 'puts "Hello #{ENV["HELLO"]}"' > index.rb
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ echo 'package main; import ("fmt"; "os"); func main() { fmt.Printf("Hello %s\n", os.Getenv("HELLO")) }' > main.go
+$ dotenvx run -- ruby index.rb
+Hello World
+```
 
-  $ dotenvx run -- go run main.go
-  Hello World
-  ```
+see [extended ruby guide](https://dotenvx.com/docs/quickstart)
 
-  see [extended go guide](https://dotenvx.com/docs/quickstart)
+</details>
+<details><summary>Go 🐹</summary><br>
 
-  </details>
-* <details><summary>Rust 🦀</summary><br>
+```sh
+$ echo "HELLO=World" > .env
+$ echo 'package main; import ("fmt"; "os"); func main() { fmt.Printf("Hello %s\n", os.Getenv("HELLO")) }' > main.go
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ echo 'fn main() {let hello = std::env::var("HELLO").unwrap_or("".to_string());println!("Hello {hello}");}' > src/main.rs
+$ dotenvx run -- go run main.go
+Hello World
+```
 
-  $ dotenvx run -- cargo run
-  Hello World
-  ```
+see [extended go guide](https://dotenvx.com/docs/quickstart)
 
-  see [extended rust guide](https://dotenvx.com/docs/quickstart)
+</details>
+<details><summary>Rust 🦀</summary><br>
 
-  </details>
-* <details><summary>Java ☕️</summary><br>
+```sh
+$ echo "HELLO=World" > .env
+$ echo 'fn main() {let hello = std::env::var("HELLO").unwrap_or("".to_string());println!("Hello {hello}");}' > src/main.rs
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ echo 'public class Index { public static void main(String[] args) { System.out.println("Hello " + System.getenv("HELLO")); } }' > index.java
+$ dotenvx run -- cargo run
+Hello World
+```
 
-  $ dotenvx run -- java index.java
-  Hello World
-  ```
+see [extended rust guide](https://dotenvx.com/docs/quickstart)
 
-  </details>
-* <details><summary>Clojure 🌿</summary><br>
+</details>
+<details><summary>Java ☕️</summary><br>
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ echo '(println "Hello" (System/getenv "HELLO"))' > index.clj
+```sh
+$ echo "HELLO=World" > .env
+$ echo 'public class Index { public static void main(String[] args) { System.out.println("Hello " + System.getenv("HELLO")); } }' > index.java
 
-  $ dotenvx run -- clojure -M index.clj
-  Hello World
-  ```
+$ dotenvx run -- java index.java
+Hello World
+```
 
-  </details>
-* <details><summary>Kotlin 📐</summary><br>
+</details>
+<details><summary>Clojure 🌿</summary><br>
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ echo 'fun main() { val hello = System.getenv("HELLO") ?: ""; println("Hello $hello") }' > index.kt
-  $ kotlinc index.kt -include-runtime -d index.jar
+```sh
+$ echo "HELLO=World" > .env
+$ echo '(println "Hello" (System/getenv "HELLO"))' > index.clj
 
-  $ dotenvx run -- java -jar index.jar
-  Hello World
-  ```
+$ dotenvx run -- clojure -M index.clj
+Hello World
+```
 
-  </details>
-* <details><summary>.NET 🔵</summary><br>
+</details>
+<details><summary>Kotlin 📐</summary><br>
 
-  ```sh
-  $ dotnet new console -n HelloWorld -o HelloWorld
-  $ cd HelloWorld
-  $ echo "HELLO=World" | Out-File -FilePath .env -Encoding utf8
-  $ echo 'Console.WriteLine($"Hello {Environment.GetEnvironmentVariable("HELLO")}");' > Program.cs
+```sh
+$ echo "HELLO=World" > .env
+$ echo 'fun main() { val hello = System.getenv("HELLO") ?: ""; println("Hello $hello") }' > index.kt
+$ kotlinc index.kt -include-runtime -d index.jar
 
-  $ dotenvx run -- dotnet run
-  Hello World
-  ```
+$ dotenvx run -- java -jar index.jar
+Hello World
+```
 
-  </details>
-* <details><summary>Bash 🖥️</summary><br>
+</details>
+<details><summary>.NET 🔵</summary><br>
 
-  ```sh
-  $ echo "HELLO=World" > .env
+```sh
+$ dotnet new console -n HelloWorld -o HelloWorld
+$ cd HelloWorld
+$ echo "HELLO=World" | Out-File -FilePath .env -Encoding utf8
+$ echo 'Console.WriteLine($"Hello {Environment.GetEnvironmentVariable("HELLO")}");' > Program.cs
 
-  $ dotenvx run --quiet -- sh -c 'echo Hello $HELLO'
-  Hello World
-  ```
+$ dotenvx run -- dotnet run
+Hello World
+```
 
-  </details>
-* <details><summary>Fish 🐠</summary><br>
+</details>
+<details><summary>Bash 🖥️</summary><br>
 
-  ```sh
-  $ echo "HELLO=World" > .env
+```sh
+$ echo "HELLO=World" > .env
 
-  $ dotenvx run --quiet -- sh -c 'echo Hello $HELLO'
-  Hello World
-  ```
+$ dotenvx run --quiet -- sh -c 'echo Hello $HELLO'
+Hello World
+```
 
-  </details>
-* <details><summary>Cron ⏰</summary><br>
+</details>
+<details><summary>Fish 🐠</summary><br>
 
-  ```sh
-  # run every day at 8am
-  0 8 * * * dotenvx run -- /path/to/myscript.sh
-  ```
+```sh
+$ echo "HELLO=World" > .env
 
-  </details>
-* <details><summary>Frameworks ▲</summary><br>
+$ dotenvx run --quiet -- sh -c 'echo Hello $HELLO'
+Hello World
+```
 
-  ```sh
-  $ dotenvx run -- next dev
-  $ dotenvx run -- npm start
-  $ dotenvx run -- bin/rails s
-  $ dotenvx run -- php artisan serve
-  ```
+</details>
+<details><summary>Cron ⏰</summary><br>
 
-  see [framework guides](https://dotenvx.com/docs#frameworks)
+```sh
+# run every day at 8am
+0 8 * * * dotenvx run -- /path/to/myscript.sh
+```
 
-  </details>
-* <details><summary>Docker 🐳</summary><br>
+</details>
+<details><summary>Frameworks ▲</summary><br>
 
-  ```sh
-  $ docker run -it --rm -v $(pwd):/app dotenv/dotenvx run -- node index.js
-  ```
+```sh
+$ dotenvx run -- next dev
+$ dotenvx run -- npm start
+$ dotenvx run -- bin/rails s
+$ dotenvx run -- php artisan serve
+```
 
-  Or in any image:
+see [framework guides](https://dotenvx.com/docs#frameworks)
 
-  ```sh
-  FROM node:latest
-  RUN echo "HELLO=World" > .env && echo "console.log('Hello ' + process.env.HELLO)" > index.js
-  RUN curl -fsS https://dotenvx.sh/install.sh | sh
-  CMD ["dotenvx", "run", "--", "echo", "Hello $HELLO"]
-  ```
+</details>
+<details><summary>Docker 🐳</summary><br>
 
-  see [docker guide](https://dotenvx.com/docs/platforms/docker)
+```sh
+$ docker run -it --rm -v $(pwd):/app dotenv/dotenvx run -- node index.js
+```
 
-  </details>
-* <details><summary>CI/CDs 🐙</summary><br>
+Or in any image:
 
-  ```yaml
-  name: build
-  on: [push]
-  jobs:
-    build:
-      runs-on: ubuntu-latest
-      steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 16
-      - run: curl -fsS https://dotenvx.sh/install.sh | sh
-      - run: dotenvx run -- node build.js
-        env:
-          DOTENV_KEY: ${{ secrets.DOTENV_KEY }}
-  ```
+```sh
+FROM node:latest
+RUN echo "HELLO=World" > .env && echo "console.log('Hello ' + process.env.HELLO)" > index.js
+RUN curl -fsS https://dotenvx.sh/install.sh | sh
+CMD ["dotenvx", "run", "--", "echo", "Hello $HELLO"]
+```
 
-  see [github actions guide](https://dotenvx.com/docs/cis/github-actions)
+see [docker guide](https://dotenvx.com/docs/platforms/docker)
 
-  </details>
-* <details><summary>Platforms</summary><br>
+</details>
+<details><summary>CI/CDs 🐙</summary><br>
+
+```yaml
+name: build
+on: [push]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-node@v3
+      with:
+        node-version: 16
+    - run: curl -fsS https://dotenvx.sh/install.sh | sh
+    - run: dotenvx run -- node build.js
+      env:
+        DOTENV_KEY: ${{ secrets.DOTENV_KEY }}
+```
 
-  ```sh
-  # heroku
-  heroku buildpacks:add https://github.com/dotenvx/heroku-buildpack-dotenvx
+see [github actions guide](https://dotenvx.com/docs/cis/github-actions)
 
-  # docker
-  RUN curl -fsS https://dotenvx.sh/install.sh | sh
+</details>
+<details><summary>Platforms</summary><br>
+
+```sh
+# heroku
+heroku buildpacks:add https://github.com/dotenvx/heroku-buildpack-dotenvx
 
-  # vercel
-  npm install @dotenvx/dotenvx --save
-  ```
+# docker
+RUN curl -fsS https://dotenvx.sh/install.sh | sh
+
+# vercel
+npm install @dotenvx/dotenvx --save
+```
+
+see [platform guides](https://dotenvx.com/docs#platforms)
+
+</details>
+<details><summary>Process Managers</summary><br>
+
+```js
+// pm2
+"scripts": {
+  "start": "dotenvx run -- pm2-runtime start ecosystem.config.js --env production"
+},
+```
+
+see [process manager guides](https://dotenvx.com/docs#process-managers)
+
+</details>
+<details><summary>npx</summary><br>
+
+```sh
+# alternatively use npx
+$ npx @dotenvx/dotenvx run -- node index.js
+$ npx @dotenvx/dotenvx run -- next dev
+$ npx @dotenvx/dotenvx run -- npm start
+```
 
-  see [platform guides](https://dotenvx.com/docs#platforms)
+</details>
+<details><summary>npm</summary><br>
 
-  </details>
-* <details><summary>Process Managers</summary><br>
+```sh
+$ npm install @dotenvx/dotenvx --save
+```
 
-  ```js
-  // pm2
+```json
+{
   "scripts": {
-    "start": "dotenvx run -- pm2-runtime start ecosystem.config.js --env production"
+    "start": "./node_modules/.bin/dotenvx run -- node index.js"
   },
-  ```
-
-  see [process manager guides](https://dotenvx.com/docs#process-managers)
-
-  </details>
-* <details><summary>npx</summary><br>
-
-  ```sh
-  # alternatively use npx
-  $ npx @dotenvx/dotenvx run -- node index.js
-  $ npx @dotenvx/dotenvx run -- next dev
-  $ npx @dotenvx/dotenvx run -- npm start
-  ```
-
-  </details>
-* <details><summary>npm</summary><br>
-
-  ```sh
-  $ npm install @dotenvx/dotenvx --save
-  ```
-
-  ```json
-  {
-    "scripts": {
-      "start": "./node_modules/.bin/dotenvx run -- node index.js"
-    },
-    "dependencies": {
-      "@dotenvx/dotenvx": "^0.5.0"
-    }
+  "dependencies": {
+    "@dotenvx/dotenvx": "^0.5.0"
   }
-  ```
+}
+```
 
-  ```sh
-  $ npm run start
+```sh
+$ npm run start
 
-  > start
-  > ./node_modules/.bin/dotenvx run -- node index.js
+> start
+> ./node_modules/.bin/dotenvx run -- node index.js
 
-  [dotenvx@1.X.X] injecting env (1) from .env.production
-  Hello World
-  ```
-
-  </details>
-* <details><summary>asdf</summary><br>
-
-  ```sh
-  # use dotenvx with asdf
-  $ asdf plugin add dotenvx
-  $ asdf install dotenvx latest
-  ```
-
-  thank you [@jgburet](https://github.com/jgburet/asdf-dotenvx) of Paris 🇫🇷
-
-  </details>
-* <details><summary>Git</summary><br>
-
-  ```sh
-  # use as a git submodule
-  $ git dotenvx run -- node index.js
-  $ git dotenvx run -- next dev
-  $ git dotenvx run -- npm start
-  ```
-
-  </details>
-* <details><summary>Variable Expansion</summary><br>
-
-  Reference and expand variables already on your machine for use in your .env file.
-
-  ```ini
-  # .env
-  USERNAME="username"
-  DATABASE_URL="postgres://${USERNAME}@localhost/my_database"
-  ```
-  ```js
-  // index.js
-  console.log('DATABASE_URL', process.env.DATABASE_URL)
-  ```
-  ```sh
-  $ dotenvx run --debug -- node index.js
-  [dotenvx@0.14.1] injecting env (2) from .env
-  DATABASE_URL postgres://username@localhost/my_database
-  ```
-
-  </details>
-* <details><summary>Command Substitution</summary><br>
-
-  Add the output of a command to one of your variables in your .env file.
-
-  ```ini
-  # .env
-  DATABASE_URL="postgres://$(whoami)@localhost/my_database"
-  ```
-  ```js
-  // index.js
-  console.log('DATABASE_URL', process.env.DATABASE_URL)
-  ```
-  ```sh
-  $ dotenvx run --debug -- node index.js
-  [dotenvx@0.14.1] injecting env (1) from .env
-  DATABASE_URL postgres://yourusername@localhost/my_database
-  ```
-
-  </details>
+[dotenvx@1.X.X] injecting env (1) from .env.production
+Hello World
+```
+
+</details>
+<details><summary>asdf</summary><br>
+
+```sh
+# use dotenvx with asdf
+$ asdf plugin add dotenvx
+$ asdf install dotenvx latest
+```
+
+thank you [@jgburet](https://github.com/jgburet/asdf-dotenvx) of Paris 🇫🇷
+
+</details>
+<details><summary>Git</summary><br>
+
+```sh
+# use as a git submodule
+$ git dotenvx run -- node index.js
+$ git dotenvx run -- next dev
+$ git dotenvx run -- npm start
+```
+
+</details>
+<details><summary>Variable Expansion</summary><br>
+
+Reference and expand variables already on your machine for use in your .env file.
+
+```ini
+# .env
+USERNAME="username"
+DATABASE_URL="postgres://${USERNAME}@localhost/my_database"
+```
+```js
+// index.js
+console.log('DATABASE_URL', process.env.DATABASE_URL)
+```
+```sh
+$ dotenvx run --debug -- node index.js
+[dotenvx@0.14.1] injecting env (2) from .env
+DATABASE_URL postgres://username@localhost/my_database
+```
+
+</details>
+<details><summary>Command Substitution</summary><br>
+
+Add the output of a command to one of your variables in your .env file.
+
+```ini
+# .env
+DATABASE_URL="postgres://$(whoami)@localhost/my_database"
+```
+```js
+// index.js
+console.log('DATABASE_URL', process.env.DATABASE_URL)
+```
+```sh
+$ dotenvx run --debug -- node index.js
+[dotenvx@0.14.1] injecting env (1) from .env
+DATABASE_URL postgres://yourusername@localhost/my_database
+```
+
+</details>
 
 
 &nbsp;
@@ -514,2023 +514,2113 @@ Hello production
 
 More examples
 
-* <details><summary>multiple `.env` files</summary><br>
+<details><summary>multiple `.env` files</summary><br>
 
-  ```sh
-  $ echo "HELLO=local" > .env.local
+```sh
+$ echo "HELLO=local" > .env.local
 
-  $ echo "HELLO=World" > .env
+$ echo "HELLO=World" > .env
 
-  $ dotenvx run -f .env.local -f .env -- node index.js
-  [dotenvx@1.X.X] injecting env (1) from .env.local,.env
-  Hello local
-  ```
+$ dotenvx run -f .env.local -f .env -- node index.js
+[dotenvx@1.X.X] injecting env (1) from .env.local,.env
+Hello local
+```
 
-  Note subsequent files do NOT override pre-existing variables defined in previous files or env. This follows historic principle. For example, above `local` wins – from the first file.
+Note subsequent files do NOT override pre-existing variables defined in previous files or env. This follows historic principle. For example, above `local` wins – from the first file.
 
-  </details>
+</details>
 
-* <details><summary>`--overload` flag</summary><br>
+<details><summary>`--overload` flag</summary><br>
 
-  ```sh
-  $ echo "HELLO=local" > .env.local
+```sh
+$ echo "HELLO=local" > .env.local
 
-  $ echo "HELLO=World" > .env
+$ echo "HELLO=World" > .env
 
-  $ dotenvx run -f .env.local -f .env --overload -- node index.js
-  [dotenvx@1.X.X] injecting env (1) from .env.local,.env
-  Hello World
-  ```
+$ dotenvx run -f .env.local -f .env --overload -- node index.js
+[dotenvx@1.X.X] injecting env (1) from .env.local,.env
+Hello World
+```
+
+Note that with `--overload` subsequent files DO override pre-existing variables defined in previous files.
+</details>
+<details><summary>`--verbose` flag</summary><br>
+
+```sh
+$ echo "HELLO=production" > .env.production
+
+$ dotenvx run -f .env.production --verbose -- node index.js
+[dotenvx][verbose] injecting env from /path/to/.env.production
+[dotenvx][verbose] HELLO set
+[dotenvx@1.X.X] injecting env (1) from .env.production
+Hello production
+```
+
+</details>
+<details><summary>`--debug` flag</summary><br>
+
+```sh
+$ echo "HELLO=production" > .env.production
+
+$ dotenvx run -f .env.production --debug -- node index.js
+[dotenvx][debug] configuring options
+[dotenvx][debug] {"envFile":[".env.production"]}
+[dotenvx][verbose] injecting env from /path/to/.env.production
+[dotenvx][debug] reading env from /path/to/.env.production
+[dotenvx][debug] parsing env from /path/to/.env.production
+[dotenvx][debug] {"HELLO":"production"}
+[dotenvx][debug] writing env from /path/to/.env.production
+[dotenvx][verbose] HELLO set
+[dotenvx][debug] HELLO set to production
+[dotenvx@1.X.X] injecting env (1) from .env.production
+Hello production
+```
+
+</details>
+<details><summary>`--quiet` flag</summary><br>
+
+Use `--quiet` to suppress all output (except errors).
+
+```sh
+$ echo "HELLO=production" > .env.production
+
+$ dotenvx run -f .env.production --quiet -- node index.js
+Hello production
+```
+
+</details>
+<details><summary>`--log-level` flag</summary><br>
+
+Set `--log-level` to whatever you wish. For example, to suppress warnings (risky), set log level to `error`:
+
+```sh
+$ echo "HELLO=production" > .env.production
+
+$ dotenvx run -f .env.production --log-level=error -- node index.js
+Hello production
+```
+
+Available log levels are `error, warn, info, verbose, debug, silly`
+
+</details>
+<details><summary>`--convention` flag</summary><br>
+
+Load envs using [Next.js' convention](https://nextjs.org/docs/pages/building-your-application/configuring/environment-variables#environment-variable-load-order) or [dotenv-flow convention](https://www.npmjs.com/package/dotenv-flow). Set `--convention` to `nextjs` or `flow`:
+
+```sh
+$ echo "HELLO=development local" > .env.development.local
+$ echo "HELLO=local" > .env.local
+$ echo "HELLO=development" > .env.development
+$ echo "HELLO=env" > .env
+
+$ dotenvx run --convention=nextjs -- node index.js
+Hello development local
+
+$ dotenvx run --convention=flow -- node index.js
+Hello development local
+```
+
+(more conventions available upon request)
+
+</details>
+
+&nbsp;
+
+## Encryption
+
+> Add encryption to your `.env` files with a single command. Use `dotenvx encrypt`.
+
+```sh
+$ dotenvx encrypt
+✔ encrypted (.env)
+```
+
+[![encrypted .env](https://github.com/user-attachments/assets/46dfe1a7-a027-4d80-9207-789eccc325dc)](https://dotenvx.com)
+
+> A `DOTENV_PUBLIC_KEY` (encryption key) and a `DOTENV_PRIVATE_KEY` (decryption key) are generated using the same public-key cryptography as [Bitcoin](https://en.bitcoin.it/wiki/Secp256k1).
+
+More examples
+
+<details><summary>`.env`</summary><br>
+
+```sh
+$ echo "HELLO=World" > .env
+$ dotenvx encrypt
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+
+$ dotenvx run -- node index.js
+[dotenvx@1.X.X] injecting env (2) from .env
+Hello World
+```
+
+</details>
+<details><summary>`.env.production`</summary><br>
+
+```sh
+$ echo "HELLO=Production" > .env.production
+$ dotenvx encrypt -f .env.production
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+
+$ DOTENV_PRIVATE_KEY_PRODUCTION="<.env.production private key>" dotenvx run -- node index.js
+[dotenvx@1.X.X] injecting env (2) from .env.production
+Hello Production
+```
+
+Note the `DOTENV_PRIVATE_KEY_PRODUCTION` ends with `_PRODUCTION`. This instructs `dotenvx run` to load the `.env.production` file.
+
+</details>
+<details><summary>`.env.ci`</summary><br>
+
+```sh
+$ echo "HELLO=Ci" > .env.ci
+$ dotenvx encrypt -f .env.ci
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+
+$ DOTENV_PRIVATE_KEY_CI="<.env.ci private key>" dotenvx run -- node index.js
+[dotenvx@1.X.X] injecting env (2) from .env.ci
+Hello Ci
+```
+
+Note the `DOTENV_PRIVATE_KEY_CI` ends with `_CI`. This instructs `dotenvx run` to load the `.env.ci` file. See the pattern?
+
+</details>
+<details><summary>combine multiple encrypted .env files</summary><br>
+
+```sh
+$ dotenvx set HELLO World -f .env
+$ dotenvx set HELLO Production -f .env.production
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+
+$ DOTENV_PRIVATE_KEY="<.env private key>" DOTENV_PRIVATE_KEY_PRODUCTION="<.env.production private key>" dotenvx run -- node index.js
+[dotenvx@1.X.X] injecting env (3) from .env, .env.production
+Hello World
+```
+
+Note the `DOTENV_PRIVATE_KEY` instructs `dotenvx run` to load the `.env` file and the `DOTENV_PRIVATE_KEY_PRODUCTION` instructs it to load the `.env.production` file. See the pattern?
+
+</details>
+<details><summary>combine multiple encrypted .env files for monorepo</summary><br>
+
+```sh
+$ mkdir app1
+$ mkdir app2
+$ dotenvx set HELLO app1 -f app1/.env.ci
+$ dotenvx set HELLO app2 -f app2/.env.ci
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+
+$ DOTENV_PRIVATE_KEY_CI="<app1/privat ci key>,<app2/private ci key>" dotenvx run -f app1/.env.ci -f app2/.env.ci -- node index.js
+[dotenvx@1.X.X] injecting env (2) from app1/.env.ci,app2/.env.ci
+Hello app1
+
+$ DOTENV_PRIVATE_KEY_CI="<app1/privat ci key>,<app2/private ci key>" dotenvx run -f app1/.env.ci -f app2/.env.ci --overload -- node index.js
+[dotenvx@1.X.X] injecting env (2) from app1/.env.ci,app2/.env.ci
+Hello app2
+```
+
+Note the `DOTENV_PRIVATE_KEY_CI` (and any `DOTENV_PRIVATE_KEY*`) can take multiple private keys by simply comma separating them.
+
+</details>
+<details><summary>`--stdout`</summary><br>
+
+```sh
+$ echo "HELLO=World" > .env
+$ dotenvx encrypt --stdout
+$ dotenvx encrypt --stdout > .env.encrypted
+```
+
+</details>
+
+<details><summary>other curves</summary><br>
+
+> `secp256k1` is a well-known and battle tested curve, in use with Bitcoin and other cryptocurrencies, but we are open to adding support for more curves.
+> 
+> If your organization's compliance department requires [NIST approved curves](https://csrc.nist.gov/projects/elliptic-curve-cryptography) or other curves like `curve25519`, please reach out at [security@dotenvx.com](mailto:security@dotenvx.com).
+
+</details>
+
+&nbsp;
+
+## Advanced
+
+> Become a `dotenvx` power user.
+>
+
+### CLI 📟
+
+Advanced CLI commands.
+
+<details><summary>`run` - Variable Expansion</summary><br>
+
+Reference and expand variables already on your machine for use in your .env file.
+
+```ini
+# .env
+USERNAME="username"
+DATABASE_URL="postgres://${USERNAME}@localhost/my_database"
+```
+```js
+// index.js
+console.log('DATABASE_URL', process.env.DATABASE_URL)
+```
+```sh
+$ dotenvx run --debug -- node index.js
+[dotenvx@1.X.X] injecting env (2) from .env
+DATABASE_URL postgres://username@localhost/my_database
+```
+
+</details>
+<details><summary>`run` - Default Values</summary><br>
+
+Use default values when environment variables are unset or empty.
+
+```ini
+# .env
+# Default value syntax: use value if set, otherwise use default
+DATABASE_HOST=${DB_HOST:-localhost}
+DATABASE_PORT=${DB_PORT:-5432}
+
+# Alternative syntax (no colon): use value if set, otherwise use default
+API_URL=${API_BASE_URL-https://api.example.com}
+```
+```js
+// index.js
+console.log('DATABASE_HOST', process.env.DATABASE_HOST)
+console.log('DATABASE_PORT', process.env.DATABASE_PORT)
+console.log('API_URL', process.env.API_URL)
+```
+```sh
+$ dotenvx run --debug -- node index.js
+[dotenvx@1.X.X] injecting env (3) from .env
+DATABASE_HOST localhost
+DATABASE_PORT 5432
+API_URL https://api.example.com
+```
+
+</details>
+<details><summary>`run` - Alternate Values</summary><br>
+
+Use alternate values when environment variables are set and non-empty.
+
+```ini
+# .env
+NODE_ENV=production
+
+# Alternate value syntax: use alternate if set and non-empty, otherwise empty
+DEBUG_MODE=${NODE_ENV:+false}
+LOG_LEVEL=${NODE_ENV:+error}
+
+# Alternative syntax (no colon): use alternate if set, otherwise empty  
+CACHE_ENABLED=${NODE_ENV+true}
+```
+```js
+// index.js
+console.log('NODE_ENV', process.env.NODE_ENV)
+console.log('DEBUG_MODE', process.env.DEBUG_MODE)
+console.log('LOG_LEVEL', process.env.LOG_LEVEL)
+console.log('CACHE_ENABLED', process.env.CACHE_ENABLED)
+```
+```sh
+$ dotenvx run --debug -- node index.js
+[dotenvx@1.X.X] injecting env (4) from .env
+NODE_ENV production
+DEBUG_MODE false
+LOG_LEVEL error
+CACHE_ENABLED true
+```
+
+</details>
+<details><summary>`run` - Interpolation Syntax Summary (Variable Expansion, Default/Alternate Values)</summary><br>
+
+Complete reference for variable interpolation patterns supported by dotenvx:
+
+```ini
+# .env
+DEFINED_VAR=hello
+EMPTY_VAR=
+# UNDEFINED_VAR is not set
+
+# Default value syntax - use variable if set/non-empty, otherwise use default
+TEST1=${DEFINED_VAR:-fallback}     # Result: "hello"
+TEST2=${EMPTY_VAR:-fallback}       # Result: "fallback"  
+TEST3=${UNDEFINED_VAR:-fallback}   # Result: "fallback"
+
+# Default value syntax (no colon) - use variable if set, otherwise use default
+TEST4=${DEFINED_VAR-fallback}      # Result: "hello"
+TEST5=${EMPTY_VAR-fallback}        # Result: "" (empty, but set)
+TEST6=${UNDEFINED_VAR-fallback}    # Result: "fallback"
+
+# Alternate value syntax - use alternate if variable is set/non-empty, otherwise empty
+TEST7=${DEFINED_VAR:+alternate}    # Result: "alternate"
+TEST8=${EMPTY_VAR:+alternate}      # Result: "" (empty)
+TEST9=${UNDEFINED_VAR:+alternate}  # Result: "" (empty)
+
+# Alternate value syntax (no colon) - use alternate if variable is set, otherwise empty  
+TEST10=${DEFINED_VAR+alternate}    # Result: "alternate"
+TEST11=${EMPTY_VAR+alternate}      # Result: "alternate" (empty but set)
+TEST12=${UNDEFINED_VAR+alternate}  # Result: "" (empty)
+```
+
+**Key differences:**
+- `:-` vs `-`: The colon makes empty values trigger the fallback
+- `:+` vs `+`: The colon makes empty values not trigger the alternate  
+- Default syntax (`-`): Use variable value or fallback
+- Alternate syntax (`+`): Use alternate value or empty string
+
+</details>
+<details><summary>`run` - Command Substitution</summary><br>
+
+Add the output of a command to one of your variables in your .env file.
+
+```ini
+# .env
+DATABASE_URL="postgres://$(whoami)@localhost/my_database"
+```
+```js
+// index.js
+console.log('DATABASE_URL', process.env.DATABASE_URL)
+```
+```sh
+$ dotenvx run --debug -- node index.js
+[dotenvx@1.X.X] injecting env (1) from .env
+DATABASE_URL postgres://yourusername@localhost/my_database
+```
+
+</details>
+<details><summary>`run` - Shell Expansion</summary><br>
+
+Prevent your shell from expanding inline `$VARIABLES` before dotenvx has a chance to inject it. Use a subshell.
+
+```sh
+$ dotenvx run --env="HELLO=World" -- sh -c 'echo Hello $HELLO'
+Hello World
+```
+
+</details>
+<details><summary>`run` - Multiline</summary><br>
+
+Dotenvx supports multiline values. This is particularly useful in conjunction with Docker - which [does not support multiline values](https://stackoverflow.com/questions/50299617/set-multiline-environment-variable-with-dockerfile/79578348#79578348).
+
+```ini
+# .env
+MULTILINE_PEM="-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNl1tL3QjKp3DZWM0T3u
+LgGJQwu9WqyzHKZ6WIA5T+7zPjO1L8l3S8k8YzBrfH4mqWOD1GBI8Yjq2L1ac3Y/
+bTdfHN8CmQr2iDJC0C6zY8YV93oZB3x0zC/LPbRYpF8f6OqX1lZj5vo2zJZy4fI/
+kKcI5jHYc8VJq+KCuRZrvn+3V+KuL9tF9v8ZgjF2PZbU+LsCy5Yqg1M8f5Jp5f6V
+u4QuUoobAgMBAAE=
+-----END PUBLIC KEY-----"
+```
+
+```js
+// index.js
+console.log('MULTILINE_PEM', process.env.MULTILINE_PEM)
+```
+
+```sh
+$ dotenvx run -- node index.js
+MULTILINE_PEM -----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNl1tL3QjKp3DZWM0T3u
+LgGJQwu9WqyzHKZ6WIA5T+7zPjO1L8l3S8k8YzBrfH4mqWOD1GBI8Yjq2L1ac3Y/
+bTdfHN8CmQr2iDJC0C6zY8YV93oZB3x0zC/LPbRYpF8f6OqX1lZj5vo2zJZy4fI/
+kKcI5jHYc8VJq+KCuRZrvn+3V+KuL9tF9v8ZgjF2PZbU+LsCy5Yqg1M8f5Jp5f6V
+u4QuUoobAgMBAAE=
+-----END PUBLIC KEY-----
+```
+
+</details>
+<details><summary>`run` - Contextual Help</summary><br>
+
+Unlike other dotenv libraries, dotenvx attempts to unblock you with contextual help.
+
+For example, when missing a custom .env file:
+
+```sh
+$ dotenvx run -f .env.missing -- echo $HELLO
+[MISSING_ENV_FILE] missing .env.missing file (/Users/scottmotte/Code/dotenvx/playground/apr-16/.env.missing)
+[MISSING_ENV_FILE] https://github.com/dotenvx/dotenvx/issues/484 and re-run [dotenvx run -- echo]
+```
+
+or when missing a KEY:
+
+```sh
+$ echo "HELLO=World" > .env
+$ dotenvx get GOODBYE
+[MISSING_KEY] missing GOODBYE key
+```
+
+</details>
+<details><summary>`run` - multiple `-f` flags</summary><br>
+
+Compose multiple `.env` files for environment variables loading, as you need.
+
+```sh
+$ echo "HELLO=local" > .env.local
+$ echo "HELLO=World" > .env
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+
+$ dotenvx run -f .env.local -f .env -- node index.js
+[dotenvx@1.X.X] injecting env (1) from .env.local, .env
+Hello local
+```
+
+Note subsequent files do NOT override pre-existing variables defined in previous files or env. This follows historic principle. For example, above `local` wins – from the first file.
+
+</details>
+<details><summary>`run --env HELLO=String`</summary><br>
+
+Set environment variables as a simple `KEY=value` string pair.
+
+```sh
+$ echo "HELLO=World" > .env
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+
+$ dotenvx run --env HELLO=String -f .env -- node index.js
+[dotenvx@1.X.X] injecting env (1) from .env, and --env flag
+Hello String
+```
+
+</details>
+<details><summary>`run --overload`</summary><br>
+
+Override existing env variables. These can be variables already on your machine or variables loaded as files consecutively. The last variable seen will 'win'.
+
+```sh
+$ echo "HELLO=local" > .env.local
+$ echo "HELLO=World" > .env
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+
+$ dotenvx run -f .env.local -f .env --overload -- node index.js
+[dotenvx@1.X.X] injecting env (1) from .env.local, .env
+Hello World
+```
+
+Note that with `--overload` subsequent files DO override pre-existing variables defined in previous files.
+
+</details>
+<details><summary>`run` - Environment Variable Precedence (Container/Cloud Deployments)</summary><br>
+
+When deploying applications in containers or cloud environments, you often need to override specific environment variables at runtime without modifying committed `.env` files. By default, dotenvx follows the historic dotenv principle: **environment variables already present take precedence over `.env` files**.
+
+```sh
+# .env.prod contains: MODEL_REGISTRY=registry.company.com/models/v1
+$ echo "MODEL_REGISTRY=registry.company.com/models/v1" > .env.prod
+$ echo "console.log('MODEL_REGISTRY:', process.env.MODEL_REGISTRY)" > app.js
+
+# Without environment variable set - uses .env.prod value
+$ dotenvx run -f .env.prod -- node app.js
+MODEL_REGISTRY: registry.company.com/models/v1
+
+# With environment variable set (e.g., via Azure Container Service) - environment variable takes precedence
+$ MODEL_REGISTRY=registry.azure.com/models/v2 dotenvx run -f .env.prod -- node app.js
+MODEL_REGISTRY: registry.azure.com/models/v2
+
+# To force .env.prod to override environment variables, use --overload
+$ MODEL_REGISTRY=registry.azure.com/models/v2 dotenvx run -f .env.prod --overload -- node app.js
+MODEL_REGISTRY: registry.company.com/models/v1
+```
+
+**For container deployments:** Set environment variables through your cloud provider's UI/configuration (Azure Container Service, AWS ECS, etc.) to override specific values from committed `.env` files without rebuilding your application.
+
+</details>
+<details><summary>`DOTENV_PRIVATE_KEY=key run`</summary><br>
+
+Decrypt your encrypted `.env` by setting `DOTENV_PRIVATE_KEY` before `dotenvx run`.
+
+```sh
+$ touch .env
+$ dotenvx set HELLO encrypted
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+
+# check your .env.keys files for your privateKey
+$ DOTENV_PRIVATE_KEY="122...0b8" dotenvx run -- node index.js
+[dotenvx@1.X.X] injecting env (2) from .env
+Hello encrypted
+```
+
+</details>
+<details><summary>`DOTENV_PRIVATE_KEY_PRODUCTION=key run`</summary><br>
+
+Decrypt your encrypted `.env.production` by setting `DOTENV_PRIVATE_KEY_PRODUCTION` before `dotenvx run`. Alternatively, this can be already set on your server or cloud provider.
+
+```sh
+$ touch .env.production
+$ dotenvx set HELLO "production encrypted" -f .env.production
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+
+# check .env.keys for your privateKey
+$ DOTENV_PRIVATE_KEY_PRODUCTION="122...0b8" dotenvx run -- node index.js
+[dotenvx@1.X.X] injecting env (2) from .env.production
+Hello production encrypted
+```
+
+Note the `DOTENV_PRIVATE_KEY_PRODUCTION` ends with `_PRODUCTION`. This instructs dotenvx run to load the `.env.production` file.
+
+</details>
+<details><summary>`DOTENV_PRIVATE_KEY_CI=key dotenvx run`</summary><br>
+
+Decrypt your encrypted `.env.ci` by setting `DOTENV_PRIVATE_KEY_CI` before `dotenvx run`. Alternatively, this can be already set on your server or cloud provider.
+
+```sh
+$ touch .env.ci
+$ dotenvx set HELLO "ci encrypted" -f .env.ci
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
 
-  Note that with `--overload` subsequent files DO override pre-existing variables defined in previous files.
+# check .env.keys for your privateKey
+$ DOTENV_PRIVATE_KEY_CI="122...0b8" dotenvx run -- node index.js
+[dotenvx@1.X.X] injecting env (2) from .env.ci
+Hello ci encrypted
+```
+
+Note the `DOTENV_PRIVATE_KEY_CI` ends with `_CI`. This instructs dotenvx run to load the `.env.ci` file. See the pattern?
+
+</details>
+<details><summary>`DOTENV_PRIVATE_KEY=key DOTENV_PRIVATE_KEY_PRODUCTION=key run` - Combine Multiple</summary><br>
 
-* <details><summary>`--verbose` flag</summary><br>
+Decrypt your encrypted `.env` and `.env.production` files by setting `DOTENV_PRIVATE_KEY` and `DOTENV_PRIVATE_KEY_PRODUCTION` before `dotenvx run`. 
 
-  ```sh
-  $ echo "HELLO=production" > .env.production
+```sh
+$ touch .env
+$ touch .env.production
+$ dotenvx set HELLO encrypted
+$ dotenvx set HELLO "production encrypted" -f .env.production
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
 
-  $ dotenvx run -f .env.production --verbose -- node index.js
-  [dotenvx][verbose] injecting env from /path/to/.env.production
-  [dotenvx][verbose] HELLO set
-  [dotenvx@1.X.X] injecting env (1) from .env.production
-  Hello production
-  ```
+# check .env.keys for your privateKeys
+$ DOTENV_PRIVATE_KEY="122...0b8" DOTENV_PRIVATE_KEY_PRODUCTION="122...0b8" dotenvx run -- node index.js
+[dotenvx@1.X.X] injecting env (3) from .env, .env.production
+Hello encrypted
+
+$ DOTENV_PRIVATE_KEY_PRODUCTION="122...0b8" DOTENV_PRIVATE_KEY="122...0b8" dotenvx run -- node index.js
+[dotenvx@1.X.X] injecting env (3) from .env.production, .env
+Hello production encrypted
+```
 
-* <details><summary>`--debug` flag</summary><br>
+Compose any encrypted files you want this way. As long as a `DOTENV_PRIVATE_KEY_${environment}` is set, the values from `.env.${environment}` will be decrypted at runtime.
+
+</details>
+<details><summary>`run --verbose`</summary><br>
+
+Set log level to `verbose`. ([log levels](https://docs.npmjs.com/cli/v8/using-npm/logging#setting-log-levels))
+
+```sh
+$ echo "HELLO=production" > .env.production
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
 
-  ```sh
-  $ echo "HELLO=production" > .env.production
+$ dotenvx run -f .env.production --verbose -- node index.js
+loading env from .env.production (/path/to/.env.production)
+HELLO set
+[dotenvx@1.X.X] injecting env (1) from .env.production
+Hello production
+```
+
+</details>
+<details><summary>`run --debug`</summary><br>
+
+Set log level to `debug`. ([log levels](https://docs.npmjs.com/cli/v8/using-npm/logging#setting-log-levels))
+
+```sh
+$ echo "HELLO=production" > .env.production
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+
+$ dotenvx run -f .env.production --debug -- node index.js
+process command [node index.js]
+options: {"env":[],"envFile":[".env.production"]}
+loading env from .env.production (/path/to/.env.production)
+{"HELLO":"production"}
+HELLO set
+HELLO set to production
+[dotenvx@1.X.X] injecting env (1) from .env.production
+executing process command [node index.js]
+expanding process command to [/opt/homebrew/bin/node index.js]
+Hello production
+```
 
-  $ dotenvx run -f .env.production --debug -- node index.js
-  [dotenvx][debug] configuring options
-  [dotenvx][debug] {"envFile":[".env.production"]}
-  [dotenvx][verbose] injecting env from /path/to/.env.production
-  [dotenvx][debug] reading env from /path/to/.env.production
-  [dotenvx][debug] parsing env from /path/to/.env.production
-  [dotenvx][debug] {"HELLO":"production"}
-  [dotenvx][debug] writing env from /path/to/.env.production
-  [dotenvx][verbose] HELLO set
-  [dotenvx][debug] HELLO set to production
-  [dotenvx@1.X.X] injecting env (1) from .env.production
-  Hello production
-  ```
+</details>
+<details><summary>`run --quiet`</summary><br>
 
-  </details>
-* <details><summary>`--quiet` flag</summary><br>
+Use `--quiet` to suppress all output (except errors). ([log levels](https://docs.npmjs.com/cli/v8/using-npm/logging#setting-log-levels))
 
-  Use `--quiet` to suppress all output (except errors).
+```sh
+$ echo "HELLO=production" > .env.production
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
 
-  ```sh
-  $ echo "HELLO=production" > .env.production
+$ dotenvx run -f .env.production --quiet -- node index.js
+Hello production
+```
 
-  $ dotenvx run -f .env.production --quiet -- node index.js
-  Hello production
-  ```
+</details>
+<details><summary>`run --log-level`</summary><br>
 
-  </details>
-* <details><summary>`--log-level` flag</summary><br>
+Set `--log-level` to whatever you wish. For example, to suppress warnings (risky), set log level to `error`:
 
-  Set `--log-level` to whatever you wish. For example, to suppress warnings (risky), set log level to `error`:
+```sh
+$ echo "HELLO=production" > .env.production
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
 
-  ```sh
-  $ echo "HELLO=production" > .env.production
+$ dotenvx run -f .env.production --log-level=error -- node index.js
+Hello production
+```
 
-  $ dotenvx run -f .env.production --log-level=error -- node index.js
-  Hello production
-  ```
+Available log levels are `error, warn, info, verbose, debug, silly` ([source](https://docs.npmjs.com/cli/v8/using-npm/logging#setting-log-levels))
 
-  Available log levels are `error, warn, info, verbose, debug, silly`
+</details>
+<details><summary>`run --strict`</summary><br>
 
-  </details>
-* <details><summary>`--convention` flag</summary><br>
+Exit with code `1` if any errors are encountered - like a missing .env file or decryption failure.
 
-  Load envs using [Next.js' convention](https://nextjs.org/docs/pages/building-your-application/configuring/environment-variables#environment-variable-load-order) or [dotenv-flow convention](https://www.npmjs.com/package/dotenv-flow). Set `--convention` to `nextjs` or `flow`:
+```sh
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
 
-  ```sh
-  $ echo "HELLO=development local" > .env.development.local
-  $ echo "HELLO=local" > .env.local
-  $ echo "HELLO=development" > .env.development
-  $ echo "HELLO=env" > .env
+$ dotenvx run -f .env.missing --strict -- node index.js
+[MISSING_ENV_FILE] missing .env.missing file (/path/to/.env.missing)
+[MISSING_ENV_FILE] ? add one with [echo "HELLO=World" > .env.missing]
+```
 
-  $ dotenvx run --convention=nextjs -- node index.js
-  Hello development local
+This can be useful in `ci` scripts where you want to fail the ci if your `.env` file could not be decrypted at runtime.
 
-  $ dotenvx run --convention=flow -- node index.js
-  Hello development local
-  ```
+</details>
+<details><summary>`run --ignore`</summary><br>
 
-  (more conventions available upon request)
+Ignore errors like `MISSING_ENV_FILE`.
 
-  </details>
+```sh
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
 
-&nbsp;
+$ dotenvx run -f .env.missing --ignore=MISSING_ENV_FILE -- node index.js
+...
+```
 
-## Encryption
+</details>
+<details><summary>`run --convention=nextjs`</summary><br>
 
-> Add encryption to your `.env` files with a single command. Use `dotenvx encrypt`.
+Load envs using [Next.js' convention](https://nextjs.org/docs/pages/building-your-application/configuring/environment-variables#environment-variable-load-order). Set `--convention` to `nextjs`:
 
 ```sh
-$ dotenvx encrypt
-✔ encrypted (.env)
-```
-
-[![encrypted .env](https://github.com/user-attachments/assets/46dfe1a7-a027-4d80-9207-789eccc325dc)](https://dotenvx.com)
-
-> A `DOTENV_PUBLIC_KEY` (encryption key) and a `DOTENV_PRIVATE_KEY` (decryption key) are generated using the same public-key cryptography as [Bitcoin](https://en.bitcoin.it/wiki/Secp256k1).
+$ echo "HELLO=development local" > .env.development.local
+$ echo "HELLO=local" > .env.local
+$ echo "HELLO=development" > .env.development
+$ echo "HELLO=env" > .env
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
 
-More examples
+$ dotenvx run --convention=nextjs -- node index.js
+[dotenvx@1.X.X] injecting env (1) from .env.development.local, .env.local, .env.development, .env
+Hello development local
+```
 
-* <details><summary>`.env`</summary><br>
+(more conventions available upon request)
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ dotenvx encrypt
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+</details>
+<details><summary>`run --convention=flow`</summary><br>
 
-  $ dotenvx run -- node index.js
-  [dotenvx@1.X.X] injecting env (2) from .env
-  Hello World
-  ```
+Load envs using [dotenv-flow's convention](https://www.npmjs.com/package/dotenv-flow). Set `--convention` to `flow`:
 
-  </details>
-* <details><summary>`.env.production`</summary><br>
+```sh
+$ echo "HELLO=development local" > .env.development.local
+$ echo "HELLO=development" > .env.development
+$ echo "HELLO=local" > .env.local
+$ echo "HELLO=env" > .env
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
 
-  ```sh
-  $ echo "HELLO=Production" > .env.production
-  $ dotenvx encrypt -f .env.production
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+$ NODE_ENV=development dotenvx run --convention=flow -- node index.js 
+[dotenvx@1.X.X] injecting env (1) from .env.development.local, .env.development, .env.local, .env
+Hello development local
+```
 
-  $ DOTENV_PRIVATE_KEY_PRODUCTION="<.env.production private key>" dotenvx run -- node index.js
-  [dotenvx@1.X.X] injecting env (2) from .env.production
-  Hello Production
-  ```
+Further, we recommend using `DOTENV_ENV` over `NODE_ENV`– as `dotenvx` works everywhere, not just node.
 
-  Note the `DOTENV_PRIVATE_KEY_PRODUCTION` ends with `_PRODUCTION`. This instructs `dotenvx run` to load the `.env.production` file.
+```sh
+$ DOTENV_ENV=development dotenvx run --convention=flow -- node index.js 
+[dotenvx@1.X.X] injecting env (1) from .env.development.local, .env.development, .env.local, .env
+Hello development local
+```
 
-  </details>
-* <details><summary>`.env.ci`</summary><br>
+</details>
+<details><summary>`run -fk`</summary><br>
 
-  ```sh
-  $ echo "HELLO=Ci" > .env.ci
-  $ dotenvx encrypt -f .env.ci
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+Specify path to `.env.keys`. This is useful with monorepos.
 
-  $ DOTENV_PRIVATE_KEY_CI="<.env.ci private key>" dotenvx run -- node index.js
-  [dotenvx@1.X.X] injecting env (2) from .env.ci
-  Hello Ci
-  ```
+```sh
+$ mkdir -p apps/app1
+$ touch apps/app1/.env
+$ dotenvx set HELLO world -fk .env.keys -f apps/app1/.env
 
-  Note the `DOTENV_PRIVATE_KEY_CI` ends with `_CI`. This instructs `dotenvx run` to load the `.env.ci` file. See the pattern?
+$ dotenvx run -fk .env.keys -f apps/app1/.env -- yourcommand
+```
 
-  </details>
-* <details><summary>combine multiple encrypted .env files</summary><br>
+</details>
+<details><summary>`get KEY`</summary><br>
 
-  ```sh
-  $ dotenvx set HELLO World -f .env
-  $ dotenvx set HELLO Production -f .env.production
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+Return a single environment variable's value.
 
-  $ DOTENV_PRIVATE_KEY="<.env private key>" DOTENV_PRIVATE_KEY_PRODUCTION="<.env.production private key>" dotenvx run -- node index.js
-  [dotenvx@1.X.X] injecting env (3) from .env, .env.production
-  Hello World
-  ```
+```sh
+$ echo "HELLO=World" > .env
 
-  Note the `DOTENV_PRIVATE_KEY` instructs `dotenvx run` to load the `.env` file and the `DOTENV_PRIVATE_KEY_PRODUCTION` instructs it to load the `.env.production` file. See the pattern?
+$ dotenvx get HELLO
+World
+```
 
-  </details>
-* <details><summary>combine multiple encrypted .env files for monorepo</summary><br>
+</details>
+<details><summary>`get KEY -f`</summary><br>
 
-  ```sh
-  $ mkdir app1
-  $ mkdir app2
-  $ dotenvx set HELLO app1 -f app1/.env.ci
-  $ dotenvx set HELLO app2 -f app2/.env.ci
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+Return a single environment variable's value from a specific `.env` file.
 
-  $ DOTENV_PRIVATE_KEY_CI="<app1/privat ci key>,<app2/private ci key>" dotenvx run -f app1/.env.ci -f app2/.env.ci -- node index.js
-  [dotenvx@1.X.X] injecting env (2) from app1/.env.ci,app2/.env.ci
-  Hello app1
+```sh
+$ echo "HELLO=World" > .env
+$ echo "HELLO=production" > .env.production
 
-  $ DOTENV_PRIVATE_KEY_CI="<app1/privat ci key>,<app2/private ci key>" dotenvx run -f app1/.env.ci -f app2/.env.ci --overload -- node index.js
-  [dotenvx@1.X.X] injecting env (2) from app1/.env.ci,app2/.env.ci
-  Hello app2
-  ```
+$ dotenvx get HELLO -f .env.production
+production
+```
 
-  Note the `DOTENV_PRIVATE_KEY_CI` (and any `DOTENV_PRIVATE_KEY*`) can take multiple private keys by simply comma separating them.
+</details>
+<details><summary>`get KEY -fk`</summary><br>
 
-  </details>
-* <details><summary>`--stdout`</summary><br>
+Specify path to `.env.keys`. This is useful with monorepos.
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ dotenvx encrypt --stdout
-  $ dotenvx encrypt --stdout > .env.encrypted
-  ```
+```sh
+$ mkdir -p apps/app1
+$ touch apps/app1/.env
+$ dotenvx set HELLO world -fk .env.keys -f apps/app1/.env
 
-  </details>
+$ dotenvx get HELLO -fk .env.keys -f apps/app1/.env
+world
+```
 
-* <details><summary>other curves</summary><br>
+</details>
+<details><summary>`get KEY --env`</summary><br>
 
-  > `secp256k1` is a well-known and battle tested curve, in use with Bitcoin and other cryptocurrencies, but we are open to adding support for more curves.
-  > 
-  > If your organization's compliance department requires [NIST approved curves](https://csrc.nist.gov/projects/elliptic-curve-cryptography) or other curves like `curve25519`, please reach out at [security@dotenvx.com](mailto:security@dotenvx.com).
+Return a single environment variable's value from a `--env` string.
 
-  </details>
+```sh
+$ dotenvx get HELLO --env HELLO=String -f .env.production
+String
+```
 
-&nbsp;
+</details>
 
-## Advanced
+<details><summary>`get KEY --overload`</summary><br>
 
-> Become a `dotenvx` power user.
->
+Return a single environment variable's value where each found value is overloaded.
 
-### CLI 📟
+```sh
+$ echo "HELLO=World" > .env
+$ echo "HELLO=production" > .env.production
 
-Advanced CLI commands.
+$ dotenvx get HELLO -f .env.production --env HELLO=String -f .env --overload
+World
+```
 
-* <details><summary>`run` - Variable Expansion</summary><br>
-
-  Reference and expand variables already on your machine for use in your .env file.
-
-  ```ini
-  # .env
-  USERNAME="username"
-  DATABASE_URL="postgres://${USERNAME}@localhost/my_database"
-  ```
-  ```js
-  // index.js
-  console.log('DATABASE_URL', process.env.DATABASE_URL)
-  ```
-  ```sh
-  $ dotenvx run --debug -- node index.js
-  [dotenvx@1.X.X] injecting env (2) from .env
-  DATABASE_URL postgres://username@localhost/my_database
-  ```
-
-  </details>
-* <details><summary>`run` - Default Values</summary><br>
-
-  Use default values when environment variables are unset or empty.
-
-  ```ini
-  # .env
-  # Default value syntax: use value if set, otherwise use default
-  DATABASE_HOST=${DB_HOST:-localhost}
-  DATABASE_PORT=${DB_PORT:-5432}
-  
-  # Alternative syntax (no colon): use value if set, otherwise use default
-  API_URL=${API_BASE_URL-https://api.example.com}
-  ```
-  ```js
-  // index.js
-  console.log('DATABASE_HOST', process.env.DATABASE_HOST)
-  console.log('DATABASE_PORT', process.env.DATABASE_PORT)
-  console.log('API_URL', process.env.API_URL)
-  ```
-  ```sh
-  $ dotenvx run --debug -- node index.js
-  [dotenvx@1.X.X] injecting env (3) from .env
-  DATABASE_HOST localhost
-  DATABASE_PORT 5432
-  API_URL https://api.example.com
-  ```
-
-  </details>
-* <details><summary>`run` - Alternate Values</summary><br>
-
-  Use alternate values when environment variables are set and non-empty.
-
-  ```ini
-  # .env
-  NODE_ENV=production
-  
-  # Alternate value syntax: use alternate if set and non-empty, otherwise empty
-  DEBUG_MODE=${NODE_ENV:+false}
-  LOG_LEVEL=${NODE_ENV:+error}
-  
-  # Alternative syntax (no colon): use alternate if set, otherwise empty  
-  CACHE_ENABLED=${NODE_ENV+true}
-  ```
-  ```js
-  // index.js
-  console.log('NODE_ENV', process.env.NODE_ENV)
-  console.log('DEBUG_MODE', process.env.DEBUG_MODE)
-  console.log('LOG_LEVEL', process.env.LOG_LEVEL)
-  console.log('CACHE_ENABLED', process.env.CACHE_ENABLED)
-  ```
-  ```sh
-  $ dotenvx run --debug -- node index.js
-  [dotenvx@1.X.X] injecting env (4) from .env
-  NODE_ENV production
-  DEBUG_MODE false
-  LOG_LEVEL error
-  CACHE_ENABLED true
-  ```
-
-  </details>
-* <details><summary>`run` - Interpolation Syntax Summary (Variable Expansion, Default/Alternate Values)</summary><br>
-
-  Complete reference for variable interpolation patterns supported by dotenvx:
-
-  ```ini
-  # .env
-  DEFINED_VAR=hello
-  EMPTY_VAR=
-  # UNDEFINED_VAR is not set
-  
-  # Default value syntax - use variable if set/non-empty, otherwise use default
-  TEST1=${DEFINED_VAR:-fallback}     # Result: "hello"
-  TEST2=${EMPTY_VAR:-fallback}       # Result: "fallback"  
-  TEST3=${UNDEFINED_VAR:-fallback}   # Result: "fallback"
-  
-  # Default value syntax (no colon) - use variable if set, otherwise use default
-  TEST4=${DEFINED_VAR-fallback}      # Result: "hello"
-  TEST5=${EMPTY_VAR-fallback}        # Result: "" (empty, but set)
-  TEST6=${UNDEFINED_VAR-fallback}    # Result: "fallback"
-  
-  # Alternate value syntax - use alternate if variable is set/non-empty, otherwise empty
-  TEST7=${DEFINED_VAR:+alternate}    # Result: "alternate"
-  TEST8=${EMPTY_VAR:+alternate}      # Result: "" (empty)
-  TEST9=${UNDEFINED_VAR:+alternate}  # Result: "" (empty)
-  
-  # Alternate value syntax (no colon) - use alternate if variable is set, otherwise empty  
-  TEST10=${DEFINED_VAR+alternate}    # Result: "alternate"
-  TEST11=${EMPTY_VAR+alternate}      # Result: "alternate" (empty but set)
-  TEST12=${UNDEFINED_VAR+alternate}  # Result: "" (empty)
-  ```
-
-  **Key differences:**
-  - `:-` vs `-`: The colon makes empty values trigger the fallback
-  - `:+` vs `+`: The colon makes empty values not trigger the alternate  
-  - Default syntax (`-`): Use variable value or fallback
-  - Alternate syntax (`+`): Use alternate value or empty string
-
-  </details>
-* <details><summary>`run` - Command Substitution</summary><br>
-
-  Add the output of a command to one of your variables in your .env file.
-
-  ```ini
-  # .env
-  DATABASE_URL="postgres://$(whoami)@localhost/my_database"
-  ```
-  ```js
-  // index.js
-  console.log('DATABASE_URL', process.env.DATABASE_URL)
-  ```
-  ```sh
-  $ dotenvx run --debug -- node index.js
-  [dotenvx@1.X.X] injecting env (1) from .env
-  DATABASE_URL postgres://yourusername@localhost/my_database
-  ```
+</details>
+<details><summary>`get KEY --strict`</summary><br>
 
-  </details>
-* <details><summary>`run` - Shell Expansion</summary><br>
+Exit with code `1` if any errors are encountered - like a missing key, missing .env file, or decryption failure.
 
-  Prevent your shell from expanding inline `$VARIABLES` before dotenvx has a chance to inject it. Use a subshell.
+```sh
+$ dotenvx get DOES_NOT_EXIST --strict
+[MISSING_KEY] missing DOES_NOT_EXIST key
+```
 
-  ```sh
-  $ dotenvx run --env="HELLO=World" -- sh -c 'echo Hello $HELLO'
-  Hello World
-  ```
-
-  </details>
-* <details><summary>`run` - Multiline</summary><br>
-
-  Dotenvx supports multiline values. This is particularly useful in conjunction with Docker - which [does not support multiline values](https://stackoverflow.com/questions/50299617/set-multiline-environment-variable-with-dockerfile/79578348#79578348).
-
-  ```ini
-  # .env
-  MULTILINE_PEM="-----BEGIN PUBLIC KEY-----
-  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNl1tL3QjKp3DZWM0T3u
-  LgGJQwu9WqyzHKZ6WIA5T+7zPjO1L8l3S8k8YzBrfH4mqWOD1GBI8Yjq2L1ac3Y/
-  bTdfHN8CmQr2iDJC0C6zY8YV93oZB3x0zC/LPbRYpF8f6OqX1lZj5vo2zJZy4fI/
-  kKcI5jHYc8VJq+KCuRZrvn+3V+KuL9tF9v8ZgjF2PZbU+LsCy5Yqg1M8f5Jp5f6V
-  u4QuUoobAgMBAAE=
-  -----END PUBLIC KEY-----"
-  ```
-
-  ```js
-  // index.js
-  console.log('MULTILINE_PEM', process.env.MULTILINE_PEM)
-  ```
-
-  ```sh
-  $ dotenvx run -- node index.js
-  MULTILINE_PEM -----BEGIN PUBLIC KEY-----
-  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNl1tL3QjKp3DZWM0T3u
-  LgGJQwu9WqyzHKZ6WIA5T+7zPjO1L8l3S8k8YzBrfH4mqWOD1GBI8Yjq2L1ac3Y/
-  bTdfHN8CmQr2iDJC0C6zY8YV93oZB3x0zC/LPbRYpF8f6OqX1lZj5vo2zJZy4fI/
-  kKcI5jHYc8VJq+KCuRZrvn+3V+KuL9tF9v8ZgjF2PZbU+LsCy5Yqg1M8f5Jp5f6V
-  u4QuUoobAgMBAAE=
-  -----END PUBLIC KEY-----
-  ```
+</details>
+<details><summary>`get KEY --convention=nextjs`</summary><br>
 
-  </details>
-* <details><summary>`run` - Contextual Help</summary><br>
+Return a single environment variable's value using [Next.js' convention](https://nextjs.org/docs/pages/building-your-application/configuring/environment-variables#environment-variable-load-order). Set `--convention` to `nextjs`:
 
-  Unlike other dotenv libraries, dotenvx attempts to unblock you with contextual help.
+```sh
+$ echo "HELLO=development local" > .env.development.local
+$ echo "HELLO=local" > .env.local
+$ echo "HELLO=development" > .env.development
+$ echo "HELLO=env" > .env
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
 
-  For example, when missing a custom .env file:
+$ dotenvx get HELLO --convention=nextjs
+development local
+```
 
-  ```sh
-  $ dotenvx run -f .env.missing -- echo $HELLO
-  [MISSING_ENV_FILE] missing .env.missing file (/Users/scottmotte/Code/dotenvx/playground/apr-16/.env.missing)
-  [MISSING_ENV_FILE] https://github.com/dotenvx/dotenvx/issues/484 and re-run [dotenvx run -- echo]
-  ```
+</details>
+<details><summary>`get KEY --convention=flow`</summary><br>
 
-  or when missing a KEY:
+Return a single environment variable's value using [dotenv-flow's convention](https://www.npmjs.com/package/dotenv-flow). Set `--convention` to `flow`:
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ dotenvx get GOODBYE
-  [MISSING_KEY] missing GOODBYE key
-  ```
+```sh
+$ echo "HELLO=development local" > .env.development.local
+$ echo "HELLO=development" > .env.development
+$ echo "HELLO=local" > .env.local
+$ echo "HELLO=env" > .env
+$ echo "console.log('Hello ' + process.env.HELLO)" > index.js
 
-  </details>
-* <details><summary>`run` - multiple `-f` flags</summary><br>
+$ NODE_ENV=development dotenvx get HELLO --convention=flow
+development local
+```
 
-  Compose multiple `.env` files for environment variables loading, as you need.
+Further, we recommend using `DOTENV_ENV` over `NODE_ENV`– as `dotenvx` works everywhere, not just node.
 
-  ```sh
-  $ echo "HELLO=local" > .env.local
-  $ echo "HELLO=World" > .env
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+```sh
+$ DOTENV_ENV=development dotenvx get HELLO --convention=flow
+development local
+```
 
-  $ dotenvx run -f .env.local -f .env -- node index.js
-  [dotenvx@1.X.X] injecting env (1) from .env.local, .env
-  Hello local
-  ```
+</details>
+<details><summary>`get` (json)</summary><br>
 
-  Note subsequent files do NOT override pre-existing variables defined in previous files or env. This follows historic principle. For example, above `local` wins – from the first file.
+Return a json response of all key/value pairs in a `.env` file.
 
-  </details>
-* <details><summary>`run --env HELLO=String`</summary><br>
+```sh
+$ echo "HELLO=World" > .env
 
-  Set environment variables as a simple `KEY=value` string pair.
+$ dotenvx get
+{"HELLO":"World"}
+```
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+</details>
+<details><summary>`get --format shell`</summary><br>
 
-  $ dotenvx run --env HELLO=String -f .env -- node index.js
-  [dotenvx@1.X.X] injecting env (1) from .env, and --env flag
-  Hello String
-  ```
+Return a shell formatted response of all key/value pairs in a `.env` file.
 
-  </details>
-* <details><summary>`run --overload`</summary><br>
+```sh
+$ echo "HELLO=World" > .env
+$ echo "KEY=value" >> .env
 
-  Override existing env variables. These can be variables already on your machine or variables loaded as files consecutively. The last variable seen will 'win'.
+$ dotenvx get --format shell
+HELLO=World KEY=value
+```
 
-  ```sh
-  $ echo "HELLO=local" > .env.local
-  $ echo "HELLO=World" > .env
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+This can be useful when combined with `env` on the command line.
 
-  $ dotenvx run -f .env.local -f .env --overload -- node index.js
-  [dotenvx@1.X.X] injecting env (1) from .env.local, .env
-  Hello World
-  ```
+```
+$ echo "console.log('Hello ' + process.env.KEY + ' ' + process.env.HELLO)" > index.js
+$ env $(dotenvx get --format=shell) node index.js
+Hello value World
+```
 
-  Note that with `--overload` subsequent files DO override pre-existing variables defined in previous files.
+or with `export`.
 
-  </details>
-* <details><summary>`run` - Environment Variable Precedence (Container/Cloud Deployments)</summary><br>
+```
+$ echo "console.log('Hello ' + process.env.KEY + ' ' + process.env.HELLO)" > index.js
+$ export $(dotenvx get --format=shell)
+$ node index.js
+Hello value World
+```
 
-  When deploying applications in containers or cloud environments, you often need to override specific environment variables at runtime without modifying committed `.env` files. By default, dotenvx follows the historic dotenv principle: **environment variables already present take precedence over `.env` files**.
+</details>
+<details><summary>`get --format eval`</summary><br>
 
-  ```sh
-  # .env.prod contains: MODEL_REGISTRY=registry.company.com/models/v1
-  $ echo "MODEL_REGISTRY=registry.company.com/models/v1" > .env.prod
-  $ echo "console.log('MODEL_REGISTRY:', process.env.MODEL_REGISTRY)" > app.js
+Return an `eval`-ready shell formatted response of all key/value pairs in a `.env` file.
 
-  # Without environment variable set - uses .env.prod value
-  $ dotenvx run -f .env.prod -- node app.js
-  MODEL_REGISTRY: registry.company.com/models/v1
+```sh
+$ echo "HELLO=World" > .env
+$ echo "KEY=value" >> .env
 
-  # With environment variable set (e.g., via Azure Container Service) - environment variable takes precedence
-  $ MODEL_REGISTRY=registry.azure.com/models/v2 dotenvx run -f .env.prod -- node app.js
-  MODEL_REGISTRY: registry.azure.com/models/v2
+$ dotenvx get --format eval
+HELLO="World"
+KEY="value"
+```
 
-  # To force .env.prod to override environment variables, use --overload
-  $ MODEL_REGISTRY=registry.azure.com/models/v2 dotenvx run -f .env.prod --overload -- node app.js
-  MODEL_REGISTRY: registry.company.com/models/v1
-  ```
+Note that this exports newlines and quoted strings.
 
-  **For container deployments:** Set environment variables through your cloud provider's UI/configuration (Azure Container Service, AWS ECS, etc.) to override specific values from committed `.env` files without rebuilding your application.
+This can be useful for more complex .env values (spaces, escaped characters, quotes, etc) combined with `eval` on the command line.
 
-  </details>
-* <details><summary>`DOTENV_PRIVATE_KEY=key run`</summary><br>
-  
-  Decrypt your encrypted `.env` by setting `DOTENV_PRIVATE_KEY` before `dotenvx run`.
+```sh
+$ echo "console.log('Hello ' + process.env.KEY + ' ' + process.env.HELLO)" > index.js
+$ eval $(dotenvx get --format=eval) node index.js
+Hello value World
+```
 
-  ```sh
-  $ touch .env
-  $ dotenvx set HELLO encrypted
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+Be careful with `eval` as it allows for arbitrary execution of commands. Prefer `dotenvx run --` but in some cases `eval` is a sharp knife that is useful to have.
 
-  # check your .env.keys files for your privateKey
-  $ DOTENV_PRIVATE_KEY="122...0b8" dotenvx run -- node index.js
-  [dotenvx@1.X.X] injecting env (2) from .env
-  Hello encrypted
-  ```
+</details>
 
-  </details>
-* <details><summary>`DOTENV_PRIVATE_KEY_PRODUCTION=key run`</summary><br>
+<details><summary>`get --all`</summary><br>
 
-  Decrypt your encrypted `.env.production` by setting `DOTENV_PRIVATE_KEY_PRODUCTION` before `dotenvx run`. Alternatively, this can be already set on your server or cloud provider.
+Return preset machine envs as well.
 
-  ```sh
-  $ touch .env.production
-  $ dotenvx set HELLO "production encrypted" -f .env.production
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+```sh
+$ echo "HELLO=World" > .env
 
-  # check .env.keys for your privateKey
-  $ DOTENV_PRIVATE_KEY_PRODUCTION="122...0b8" dotenvx run -- node index.js
-  [dotenvx@1.X.X] injecting env (2) from .env.production
-  Hello production encrypted
-  ```
+$ dotenvx get --all
+{"PWD":"/some/file/path","USER":"username","LIBRARY_PATH":"/usr/local/lib", ..., "HELLO":"World"}
+```
 
-  Note the `DOTENV_PRIVATE_KEY_PRODUCTION` ends with `_PRODUCTION`. This instructs dotenvx run to load the `.env.production` file.
+</details>
+<details><summary>`get --all --pretty-print`</summary><br>
 
-  </details>
-* <details><summary>`DOTENV_PRIVATE_KEY_CI=key dotenvx run`</summary><br>
+Make the output more readable - pretty print it.
 
-  Decrypt your encrypted `.env.ci` by setting `DOTENV_PRIVATE_KEY_CI` before `dotenvx run`. Alternatively, this can be already set on your server or cloud provider.
+```sh
+$ echo "HELLO=World" > .env
 
-  ```sh
-  $ touch .env.ci
-  $ dotenvx set HELLO "ci encrypted" -f .env.ci
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+$ dotenvx get --all --pretty-print
+{
+  "PWD": "/some/filepath",
+  "USER": "username",
+  "LIBRARY_PATH": "/usr/local/lib",
+  ...,
+  "HELLO": "World"
+}
+```
 
-  # check .env.keys for your privateKey
-  $ DOTENV_PRIVATE_KEY_CI="122...0b8" dotenvx run -- node index.js
-  [dotenvx@1.X.X] injecting env (2) from .env.ci
-  Hello ci encrypted
-  ```
+</details>
+<details><summary>`set KEY value`</summary><br>
 
-  Note the `DOTENV_PRIVATE_KEY_CI` ends with `_CI`. This instructs dotenvx run to load the `.env.ci` file. See the pattern?
+Set an encrypted key/value (on by default).
 
-  </details>
-* <details><summary>`DOTENV_PRIVATE_KEY=key DOTENV_PRIVATE_KEY_PRODUCTION=key run` - Combine Multiple</summary><br>
+```sh
+$ touch .env
 
-  Decrypt your encrypted `.env` and `.env.production` files by setting `DOTENV_PRIVATE_KEY` and `DOTENV_PRIVATE_KEY_PRODUCTION` before `dotenvx run`. 
+$ dotenvx set HELLO World
+set HELLO with encryption (.env)
+```
 
-  ```sh
-  $ touch .env
-  $ touch .env.production
-  $ dotenvx set HELLO encrypted
-  $ dotenvx set HELLO "production encrypted" -f .env.production
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+</details>
+<details><summary>`set KEY value -f`</summary><br>
 
-  # check .env.keys for your privateKeys
-  $ DOTENV_PRIVATE_KEY="122...0b8" DOTENV_PRIVATE_KEY_PRODUCTION="122...0b8" dotenvx run -- node index.js
-  [dotenvx@1.X.X] injecting env (3) from .env, .env.production
-  Hello encrypted
+Set an (encrypted) key/value for another `.env` file.
 
-  $ DOTENV_PRIVATE_KEY_PRODUCTION="122...0b8" DOTENV_PRIVATE_KEY="122...0b8" dotenvx run -- node index.js
-  [dotenvx@1.X.X] injecting env (3) from .env.production, .env
-  Hello production encrypted
-  ```
+```sh
+$ touch .env.production
 
-  Compose any encrypted files you want this way. As long as a `DOTENV_PRIVATE_KEY_${environment}` is set, the values from `.env.${environment}` will be decrypted at runtime.
+$ dotenvx set HELLO production -f .env.production
+set HELLO with encryption (.env.production)
+```
 
-  </details>
-* <details><summary>`run --verbose`</summary><br>
+</details>
+<details><summary>`set KEY value -fk`</summary><br>
 
-  Set log level to `verbose`. ([log levels](https://docs.npmjs.com/cli/v8/using-npm/logging#setting-log-levels))
+Specify path to `.env.keys`. This is useful with monorepos.
 
-  ```sh
-  $ echo "HELLO=production" > .env.production
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+```sh
+$ mkdir -p apps/app1
+$ touch apps/app1/.env
 
-  $ dotenvx run -f .env.production --verbose -- node index.js
-  loading env from .env.production (/path/to/.env.production)
-  HELLO set
-  [dotenvx@1.X.X] injecting env (1) from .env.production
-  Hello production
-  ```
+$ dotenvx set HELLO world -fk .env.keys -f apps/app1/.env
+set HELLO with encryption (.env)
+```
 
-  </details>
-* <details><summary>`run --debug`</summary><br>
+Put it to use.
 
-  Set log level to `debug`. ([log levels](https://docs.npmjs.com/cli/v8/using-npm/logging#setting-log-levels))
+```sh
+$ dotenvx get -fk .env.keys -f apps/app1/.env
+```
 
-  ```sh
-  $ echo "HELLO=production" > .env.production
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+Use it with a relative path.
 
-  $ dotenvx run -f .env.production --debug -- node index.js
-  process command [node index.js]
-  options: {"env":[],"envFile":[".env.production"]}
-  loading env from .env.production (/path/to/.env.production)
-  {"HELLO":"production"}
-  HELLO set
-  HELLO set to production
-  [dotenvx@1.X.X] injecting env (1) from .env.production
-  executing process command [node index.js]
-  expanding process command to [/opt/homebrew/bin/node index.js]
-  Hello production
-  ```
-
-  </details>
-* <details><summary>`run --quiet`</summary><br>
-
-  Use `--quiet` to suppress all output (except errors). ([log levels](https://docs.npmjs.com/cli/v8/using-npm/logging#setting-log-levels))
-
-  ```sh
-  $ echo "HELLO=production" > .env.production
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+```sh
+$ cd apps/app1
+$ dotenvx get -fk ../../.env.keys -f .env
+```
 
-  $ dotenvx run -f .env.production --quiet -- node index.js
-  Hello production
-  ```
+</details>
+<details><summary>`set KEY "value with spaces"`</summary><br>
 
-  </details>
-* <details><summary>`run --log-level`</summary><br>
+Set a value containing spaces.
 
-  Set `--log-level` to whatever you wish. For example, to suppress warnings (risky), set log level to `error`:
+```sh
+$ touch .env.ci
 
-  ```sh
-  $ echo "HELLO=production" > .env.production
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+$ dotenvx set HELLO "my ci" -f .env.ci
+set HELLO with encryption (.env.ci)
+```
 
-  $ dotenvx run -f .env.production --log-level=error -- node index.js
-  Hello production
-  ```
+</details>
+<details><summary>`set KEY -- "- + * ÷"`</summary><br>
 
-  Available log levels are `error, warn, info, verbose, debug, silly` ([source](https://docs.npmjs.com/cli/v8/using-npm/logging#setting-log-levels))
+If your value starts with a dash (`-`), then place two dashes instructing the cli that there are no more flag arguments.
 
-  </details>
-* <details><summary>`run --strict`</summary><br>
+```sh
+$ touch .env.ci
 
-  Exit with code `1` if any errors are encountered - like a missing .env file or decryption failure.
+$ dotenvx set HELLO -f .env.ci -- "- + * ÷"
+set HELLO with encryption (.env.ci)
+```
 
-  ```sh
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+</details>
+<details><summary>`set KEY value --plain`</summary><br>
 
-  $ dotenvx run -f .env.missing --strict -- node index.js
-  [MISSING_ENV_FILE] missing .env.missing file (/path/to/.env.missing)
-  [MISSING_ENV_FILE] ? add one with [echo "HELLO=World" > .env.missing]
-  ```
+Set a plaintext key/value.
 
-  This can be useful in `ci` scripts where you want to fail the ci if your `.env` file could not be decrypted at runtime.
+```sh
+$ touch .env
 
-  </details>
-* <details><summary>`run --ignore`</summary><br>
+$ dotenvx set HELLO World --plain
+set HELLO (.env)
+```
 
-  Ignore errors like `MISSING_ENV_FILE`.
+</details>
+<details><summary>`encrypt`</summary><br>
 
-  ```sh
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+Encrypt the contents of a `.env` file to an encrypted `.env` file.
 
-  $ dotenvx run -f .env.missing --ignore=MISSING_ENV_FILE -- node index.js
-  ...
-  ```
+```sh
+$ echo "HELLO=World" > .env
 
-  </details>
-* <details><summary>`run --convention=nextjs`</summary><br>
+$ dotenvx encrypt
+✔ encrypted (.env)
+✔ key added to .env.keys (DOTENV_PRIVATE_KEY)
+⮕  next run [dotenvx ext gitignore --pattern .env.keys] to gitignore .env.keys
+⮕  next run [DOTENV_PRIVATE_KEY='122...0b8' dotenvx run -- yourcommand] to test decryption locally
+```
 
-  Load envs using [Next.js' convention](https://nextjs.org/docs/pages/building-your-application/configuring/environment-variables#environment-variable-load-order). Set `--convention` to `nextjs`:
+</details>
+<details><summary>`encrypt -f`</summary><br>
 
-  ```sh
-  $ echo "HELLO=development local" > .env.development.local
-  $ echo "HELLO=local" > .env.local
-  $ echo "HELLO=development" > .env.development
-  $ echo "HELLO=env" > .env
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+Encrypt the contents of a specified `.env` file to an encrypted `.env` file.
 
-  $ dotenvx run --convention=nextjs -- node index.js
-  [dotenvx@1.X.X] injecting env (1) from .env.development.local, .env.local, .env.development, .env
-  Hello development local
-  ```
+```sh
+$ echo "HELLO=World" > .env
+$ echo "HELLO=Production" > .env.production
 
-  (more conventions available upon request)
+$ dotenvx encrypt -f .env.production
+✔ encrypted (.env.production)
+✔ key added to .env.keys (DOTENV_PRIVATE_KEY_PRODUCTION)
+⮕  next run [dotenvx ext gitignore --pattern .env.keys] to gitignore .env.keys
+⮕  next run [DOTENV_PRIVATE_KEY='bff...bc4' dotenvx run -- yourcommand] to test decryption locally
+```
 
-  </details>
-* <details><summary>`run --convention=flow`</summary><br>
+</details>
+<details><summary>`encrypt -fk`</summary><br>
 
-  Load envs using [dotenv-flow's convention](https://www.npmjs.com/package/dotenv-flow). Set `--convention` to `flow`:
+Specify path to `.env.keys`. This is useful with monorepos.
 
-  ```sh
-  $ echo "HELLO=development local" > .env.development.local
-  $ echo "HELLO=development" > .env.development
-  $ echo "HELLO=local" > .env.local
-  $ echo "HELLO=env" > .env
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+```sh
+$ mkdir -p apps/app1
+$ echo "HELLO=World" > apps/app1/.env
 
-  $ NODE_ENV=development dotenvx run --convention=flow -- node index.js 
-  [dotenvx@1.X.X] injecting env (1) from .env.development.local, .env.development, .env.local, .env
-  Hello development local
-  ```
+$ dotenvx encrypt -fk .env.keys -f apps/app1/.env
+✔ encrypted (apps/app1/.env)
+```
 
-  Further, we recommend using `DOTENV_ENV` over `NODE_ENV`– as `dotenvx` works everywhere, not just node.
+Put it to use.
 
-  ```sh
-  $ DOTENV_ENV=development dotenvx run --convention=flow -- node index.js 
-  [dotenvx@1.X.X] injecting env (1) from .env.development.local, .env.development, .env.local, .env
-  Hello development local
-  ```
+```sh
+$ dotenvx run -fk .env.keys -f apps/app1/.env
+```
 
-  </details>
-* <details><summary>`run -fk`</summary><br>
+Use with a relative path.
 
-  Specify path to `.env.keys`. This is useful with monorepos.
+```sh
+$ cd apps/app1
+$ dotenvx run -fk ../../.env.keys -f .env
+```
 
-  ```sh
-  $ mkdir -p apps/app1
-  $ touch apps/app1/.env
-  $ dotenvx set HELLO world -fk .env.keys -f apps/app1/.env
+</details>
+<details><summary>`encrypt -k`</summary><br>
 
-  $ dotenvx run -fk .env.keys -f apps/app1/.env -- yourcommand
-  ```
+Specify the key(s) to encrypt by passing `--key`.
 
-  </details>
-* <details><summary>`get KEY`</summary><br>
+```sh
+$ echo "HELLO=World\nHELLO2=Universe" > .env
 
-  Return a single environment variable's value.
+$ dotenvx encrypt -k HELLO2
+✔ encrypted (.env)
+```
 
-  ```sh
-  $ echo "HELLO=World" > .env
+Even specify a glob pattern.
 
-  $ dotenvx get HELLO
-  World
-  ```
+```sh
+$ echo "HELLO=World\nHOLA=Mundo" > .env
 
-  </details>
-* <details><summary>`get KEY -f`</summary><br>
+$ dotenvx encrypt -k "HE*"
+✔ encrypted (.env)
+```
 
-  Return a single environment variable's value from a specific `.env` file.
+</details>
+<details><summary>`encrypt -ek`</summary><br>
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ echo "HELLO=production" > .env.production
+Specify the key(s) to NOT encrypt by passing `--exclude-key`.
 
-  $ dotenvx get HELLO -f .env.production
-  production
-  ```
+```sh
+$ echo "HELLO=World\nHELLO2=Universe" > .env
 
-  </details>
-* <details><summary>`get KEY -fk`</summary><br>
+$ dotenvx encrypt -ek HELLO
+✔ encrypted (.env)
+```
 
-  Specify path to `.env.keys`. This is useful with monorepos.
+Even specify a glob pattern.
 
-  ```sh
-  $ mkdir -p apps/app1
-  $ touch apps/app1/.env
-  $ dotenvx set HELLO world -fk .env.keys -f apps/app1/.env
+```sh
+$ echo "HELLO=World\nHOLA=Mundo" > .env
 
-  $ dotenvx get HELLO -fk .env.keys -f apps/app1/.env
-  world
-  ```
+$ dotenvx encrypt -ek "HO*"
+✔ encrypted (.env)
+```
 
-  </details>
-* <details><summary>`get KEY --env`</summary><br>
+</details>
+<details><summary>`encrypt --stdout`</summary><br>
 
-  Return a single environment variable's value from a `--env` string.
+Encrypt the contents of a `.env` file and send to stdout.
 
-  ```sh
-  $ dotenvx get HELLO --env HELLO=String -f .env.production
-  String
-  ```
+```sh
+$ echo "HELLO=World" > .env
+$ dotenvx encrypt --stdout
+#/-------------------[DOTENV_PUBLIC_KEY]--------------------/
+#/            public-key encryption for .env files          /
+#/       [how it works](https://dotenvx.com/encryption)     /
+#/----------------------------------------------------------/
+DOTENV_PUBLIC_KEY="034af93e93708b994c10f236c96ef88e47291066946cce2e8d98c9e02c741ced45"
+# .env
+HELLO="encrypted:BDqDBibm4wsYqMpCjTQ6BsDHmMadg9K3dAt+Z9HPMfLEIRVz50hmLXPXRuDBXaJi/LwWYEVUNiq0HISrslzQPaoyS8Lotg3gFWJTsNCdOWnqpjF2xNUX2RQiP05kAbEXM6MWVjDr"
+```
 
-  </details>
+or send to a file:
 
-* <details><summary>`get KEY --overload`</summary><br>
+```sh
+$ echo "HELLO=World" > .env
+$ dotenvx encrypt --stdout > somefile.txt
+```
 
-  Return a single environment variable's value where each found value is overloaded.
+</details>
+<details><summary>`decrypt`</summary><br>
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ echo "HELLO=production" > .env.production
+Decrypt the contents of an encrypted `.env` file to an unencrypted `.env` file.
 
-  $ dotenvx get HELLO -f .env.production --env HELLO=String -f .env --overload
-  World
-  ```
+```sh
+$ echo "HELLO=World" > .env
+$ dotenvx encrypt
+✔ encrypted (.env)
+$ dotenvx decrypt
+✔ decrypted (.env)
+```
 
-  </details>
-* <details><summary>`get KEY --strict`</summary><br>
+</details>
+<details><summary>`decrypt -f`</summary><br>
 
-  Exit with code `1` if any errors are encountered - like a missing key, missing .env file, or decryption failure.
+Decrypt the contents of a specified encrypted `.env` file to an unencrypted `.env` file.
 
-  ```sh
-  $ dotenvx get DOES_NOT_EXIST --strict
-  [MISSING_KEY] missing DOES_NOT_EXIST key
-  ```
+```sh
+$ echo "HELLO=World" > .env
+$ echo "HELLO=Production" > .env.production
 
-  </details>
-* <details><summary>`get KEY --convention=nextjs`</summary><br>
+$ dotenvx encrypt -f .env.production
+✔ encrypted (.env.production)
+$ dotenvx decrypt -f .env.production
+✔ decrypted (.env.production)
+```
 
-  Return a single environment variable's value using [Next.js' convention](https://nextjs.org/docs/pages/building-your-application/configuring/environment-variables#environment-variable-load-order). Set `--convention` to `nextjs`:
+</details>
+<details><summary>`decrypt -fk`</summary><br>
 
-  ```sh
-  $ echo "HELLO=development local" > .env.development.local
-  $ echo "HELLO=local" > .env.local
-  $ echo "HELLO=development" > .env.development
-  $ echo "HELLO=env" > .env
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+Specify path to `.env.keys`. This is useful with monorepos.
 
-  $ dotenvx get HELLO --convention=nextjs
-  development local
-  ```
+```sh
+$ mkdir -p apps/app1
+$ echo "HELLO=World" > apps/app1/.env
 
-  </details>
-* <details><summary>`get KEY --convention=flow`</summary><br>
+$ dotenvx encrypt -fk .env.keys -f apps/app1/.env
+✔ encrypted (apps/app1/.env)
+$ dotenvx decrypt -fk .env.keys -f apps/app1/.env
+✔ decrypted (apps/app1/.env)
+```
 
-  Return a single environment variable's value using [dotenv-flow's convention](https://www.npmjs.com/package/dotenv-flow). Set `--convention` to `flow`:
+</details>
+<details><summary>`decrypt -k`</summary><br>
 
-  ```sh
-  $ echo "HELLO=development local" > .env.development.local
-  $ echo "HELLO=development" > .env.development
-  $ echo "HELLO=local" > .env.local
-  $ echo "HELLO=env" > .env
-  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+Decrypt the contents of a specified key inside an encrypted `.env` file.
 
-  $ NODE_ENV=development dotenvx get HELLO --convention=flow
-  development local
-  ```
+```sh
+$ echo "HELLO=World\nHOLA=Mundo" > .env
+$ dotenvx encrypt
+✔ encrypted (.env)
+$ dotenvx decrypt -k HELLO
+✔ decrypted (.env)
+```
 
-  Further, we recommend using `DOTENV_ENV` over `NODE_ENV`– as `dotenvx` works everywhere, not just node.
+Even specify a glob pattern.
 
-  ```sh
-  $ DOTENV_ENV=development dotenvx get HELLO --convention=flow
-  development local
-  ```
+```sh
+$ echo "HELLO=World\nHOLA=Mundo" > .env
+$ dotenvx encrypt
+✔ encrypted (.env)
+$ dotenvx decrypt -k "HE*"
+✔ encrypted (.env)
+```
 
-  </details>
-* <details><summary>`get` (json)</summary><br>
+</details>
+<details><summary>`decrypt -ek`</summary><br>
 
-  Return a json response of all key/value pairs in a `.env` file.
+Decrypt the contents inside an encrypted `.env` file except for an excluded key.
 
-  ```sh
-  $ echo "HELLO=World" > .env
+```sh
+$ echo "HELLO=World\nHOLA=Mundo" > .env
+$ dotenvx encrypt
+✔ encrypted (.env)
+$ dotenvx decrypt -ek HOLA
+✔ decrypted (.env)
+```
 
-  $ dotenvx get
-  {"HELLO":"World"}
-  ```
+Even specify a glob pattern.
 
-  </details>
-* <details><summary>`get --format shell`</summary><br>
+```sh
+$ echo "HELLO=World\nHOLA=Mundo" > .env
+$ dotenvx encrypt
+✔ encrypted (.env)
+$ dotenvx decrypt -ek "HO*"
+✔ encrypted (.env)
+```
 
-  Return a shell formatted response of all key/value pairs in a `.env` file.
+</details>
+<details><summary>`decrypt --stdout`</summary><br>
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ echo "KEY=value" >> .env
+Decrypt the contents of an encrypted `.env` file and send to stdout.
 
-  $ dotenvx get --format shell
-  HELLO=World KEY=value
-  ```
+```sh
+$ dotenvx decrypt --stdout
+#/-------------------[DOTENV_PUBLIC_KEY]--------------------/
+#/            public-key encryption for .env files          /
+#/       [how it works](https://dotenvx.com/encryption)     /
+#/----------------------------------------------------------/
+DOTENV_PUBLIC_KEY="034af93e93708b994c10f236c96ef88e47291066946cce2e8d98c9e02c741ced45"
+# .env
+HELLO="World"
+```
 
-  This can be useful when combined with `env` on the command line.
+or send to a file:
 
-  ```
-  $ echo "console.log('Hello ' + process.env.KEY + ' ' + process.env.HELLO)" > index.js
-  $ env $(dotenvx get --format=shell) node index.js
-  Hello value World
-  ```
+```sh
+$ dotenvx decrypt --stdout > somefile.txt
+```
 
-  or with `export`.
+</details>
+<details><summary>`keypair`</summary><br>
 
-  ```
-  $ echo "console.log('Hello ' + process.env.KEY + ' ' + process.env.HELLO)" > index.js
-  $ export $(dotenvx get --format=shell)
-  $ node index.js
-  Hello value World
-  ```
+Print public/private keys for `.env` file.
 
-  </details>
-* <details><summary>`get --format eval`</summary><br>
+```sh
+$ echo "HELLO=World" > .env
+$ dotenvx encrypt
 
-  Return an `eval`-ready shell formatted response of all key/value pairs in a `.env` file.
+$ dotenvx keypair
+{"DOTENV_PUBLIC_KEY":"<publicKey>","DOTENV_PRIVATE_KEY":"<privateKey>"}
+```
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ echo "KEY=value" >> .env
+</details>
+<details><summary>`keypair -f`</summary><br>
 
-  $ dotenvx get --format eval
-  HELLO="World"
-  KEY="value"
-  ```
+Print public/private keys for `.env.production` file.
 
-  Note that this exports newlines and quoted strings.
+```sh
+$ echo "HELLO=Production" > .env.production
+$ dotenvx encrypt -f .env.production
 
-  This can be useful for more complex .env values (spaces, escaped characters, quotes, etc) combined with `eval` on the command line.
+$ dotenvx keypair -f .env.production
+{"DOTENV_PUBLIC_KEY_PRODUCTION":"<publicKey>","DOTENV_PRIVATE_KEY_PRODUCTION":"<privateKey>"}
+```
 
-  ```sh
-  $ echo "console.log('Hello ' + process.env.KEY + ' ' + process.env.HELLO)" > index.js
-  $ eval $(dotenvx get --format=eval) node index.js
-  Hello value World
-  ```
+</details>
+<details><summary>`keypair -fk`</summary><br>
 
-  Be careful with `eval` as it allows for arbitrary execution of commands. Prefer `dotenvx run --` but in some cases `eval` is a sharp knife that is useful to have.
+Specify path to `.env.keys`. This is useful for printing public/private keys for monorepos.
 
-  </details>
+```sh
+$ mkdir -p apps/app1
+$ echo "HELLO=World" > apps/app1/.env
+$ dotenvx encrypt -fk .env.keys -f apps/app1/.env
 
-* <details><summary>`get --all`</summary><br>
+$ dotenvx keypair -fk .env.keys -f apps/app1/.env
+{"DOTENV_PUBLIC_KEY":"<publicKey>","DOTENV_PRIVATE_KEY":"<privateKey>"}
+```
 
-  Return preset machine envs as well.
+</details>
+<details><summary>`keypair DOTENV_PRIVATE_KEY`</summary><br>
 
-  ```sh
-  $ echo "HELLO=World" > .env
+Print specific keypair for `.env` file.
 
-  $ dotenvx get --all
-  {"PWD":"/some/file/path","USER":"username","LIBRARY_PATH":"/usr/local/lib", ..., "HELLO":"World"}
-  ```
+```sh
+$ echo "HELLO=World" > .env
+$ dotenvx encrypt
 
-  </details>
-* <details><summary>`get --all --pretty-print`</summary><br>
+$ dotenvx keypair DOTENV_PRIVATE_KEY
+<privateKey>
+```
 
-  Make the output more readable - pretty print it.
+</details>
+<details><summary>`keypair --format shell`</summary><br>
 
-  ```sh
-  $ echo "HELLO=World" > .env
+Print a shell formatted response of public/private keys.
 
-  $ dotenvx get --all --pretty-print
-  {
-    "PWD": "/some/filepath",
-    "USER": "username",
-    "LIBRARY_PATH": "/usr/local/lib",
-    ...,
-    "HELLO": "World"
-  }
-  ```
+```sh
+$ echo "HELLO=World" > .env
+$ dotenx encrypt
 
-  </details>
-* <details><summary>`set KEY value`</summary><br>
+$ dotenvx keypair --format shell
+DOTENV_PUBLIC_KEY=<publicKey> DOTENV_PRIVATE_KEY=<privateKey>
+```
 
-  Set an encrypted key/value (on by default).
+</details>
+<details><summary>`ls`</summary><br>
 
-  ```sh
-  $ touch .env
+Print all `.env` files in a tree structure.
 
-  $ dotenvx set HELLO World
-  set HELLO with encryption (.env)
-  ```
+```sh
+$ touch .env
+$ touch .env.production
+$ mkdir -p apps/backend
+$ touch apps/backend/.env
+
+$ dotenvx ls
+├─ .env.production
+├─ .env
+└─ apps
+   └─ backend
+      └─ .env
+```
 
-  </details>
-* <details><summary>`set KEY value -f`</summary><br>
+</details>
+<details><summary>`ls directory`</summary><br>
 
-  Set an (encrypted) key/value for another `.env` file.
+Print all `.env` files inside a specified path to a directory.
 
-  ```sh
-  $ touch .env.production
+```sh
+$ touch .env
+$ touch .env.production
+$ mkdir -p apps/backend
+$ touch apps/backend/.env
 
-  $ dotenvx set HELLO production -f .env.production
-  set HELLO with encryption (.env.production)
-  ```
+$ dotenvx ls apps/backend
+└─ .env
+```
 
-  </details>
-* <details><summary>`set KEY value -fk`</summary><br>
+</details>
+<details><summary>`ls -f`</summary><br>
 
-  Specify path to `.env.keys`. This is useful with monorepos.
+Glob `.env` filenames matching a wildcard.
 
-  ```sh
-  $ mkdir -p apps/app1
-  $ touch apps/app1/.env
+```sh
+$ touch .env
+$ touch .env.production
+$ mkdir -p apps/backend
+$ touch apps/backend/.env
+$ touch apps/backend/.env.prod
+
+$ dotenvx ls -f **/.env.prod*
+├─ .env.production
+└─ apps
+   └─ backend
+      └─ .env.prod
+```
 
-  $ dotenvx set HELLO world -fk .env.keys -f apps/app1/.env
-  set HELLO with encryption (.env)
-  ```
+</details>
+<details><summary>`ls -ef`</summary><br>
 
-  Put it to use.
+Glob `.env` filenames excluding a wildcard.
 
-  ```sh
-  $ dotenvx get -fk .env.keys -f apps/app1/.env
-  ```
+```sh
+$ touch .env
+$ touch .env.production
+$ mkdir -p apps/backend
+$ touch apps/backend/.env
+$ touch apps/backend/.env.prod
+
+$ dotenvx ls -ef '**/.env.prod*'
+├─ .env
+└─ apps
+   └─ backend
+      └─ .env
+```
 
-  Use it with a relative path.
+</details>
+<details><summary>`rotate`</summary><br>
 
-  ```sh
-  $ cd apps/app1
-  $ dotenvx get -fk ../../.env.keys -f .env
-  ```
+Rotate public/private keys for `.env` file and re-encrypt all encrypted values.
 
-  </details>
-* <details><summary>`set KEY "value with spaces"`</summary><br>
+```sh
+$ echo "HELLO=World" > .env
+$ dotenvx encrypt
+✔ encrypted (.env)
+$ dotenvx rotate
+✔ rotated (.env)
+```
 
-  Set a value containing spaces.
+</details>
+<details><summary>`rotate -f`</summary><br>
 
-  ```sh
-  $ touch .env.ci
+Rotate public/private keys for a specified encrypted `.env` file and re-encrypt all encrypted values.
 
-  $ dotenvx set HELLO "my ci" -f .env.ci
-  set HELLO with encryption (.env.ci)
-  ```
+```sh
+$ echo "HELLO=World" > .env
+$ echo "HELLO=Production" > .env.production
 
-  </details>
-* <details><summary>`set KEY -- "- + * ÷"`</summary><br>
+$ dotenvx encrypt -f .env.production
+✔ encrypted (.env.production)
+$ dotenvx rotate -f .env.production
+✔ rotated (.env.production)
+```
 
-  If your value starts with a dash (`-`), then place two dashes instructing the cli that there are no more flag arguments.
+</details>
+<details><summary>`rotate -fk`</summary><br>
 
-  ```sh
-  $ touch .env.ci
+Specify path to `.env.keys`. This is useful with monorepos.
 
-  $ dotenvx set HELLO -f .env.ci -- "- + * ÷"
-  set HELLO with encryption (.env.ci)
-  ```
+```sh
+$ mkdir -p apps/app1
+$ echo "HELLO=World" > apps/app1/.env
 
-  </details>
-* <details><summary>`set KEY value --plain`</summary><br>
+$ dotenvx encrypt -fk .env.keys -f apps/app1/.env
+✔ encrypted (apps/app1/.env)
+$ dotenvx rotate -fk .env.keys -f apps/app1/.env
+✔ rotated (apps/app1/.env)
+```
 
-  Set a plaintext key/value.
+</details>
+<details><summary>`rotate -k`</summary><br>
 
-  ```sh
-  $ touch .env
+Rotate the contents of a specified key inside an encrypted `.env` file.
 
-  $ dotenvx set HELLO World --plain
-  set HELLO (.env)
-  ```
+```sh
+$ echo "HELLO=World\nHOLA=Mundo" > .env
+$ dotenvx encrypt
+✔ encrypted (.env)
+$ dotenvx rotate -k HELLO
+✔ rotated (.env)
+```
 
-  </details>
-* <details><summary>`encrypt`</summary><br>
+Even specify a glob pattern.
 
-  Encrypt the contents of a `.env` file to an encrypted `.env` file.
+```sh
+$ echo "HELLO=World\nHOLA=Mundo" > .env
+$ dotenvx encrypt
+✔ encrypted (.env)
+$ dotenvx rotate -k "HE*"
+✔ rotated (.env)
+```
 
-  ```sh
-  $ echo "HELLO=World" > .env
+</details>
+<details><summary>`rotate -ek`</summary><br>
 
-  $ dotenvx encrypt
-  ✔ encrypted (.env)
-  ✔ key added to .env.keys (DOTENV_PRIVATE_KEY)
-  ⮕  next run [dotenvx ext gitignore --pattern .env.keys] to gitignore .env.keys
-  ⮕  next run [DOTENV_PRIVATE_KEY='122...0b8' dotenvx run -- yourcommand] to test decryption locally
-  ```
+Rotate the encrypted contents inside an encrypted `.env` file except for an excluded key.
 
-  </details>
-* <details><summary>`encrypt -f`</summary><br>
+```sh
+$ echo "HELLO=World\nHOLA=Mundo" > .env
+$ dotenvx encrypt
+✔ encrypted (.env)
+$ dotenvx rotate -ek HOLA
+✔ rotated (.env)
+```
 
-  Encrypt the contents of a specified `.env` file to an encrypted `.env` file.
+Even specify a glob pattern.
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ echo "HELLO=Production" > .env.production
+```sh
+$ echo "HELLO=World\nHOLA=Mundo" > .env
+$ dotenvx encrypt
+✔ encrypted (.env)
+$ dotenvx rotate -ek "HO*"
+✔ rotated (.env)
+```
 
-  $ dotenvx encrypt -f .env.production
-  ✔ encrypted (.env.production)
-  ✔ key added to .env.keys (DOTENV_PRIVATE_KEY_PRODUCTION)
-  ⮕  next run [dotenvx ext gitignore --pattern .env.keys] to gitignore .env.keys
-  ⮕  next run [DOTENV_PRIVATE_KEY='bff...bc4' dotenvx run -- yourcommand] to test decryption locally
-  ```
+</details>
+<details><summary>`rotate --stdout`</summary><br>
 
-  </details>
-* <details><summary>`encrypt -fk`</summary><br>
+Rotate the contents of an encrypted `.env` file and send to stdout.
 
-  Specify path to `.env.keys`. This is useful with monorepos.
+```sh
+$ dotenvx rotate --stdout
+#/-------------------[DOTENV_PUBLIC_KEY]--------------------/
+#/            public-key encryption for .env files          /
+#/       [how it works](https://dotenvx.com/encryption)     /
+#/----------------------------------------------------------/
+DOTENV_PUBLIC_KEY="034af93e93708b994c10f236c96ef88e47291066946cce2e8d98c9e02c741ced45"
+# .env
+HELLO="encrypted:12345"
+```
 
-  ```sh
-  $ mkdir -p apps/app1
-  $ echo "HELLO=World" > apps/app1/.env
+or send to a file:
 
-  $ dotenvx encrypt -fk .env.keys -f apps/app1/.env
-  ✔ encrypted (apps/app1/.env)
-  ```
+```sh
+$ dotenvx rotate --stdout > somefile.txt
+```
 
-  Put it to use.
+</details>
+<details><summary>`help`</summary><br>
 
-  ```sh
-  $ dotenvx run -fk .env.keys -f apps/app1/.env
-  ```
+Output help for `dotenvx`.
 
-  Use with a relative path.
+```sh
+$ dotenvx help
+Usage: dotenvx run -- yourcommand
+
+a better dotenv–from the creator of `dotenv`
+
+Options:
+  -l, --log-level <level>      set log level (default: "info")
+  -q, --quiet                  sets log level to error
+  -v, --verbose                sets log level to verbose
+  -d, --debug                  sets log level to debug
+  -V, --version                output the version number
+  -h, --help                   display help for command
+
+Commands:
+  run                inject env at runtime [dotenvx run -- yourcommand]
+  get [KEY]          return a single environment variable
+  set <KEY> <value>  set a single environment variable
+  encrypt            convert .env file(s) to encrypted .env file(s)
+  decrypt            convert encrypted .env file(s) to plain .env file(s)
+  keypair [KEY]      print public/private keys for .env file(s)
+  ls [directory]     print all .env files in a tree structure
+ 
+Advanced: 
+  pro                          🏆 pro
+  ext                          🔌 extensions
+```
 
-  ```sh
-  $ cd apps/app1
-  $ dotenvx run -fk ../../.env.keys -f .env
-  ```
+You can get more detailed help per command with `dotenvx help COMMAND`.
 
-  </details>
-* <details><summary>`encrypt -k`</summary><br>
+```sh
+$ dotenvx help run
+Usage: @dotenvx/dotenvx run [options]
 
-  Specify the key(s) to encrypt by passing `--key`.
+inject env at runtime [dotenvx run -- yourcommand]
 
-  ```sh
-  $ echo "HELLO=World\nHELLO2=Universe" > .env
+Options:
+  -e, --env <strings...>            environment variable(s) set as string (example: "HELLO=World") (default: [])
+  -f, --env-file <paths...>         path(s) to your env file(s) (default: [])
+  -fv, --env-vault-file <paths...>  path(s) to your .env.vault file(s) (default: [])
+  -o, --overload                    override existing env variables
+  --convention <name>               load a .env convention (available conventions: ['nextjs'])
+  -h, --help                        display help for command
 
-  $ dotenvx encrypt -k HELLO2
-  ✔ encrypted (.env)
-  ```
+Examples:
 
-  Even specify a glob pattern.
+  $ dotenvx run -- npm run dev
+  $ dotenvx run -- flask --app index run
+  $ dotenvx run -- php artisan serve
+  $ dotenvx run -- bin/rails s
 
-  ```sh
-  $ echo "HELLO=World\nHOLA=Mundo" > .env
+Try it:
 
-  $ dotenvx encrypt -k "HE*"
-  ✔ encrypted (.env)
-  ```
+  $ echo "HELLO=World" > .env
+  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
 
-  </details>
-* <details><summary>`encrypt -ek`</summary><br>
+  $ dotenvx run -- node index.js
+  [dotenvx@1.X.X] injecting env (1) from .env
+  Hello World
+```
 
-  Specify the key(s) to NOT encrypt by passing `--exclude-key`.
+</details>
+<details><summary>`--version`</summary><br>
 
-  ```sh
-  $ echo "HELLO=World\nHELLO2=Universe" > .env
+Check current version of `dotenvx`.
 
-  $ dotenvx encrypt -ek HELLO
-  ✔ encrypted (.env)
-  ```
+```sh
+$ dotenvx --version
+X.X.X
+```
 
-  Even specify a glob pattern.
+</details>
 
-  ```sh
-  $ echo "HELLO=World\nHOLA=Mundo" > .env
+### Extensions 🔌
 
-  $ dotenvx encrypt -ek "HO*"
-  ✔ encrypted (.env)
-  ```
+CLI extensions.
 
-  </details>
-* <details><summary>`encrypt --stdout`</summary><br>
+<details><summary>`ext genexample`</summary><br>
 
-  Encrypt the contents of a `.env` file and send to stdout.
+In one command, generate a `.env.example` file from your current `.env` file contents.
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ dotenvx encrypt --stdout
-  #/-------------------[DOTENV_PUBLIC_KEY]--------------------/
-  #/            public-key encryption for .env files          /
-  #/       [how it works](https://dotenvx.com/encryption)     /
-  #/----------------------------------------------------------/
-  DOTENV_PUBLIC_KEY="034af93e93708b994c10f236c96ef88e47291066946cce2e8d98c9e02c741ced45"
-  # .env
-  HELLO="encrypted:BDqDBibm4wsYqMpCjTQ6BsDHmMadg9K3dAt+Z9HPMfLEIRVz50hmLXPXRuDBXaJi/LwWYEVUNiq0HISrslzQPaoyS8Lotg3gFWJTsNCdOWnqpjF2xNUX2RQiP05kAbEXM6MWVjDr"
-  ```
-
-  or send to a file:
-
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ dotenvx encrypt --stdout > somefile.txt
-  ```
+```sh
+$ echo "HELLO=World" > .env
 
-  </details>
-* <details><summary>`decrypt`</summary><br>
+$ dotenvx ext genexample
+✔ updated .env.example (1)
+```
 
-  Decrypt the contents of an encrypted `.env` file to an unencrypted `.env` file.
+```ini
+# .env.example
+HELLO=""
+```
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ dotenvx encrypt
-  ✔ encrypted (.env)
-  $ dotenvx decrypt
-  ✔ decrypted (.env)
-  ```
+</details>
+<details><summary>`ext genexample -f`</summary><br>
 
-  </details>
-* <details><summary>`decrypt -f`</summary><br>
+Pass multiple `.env` files to generate your `.env.example` file from the combination of their contents.
 
-  Decrypt the contents of a specified encrypted `.env` file to an unencrypted `.env` file.
+```sh
+$ echo "HELLO=World" > .env
+$ echo "DB_HOST=example.com" > .env.production
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ echo "HELLO=Production" > .env.production
-
-  $ dotenvx encrypt -f .env.production
-  ✔ encrypted (.env.production)
-  $ dotenvx decrypt -f .env.production
-  ✔ decrypted (.env.production)
-  ```
-
-  </details>
-* <details><summary>`decrypt -fk`</summary><br>
-
-  Specify path to `.env.keys`. This is useful with monorepos.
-
-  ```sh
-  $ mkdir -p apps/app1
-  $ echo "HELLO=World" > apps/app1/.env
-
-  $ dotenvx encrypt -fk .env.keys -f apps/app1/.env
-  ✔ encrypted (apps/app1/.env)
-  $ dotenvx decrypt -fk .env.keys -f apps/app1/.env
-  ✔ decrypted (apps/app1/.env)
-  ```
-
-  </details>
-* <details><summary>`decrypt -k`</summary><br>
-
-  Decrypt the contents of a specified key inside an encrypted `.env` file.
-
-  ```sh
-  $ echo "HELLO=World\nHOLA=Mundo" > .env
-  $ dotenvx encrypt
-  ✔ encrypted (.env)
-  $ dotenvx decrypt -k HELLO
-  ✔ decrypted (.env)
-  ```
-
-  Even specify a glob pattern.
-
-  ```sh
-  $ echo "HELLO=World\nHOLA=Mundo" > .env
-  $ dotenvx encrypt
-  ✔ encrypted (.env)
-  $ dotenvx decrypt -k "HE*"
-  ✔ encrypted (.env)
-  ```
-
-  </details>
-* <details><summary>`decrypt -ek`</summary><br>
-
-  Decrypt the contents inside an encrypted `.env` file except for an excluded key.
-
-  ```sh
-  $ echo "HELLO=World\nHOLA=Mundo" > .env
-  $ dotenvx encrypt
-  ✔ encrypted (.env)
-  $ dotenvx decrypt -ek HOLA
-  ✔ decrypted (.env)
-  ```
-
-  Even specify a glob pattern.
-
-  ```sh
-  $ echo "HELLO=World\nHOLA=Mundo" > .env
-  $ dotenvx encrypt
-  ✔ encrypted (.env)
-  $ dotenvx decrypt -ek "HO*"
-  ✔ encrypted (.env)
-  ```
-
-  </details>
-* <details><summary>`decrypt --stdout`</summary><br>
-
-  Decrypt the contents of an encrypted `.env` file and send to stdout.
-
-  ```sh
-  $ dotenvx decrypt --stdout
-  #/-------------------[DOTENV_PUBLIC_KEY]--------------------/
-  #/            public-key encryption for .env files          /
-  #/       [how it works](https://dotenvx.com/encryption)     /
-  #/----------------------------------------------------------/
-  DOTENV_PUBLIC_KEY="034af93e93708b994c10f236c96ef88e47291066946cce2e8d98c9e02c741ced45"
-  # .env
-  HELLO="World"
-  ```
-
-  or send to a file:
-
-  ```sh
-  $ dotenvx decrypt --stdout > somefile.txt
-  ```
-
-  </details>
-* <details><summary>`keypair`</summary><br>
-
-  Print public/private keys for `.env` file.
-
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ dotenvx encrypt
+$ dotenvx ext genexample -f .env -f .env.production
+✔ updated .env.example (2)
+```
 
-  $ dotenvx keypair
-  {"DOTENV_PUBLIC_KEY":"<publicKey>","DOTENV_PRIVATE_KEY":"<privateKey>"}
-  ```
+```ini
+# .env.example
+HELLO=""
+DB_HOST=""
+```
 
-  </details>
-* <details><summary>`keypair -f`</summary><br>
+</details>
+<details><summary>`ext genexample directory`</summary><br>
 
-  Print public/private keys for `.env.production` file.
+Generate a `.env.example` file inside the specified directory. Useful for monorepos.
 
-  ```sh
-  $ echo "HELLO=Production" > .env.production
-  $ dotenvx encrypt -f .env.production
+```sh
+$ echo "HELLO=World" > .env
+$ mkdir -p apps/backend
+$ echo "HELLO=Backend" > apps/backend/.env
 
-  $ dotenvx keypair -f .env.production
-  {"DOTENV_PUBLIC_KEY_PRODUCTION":"<publicKey>","DOTENV_PRIVATE_KEY_PRODUCTION":"<privateKey>"}
-  ```
+$ dotenvx ext genexample apps/backend
+✔ updated .env.example (1)
+```
 
-  </details>
-* <details><summary>`keypair -fk`</summary><br>
+```ini
+# apps/backend/.env.example
+HELLO=""
+```
 
-  Specify path to `.env.keys`. This is useful for printing public/private keys for monorepos.
+</details>
+<details><summary>`ext gitignore`</summary><br>
 
-  ```sh
-  $ mkdir -p apps/app1
-  $ echo "HELLO=World" > apps/app1/.env
-  $ dotenvx encrypt -fk .env.keys -f apps/app1/.env
+Gitignore your `.env` files.
 
-  $ dotenvx keypair -fk .env.keys -f apps/app1/.env
-  {"DOTENV_PUBLIC_KEY":"<publicKey>","DOTENV_PRIVATE_KEY":"<privateKey>"}
-  ```
+```sh
+$ dotenvx ext gitignore
+✔ ignored .env* (.gitignore)
+```
 
-  </details>
-* <details><summary>`keypair DOTENV_PRIVATE_KEY`</summary><br>
+</details>
+<details><summary>`ext gitignore --pattern`</summary><br>
 
-  Print specific keypair for `.env` file.
+Gitignore specific pattern(s) of `.env` files.
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ dotenvx encrypt
+```sh
+$ dotenvx ext gitignore --pattern .env.keys
+✔ ignored .env.keys (.gitignore)
+```
 
-  $ dotenvx keypair DOTENV_PRIVATE_KEY
-  <privateKey>
-  ```
+</details>
+<details><summary>`ext precommit`</summary><br>
 
-  </details>
-* <details><summary>`keypair --format shell`</summary><br>
+Prevent `.env` files from being committed to code.
 
-  Print a shell formatted response of public/private keys.
+```sh
+$ dotenvx ext precommit
+[dotenvx][precommit] .env files (1) protected (encrypted or gitignored)
+```
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ dotenx encrypt
-
-  $ dotenvx keypair --format shell
-  DOTENV_PUBLIC_KEY=<publicKey> DOTENV_PRIVATE_KEY=<privateKey>
-  ```
-
-  </details>
-* <details><summary>`ls`</summary><br>
-
-  Print all `.env` files in a tree structure.
-
-  ```sh
-  $ touch .env
-  $ touch .env.production
-  $ mkdir -p apps/backend
-  $ touch apps/backend/.env
-
-  $ dotenvx ls
-  ├─ .env.production
-  ├─ .env
-  └─ apps
-     └─ backend
-        └─ .env
-  ```
-
-  </details>
-* <details><summary>`ls directory`</summary><br>
-
-  Print all `.env` files inside a specified path to a directory.
-
-  ```sh
-  $ touch .env
-  $ touch .env.production
-  $ mkdir -p apps/backend
-  $ touch apps/backend/.env
-
-  $ dotenvx ls apps/backend
-  └─ .env
-  ```
-
-  </details>
-* <details><summary>`ls -f`</summary><br>
-
-  Glob `.env` filenames matching a wildcard.
-
-  ```sh
-  $ touch .env
-  $ touch .env.production
-  $ mkdir -p apps/backend
-  $ touch apps/backend/.env
-  $ touch apps/backend/.env.prod
-
-  $ dotenvx ls -f **/.env.prod*
-  ├─ .env.production
-  └─ apps
-     └─ backend
-        └─ .env.prod
-  ```
-
-  </details>
-* <details><summary>`ls -ef`</summary><br>
-
-  Glob `.env` filenames excluding a wildcard.
-
-  ```sh
-  $ touch .env
-  $ touch .env.production
-  $ mkdir -p apps/backend
-  $ touch apps/backend/.env
-  $ touch apps/backend/.env.prod
-  
-  $ dotenvx ls -ef '**/.env.prod*'
-  ├─ .env
-  └─ apps
-     └─ backend
-        └─ .env
-  ```
-
-  </details>
-* <details><summary>`rotate`</summary><br>
-
-  Rotate public/private keys for `.env` file and re-encrypt all encrypted values.
-
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ dotenvx encrypt
-  ✔ encrypted (.env)
-  $ dotenvx rotate
-  ✔ rotated (.env)
-  ```
+</details>
+<details><summary>`ext precommit --install`</summary><br>
 
-  </details>
-* <details><summary>`rotate -f`</summary><br>
+Install a shell script to `.git/hooks/pre-commit` to prevent accidentally committing any `.env` files to source control.
 
-  Rotate public/private keys for a specified encrypted `.env` file and re-encrypt all encrypted values.
+```sh
+$ dotenvx ext precommit --install
+[dotenvx][precommit] dotenvx ext precommit installed [.git/hooks/pre-commit]
+```
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ echo "HELLO=Production" > .env.production
+</details>
+<details><summary>`ext precommit directory`</summary><br>
 
-  $ dotenvx encrypt -f .env.production
-  ✔ encrypted (.env.production)
-  $ dotenvx rotate -f .env.production
-  ✔ rotated (.env.production)
-  ```
-
-  </details>
-* <details><summary>`rotate -fk`</summary><br>
-
-  Specify path to `.env.keys`. This is useful with monorepos.
-
-  ```sh
-  $ mkdir -p apps/app1
-  $ echo "HELLO=World" > apps/app1/.env
-
-  $ dotenvx encrypt -fk .env.keys -f apps/app1/.env
-  ✔ encrypted (apps/app1/.env)
-  $ dotenvx rotate -fk .env.keys -f apps/app1/.env
-  ✔ rotated (apps/app1/.env)
-  ```
-
-  </details>
-* <details><summary>`rotate -k`</summary><br>
-
-  Rotate the contents of a specified key inside an encrypted `.env` file.
-
-  ```sh
-  $ echo "HELLO=World\nHOLA=Mundo" > .env
-  $ dotenvx encrypt
-  ✔ encrypted (.env)
-  $ dotenvx rotate -k HELLO
-  ✔ rotated (.env)
-  ```
-
-  Even specify a glob pattern.
-
-  ```sh
-  $ echo "HELLO=World\nHOLA=Mundo" > .env
-  $ dotenvx encrypt
-  ✔ encrypted (.env)
-  $ dotenvx rotate -k "HE*"
-  ✔ rotated (.env)
-  ```
-
-  </details>
-* <details><summary>`rotate -ek`</summary><br>
-
-  Rotate the encrypted contents inside an encrypted `.env` file except for an excluded key.
-
-  ```sh
-  $ echo "HELLO=World\nHOLA=Mundo" > .env
-  $ dotenvx encrypt
-  ✔ encrypted (.env)
-  $ dotenvx rotate -ek HOLA
-  ✔ rotated (.env)
-  ```
-
-  Even specify a glob pattern.
-
-  ```sh
-  $ echo "HELLO=World\nHOLA=Mundo" > .env
-  $ dotenvx encrypt
-  ✔ encrypted (.env)
-  $ dotenvx rotate -ek "HO*"
-  ✔ rotated (.env)
-  ```
-
-  </details>
-* <details><summary>`rotate --stdout`</summary><br>
-
-  Rotate the contents of an encrypted `.env` file and send to stdout.
-
-  ```sh
-  $ dotenvx rotate --stdout
-  #/-------------------[DOTENV_PUBLIC_KEY]--------------------/
-  #/            public-key encryption for .env files          /
-  #/       [how it works](https://dotenvx.com/encryption)     /
-  #/----------------------------------------------------------/
-  DOTENV_PUBLIC_KEY="034af93e93708b994c10f236c96ef88e47291066946cce2e8d98c9e02c741ced45"
-  # .env
-  HELLO="encrypted:12345"
-  ```
-
-  or send to a file:
-
-  ```sh
-  $ dotenvx rotate --stdout > somefile.txt
-  ```
-
-  </details>
-* <details><summary>`help`</summary><br>
-
-  Output help for `dotenvx`.
-
-  ```sh
-  $ dotenvx help
-  Usage: dotenvx run -- yourcommand
-
-  a better dotenv–from the creator of `dotenv`
-
-  Options:
-    -l, --log-level <level>      set log level (default: "info")
-    -q, --quiet                  sets log level to error
-    -v, --verbose                sets log level to verbose
-    -d, --debug                  sets log level to debug
-    -V, --version                output the version number
-    -h, --help                   display help for command
-
-  Commands:
-    run                inject env at runtime [dotenvx run -- yourcommand]
-    get [KEY]          return a single environment variable
-    set <KEY> <value>  set a single environment variable
-    encrypt            convert .env file(s) to encrypted .env file(s)
-    decrypt            convert encrypted .env file(s) to plain .env file(s)
-    keypair [KEY]      print public/private keys for .env file(s)
-    ls [directory]     print all .env files in a tree structure
-   
-  Advanced: 
-    pro                          🏆 pro
-    ext                          🔌 extensions
-  ```
-
-  You can get more detailed help per command with `dotenvx help COMMAND`.
-
-  ```sh
-  $ dotenvx help run
-  Usage: @dotenvx/dotenvx run [options]
-
-  inject env at runtime [dotenvx run -- yourcommand]
-
-  Options:
-    -e, --env <strings...>            environment variable(s) set as string (example: "HELLO=World") (default: [])
-    -f, --env-file <paths...>         path(s) to your env file(s) (default: [])
-    -fv, --env-vault-file <paths...>  path(s) to your .env.vault file(s) (default: [])
-    -o, --overload                    override existing env variables
-    --convention <name>               load a .env convention (available conventions: ['nextjs'])
-    -h, --help                        display help for command
-
-  Examples:
-
-    $ dotenvx run -- npm run dev
-    $ dotenvx run -- flask --app index run
-    $ dotenvx run -- php artisan serve
-    $ dotenvx run -- bin/rails s
-
-  Try it:
-
-    $ echo "HELLO=World" > .env
-    $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
-
-    $ dotenvx run -- node index.js
-    [dotenvx@1.X.X] injecting env (1) from .env
-    Hello World
-  ```
-
-  </details>
-* <details><summary>`--version`</summary><br>
-
-  Check current version of `dotenvx`.
-
-  ```sh
-  $ dotenvx --version
-  X.X.X
-  ```
+Prevent `.env` files from being committed to code inside a specified path to a directory.
 
-  </details>
+```sh
+$ echo "HELLO=World" > .env
+$ mkdir -p apps/backend
+$ echo "HELLO=Backend" > apps/backend/.env
 
-### Extensions 🔌
+$ dotenvx ext precommit apps/backend
+[dotenvx][precommit] apps/backend/.env not protected (encrypted or gitignored)
+```
 
-CLI extensions.
+</details>
+<details><summary>`ext prebuild`</summary><br>
 
-* <details><summary>`ext genexample`</summary><br>
+Prevent `.env` files from being built into your docker containers.
 
-  In one command, generate a `.env.example` file from your current `.env` file contents.
+Add it to your `Dockerfile`.
 
-  ```sh
-  $ echo "HELLO=World" > .env
+```sh
+# Dockerfile
+RUN curl -fsS https://dotenvx.sh | sh
 
-  $ dotenvx ext genexample
-  ✔ updated .env.example (1)
-  ```
+...
 
-  ```ini
-  # .env.example
-  HELLO=""
-  ```
+RUN dotenvx ext prebuild
+CMD ["dotenvx", "run", "--", "node", "index.js"]
+```
 
-  </details>
-* <details><summary>`ext genexample -f`</summary><br>
+</details>
+<details><summary>`ext prebuild directory`</summary><br>
 
-  Pass multiple `.env` files to generate your `.env.example` file from the combination of their contents.
+Prevent `.env` files from being built into your docker containers inside a specified path to a directory.
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ echo "DB_HOST=example.com" > .env.production
+Add it to your `Dockerfile`.
 
-  $ dotenvx ext genexample -f .env -f .env.production
-  ✔ updated .env.example (2)
-  ```
+```sh
+# Dockerfile
+RUN curl -fsS https://dotenvx.sh | sh
 
-  ```ini
-  # .env.example
-  HELLO=""
-  DB_HOST=""
-  ```
+...
 
-  </details>
-* <details><summary>`ext genexample directory`</summary><br>
+RUN dotenvx ext prebuild apps/backend
+CMD ["dotenvx", "run", "--", "node", "apps/backend/index.js"]
+```
 
-  Generate a `.env.example` file inside the specified directory. Useful for monorepos.
+</details>
+<details><summary>`ext scan`</summary><br>
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ mkdir -p apps/backend
-  $ echo "HELLO=Backend" > apps/backend/.env
+Scan for leaked secrets.
 
-  $ dotenvx ext genexample apps/backend
-  ✔ updated .env.example (1)
-  ```
+```sh
+$ dotenvx ext scan
+100 commits scanned.
+no leaks found
+```
 
-  ```ini
-  # apps/backend/.env.example
-  HELLO=""
-  ```
+Uses [gitleaks](https://gitleaks.io) under the hood.
 
-  </details>
-* <details><summary>`ext gitignore`</summary><br>
+</details>
 
-  Gitignore your `.env` files.
+### Library 📦
 
-  ```sh
-  $ dotenvx ext gitignore
-  ✔ ignored .env* (.gitignore)
-  ```
+Use dotenvx directly in code.
 
-  </details>
-* <details><summary>`ext gitignore --pattern`</summary><br>
+<details><summary>`config()`</summary><br>
 
-  Gitignore specific pattern(s) of `.env` files.
+Use directly in node.js code.
 
-  ```sh
-  $ dotenvx ext gitignore --pattern .env.keys
-  ✔ ignored .env.keys (.gitignore)
-  ```
+```ini
+# .env
+HELLO="World"
+```
 
-  </details>
-* <details><summary>`ext precommit`</summary><br>
+```js
+// index.js
+require('@dotenvx/dotenvx').config()
 
-  Prevent `.env` files from being committed to code.
+console.log(`Hello ${process.env.HELLO}`)
+```
 
-  ```sh
-  $ dotenvx ext precommit
-  [dotenvx][precommit] .env files (1) protected (encrypted or gitignored)
-  ```
+```sh
+$ node index.js
+[dotenvx@1.X.X] injecting env (1) from .env
+Hello World
+```
 
-  </details>
-* <details><summary>`ext precommit --install`</summary><br>
+It defaults to looking for a `.env` file.
 
-  Install a shell script to `.git/hooks/pre-commit` to prevent accidentally committing any `.env` files to source control.
+</details>
+<details><summary>`config(path: ['.env.local', '.env'])` - multiple files</summary><br>
 
-  ```sh
-  $ dotenvx ext precommit --install
-  [dotenvx][precommit] dotenvx ext precommit installed [.git/hooks/pre-commit]
-  ```
+Specify path(s) to multiple .env files.
 
-  </details>
-* <details><summary>`ext precommit directory`</summary><br>
+```ini
+# .env.local
+HELLO="Me"
+```
 
-  Prevent `.env` files from being committed to code inside a specified path to a directory.
+```ini
+# .env
+HELLO="World"
+```
 
-  ```sh
-  $ echo "HELLO=World" > .env
-  $ mkdir -p apps/backend
-  $ echo "HELLO=Backend" > apps/backend/.env
-  
-  $ dotenvx ext precommit apps/backend
-  [dotenvx][precommit] apps/backend/.env not protected (encrypted or gitignored)
-  ```
+```js
+// index.js
+require('@dotenvx/dotenvx').config({path: ['.env.local', '.env']})
 
-  </details>
-* <details><summary>`ext prebuild`</summary><br>
+// esm
+// import dotenvx from "@dotenvx/dotenvx";
+// dotenvx.config({path: ['.env.local', '.env']});
 
-  Prevent `.env` files from being built into your docker containers.
+console.log(`Hello ${process.env.HELLO}`)
+```
 
-  Add it to your `Dockerfile`.
+```sh
+$ node index.js
+[dotenvx@1.X.X] injecting env (1) from .env.local, .env
+Hello Me
+```
 
-  ```sh
-  # Dockerfile
-  RUN curl -fsS https://dotenvx.sh | sh
+</details>
+<details><summary>`config(overload: true)` - overload</summary><br>
 
-  ...
+Use `overload` to overwrite the prior set value.
 
-  RUN dotenvx ext prebuild
-  CMD ["dotenvx", "run", "--", "node", "index.js"]
-  ```
+```ini
+# .env.local
+HELLO="Me"
+```
 
-  </details>
-* <details><summary>`ext prebuild directory`</summary><br>
+```ini
+# .env
+HELLO="World"
+```
 
-  Prevent `.env` files from being built into your docker containers inside a specified path to a directory.
+```js
+// index.js
+require('@dotenvx/dotenvx').config({path: ['.env.local', '.env'], overload: true})
 
-  Add it to your `Dockerfile`.
+// esm
+// import dotenvx from "@dotenvx/dotenvx";
+// dotenvx.config({path: ['.env.local', '.env'], overload: true});
 
-  ```sh
-  # Dockerfile
-  RUN curl -fsS https://dotenvx.sh | sh
+console.log(`Hello ${process.env.HELLO}`)
+```
 
-  ...
+```sh
+$ node index.js
+[dotenvx@1.X.X] injecting env (1) from .env.local, .env
+Hello World
+```
 
-  RUN dotenvx ext prebuild apps/backend
-  CMD ["dotenvx", "run", "--", "node", "apps/backend/index.js"]
-  ```
+</details>
+<details><summary>`config(quiet: true)` - quiet</summary><br>
 
-  </details>
-* <details><summary>`ext scan`</summary><br>
+Suppress all output (except errors).
 
-  Scan for leaked secrets.
+```ini
+# .env
+HELLO="World"
+```
 
-  ```sh
-  $ dotenvx ext scan
-  100 commits scanned.
-  no leaks found
-  ```
+```js
+// index.js
+require('@dotenvx/dotenvx').config({path: ['.env.missing', '.env'], quiet: true})
 
-  Uses [gitleaks](https://gitleaks.io) under the hood.
+// esm
+// import dotenvx from "@dotenvx/dotenvx";
+// dotenvx.config({path: ['.env.missing', '.env'], quiet: true});
 
-  </details>
+console.log(`Hello ${process.env.HELLO}`)
+```
 
-### Library 📦
+```sh
+$ node index.js
+Error: [MISSING_ENV_FILE] missing .env.missing file (/path/to/.env.missing)
+Hello World
+```
 
-Use dotenvx directly in code.
+</details>
+<details><summary>`config(strict: true)` - strict</summary><br>
 
-* <details><summary>`config()`</summary><br>
+Exit with code `1` if any errors are encountered - like a missing .env file or decryption failure.
 
-  Use directly in node.js code.
+```ini
+# .env
+HELLO="World"
+```
 
-  ```ini
-  # .env
-  HELLO="World"
-  ```
+```js
+// index.js
+require('@dotenvx/dotenvx').config({path: ['.env.missing', '.env'], strict: true})
 
-  ```js
-  // index.js
-  require('@dotenvx/dotenvx').config()
+// esm
+// import dotenvx from "@dotenvx/dotenvx";
+// dotenvx.config({path: ['.env.missing', '.env'], strict: true});
 
-  console.log(`Hello ${process.env.HELLO}`)
-  ```
+console.log(`Hello ${process.env.HELLO}`)
+```
 
-  ```sh
-  $ node index.js
-  [dotenvx@1.X.X] injecting env (1) from .env
-  Hello World
-  ```
+```sh
+$ node index.js
+Error: [MISSING_ENV_FILE] missing .env.missing file (/path/to/.env.missing)
+```
 
-  It defaults to looking for a `.env` file.
+</details>
+<details><summary>`config(ignore:)` - ignore</summary><br>
 
-  </details>
-* <details><summary>`config(path: ['.env.local', '.env'])` - multiple files</summary><br>
+Use `ignore` to suppress specific errors like `MISSING_ENV_FILE`.
 
-  Specify path(s) to multiple .env files.
+```ini
+# .env
+HELLO="World"
+```
 
-  ```ini
-  # .env.local
-  HELLO="Me"
-  ```
+```js
+// index.js
+require('@dotenvx/dotenvx').config({path: ['.env.missing', '.env'], ignore: ['MISSING_ENV_FILE']})
 
-  ```ini
-  # .env
-  HELLO="World"
-  ```
+// esm
+// import dotenvx from "@dotenvx/dotenvx";
+// dotenvx.config({path: ['.env.missing', '.env'], ignore: ['MISSING_ENV_FILE']});
 
-  ```js
-  // index.js
-  require('@dotenvx/dotenvx').config({path: ['.env.local', '.env']})
+console.log(`Hello ${process.env.HELLO}`)
+```
 
-  // esm
-  // import dotenvx from "@dotenvx/dotenvx";
-  // dotenvx.config({path: ['.env.local', '.env']});
+```sh
+$ node index.js
+[dotenvx@1.X.X] injecting env (1) from .env
+Hello World
+```
 
-  console.log(`Hello ${process.env.HELLO}`)
-  ```
+</details>
+<details><summary>`config(envKeysFile:)` - envKeysFile</summary><br>
 
-  ```sh
-  $ node index.js
-  [dotenvx@1.X.X] injecting env (1) from .env.local, .env
-  Hello Me
-  ```
+Use `envKeysFile` to customize the path to your `.env.keys` file. This is useful with monorepos.
 
-  </details>
-* <details><summary>`config(overload: true)` - overload</summary><br>
+```ini
+# .env
+HELLO="World"
+```
 
-  Use `overload` to overwrite the prior set value.
+```js
+// index.js
+require('@dotenvx/dotenvx').config({path: ['.env'], envKeysFile: '../../.env.keys'})
+```
 
-  ```ini
-  # .env.local
-  HELLO="Me"
-  ```
+</details>
+<details><summary>`parse(src)`</summary><br>
 
-  ```ini
-  # .env
-  HELLO="World"
-  ```
+Parse a `.env` string directly in node.js code.
 
-  ```js
-  // index.js
-  require('@dotenvx/dotenvx').config({path: ['.env.local', '.env'], overload: true})
+```js
+// index.js
+const dotenvx = require('@dotenvx/dotenvx')
+const src = 'HELLO=World'
+const parsed = dotenvx.parse(src)
+console.log(`Hello ${parsed.HELLO}`)
+```
 
-  // esm
-  // import dotenvx from "@dotenvx/dotenvx";
-  // dotenvx.config({path: ['.env.local', '.env'], overload: true});
+```sh
+$ node index.js
+Hello World
+```
 
-  console.log(`Hello ${process.env.HELLO}`)
-  ```
+</details>
+<details><summary>`parse(src, {processEnv:})`</summary><br>
 
-  ```sh
-  $ node index.js
-  [dotenvx@1.X.X] injecting env (1) from .env.local, .env
-  Hello World
-  ```
+Sometimes, you want to run `parse` without it accessing `process.env`. (You can pass a fake processEnv this way as well - sometimes useful.)
 
-  </details>
-* <details><summary>`config(quiet: true)` - quiet</summary><br>
+```js
+// index.js
+const dotenvx = require('@dotenvx/dotenvx')
+const src = 'USER=Me'
+const parsed = dotenvx.parse(src, { processEnv: {} })
+console.log(`Hello ${parsed.USER}`)
+```
 
-  Suppress all output (except errors).
+```sh
+$ node index.js
+Hello Me
+```
 
-  ```ini
-  # .env
-  HELLO="World"
-  ```
+</details>
+<details><summary>`parse(src, {privateKey:})`</summary><br>
 
-  ```js
-  // index.js
-  require('@dotenvx/dotenvx').config({path: ['.env.missing', '.env'], quiet: true})
+Decrypt an encrypted `.env` string with `privateKey`.
 
-  // esm
-  // import dotenvx from "@dotenvx/dotenvx";
-  // dotenvx.config({path: ['.env.missing', '.env'], quiet: true});
+```js
+// index.js
+const dotenvx = require('@dotenvx/dotenvx')
+const src = 'HELLO="encrypted:BE9Y7LKANx77X1pv1HnEoil93fPa5c9rpL/1ps48uaRT9zM8VR6mHx9yM+HktKdsPGIZELuZ7rr2mn1gScsmWitppAgE/1lVprNYBCqiYeaTcKXjDUXU5LfsEsflnAsDhT/kWG1l"'
+const parsed = dotenvx.parse(src, { privateKey: 'a4547dcd9d3429615a3649bb79e87edb62ee6a74b007075e9141ae44f5fb412c' })
+console.log(`Hello ${parsed.HELLO}`)
+```
 
-  console.log(`Hello ${process.env.HELLO}`)
-  ```
+```sh
+$ node index.js
+Hello World
+```
+</details>
+<details><summary>`set(KEY, value)`</summary><br>
 
-  ```sh
-  $ node index.js
-  Error: [MISSING_ENV_FILE] missing .env.missing file (/path/to/.env.missing)
-  Hello World
-  ```
+Programmatically set an environment variable. 
 
-  </details>
-* <details><summary>`config(strict: true)` - strict</summary><br>
+```js
+// index.js
+const dotenvx = require('@dotenvx/dotenvx')
+dotenvx.set('HELLO', 'World', { path: '.env' })
+```
 
-  Exit with code `1` if any errors are encountered - like a missing .env file or decryption failure.
+</details>
+<details><summary>`get(KEY)` - <i>Decryption at Access</i></summary><br>
 
-  ```ini
-  # .env
-  HELLO="World"
-  ```
+Programmatically get an environment variable at access/runtime.
 
-  ```js
-  // index.js
-  require('@dotenvx/dotenvx').config({path: ['.env.missing', '.env'], strict: true})
+```js
+// index.js
+const dotenvx = require('@dotenvx/dotenvx')
+const decryptedValue = dotenvx.get('HELLO')
+console.log(decryptedValue)
+```
 
-  // esm
-  // import dotenvx from "@dotenvx/dotenvx";
-  // dotenvx.config({path: ['.env.missing', '.env'], strict: true});
+This is known as *Decryption at Access* and is written about in [the whitepaper](https://dotenvx.com/dotenvx.pdf).
 
-  console.log(`Hello ${process.env.HELLO}`)
-  ```
+</details>
 
-  ```sh
-  $ node index.js
-  Error: [MISSING_ENV_FILE] missing .env.missing file (/path/to/.env.missing)
-  ```
+&nbsp;
 
-  </details>
-* <details><summary>`config(ignore:)` - ignore</summary><br>
+## Radar 📡
 
-  Use `ignore` to suppress specific errors like `MISSING_ENV_FILE`.
+> [Dotenvx Radar](https://dotenvx.com/radar) is a commercial extension for [dotenvx](https://github.com/dotenvx/dotenvx).
 
-  ```ini
-  # .env
-  HELLO="World"
-  ```
+*Observe, version, and back up your environment variables at runtime.*
 
-  ```js
-  // index.js
-  require('@dotenvx/dotenvx').config({path: ['.env.missing', '.env'], ignore: ['MISSING_ENV_FILE']})
+### Usage
 
-  // esm
-  // import dotenvx from "@dotenvx/dotenvx";
-  // dotenvx.config({path: ['.env.missing', '.env'], ignore: ['MISSING_ENV_FILE']});
+```sh
+1. Install Radar
 
-  console.log(`Hello ${process.env.HELLO}`)
-  ```
+$ curl -sfS https://dotenvx.sh/radar | sh
 
-  ```sh
-  $ node index.js
-  [dotenvx@1.X.X] injecting env (1) from .env
-  Hello World
-  ```
+2. Log in
 
-  </details>
-* <details><summary>`config(envKeysFile:)` - envKeysFile</summary><br>
+$ dotenvx-radar login
+✔ logged in [username]
 
-  Use `envKeysFile` to customize the path to your `.env.keys` file. This is useful with monorepos.
+3. Run dotenvx
 
-  ```ini
-  # .env
-  HELLO="World"
-  ```
+$ dotenvx run -- yourcommand
+[dotenvx@1.0.0] 📡 radar active
+[dotenvx@1.0.0] injecting env (1) from .env
+```
 
-  ```js
-  // index.js
-  require('@dotenvx/dotenvx').config({path: ['.env'], envKeysFile: '../../.env.keys'})
-  ```
+That's it! Your environment variables are auto-observed and backed up by [Radar](https://dotenvx.com/radar).
 
-  </details>
-* <details><summary>`parse(src)`</summary><br>
+### UI
 
-  Parse a `.env` string directly in node.js code.
+![dotenvx-radar](https://dotenvx.com/radar/ui.png)
 
-  ```js
-  // index.js
-  const dotenvx = require('@dotenvx/dotenvx')
-  const src = 'HELLO=World'
-  const parsed = dotenvx.parse(src)
-  console.log(`Hello ${parsed.HELLO}`)
-  ```
+### CLI
 
-  ```sh
-  $ node index.js
-  Hello World
-  ```
+<details><summary>`login`</summary><br>
 
-  </details>
-* <details><summary>`parse(src, {processEnv:})`</summary><br>
+Log in to [radar](https://dotenvx.com/radar).
 
-  Sometimes, you want to run `parse` without it accessing `process.env`. (You can pass a fake processEnv this way as well - sometimes useful.)
+```sh
+$ dotenvx-radar login
+press Enter to open [https://radar.dotenvx.com/login/device] and enter code [D9C1-03BC]... (Y/n)
+⠹ waiting on browser authorization
+✔ logged in [username] to this device and activated token [dxo_6kjPifI…]
+```
 
-  ```js
-  // index.js
-  const dotenvx = require('@dotenvx/dotenvx')
-  const src = 'USER=Me'
-  const parsed = dotenvx.parse(src, { processEnv: {} })
-  console.log(`Hello ${parsed.USER}`)
-  ```
+</details>
+<details><summary>`logout`</summary><br>
 
-  ```sh
-  $ node index.js
-  Hello Me
-  ```
+Log out of [radar](https://dotenvx.com/radar).
 
-  </details>
-* <details><summary>`parse(src, {privateKey:})`</summary><br>
+```sh
+$ dotenvx-radar logout
+✔ logged out [username] from this device and revoked token [dxo_5ZrwRXV…]
+```
 
-  Decrypt an encrypted `.env` string with `privateKey`.
+</details>
+<details><summary>`status`</summary><br>
 
-  ```js
-  // index.js
-  const dotenvx = require('@dotenvx/dotenvx')
-  const src = 'HELLO="encrypted:BE9Y7LKANx77X1pv1HnEoil93fPa5c9rpL/1ps48uaRT9zM8VR6mHx9yM+HktKdsPGIZELuZ7rr2mn1gScsmWitppAgE/1lVprNYBCqiYeaTcKXjDUXU5LfsEsflnAsDhT/kWG1l"'
-  const parsed = dotenvx.parse(src, { privateKey: 'a4547dcd9d3429615a3649bb79e87edb62ee6a74b007075e9141ae44f5fb412c' })
-  console.log(`Hello ${parsed.HELLO}`)
-  ```
+Check current status of [radar](https://dotenvx.com/radar) - `on` or `off` (logged in or out).
 
-  ```sh
-  $ node index.js
-  Hello World
-  ```
-  </details>
-* <details><summary>`set(KEY, value)`</summary><br>
+```sh
+$ dotenvx-radar status
+on
+```
 
-  Programmatically set an environment variable. 
+</details>
+<details><summary>`settings`</summary><br>
 
-  ```js
-  // index.js
-  const dotenvx = require('@dotenvx/dotenvx')
-  dotenvx.set('HELLO', 'World', { path: '.env' })
-  ```
+Check and configure various settings for [radar](https://dotenvx.com/radar) - `username`, `token`, and more.
 
-  </details>
-* <details><summary>`get(KEY)` - <i>Decryption at Access</i></summary><br>
+```sh
+$ dotenvx-radar settings
+Usage: dotenvx-radar settings [options] [command]
 
-  Programmatically get an environment variable at access/runtime.
+⚙️  settings
 
-  ```js
-  // index.js
-  const dotenvx = require('@dotenvx/dotenvx')
-  const decryptedValue = dotenvx.get('HELLO')
-  console.log(decryptedValue)
-  ```
+Options:
+  -h, --help       display help for command
 
-  This is known as *Decryption at Access* and is written about in [the whitepaper](https://dotenvx.com/dotenvx.pdf).
+Commands:
+  username         print your username
+  token [options]  print your access token (--unmask)
+  hostname         print hostname
+  help [command]   display help for command
+```
 
-  </details>
+</details>
 
 &nbsp;