The new .env destination in 1Password environments makes it easy for developers to use and collaborate on .env files securely, right from the desktop app.
1Password environments provide a secure workspace to store, organize, and manage project secrets – the same credentials you would normally handle as environment variables. Each environment acts as a dedicated space for a project or app, helping teams manage and maintain consistent credentials.
With the new .env file destination, you can use those secrets – stored securely and locally – in your usual workflows. We launched this functionality in beta earlier this month, and have already had some rave reviews:
“Just wanted to drop some feedback after playing around with the new Environments Beta in 1Password. Honestly, I’m loving it so far. The local .env file mounting is just brilliant. Secrets are easy to access without having to run extra commands, but still secure – exactly what I want. Makes switching between machines seamless, too.”
This new integration lets you keep your familiar .env workflow while solving its largest flaws: insecure storage and messy collaboration. Secure storage and access are integrated directly into the 1Password desktop app, meaning no command-line setup, infrastructure changes, or plaintext secrets stored on disk. You and your team can share and update environment variables safely without insecurely passing files or copying secrets into chat.
1Password environments also integrates with AWS Secrets Manager, allowing teams to securely sync and use secrets in production today. Local .env file mounting is now available to everyone using our desktop password manager on Mac and Linux as part of the 1Password environments public beta.
Where .env files fall short
Many developers rely on .env files in development environments to store and load app credentials like API keys, database URLs, and access tokens. The idea traces back to The Twelve-Factor App, which popularized storing configuration in environment variables instead of code or config files. This approach was a major improvement – it moved secrets out of source files – but led to the challenge of .env files storing credentials in plaintext.
Plaintext storage might be manageable for a single developer, but it becomes riskier in a team setting. While developers have tried various methods to simplify this process, from shared folders to dedicated secrets-management tools, these approaches often introduce additional setup time, complexity, and overhead.
Every developer knows the trade-off – .env files are simple but fragile:
- Secrets are stored in plaintext on disk.
- It’s easy to forget to add .env to .gitignore and expose credentials in commits.
- Syncing changes across machines and teammates is laborious.
- Onboarding new developers often means chasing secrets through chats or internal docs.
These problems slow down teams and increase the chance of sensitive data leaks.
Meet 1Password environments: a secure, familiar way to work with .env files without complicating your workflow
1Password environments brings the same trusted protection developers rely on for SSH keys and personal credentials to their .env files. Built directly into our desktop password manager, it lets your apps read the variables they need without secrets being written to disk. When your app requests access, 1Password retrieves the secrets securely. Once they’re read, they’re gone until you need them again.
It’s a simple example of one of our core principles: making the secure thing the easy thing. Developers get the same workflow they already know – just safer, faster, and built into the tools they already use.
Simplify your workflow
1Password environments work with your existing .env tools and libraries – no need to rewrite code or change how you load environment variables.
Instant setup
Create an environment, import your variables, mount your file, and invite your colleagues to collaborate. No admin setup or account-level configuration required.
Zero plaintext
Secrets are not written to disk so won’t appear in your Git history. You can’t accidentally commit them.
Offline access
No more getting blocked when your connection drops: you can now access cached secrets even when offline, a long-standing request from our users.
Built for collaboration
Version history, access control, and automatic updates all live in one place so everyone can stay synced without juggling files.
What’s happening behind the scenes
Here’s how this new functionality works: 1Password environments mounts a .env file at the path you choose. Once you approve access, 1Password passes the data directly to your app through a UNIX pipe. Your applications can read the file as if it were a regular .env file but the file contents are never written to disk.
The mounted file remains available as long as 1Password is running and locks automatically when 1Password is locked. Because the file is mounted virtually, it won’t be tracked by Git, meaning your secrets can’t be staged, committed, or pushed.
This setup allows your apps to interact with a .env file as they normally would without ever exposing or persisting secrets. Everything works as expected, just far more securely.
Get started
Setting up 1Password environments takes just a minute:
- In the 1Password desktop app, head to the Developer section in the sidebar. (If you haven’t already, you’ll need to enable the 1Password Developer experience in Settings.)
- Create or open an environment.
- Import your existing .env file.
- Under Destinations, choose Local .env file.
- Select the file path where you want to mount it.
- Authorize access when prompted.
- Run your app as usual. 1Password provides your secrets securely when needed.
- Delete your old .env file if you haven’t done so already.
1Password environments works out of the box with existing dotenv libraries. You can disable or re-enable mounted .env files anytime from the Destinations tab.
What’s next
1Password environments already integrates with AWS Secrets Manager, making it easy for teams to use it in production. More destinations are on the way.
Looking ahead, we’re focused on expanding support to more developer workflows while continuing to refine the experience based on beta feedback. We’re also exploring options to bring this experience to Windows. (Stay tuned for updates!)
If you’re trying 1Password environments during beta, we’d love your feedback. Join the discussion in the 1Password Community or subscribe to our developer newsletter for updates.
Try 1Password environments today
Get started in the 1Password desktop app and experience a simpler, safer way to work with .env files.
Francine Boulanger
Sr CX Content Developer
