infisical export
Export Infisical secrets from CLI into different file formats
infisical export [options]
Description
Export environment variables from the platform into a file format.
Subcommands & flags
Use this command to export environment variables from the platform into a raw file formats
$ infisical export
# Export variables to a .env file
infisical export > .env
# Export variables to a .env file (with export keyword)
infisical export --format=dotenv-export > .env
# Export variables to a CSV file
infisical export --format=csv > secrets.csv
# Export variables to a JSON file
infisical export --format=json > secrets.json
# Export variables to a YAML file
infisical export --format=yaml > secrets.yaml
# Render secrets using a custom template file
infisical export --template=<path to template>
Environment variables
Used to fetch secrets via a service token apposed to logged in credentials. Simply, export this variable in the terminal before running this command.
# Example
export INFISICAL_TOKEN=st.63e03c4a97cb4a747186c71e.ed5b46a34c078a8f94e8228f4ab0ff97.4f7f38034811995997d72badf44b42ec
Used to disable the check for new CLI versions. This can improve the time it takes to run this command. Recommended for production environments.
To use, simply export this variable in the terminal before running this command.
# Example
export INFISICAL_DISABLE_UPDATE_CHECK=true
flags
The --template flag specifies the path to the template file used for rendering secrets. When using templates, you can omit the other format flags.
{{$secrets := secret "<infisical-project-id>" "<environment-slug>" "<folder-path>"}}
{{$length := len $secrets}}
{{- "{"}}
{{- with $secrets }}
{{- range $index, $secret := . }}
"{{ $secret.Key }}": "{{ $secret.Value }}"{{if lt $index (minus $length 1)}},{{end}}
{{- end }}
{{- end }}
{{ "}" -}}
# Example
infisical export --template="/path/to/template/file"
Used to set the environment that secrets are pulled from.
# Example
infisical export --env=prod
Note: this flag only accepts environment slug names not the fully qualified name. To view the slug name of an environment, visit the project settings page.
default value: dev
By default the project id is retrieved from the .infisical.json located at the root of your local project.
This flag allows you to override this behavior by explicitly defining the project to fetch your secrets from.
# Example
infisical export --projectId=XXXXXXXXXXXXXX
Parse shell parameter expansions in your secrets (e.g., ${DOMAIN})
Default value: true
Format of the output file. Accepted values: dotenv, dotenv-export, csv, json and yaml
Default value: dotenv
Prioritizes personal secrets with the same name over shared secrets
Default value: true
The --path flag indicates which project folder secrets will be injected from.
# Example
infisical export --path="/path/to/folder" --env=dev
When working with tags, you can use this flag to filter and retrieve only secrets that are associated with a specific tag(s).
# Example
infisical run --tags=tag1,tag2,tag3 -- npm run dev
Note: you must reference the tag by its slug name not its fully qualified name. Go to project settings to view all tag slugs.
By default, all secrets are fetched
Was this page helpful?