Dotenv File for Secrets

Store local secrets in an .env file, rather than hard-coding

When dealing with local secrets, it is best practice is to keep secrets in an environment variable file, rather than hardcoding these secrets into scripts. A common convention is to use a "dotenv" file, as it is supported by many programming languages and is often appears in .gitignore file templates. The default for a dotenv file is .env (this is the entire filename, not an extension), but most dotenv libraries will support any name.


The practice of keeping secrets in dotenv files is optional, but highly encouraged. This allows you to share scripts without secrets, making those scripts more portable and safer.

Assumption of Environment Variables in Docs

While using the Space and Time docs you will find many examples, most of which use a combination of the sxtcli and .env files to contain secrets. For consistency, these docs will assume the following environment variables are available:

Environment VariableDescription
API_URLBase URL to the Space and Time network, for example
USERIDUserID / UserName for Space and Time authentication
USER_PRIVATE_KEYED25519 Private Key that corresponds to the above USERID
USER_PUBLIC_KEYED25519 Public Key that corresponds to the above USERID
USER_PASSWORDPassword used by Space and Time Studio that corresponds to the above USERID

Dotenv Example

Dotenv files are typically structured so that they can be executed by a shell command, thus loading them as environment variables. An example .env file might look like:



There are no spaces before or after the equal sign. Shell commands in some operating systems can register spaces as valid characters and include them in the variable.

To test, try to authenticate to Space and Time (with valid credentials) by first loading your .env file, then use sxtcli authenticate:

echo "Load .env file"
. ./.env

echo "Login to SxT"
sxtcli authenticate login --url=$API_URL --userId=$USERID --publicKey=$USER_PUBLIC_KEY --privateKey=$USER_PRIVATE_KEY

echo "Save Access Token for later use"

Or, more concisely:

echo "Load .env file and get ACCESS_TOKEN"
. ./.env
ACCESS_TOKEN=$( sxtcli authenticate login --url=$API_URL --userId=$USERID --publicKey=$USER_PUBLIC_KEY --privateKey=$USER_PRIVATE_KEY | awk 'NR==2{ print $2 }' )

Other environment variables you may encounter

While traversing the documents, you may also encounter other environment variables used in examples:

Environment VariableDescription
ACCESS_TOKENBase64 authenticated Access Token that is used to directly access Space and Time
BISCUIT_TOKENBase64 Biscuit Token for decentralized authorization
RESOURCE_PRIVATE_KEYHexidecimal Private Key for a table that is used to create the above BISCUIT_TOKEN
RESOURCE_PUBLIC_KEYHexidecimal Public Key for a table that is used to validate the above BISCUIT_TOKEN
This should match the CREATE TABLE... WITH "public_key=..." public key.