Skip to main content

Storage Providers

EnvFly CLI supports multiple storage providers for your environment variables, giving you flexibility to choose the solution that best fits your infrastructure and security requirements.

Overview

Storage providers are the backend systems where your encrypted environment variables are stored. Each provider offers different benefits in terms of:
  • Security: Encryption at rest and in transit
  • Performance: Access speed and availability
  • Cost: Storage and bandwidth costs
  • Integration: Native integration with your existing infrastructure
  • Compliance: Meeting regulatory requirements

Available Providers

Provider Comparison

Security Model

Client-Side Encryption

All storage providers use client-side encryption by default:
AES-256-GCM with PBKDF2 key derivation - Key Size: 256 bits - Mode: GCM (Galois/Counter Mode) - Key Derivation: PBKDF2 with 100,000 iterations - Salt: Random 32-byte salt per variable
  • Master Key: Derived from your password/API key - Variable Keys: Unique per variable - Key Storage: Never stored on server - Key Rotation: Automatic with password change
  • Server cannot decrypt your data - Only you have access to encryption keys
  • No backdoor access possible - Compliant with strict security requirements

Provider Selection

When to Use Git

Advantages:
  • ✅ Free and unlimited
  • ✅ Full version control
  • ✅ Works offline
  • ✅ Familiar Git workflow
  • ✅ Easy backup and migration
Considerations:
  • ⚠️ Repository size limits
  • ⚠️ No built-in team features
  • ⚠️ Manual access management

When to Use AWS S3

Advantages:
  • ✅ Highly available and durable
  • ✅ Advanced security features
  • ✅ IAM integration
  • ✅ Cost-effective at scale
  • ✅ Global distribution
Considerations:
  • ⚠️ Requires AWS account
  • ⚠️ Learning curve for IAM
  • ⚠️ Potential costs at scale

When to Use Azure Blob

Advantages:
  • ✅ Enterprise-grade security
  • ✅ Compliance certifications
  • ✅ Active Directory integration
  • ✅ Hybrid cloud support
  • ✅ Advanced monitoring
Considerations:
  • ⚠️ Requires Azure subscription
  • ⚠️ Microsoft ecosystem lock-in
  • ⚠️ Learning curve for Azure services

When to Use Google Cloud

Advantages:
  • ✅ Global distribution
  • ✅ Advanced analytics
  • ✅ Strong consistency
  • ✅ Cost optimization features
  • ✅ Machine learning integration
Considerations:
  • ⚠️ Requires Google Cloud account
  • ⚠️ Google ecosystem integration
  • ⚠️ Potential vendor lock-in

When to Use EnvFly Cloud

Advantages:
  • ✅ Built-in team collaboration
  • ✅ Audit logs and compliance
  • ✅ Webhooks and integrations
  • ✅ Managed service
  • ✅ Advanced features
Considerations:
  • ⚠️ Higher cost
  • ⚠️ Vendor dependency
  • ⚠️ Internet connectivity required

Configuration

Provider Setup

Each provider requires specific configuration in your .envfly file: 
{
  "project": {
    "name": "my-project",
    "storage": {
      "provider": "git",
      "config": {
        "repository": "git@github.com:company/env-vars.git",
        "branch": "main"
      }
    }
  }
}

Provider-Specific Configuration

{
  "provider": "git",
  "config": {
    "repository": "git@github.com:company/env-vars.git",
    "branch": "main",
    "path": "environments"
  }
}

{
  "provider": "aws",
  "config": {
    "bucket": "my-env-vars",
    "region": "us-east-1",
    "prefix": "environments/"
  }
}

{
  "provider": "azure",
  "config": {
    "account": "myenvvars",
    "container": "environments",
    "connectionString": "DefaultEndpointsProtocol=https;..."
  }
}

{
  "provider": "google",
  "config": {
    "bucket": "my-env-vars",
    "project": "my-project",
    "prefix": "environments/"
  }
}

{
  "provider": "envfly-cloud",
  "config": {
    "projectId": "proj_123456",
    "apiEndpoint": "https://api.envfly.io"
  }
}

Migration Between Providers

Export from Current Provider

# Export all environments to JSON
envfly export --format json > environments.json

# Export specific environment
envfly export development --format json > dev-env.json

Import to New Provider

# Initialize with new provider
envfly init --provider aws

# Import environments
envfly import --file environments.json

Migration Script

#!/bin/bash
# migrate-provider.sh

echo "Migrating from Git to AWS S3..."

# Export current data
envfly export --format json > migration-backup.json

# Initialize new provider
envfly init --provider aws --bucket my-new-env-vars

# Import data
envfly import --file migration-backup.json

echo "Migration complete!"

Best Practices

  • Start Simple: Use Git for small projects - Scale Up: Move to cloud providers as you grow - Consider Compliance: Choose providers that meet your requirements - Plan for Growth: Select providers that can scale with your needs
  • Enable Encryption: Always use client-side encryption - Access Control: Implement proper access controls - Regular Audits: Review access logs regularly - Backup Strategy: Maintain backups across providers
  • Choose Region: Select storage in your application’s region - CDN: Use CDN for global applications - Caching: Implement local caching where appropriate - Monitoring: Monitor access patterns and performance

Troubleshooting

Problem: Cannot connect to storage provider Solutions: - Check network connectivity - Verify credentials and permissions - Test with provider’s CLI tools - Check firewall settings
Problem: Access denied to storage Solutions: - Verify IAM roles and policies - Check API keys and tokens - Review access control lists - Contact provider support
Problem: Slow access to variables Solutions: - Check network latency
  • Consider CDN or caching - Optimize provider configuration - Monitor resource usage