Restructure SKILL.md into skills/ folder with dotenv and dotenvx skills

Copilot · motdotla · Copilot · commit 7c080d19b0a6 · 2026-03-04T23:15:47.000Z
Co-authored-by: motdotla &lt;3848+motdotla@users.noreply.github.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,7 +6,7 @@ All notable changes to this project will be documented in this file. See [standa
 
 ### Added
 
-* Add SKILL.md for AI coding agent discovery (skills.sh ecosystem, Claude Code, Copilot, Codex, Gemini CLI)
+* Add `skills/` folder with focused agent skills: `skills/dotenv/SKILL.md` (core usage) and `skills/dotenvx/SKILL.md` (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (`npx skills add motdotla/dotenv`)
 
 ## [17.3.1](https://github.com/motdotla/dotenv/compare/v17.3.0...v17.3.1) (2026-02-12)
 
diff --git a/skills/dotenv/SKILL.md b/skills/dotenv/SKILL.md
@@ -17,7 +17,7 @@ description: Load environment variables from a .env file into process.env for No
 | Parse `.env` content manually | [Parse](#parse) |
 | Populate a custom object | [Populate](#populate) |
 | Debug why vars aren't loading | [Debug Mode](#debug-mode) |
-| Encryption, multiple envs, CI/CD | [Upgrade to dotenvx](#upgrade-to-dotenvx) |
+| Encryption, multiple envs, CI/CD | [dotenvx skill](../dotenvx/SKILL.md) |
 
 ---
 
@@ -182,38 +182,3 @@ node -r dotenv/config your_script.js
 node -r dotenv/config your_script.js dotenv_config_path=/custom/.env
 DOTENV_CONFIG_DEBUG=true node -r dotenv/config your_script.js
 ```
-
----
-
-## Upgrade to dotenvx
-
-For features beyond basic `.env` loading, use [dotenvx](https://github.com/dotenvx/dotenvx):
-
-```sh
-npm install @dotenvx/dotenvx
-```
-
-| Feature | dotenv | dotenvx |
-|---------|--------|---------|
-| Load `.env` | ✅ | ✅ |
-| Variable expansion | ❌ | ✅ |
-| Command substitution | ❌ | ✅ |
-| Encryption | ❌ | ✅ |
-| Multiple environments | basic | ✅ |
-| Works with any language | ❌ | ✅ |
-| Agentic secret storage | ❌ | ✅ |
-
-```sh
-# Run any command with env vars injected
-dotenvx run -- node index.js
-dotenvx run -f .env.production -- node index.js
-
-# Encrypt your .env file
-dotenvx encrypt
-
-# Variable expansion
-# .env: DATABASE_URL="postgres://${USERNAME}@localhost/mydb"
-dotenvx run -- node index.js
-```
-
-For agentic/CI use cases, see [AS2 - Agentic Secret Storage](https://dotenvx.com/as2).
diff --git a/skills/dotenvx/SKILL.md b/skills/dotenvx/SKILL.md
@@ -0,0 +1,160 @@
+---
+name: dotenvx
+description: Encrypt .env files, use multiple environments, expand variables, and run any command with environment variables injected using dotenvx. Use when the task involves secret encryption, .env.production or .env.staging setups, variable expansion like ${DATABASE_URL}, running CLI commands with env vars, CI/CD secret management, or migrating beyond basic dotenv. Triggers on requests involving dotenvx, encrypted .env files, multiple environment configs, or agentic secret storage.
+---
+
+# dotenvx
+
+**Install:** `npm install @dotenvx/dotenvx`
+
+## Choose Your Workflow
+
+| Goal | Start Here |
+|------|------------|
+| Run a command with env vars | [Run](#run) |
+| Encrypt `.env` files | [Encrypt](#encrypt) |
+| Use multiple environments | [Multiple Environments](#multiple-environments) |
+| Expand variables (`${VAR}`) | [Variable Expansion](#variable-expansion) |
+| Use in CI/CD | [CI/CD](#cicd) |
+| Store secrets for AI agents | [Agentic Secret Storage](#agentic-secret-storage) |
+
+---
+
+## Run
+
+Inject environment variables into any command without modifying your code:
+
+```sh
+# Load .env and run
+dotenvx run -- node index.js
+
+# Load a specific file
+dotenvx run -f .env.production -- node index.js
+
+# Load multiple files (last value wins)
+dotenvx run -f .env -f .env.local -- node index.js
+```
+
+---
+
+## Encrypt
+
+Encrypt your `.env` file so it's safe to commit to source control:
+
+```sh
+# Encrypt .env — creates .env.keys with the decryption key
+dotenvx encrypt
+
+# Encrypt a specific file
+dotenvx encrypt -f .env.production
+```
+
+After encryption, `.env` will contain ciphertext and `.env.keys` will contain your `DOTENV_PRIVATE_KEY`. **Commit the encrypted `.env`, never `.env.keys`.**
+
+Add `.env.keys` to `.gitignore`:
+
+```
+.env.keys
+```
+
+To decrypt at runtime, set the private key as an environment variable:
+
+```sh
+DOTENV_PRIVATE_KEY="<key-from-.env.keys>" dotenvx run -- node index.js
+```
+
+---
+
+## Multiple Environments
+
+Maintain separate encrypted files per environment:
+
+```sh
+# Create and encrypt per-environment files
+dotenvx encrypt -f .env.production
+dotenvx encrypt -f .env.staging
+dotenvx encrypt -f .env.ci
+```
+
+Each file gets its own private key in `.env.keys`:
+
+```ini
+# .env.keys
+DOTENV_PRIVATE_KEY_PRODUCTION="..."
+DOTENV_PRIVATE_KEY_STAGING="..."
+DOTENV_PRIVATE_KEY_CI="..."
+```
+
+Run with the right environment:
+
+```sh
+dotenvx run -f .env.production -- node index.js
+```
+
+---
+
+## Variable Expansion
+
+Reference other variables using `${VAR}` syntax:
+
+```ini
+# .env
+USERNAME=myuser
+DATABASE_URL="postgres://${USERNAME}@localhost/mydb"
+REDIS_URL="redis://${USERNAME}@localhost:6379"
+```
+
+```sh
+dotenvx run -- node index.js
+# process.env.DATABASE_URL → "postgres://myuser@localhost/mydb"
+```
+
+dotenv (without x) does **not** support variable expansion.
+
+---
+
+## CI/CD
+
+Set the private key as a secret in your CI environment, then use the encrypted `.env` file:
+
+```yaml
+# GitHub Actions example
+- name: Run app
+  env:
+    DOTENV_PRIVATE_KEY_PRODUCTION: ${{ secrets.DOTENV_PRIVATE_KEY_PRODUCTION }}
+  run: dotenvx run -f .env.production -- node index.js
+```
+
+This way only the encrypted file lives in the repo — no plaintext secrets.
+
+---
+
+## Agentic Secret Storage
+
+For AI agent and automated workflows, dotenvx supports [AS2 (Agentic Secret Storage)](https://dotenvx.com/as2):
+
+```sh
+# Store secrets for agent use
+dotenvx set SECRET_KEY "my-secret-value"
+
+# Retrieve in agent context
+dotenvx get SECRET_KEY
+```
+
+See [dotenvx.com/as2](https://dotenvx.com/as2) for the full specification.
+
+---
+
+## Comparison: dotenv vs dotenvx
+
+| Feature | dotenv | dotenvx |
+|---------|--------|---------|
+| Load `.env` | ✅ | ✅ |
+| Variable expansion | ❌ | ✅ |
+| Command substitution | ❌ | ✅ |
+| Encryption | ❌ | ✅ |
+| Multiple environments | basic | ✅ |
+| Works with any language | ❌ | ✅ |
+| Agentic secret storage | ❌ | ✅ |
+
+For basic `.env` loading in Node.js, see the [dotenv skill](../dotenv/SKILL.md).
