---
title: "infisical export"
description: "Export Infisical secrets from CLI into different file formats"
---

```bash
infisical export [options]
```

## Description

Export environment variables from the platform into a file format.

## Subcommands & flags

<Accordion title="infisical export" defaultOpen="true">
  Use this command to export environment variables from the platform into a raw file formats

  ```bash
  $ infisical export 

  # Export variables to a .env file
  infisical export > .env

  # Export variables to a .env file (with export keyword)
  infisical export --format=dotenv-export > .env

  # Export variables to a CSV file
  infisical export --format=csv > secrets.csv

  # Export variables to a JSON file
  infisical export --format=json > secrets.json

  # Export variables to a YAML file
  infisical export --format=yaml > secrets.yaml
  ```

  ### Environment variables
  <Accordion title="INFISICAL_TOKEN">
    Used to fetch secrets via a [service token](/documentation/platform/token) apposed to logged in credentials. Simply, export this variable in the terminal before running this command.

    ```bash
    # Example 
    export INFISICAL_TOKEN=st.63e03c4a97cb4a747186c71e.ed5b46a34c078a8f94e8228f4ab0ff97.4f7f38034811995997d72badf44b42ec
    ```
  </Accordion>

  <Accordion title="INFISICAL_DISABLE_UPDATE_CHECK">
    Used to disable the check for new CLI versions. This can improve the time it takes to run this command. Recommended for production environments.
    
    To use, simply export this variable in the terminal before running this command.

    ```bash
    # Example 
    export INFISICAL_DISABLE_UPDATE_CHECK=true
    ```
  </Accordion>

  ### flags 
  <Accordion title="--env">
    Used to set the environment that secrets are pulled from. 

    ```bash
    # Example 
    infisical export --env=prod 
    ```

    Note: this flag only accepts environment slug names not the fully qualified name. To view the slug name of an environment, visit the project settings page.

    default value: `dev`
  </Accordion>

  <Accordion title="--projectId">
    By default the project id is retrieved from the `.infisical.json` located at the root of your local project. 
    This flag allows you to override this behavior by explicitly defining the project to fetch your secrets from.

    ```bash
    # Example 
    
    infisical export --projectId=XXXXXXXXXXXXXX
    ```
  </Accordion>

  <Accordion title="--expand">
    Parse shell parameter expansions in your secrets (e.g., `${DOMAIN}`)

    Default value: `true`
  </Accordion>

  <Accordion title="--format">
    Format of the output file. Accepted values: `dotenv`, `dotenv-export`, `csv` and `json` 

    Default value: `dotenv`
  </Accordion>

  <Accordion title="--secret-overriding">
    Prioritizes personal secrets with the same name over shared secrets

    Default value: `true`
  </Accordion>

  <Accordion title="--tags">
    When working with tags, you can use this flag to filter and retrieve only secrets that are associated with a specific tag(s).

    ```bash
    # Example 
    infisical run --tags=tag1,tag2,tag3 -- npm run dev
    ```

    Note: you must reference the tag by its slug name not its fully qualified name. Go to project settings to view all tag slugs.

    By default, all secrets are fetched
  </Accordion>

</Accordion>