--- title: "infisical export" description: "Export Infisical secrets from CLI into different file formats" --- ```bash infisical export [options] ``` ## Description Export environment variables from the platform into a file format. ## Subcommands & flags Use this command to export environment variables from the platform into a raw file formats ```bash $ infisical export # Export variables to a .env file infisical export > .env # Export variables to a .env file (with export keyword) infisical export --format=dotenv-export > .env # Export variables to a CSV file infisical export --format=csv > secrets.csv # Export variables to a JSON file infisical export --format=json > secrets.json # Export variables to a YAML file infisical export --format=yaml > secrets.yaml # Render secrets using a custom template file infisical export --template= ``` ### Environment variables Used to fetch secrets via a [machine identities](/documentation/platform/identities/machine-identities) apposed to logged in credentials. Simply, export this variable in the terminal before running this command. ```bash # Example export INFISICAL_TOKEN=$(infisical login --method=universal-auth --client-id= --client-secret= --silent --plain) # --plain flag will output only the token, so it can be fed to an environment variable. --silent will disable any update messages. ``` Alternatively, you may use service tokens. Please note, however, that service tokens are being deprecated in favor of [machine identities](/documentation/platform/identities/machine-identities). They will be removed in the future in accordance with the deprecation notice and timeline stated [here](https://infisical.com/blog/deprecating-api-keys). ```bash # Example export INFISICAL_TOKEN= ``` Used to disable the check for new CLI versions. This can improve the time it takes to run this command. Recommended for production environments. To use, simply export this variable in the terminal before running this command. ```bash # Example export INFISICAL_DISABLE_UPDATE_CHECK=true ``` ### flags The `--template` flag specifies the path to the template file used for rendering secrets. When using templates, you can omit the other format flags. ```text my-template-file {{$secrets := secret "" "" ""}} {{$length := len $secrets}} {{- "{"}} {{- with $secrets }} {{- range $index, $secret := . }} "{{ $secret.Key }}": "{{ $secret.Value }}"{{if lt $index (minus $length 1)}},{{end}} {{- end }} {{- end }} {{ "}" -}} ``` ```bash # Example infisical export --template="/path/to/template/file" ``` Used to set the environment that secrets are pulled from. ```bash # Example infisical export --env=prod ``` Note: this flag only accepts environment slug names not the fully qualified name. To view the slug name of an environment, visit the project settings page. default value: `dev` By default the project id is retrieved from the `.infisical.json` located at the root of your local project. This flag allows you to override this behavior by explicitly defining the project to fetch your secrets from. ```bash # Example infisical export --projectId=XXXXXXXXXXXXXX ``` Parse shell parameter expansions in your secrets (e.g., `${DOMAIN}`) Default value: `true` By default imported secrets are available, you can disable it by setting this option to false. Default value: `true` Format of the output file. Accepted values: `dotenv`, `dotenv-export`, `csv`, `json` and `yaml` Default value: `dotenv` Prioritizes personal secrets with the same name over shared secrets Default value: `true` The `--path` flag indicates which project folder secrets will be injected from. ```bash # Example infisical export --path="/path/to/folder" --env=dev ``` When working with tags, you can use this flag to filter and retrieve only secrets that are associated with a specific tag(s). ```bash # Example infisical run --tags=tag1,tag2,tag3 -- npm run dev ``` Note: you must reference the tag by its slug name not its fully qualified name. Go to project settings to view all tag slugs. By default, all secrets are fetched