☯️ Dotenv::Merge

if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.

---

if ci_badges.map(&:color).all? { it == "green"} 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.

👣 How will this project approach the September 2025 hostile takeover of RubyGems? 🚑️

I've summarized my thoughts in this blog post.

🌻 Synopsis

Dotenv::Merge is a standalone Ruby module that intelligently merges two versions of a dotenv (.env) file. It's like a smart "git merge" specifically designed for environment configuration files. Built on top of ast-merge, it shares the same architecture as prism-merge for Ruby source files.

Key Features

• Dotenv-Aware: Understands dotenv file format (KEY=value, comments, exports)
• Intelligent: Matches environment variables by key name
• Comment-Preserving: Comments and blank lines are preserved in their context
• Freeze Block Support: Respects freeze markers (default: dotenv-merge:freeze / dotenv-merge:unfreeze) for merge control - customizable to match your project's conventions
• Full Provenance: Tracks origin of every line
• Standalone: Minimal dependencies - just ast-merge
• Customizable:
  • signature_generator - callable custom signature generators
  • preference - setting of :template, :destination, or a Hash for per-node-type preferences
  • node_splitter - Hash mapping node types to callables for per-node-type merge customization (see ast-merge docs)
  • add_template_only_nodes - setting to retain variables that do not exist in destination
  • freeze_token - customize freeze block markers (default: "dotenv-merge")

Supported Line Types

Line Type	Format	Matching Behavior
Assignment	KEY=value	Variables match by key name
Export	export KEY=value	Treated as assignment with export flag
Comment	# comment text	Preserved in context
Blank	(empty line)	Preserved for readability
Double-quoted	KEY="value with\nescapes"	Escape sequences processed
Single-quoted	KEY='literal value'	No escape processing
Inline comment	KEY=value # comment	Comment stripped from value

Example

require "dotenv/merge"

template = File.read("template.env")
destination = File.read("destination.env")

merger = Dotenv::Merge::SmartMerger.new(template, destination)
result = merger.merge

File.write("merged.env", result.to_s)

The *-merge Gem Family

The *-merge gem family provides intelligent, AST-based merging for various file formats. At the foundation is tree_haver, which provides a unified cross-Ruby parsing API that works seamlessly across MRI, JRuby, and TruffleRuby.

Gem	Version / CI	Language / Format	Parser Backend(s)	Description
tree_haver		Multi	Supported Backends: MRI C, Rust, FFI, Java, Prism, Psych, Commonmarker, Markly, Citrus, Parslet	Foundation: Cross-Ruby adapter for parsing libraries (like Faraday for HTTP)
ast-merge		Text	internal	Infrastructure: Shared base classes and merge logic for all *-merge gems
bash-merge		Bash	tree-sitter-bash (via tree_haver)	Smart merge for Bash scripts
commonmarker-merge		Markdown	Commonmarker (via tree_haver)	Smart merge for Markdown (CommonMark via comrak Rust)
dotenv-merge		Dotenv	internal	Smart merge for .env files
json-merge		JSON	tree-sitter-json (via tree_haver)	Smart merge for JSON files
jsonc-merge		JSONC	tree-sitter-jsonc (via tree_haver)	⚠️ Proof of concept; Smart merge for JSON with Comments
markdown-merge		Markdown	Commonmarker / Markly (via tree_haver), Parslet	Foundation: Shared base for Markdown mergers with inner code block merging
markly-merge		Markdown	Markly (via tree_haver)	Smart merge for Markdown (CommonMark via cmark-gfm C)
prism-merge		Ruby	Prism (prism std lib gem)	Smart merge for Ruby source files
psych-merge		YAML	Psych (psych std lib gem)	Smart merge for YAML files
rbs-merge		RBS	tree-sitter-bash (via tree_haver), RBS (rbs std lib gem)	Smart merge for Ruby type signatures
toml-merge		TOML	Parslet + toml, Citrus + toml-rb, tree-sitter-toml (all via tree_haver)	Smart merge for TOML files

Backend Platform Compatibility

tree_haver supports multiple parsing backends, but not all backends work on all Ruby platforms:

Platform 👉️ TreeHaver Backend 👇️	MRI	JRuby	TruffleRuby	Notes
MRI (ruby_tree_sitter)	✅	❌	❌	C extension, MRI only
Rust (tree_stump)	✅	❌	❌	Rust extension via magnus/rb-sys, MRI only
FFI (ffi)	✅	✅	❌	TruffleRuby's FFI doesn't support STRUCT_BY_VALUE
Java (jtreesitter)	❌	✅	❌	JRuby only, requires grammar JARs
Prism (prism)	✅	✅	✅	Ruby parsing, stdlib in Ruby 3.4+
Psych (psych)	✅	✅	✅	YAML parsing, stdlib
Citrus (citrus)	✅	✅	✅	Pure Ruby PEG parser, no native dependencies
Parslet (parslet)	✅	✅	✅	Pure Ruby PEG parser, no native dependencies
Commonmarker (commonmarker)	✅	❌	❓	Rust extension for Markdown (via commonmarker-merge)
Markly (markly)	✅	❌	❓	C extension for Markdown (via markly-merge)

Legend: ✅ = Works, ❌ = Does not work, ❓ = Untested

Why some backends don't work on certain platforms:

• JRuby: Runs on the JVM; cannot load native C/Rust extensions (.so files)
• TruffleRuby: Has C API emulation via Sulong/LLVM, but it doesn't expose all MRI internals that native extensions require (e.g., RBasic.flags, rb_gc_writebarrier)
• FFI on TruffleRuby: TruffleRuby's FFI implementation doesn't support returning structs by value, which tree-sitter's C API requires

Example implementations for the gem templating use case:

Gem	Purpose	Description
kettle-dev	Gem Development	Gem templating tool using *-merge gems
kettle-jem	Gem Templating	Gem template library with smart merge support

💡 Info you can shake a stick at

Tokens to Remember
Works with JRuby
Works with Truffle Ruby
Works with MRI Ruby 3
Support & Community
Source
Documentation
Compliance
Style
Maintainer 🎖️
... 💖	🧊 🐙 🛖 🧪

Compatibility

Compatible with MRI Ruby 3.2.0+, and concordant releases of JRuby, and TruffleRuby.

🚚 Amazing test matrix was brought to you by	🔎 appraisal2 🔎 and the color 💚 green 💚
👟 Check it out!	✨ github.com/appraisal-rb/appraisal2 ✨

Federated DVCS

Find this repo on federated forges (Coming soon!)

Federated DVCS Repository	Status	Issues	PRs	Wiki	CI	Discussions
🧪 kettle-rb/dotenv-merge on GitLab	The Truth	💚	💚	💚	🐭 Tiny Matrix	➖
🧊 kettle-rb/dotenv-merge on CodeBerg	An Ethical Mirror (Donate)	💚	💚	➖	⭕️ No Matrix	➖
🐙 kettle-rb/dotenv-merge on GitHub	Another Mirror	💚	💚	💚	💯 Full Matrix	💚
🎮️ Discord Server		Let's	talk	about	this	library!

Enterprise Support

Available as part of the Tidelift Subscription.

Need enterprise-level guarantees?

The maintainers of this and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use.

• 💡Subscribe for support guarantees covering all your FLOSS dependencies

• 💡Tidelift is part of Sonar

• 💡Tidelift pays maintainers to maintain the software you depend on!
  📊@Pointy Haired Boss: An enterprise support subscription is "never gonna let you down", and supports open source maintainers Alternatively:

• 

• 

• 

✨ Installation

Install the gem and add to the application's Gemfile by executing:

bundle add dotenv-merge

If bundler is not being used to manage dependencies, install the gem by executing:

gem install dotenv-merge

🔒 Secure Installation

For Medium or High Security Installations

This gem is cryptographically signed, and has verifiable SHA-256 and SHA-512 checksums by stone_checksums. Be sure the gem you install hasn’t been tampered with by following the instructions below.

Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:

gem cert --add <(curl -Ls https://raw.github.com/galtzo-floss/certs/main/pboling.pem)

You only need to do that once. Then proceed to install with:

gem install dotenv-merge -P HighSecurity

The HighSecurity trust profile will verify signed gems, and not allow the installation of unsigned dependencies.

If you want to up your security game full-time:

bundle config set --global trust-policy MediumSecurity

MediumSecurity instead of HighSecurity is necessary if not all the gems you use are signed.

NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine.

⚙️ Configuration

merger = Dotenv::Merge::SmartMerger.new(
  template,
  destination,
  # When conflicts occur, prefer template or destination values
  preference: :template,            # or :destination (default)
  # Add entries that only exist in template
  add_template_only_nodes: true,    # default: false
)

Signature Match Preference

Control which source wins when both files have the same key:

• :template - Template values replace destination values

  • Version files (VERSION=2.0.0 should replace VERSION=1.0.0)
  • API endpoint updates (API_URL=https://new-api.example.com)

• :destination (default) - Destination values are preserved

  • Local development settings
  • Project-specific customizations

Template-Only Nodes

Control whether to add entries that only exist in the template:

• true - Add new entries from template

  • New required environment variables
  • New configuration options

• false (default) - Skip template-only entries

  • Template has placeholder values
  • Destination is authoritative

🔧 Basic Usage

Simple Merge

require "dotenv/merge"

template = File.read("template.env")
destination = File.read("destination.env")

merger = Dotenv::Merge::SmartMerger.new(template, destination)
result = merger.merge

File.write("merged.env", result)

Working with Freeze Blocks

Freeze blocks protect sections of your .env file from being modified during merges:

# << FREEZE: project_secrets
DATABASE_URL=postgresql://localhost/myapp_dev
SECRET_KEY_BASE=my_local_secret_key_value
# >> FREEZE: project_secrets

# These entries can be updated by template
API_VERSION=v2

Adding Template-Only Entries

# Template introduces a new required variable
template = <<~ENV
  DATABASE_URL=postgresql://localhost/template_db
  NEW_FEATURE_FLAG=enabled
ENV

destination = <<~ENV
  DATABASE_URL=postgresql://localhost/myapp_dev
ENV

merger = Dotenv::Merge::SmartMerger.new(
  template,
  destination,
  add_template_only_nodes: true,
)
result = merger.merge
# Result includes DATABASE_URL from destination + NEW_FEATURE_FLAG from template

🦷 FLOSS Funding

While kettle-rb tools are free software and will always be, the project would benefit immensely from some funding. Raising a monthly budget of... "dollars" would make the project more sustainable.

We welcome both individual and corporate sponsors! We also offer a wide array of funding channels to account for your preferences (although currently Open Collective is our preferred funding platform).

If you're working in a company that's making significant use of kettle-rb tools we'd appreciate it if you suggest to your company to become a kettle-rb sponsor.

You can support the development of kettle-rb tools via GitHub Sponsors, Liberapay, PayPal, Open Collective and Tidelift.

📍 NOTE
If doing a sponsorship in the form of donation is problematic for your company from an accounting standpoint, we'd recommend the use of Tidelift, where you can get a support-like subscription instead.

Open Collective for Individuals

Support us with a monthly donation and help us continue our activities. [Become a backer]

NOTE: kettle-readme-backers updates this list every day, automatically.

No backers yet. Be the first!

Open Collective for Organizations

Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]

NOTE: kettle-readme-backers updates this list every day, automatically.

No sponsors yet. Be the first!

Another way to support open-source

I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small. Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions. I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).

If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in bundle fund.

I’m developing a new library, floss_funding, designed to empower open-source developers like myself to get paid for the work we do, in a sustainable way. Please give it a look.

Floss-Funding.dev: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags

🔐 Security

See SECURITY.md.

🤝 Contributing

If you need some ideas of where to help, you could work on adding more code coverage, or if it is already 💯 (see below) check reek, issues, or PRs, or use the gem and think about how it could be better.

We so if you make changes, remember to update it.

See CONTRIBUTING.md for more detailed instructions.

🚀 Release Instructions

See CONTRIBUTING.md.

Code Coverage

🪇 Code of Conduct

Everyone interacting with this project's codebases, issue trackers, chat rooms and mailing lists agrees to follow the .

🌈 Contributors

Made with contributors-img.

Also see GitLab Contributors: https://gitlab.com/kettle-rb/dotenv-merge/-/graphs/main

⭐️ Star History

📌 Versioning

This Library adheres to . Violations of this scheme should be reported as bugs. Specifically, if a minor or patch version is released that breaks backward compatibility, a new version should be immediately released that restores compatibility. Breaking changes to the public API will only be introduced with new major versions.

dropping support for a platform is both obviously and objectively a breaking change
—Jordan Harband (@ljharb, maintainer of SemVer) in SemVer issue 716

I understand that policy doesn't work universally ("exceptions to every rule!"), but it is the policy here. As such, in many cases it is good to specify a dependency on this library using the Pessimistic Version Constraint with two digits of precision.

For example:

spec.add_dependency("dotenv-merge", "~> 1.0")

📌 Is "Platform Support" part of the public API? More details inside.

SemVer should, IMO, but doesn't explicitly, say that dropping support for specific Platforms is a breaking change to an API, and for that reason the bike shedding is endless.

To get a better understanding of how SemVer is intended to work over a project's lifetime, read this article from the creator of SemVer:

• "Major Version Numbers are Not Sacred"

See CHANGELOG.md for a list of releases.

📄 License

The gem is available as open source under the terms of the MIT License . See LICENSE.txt for the official Copyright Notice.

© Copyright

• Copyright (c) 2025-2026 Peter H. Boling, of Galtzo.com , and dotenv-merge contributors.

🤑 A request for help

Maintainers have teeth and need to pay their dentists. After getting laid off in an RIF in March, and encountering difficulty finding a new one, I began spending most of my time building open source tools. I'm hoping to be able to pay for my kids' health insurance this month, so if you value the work I am doing, I need your support. Please consider sponsoring me or the project.

To join the community or get help 👇️ Join the Discord.

To say "thanks!" ☝️ Join the Discord or 👇️ send money.

💌 💌 💌

Please give the project a star ⭐ ♥.

Thanks for RTFM. ☺️