TypeScript icon, indicating that this package has built-in type declarations

1.4.2 • Public • Published

Git Envs

Save encrypted environment variables directly in git.


  • Create a ts file in your root folder (we suggest createEnvFiles.ts)
  • Copy the following template into the file:
import { GenerateEnvFilesFunction, Keys, main } from '@sodefa/gitenvs'

type Stage = 'production' | 'staging' | 'development'

const generateEnvFiles: GenerateEnvFilesFunction<Stage> = ({
}) => {
  return [
      envFilePath: 'path/to/your/app/.env.local',
      envVars: [
          key: 'ENV_NAME',
          values: {
            default: 'EMPTY',
            production: resolveSecret(''),
            staging: resolveSecret(''),
            development: resolveSecret(''),

const keys: Keys<Stage> = {
  production: {
    publicKey: '',
    encryptedPrivateKey: '',
  staging: {
    publicKey: '',
    encryptedPrivateKey: '',
  development: {
    publicKey: '',
    encryptedPrivateKey: '',

  • Setup the stages as you need them
    • development is the default stage that is used if you do not specify any stage
  • Create new public / private keys for every stage you defined by running npx ts-node createEnvFiles.ts createKeys (or how you called your file)
    • Copy the object with publicKey & encryptedPrivateKey and paste them into the keys object in your createEnvFiles.ts file
    • !WARNING! Do not copy & paste the passphrase into createEnvFiles.ts. It is a secret! Save it into your password manager.
  • Add the following command to your package.json:
    • "env:create": "cross-env npx tsx createEnvFiles.ts createEnvFiles"
      if you setup just one stage other than 'development' you have to add GITENV_STAGE=YourStageName in front of the npx part. Otherwise the default stage will be used which is 'development'
    • "env:ui": "npx tsx watch createEnvFiles.ts ui"
    • "prepare": "yarn env:create" (This is so that the .env files will be created after node_modules were installed)
  • Add *.passphrase to your .gitignore

Adding new environment variables

  • Start the UI by running yarn env:ui and go to http://localhost:1337
  • Define environment variables in your createEnvFiles.ts file
    • The default value will be used if no value for the current stage is provided
    • If you want to use an encrypted enviroment variable go to the UI and enter the plaintext under Encryption
    • Copy the encrypted secret and paste it into the resolveSecret function. Example: resolveSecret('jk3Z35gkHKQtWlLWl4HXdhEJQAJdyIHTzQ4nH/uq84+SdD2ty2Q6qEECfjbAr79U65slD+8BxmFbSMwkAFdXtpkJpw+vHzwi+uVbMIDuq/yHW39XQ9Tv+5qGO3xIZnnE1HrkIOYNFc5O+YLb5dsBTasBwbMrVEBSUL1jA7NdL1IHo9lidrMPFfPxTdyB6COfuhu+UBq1MSXvjVabXXYuU2LXCBVeGhfRRVqs9lxPzb0ilplldsxns3nWRc3g2C5mOc3P2Ki9PjPEmaSvAi/CDgtrXuhMQ4yjeTTLmsZ9iDzyC9RR6apoJBj0NMkFxrnoJg/gG9Jyrgofbi2vfgmchFTPNB41KggNFEMGf428oihXW/k0o9tZWkyiCkXyysjHNJ/hz5g10tEBII1DTifWSe4H2LAfvAliOz8EzTMopXnra5LjlP1exDiTBTwg1GQj6VJ0tcYGnDLkGbkHVXZSZxQwgHWyUKcipb3J2O+21qMWcsRPGo4mzH0X6ORKnD+v4oGI34YDvcedMuQEfs2pmmX+EYwQx3TRgNk6Uy3ZAU84nM2z3IFeLBjhra5/mIH68y/MFMN/Kle6lEa28RR3bz2ToMDrDfvEyIQV+T2X0h8YiUDhol6UWA6OPGY8p2xS8Inz/byQCjbPO0z9hk1Vq9nzMkaupAy/KzZcorwtSPc=')

Decrypting environment variables locally

  • This is for debugging purposes only
  • Copy the passphrases you got from the createKeys command and paste them into the textarea under Decryption
  • All secrets will be revealed

Setting up local dev environment

  • You want to give all your developers the development passphrase so that they can work
  • You can send them a file called development.passphrase which just contains the passphrase
  • They should place it under the root folder and the local .env files will be created if they run env:create / yarn install

Setting up servers

  • On servers you want to provide the passphrase through environment variables. You have to provide two env vars:
  • GITENV_STAGE defines which stage should be used
  • GITENV_PRIVATE_KEY_PASSPHRASE_${stageName} contains the passpharse. Replace ${stageName} with the stage name you used in GITENV_STAGE

Package Sidebar


npm i @sodefa/gitenvs

Weekly Downloads






Unpacked Size

123 kB

Total Files


Last publish


  • kvngrf
  • rechenberger
  • weiskopfsodefa
  • sean-nicholas
  • sodefa-admin