secure-env-async

    1.0.2 • Public • Published

    npm version JavaScript Style Guide Maintenance GitHub license GitHub release Github all releases

    secure-env-async

    Secure-env is a module that loads environment variables from a .env.enc file.A encryption tool that would helps you prevent attacks from npm-malicious-packages.

    Usage

    $ npm install secure-env

    Create a .env file somewhere in your project. Add environment-specific variables on new lines in the form of NAME=VALUE. For example:

    KEY=VALUE
    NUMBER=2 #numbers are parsed as strings

    Encrypt .env

    $ npm install -g secure-env 
    $ secure-env .env -s mySecretPassword

    Alternatively if you want this installed locally run the command as follows:

    $ ./node_modules/secure-env/dist/es5/lib/cli.js .env -s mySecretPassword -o .env.enc

    If you are running NPM > v5.2. You can use npx:

    $ npx secure-env .env -s mySecretPassword -o .env.enc

    A new encrypted file .env.enc will be created in your project root directory. You can delete the .env file now

    Loading env in app

    As early as possible in your application, require and configure dotenv.

    let secureEnv = require('secure-env');
    const envObject = secureEnv({secret:'mySecretPassword', encryptedFile: 'pathToEncryptedFile' });
     

    envObject now has all the parsed variables assigned as keys and values.

    Decrypting env to terminal

    🚨This procedure can completely undo the entire security of this module. Make sure you do not commit the decrypted file!🚨️

    npx secure-env -d -e "encryptedFilePath" 

    Options

    Encryption

    $ secure-env --option <VALUE> <file-path-which-is-to-be-encrypted>
    Option What does it do Defaults
    --secret Specify the secret Key which would be later used to decrypt the file. mySecret
    --encryptedFile The encrypted file path that would be created. env.enc
    --algo The encryption algorithm that is to be used to encrypt the env file. aes256
    --decrypt prints the decrypted text to stdout

    Decryption

    Path

    Default: .env

    You can specify a custom path if your file containing environment variables is named or located differently.

    require('secure-env')({path:'/custom/path/to/your/env/vars'});

    Decryption Algorithm

    Default: aes256

    You may specify the encryption algorithm for your file containing environment variables using this option.

    require('secure-env')({enc_algo:'aes256'});

    Secret

    Default: mySecret

    Specify the secret Key which was used during encryption of raw file.Having a salt-hashed secret key is recommended.

    require('secure-env')({secret:'mySecretPassword'});

    Parse rules

    Refer https://github.com/motdotla/dotenv/blob/master/README.md#parse

    The parsing engine currently supports the following rules:

    • BASIC=basic becomes {BASIC: 'basic'}
    • empty lines are skipped
    • lines beginning with # are treated as comments
    • empty values become empty strings (EMPTY= becomes {EMPTY: ''})
    • single and double quoted values are escaped (SINGLE_QUOTE='quoted' becomes {SINGLE_QUOTE: "quoted"})
    • new lines are expanded if in double quotes (MULTILINE="new\nline" becomes
    {MULTILINE: 'new
    line'}
    
    • inner quotes are maintained (think JSON) (JSON={"foo": "bar"} becomes {JSON:"{\"foo\": \"bar\"}")
    • whitespace is removed from both ends of the value (see more on trim) (FOO=" some value " becomes {FOO: 'some value'}) G.md)

    License

    See LICENSE

    Dependencies

    Source-env uses these open source projects to work properly:

    • Minimist - Argument parser without all the fanciful decoration.

    Acknowledgements

    Source-env-async is stolen directly from secure-env to fix bugs and add features i wanted

    it apparently also takes inspiration from:

    Install

    npm i secure-env-async

    DownloadsWeekly Downloads

    0

    Version

    1.0.2

    License

    ISC

    Unpacked Size

    18.8 kB

    Total Files

    10

    Last publish

    Collaborators

    • 1mike12