Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
@chainlink/env-enc
Advanced tools
A tool for loading and storing encrypted environment variables
A tool for loading and storing encrypted environment variables
This is a tool for keeping environment variables such as private keys and other credentials encrypted at rest. This reduces the risk of credential exposure by ensuring credentials are not visible in plaintext or in terminal history. It also allows an encrypted environment variables to be stored on Github, provided they are protected with a secure password.
For loading environment variables, this works in a similar manner to the NPM package dotenv
where environment variables are loaded from a .env
file.
However, this plugin instead uses CLI commands to create an .env.enc
file which stores environment variables that are encrypted using a password.
Then, when the config()
method is called, these variables will be decrypted and loaded into the environment.
@chainlink/env-enc
from NPMhardhat.config.js
or hardhat.config.ts
for HardHat projects)For JavaScript projects, add the following line to the top of main file (usually index.js
):
require("@chainlink/env-enc").config();
For Typescript projects, add the following lines to the top of main file (usually index.ts
):
import * as envEnc from "@chainlink/env-enc";
envEnc.config();
The following commands accept an optional --path
flag followed by a path to the desired encrypted environment variable file.
If one does not exist, it will be created automatically by the npx env-enc set
command.
The --path
flag has no effect on the npx env-enc set-pw
command as the password is stored as an ephemeral environment variable for the current terminal session.
Command | Description | Parameters |
---|---|---|
npx env-enc set-pw | Sets the password to encrypt and decrypt the environment variable file NOTE: On Windows, this command may show a security confirmation prompt | |
npx env-enc set | Sets and saves variables to the encrypted environment variable file | |
npx env-enc view | Shows all currently saved variables in the encrypted environment variable file | |
npx env-enc remove <name> | Removes a variable from the encrypted environment variable file | name : Variable name |
npx env-enc remove-all | Deletes the encrypted environment variable file |
By default, all encrypted environment variables will be stored in a file named .env.enc
in the root directory of your project.
However, this file path can be configured using the path
option in the config()
method as shown below:
require("@chainlink/env-enc").config({ path: './your_directory/my_env.enc' });
First, set the encryption password by running the command npx env-enc set-password
.
The password must be set at the beginning of each new session.
If this password is lost, there will be no way to recover the encrypted environment variables.
When running this command on a Windows machine, you may receive a security confirmation prompt. Enter "r" to proceed.
NOTE: When you finish each work session, exit your terminal to prevent your password from becoming exposes if your machine is compromised.
Run the command npx env-enc set
to set and save environment variables.
These variables will be loaded into your environment when the config()
method is called.
Use npx env-enc view
to view all currently saved environment variables.
When pressing ENTER, the terminal will be cleared to prevent these values from remaining visible.
Running npx env-enc remove VAR_NAME_HERE
deletes the specified environment variable.
The command npx env-enc remove-all
deletes the entire saved environment variable file.
If you lose your password, delete your encrypted environment variable file. If you attempt to load an encrypted environment variable file without the correct password, it will cause an error.
FAQs
A tool for loading and storing encrypted environment variables
The npm package @chainlink/env-enc receives a total of 66 weekly downloads. As such, @chainlink/env-enc popularity was classified as not popular.
We found that @chainlink/env-enc demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
Security News
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.