New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@zentered/envsync

Package Overview
Dependencies
Maintainers
1
Versions
10
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@zentered/envsync

Synchronize .env files with Google Cloud Secrets Manager

latest
Source
npmnpm
Version
1.1.0
Version published
Maintainers
1
Created
Source

EnvSync

Unit Test status Unit Test status Semantic Release bagde Semantic Release bagde

EnvSync is an attempt to make it easier for developers to initialize an environment or update environment variables with on a single source of truth.

EnvSync currently works with Google Cloud Platform (Secrets Manager). It reads the environment configuration from an .env.example file that is commonly used to help developers get started with a new project, fetches the values from the Google Cloud Platform (Secrets Manager) and writes them to a .env file.

For example, if you have the following .env.example file:

GCP_PROJECT=myproject-dev
API_URL=http://localhost:3000

AUTH0_CLIENT_SECRET=envsync//auth0-api-client-secret/latest

Will write the following .env file:

GCP_PROJECT=myproject-dev
API_URL=http://localhost:3000

AUTH0_CLIENT_SECRET=secret-value-from-gcp-project

Important: The first variable in the example should be GCP_PROJECT as we're using that to determine the right project. A keyfile.json (Create and manage service account keys) is required in the same folder as the .env.example file.

Installation & Usage

    npm install @zentered/envsync
    # pnpm i @zentered/envsync
    # yarn add @zentered/envsync

Two things are required to use EnvSync:

  • An .env.example file (use envsync//[variable] to indicate a variable that should be fetched from Secrets Manager). The first variable should be GCP_PROJECT with the valid project id
  • a keyfile.json from a Google Cloud Platform service account with Secrets Manager API enabled, and permission to read secrets

EnvSync is a CLI tool. You can run it with npx envsync or add it as a script in package.json:

{
  "scripts": {
    "envsync": "envsync"
  }
}

Optional: Specifying the .env file:

Note: this is an anti-pattern and should be avoided. Environment variables belong in the environment, not in the codebase. See 12 factor app.

  • If you have multiple .env files, you can provide the filename as an argument. The .env example file must end in .example
  • Usage: npx envsync .env.development.example will create .env.development

Contributing

See CONTRIBUTING.

License

See LICENSE.

FAQs

Package last updated on 21 Nov 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026