env-sops is a utility package designed to encrypt sensitive environment variables, ensuring secure storage within code repositories on platforms like GitHub. This package internally utilizes SOPS+AGE for robust encryption and decryption, coupled with the convenience of using dotEnv to load variables after decryption.

Installation

Prerequisites

Before using env-sops, ensure that you have SOPS and AGE installed on your machine. These tools are essential for encryption and decryption processes within the package.

SOPS: Provides robust encryption capabilities, enabling secure handling of secrets.
AGE: A tool used in combination with SOPS for encryption and decryption functionalities.

Make sure to install and configure both SOPS and AGE to leverage the encryption and decryption features seamlessly offered by env-sops. Instructions on how to install the package using NPM.

Usage

Create/encrypt/load environment variables

Install the package using NPM

npm install -D env-sops

Create File for Storing Environment Variables

touch encrypted-dev.env

Then edit the file and add some environment variables

DB_HOST=localhost
DB_USER=root
DB_PASS=s1mpl3

Add the Scripts for Encrypting and Decrypting Environment Variables file into package.json

"type":"module",
"scripts": {
    "start": "node main.js",
    "sops:encrypt:dev": "envencrypt encrypted-dev.env",
    "sops:decrypt:dev": "envdecrypt encrypted-dev.env ./"
},

Run Encrypt Script The command below will encrypt the file and save it as encrypted-dev.env.

npm run sops:encrypt:dev

Read Environment Variables in Code Edit your entrypoint script for loading decrypt and loading the environment variables

// main.js
import { loadEnvs } from 'env-sops'

const ENVS = {
    "dev": "encrypted-dev.env",
    "ut": "encrypted-ut.env",
    "prod": "encrypted-prod.env",
}

loadEnvs(ENVS[process?.env?.env] || ENVS['dev'])
    .then(() => {
        console.info('Envs loaded:')
        console.info(`DB_HOST: ${process?.env?.DB_HOST}`)
        console.info(`DB_PASS: ${process?.env?.DB_PASS}`)
        console.info(`DB_USER: ${process?.env?.DB_USER}`)
    })
    .catch(err => console.error(err))

Run Your Code

npm start

Commit the encrypted file to your repository for secure storage and version control.

## Exclude the .env file from git
echo '.env' >> .gitignore
git add . 
git commit -m "Committing encrypted environment variables"

Add/Edit environment variables file

Decrypt Environment Variables File to .env File

npm run sops:decrypt:dev

Copy the Decrypted File to the Original Location and then Edit the File

cp -f  .env ./encrypted-dev.env
## open and edit the file encrypted-dev.env wirh your new values

Run Encrypt Script

npm run sops:encrypt:dev

Decrypt environment variables file

Decrypt Environment Variables File to .env File

npm run sops:decrypt:dev
## Then open the file .env and check the values

Speed Coding

Youtube Video Soon at baikenlabs

License

This project is licensed under the Apache License 2.0 - see the LICENSE file for details.

Changelog

Initial Version

Support/Contact

Issues

Acknowledgements

This project utilizes the following third-party tools and libraries:

SOPS: Used for robust encryption and decryption of sensitive data within the environment variables.
AGE: Integrated with SOPS for secure encryption and decryption functionalities.
dotEnv: Utilized for managing environment variables after decryption, facilitating easy integration into the application.

Keywords

FAQs

What is env-sops?

Is env-sops popular?

Is env-sops well maintained?

Package last updated on 19 Nov 2023

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

env-sops