Store your environment variables in a dynamic env.js file and encrypt so you can commit your variables to source control.
Store your environment variables in a dynamic env.js file and encrypt so you can commit your variables to source control.
With yarn:
yarn add envdotjs
Or with npm:
npm install --save envdotjs
Add an env.js file to the root of your project:
module.exports = {
SOME_VARIABLE: '123'
}
Then as early as possible in your application:
require('envdotjs').load()
envdotjs will attempt to load an encrypted file (env.js.enc) first. If it's not found it will then load env.js. Encryption is obviously preferable if you want to keep your environment variables in source control. See below for information on encryption.
If you want to encrypt your variables, you first need to set a key. There are 3 ways to do this.
Create a env.js.key file in the root of your project containing whatever key you want to use. envdotjs will automatically find this file and use it to encrypt and unencrypt the contents of your env.js file. Make sure you don't check this file or your env.js file into source control.
You can also set a variable in the environment called ENVDOTJS_KEY with the value of your key. If you also have a env.js.key file and the environment variable set, the environment variable will get used.
If you need more control over where the key is, you can also set it in the options during the load:
require('envdotjs').load({
key: 'some-secure-key'
})
key: Sets encryption key. Defaults to process.env.ENVDOTJS_KEY, then contents of env.js.key.path: Path to your encrypted or unencrypted environment file. Defaults to env.js.enc, then env.js.strict: Set to true if you want endotjs to throw an error if something goes wrong. By default, it will just log a warning to the console.You can encrypt files using the node module itself, but it's more convenient to use the CLI.
npm install --global envdotjs
envdotjs
This will encrypt your env.js file using the key that's location in your env.js.key file. For more advanced usage, check for options with envdotjs --help
env.js file any time it changes. This will ensure your development environment matches your deploys.env.js or env.js.key files to source controlFAQs
Store your environment variables in a dynamic env.js file and encrypt so you can commit your variables to source control.
We found that envdotjs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.