Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

envkey

Package Overview
Dependencies
Maintainers
1
Versions
83
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

envkey

EnvKey secures and simplifies application secrets and config.

  • 1.1.1
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
6K
increased by21.68%
Maintainers
1
Weekly downloads
 
Created
Source

envkey npm package

Integrate EnvKey with your Node.js projects to keep api keys, credentials, and other configuration securely and automatically in sync for developers and servers.

Installation

npm install 'envkey' --save

Then at the entry point of your application:

// main.js
require('envkey')

Or if you prefer ES6+ imports:

// main.js
import 'envkey'

Usage

Generate an ENVKEY in the EnvKey App. Then set ENVKEY=..., either in a gitignored .env file in the root of your project (in development) or in an environment variable (on servers).

Now all your EnvKey variables will be available on process.env.

Errors

The package will throw an error if an ENVKEY is missing or invalid.

Example

Assume you have STRIPE_SECRET_KEY set to sk_test_2a33b045e998d2ef60c7861d2ac22ea8 for the development environment in the EnvKey App. You generate a local development ENVKEY.

In your project's gitignored .env file:

# .env
ENVKEY=GsL8zC74DWchdpvssa9z-nk7humd7hJmAqNoA

In lib/stripe.js:

var stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);

Now STRIPE_SECRET_KEY will stay automatically in sync for all the developers on your team.

For a server, generate a server ENVKEY in the EnvKey App, then set the ENVKEY as an environment variable instead of putting it in a .env file.

Now your servers will stay in sync as well. If you need to rotate your STRIPE_SECRET_KEY, you can do it in a few seconds in the EnvKey App, restart your servers, and you're good to go. All your team's developers and all your servers will have the new value.

Overriding Vars

The envkey package will not overwrite existing environment variables or additional variables set in a .env file. This can be convenient for customizing environments that otherwise share the same configuration. You can also use sub-environments in the EnvKey App for this purpose.

Working Offline

The envkey package caches your encrypted config in development so that you can still use it while offline. Your config will still be available (though possibly not up-to-date) the next time you lose your internet connection. If you do have a connection available, envkey will always load the latest config. Your cached encrypted config is stored in $HOME/.envkey/cache

Client-Side Config In The Browser

Since EnvKey is for configuration in addition to secrets, it can be convenient to inject a portion of your EnvKey config into your client-side code. This should be done by whitelisting variables that are safe for the client (i.e. can be made public) and injecting them during your build process. EnvKey has a webpack plugin to help you do it right.

envkey-fetch binaries

If you look in the ext directory of this package, you'll find a number of envkey-fetch binaries for various platforms and architectures. These are output by the envkey-fetch Go library. It contains EnvKey's core cross-platform fetching, decryption, verification, web of trust, redundancy, and caching logic. It is completely open source.

Further Reading

For more on EnvKey in general:

Read the docs.

Read the integration quickstart.

Read the security and cryptography overview.

Need help? Have questions, feedback, or ideas?

Post an issue or email us: support@envkey.com.

Keywords

FAQs

Package last updated on 29 Jan 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc