envlocker

envlocker

Manage environment variables with 1Password. It is a wrapper around the wrapper for the 1password-cli that allows you to store environment variables in 1Password and load them in a way that is comparable to (and uses) dotenv.

Installation

Add the package using your favorite package manager:

$ pnpm add envlocker

Usage

You will need to create a .envlockerrc file at the root of your project:

{
  "development": {
    "item": "Cool app.jpeg", // required
    "vault": "envs", // optional
    "account": "my.1password.com" // optional
  },
  "production": {
    "item": "jtm2ddhxqwx8orfgfjxknzp5re" // can also be the UUID of the item
  }
}

The development and production keys are the names of the environments you want to use. You can add as many different environments with different names as you want. The default environment is development, but this can be configured with the ENVLOCKER_ENV_NAME environment variable.

The vault key is optional but is recommended to reduce the number of API calls to 1Password. The account key is also optional and defaults to whichever account op is currently logged into.

The account value can be any of the described by the 1password CLI documentation. The item and vault values and the accepted formats are described here in the 1password CLI docs.

Once you have created the .envlockerrc file, you can load the environment variables in a few different ways using envlocker.

Command line:

$ node -r envlocker/config ./index.js

or if using it with a different executable that doesn't pass flags to Node.js (e.g. Next.js):

$ NODE_OPTIONS='-r envlocker/config' pnpm next

Programmatically with import:

import 'envlocker/config';

or

import { config } from 'envlocker';
config();

Programmatically with require:

require('envlocker').config();

1password configuration

To configure the environment variables within 1password, you will need to create a new item and add the desired variables as individual fields within the new item. Fields with empty keys or values will be ignored. Fields are also ignored if they do not match the pattern ^[A-Z0-9_]+$.

API

config

Injects the environment variables into process.env. The environment name can also be passed as an argument to this function.

Uses dotenv to inject the environment variables.

import { config } from 'envlocker';

config({ envName: 'staging' });

createItemFromEnvFile

Creates a new item in 1password from a .env file. The .env file must be formatted as KEY=VALUE pairs, one per line. The title and vault options are required. The account option is optional and defaults to whichever account op is currently logged into. The category option is also optional and defaults to Server.

Uses dotenv to parse the .env file.

type CreateItemFromEnvFileOptions = {
  filePath: string;
  title: string;
  vault: string;
  account?: string;
  category?: op.InputCategory;
};

export const createItemFromEnvFile = async (
  options: CreateItemFromEnvFileOptions,
): Promise<op.Item>

Limitations

This package does not (yet) support 1password Connect Server access.