Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

launchkey

Package Overview
Dependencies
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

launchkey

Manage app configs locally!

  • 0.1.0
  • latest
  • npm
  • Socket score

Version published
Maintainers
1
Created
Source

LaunchKey

Manage app configs locally!

Why?

  1. Configuring apps through env vars is painful because they are all strings
  2. Relying on external providers encrypted keys leads to lock-in

What?

You manage configs for all envs in a single envs file that is checked into source control — but sensitive values are encrypted.

When needed, you generate decrypted JSON files out of it that can be simply require'd in your app. The important part here is that this only happens on the CI server or before deploy, meaning that even though the file is present in the repo, no one can get to the sensitive data because it is encrypted.

How?

You start with a plain text JSON file called envs.json, which includes configs for all envs. For example:

{
  "local": {
    "API_TOKEN": "foo-bar-baz",
    "API_ORIGIN": "http://localhost:8080"
  },
  "production": {
    "!API_TOKEN": "beep-boop-boom",
    "API_ORIGIN": "https://api.example.com"
  }
}

Notice how API_TOKEN inside the production config starts with !? This tells LaunchKey to encrypt this entry. We'll do that now.

Run: launchkey encrypt production. This will give you output that looks something like:

Success: "prod" env encrypted.
Secret key: 01C3751AYNCD6ATM0HYSCDJWXJ
(Keep your secret safe — you can't decrypt without it!)

Now if you open envs.json again, you will get something along the lines of:

{
  "local": {
    "API_TOKEN": "foo-bar-baz",
    "API_ORIGIN": "http://localhost:8080"
  },
  "production": {
    "!API_TOKEN": "ca3361ba49e9b46781c4e369ec4d9716f407c399d97bc61a5bec38855b3e0be985c1ddf5c19eeca6adcba2bc3618afd9mDejpNtCpPb6EqSJBKx6rKaejhtP+CD4JXqOLUgeeMY=",
    "API_ORIGIN": "https://api.example.com"
  }
}

The API_TOKEN key inside of production is now encrypted using the secret key.

Finally, once you want to generate production config to be used by your app (perhaps you do that during deploy on your CI server), you simply run: launchkey generate production --secret 01C3751AYNCD6ATM0HYSCDJWXJ.

This will output the following into config.json:

{
  "API_TOKEN": "beep-boop-boom",
  "API_ORIGIN": "https://api.example.com"
}

FAQs

Package last updated on 07 Jan 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc