netlify-plugin-lockzero

netlify-plugin-lockzero

Netlify Build Plugin that injects LockZero secrets into your build environment before any build commands run.

Installation

Via Netlify UI

• Go to your site → Plugins → search for LockZero.
• Click Install.
• Configure the inputs under Site settings → Build & deploy → Environment.

Via netlify.toml

[[plugins]]
package = "netlify-plugin-lockzero"

  [plugins.inputs]
  # Reference an env var so the key is never committed to source control
  apiKey     = "${LOCKZERO_API_KEY}"
  namespaces = "openai,stripe,database"
  prefix     = ""          # optional — e.g. "LZ_" to namespace injected vars

Add LOCKZERO_API_KEY in Netlify → Site settings → Environment variables.

Inputs

Name	Required	Default	Description
apiKey	Yes	—	LockZero API key (lz_live_…)
namespaces	Yes	—	Comma-separated namespaces to inject (e.g. openai,stripe)
prefix	No	""	Optional prefix for injected variable names (e.g. LZ_)

How it works

In the onPreBuild lifecycle hook the plugin:

• Calls GET https://api.lockzero.io/api/credentials/:namespace for each configured namespace.
• Writes each key=value pair directly into process.env so the build command can read them.
• Fails the build immediately if any namespace fetch fails (prevents silent missing-secret failures).
• Logs a summary: LockZero: Injected 12 secrets from openai, stripe.

Development

npm install
npm run build

To test locally with the Netlify CLI:

npm install -g netlify-cli
netlify build --dry