redact-env
Advanced tools
Readme
redact-env
Redact values of critical environment variables in a string.
This library might not do exactly what you want it to.
As for anything related to security, read the caveats, check out the source code and the tests before using it in production.
$ yarn add redact-env
# or
$ npm i redact-env
import * as redactEnv from 'redact-env'
const secrets = redactEnv.build(['SECRET_ENV_VAR', 'MY_API_KEY'])
const unsafeString = `
${process.env.SECRET_ENV_VAR}
Oh no, the secrets are leaking !
${process.env.MY_API_KEY}
`
console.log('unsafe:', unsafeString)
const safeString = redactEnv.redact(unsafeString, secrets)
console.log('safe:', safeString)
unsafe:
QfKcO7cjGoxnLg/28/E7meEu2QaS/wNtFB7wlz+hDZA=
Oh no, the secrets are leaking !
d9fd627cfd3d6cb597e8faeb2ef0e4583af924aee047125479b2438ee2a18b67
safe:
[secure]
Oh no, the secrets are leaking !
[secure]
redact-env will NOT redact the following environment variable values:
"true""false""null"This is because these string-encoded JSON values are not specific to a single environment variable, and redacting all the booleans and nulls in a string seems overzealous. This is opinionated for a particular usage.
redact-env WILL redact numbers in environment variable values,
which will pose a problem if you parse them and dump them as numbers in a
JSON object:
import * as redactEnv from 'redact-env'
process.env.PIN = '1234'
const secrets = redactEnv.build(['PIN'], process.env)
const pin: number = parseInt(process.env.PIN)
const unsafe = JSON.stringify({ pin })
console.log(unsafe)
// {"pin":1234} => valid JSON
const safeButIncorrect = redactEnv.redact(unsafe, secrets)
console.log(safeButIncorrect)
// {"pin":[secure]} => not valid JSON
Because of backslash-delimited paths in Windows and string escaping
occurring in JSON.stringify, Windows paths in environment variables
won't be redacted if present in JSON strings.
In a future release, we might consider detecting the presence of backslashes in the environment variable value and having two regexp for this secret (one for the plain value and one backslashed-escaped).
MIT - Made with ❤️ by François Best
Using this package at work ? Sponsor me to help with support and maintenance.
FAQs
Redact values of critical environment variables in a string
The npm package redact-env receives a total of 962 weekly downloads. As such, redact-env popularity was classified as not popular.
We found that redact-env demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.
Security News
This episode of the Risky Biz podcast discusses how the rise of small open source packages and the shift towards individual maintainers makes the ecosystem more vulnerable to supply chain attacks.
Product
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.