Secret handler for Node.js 🗝️
Secret is a zero-dependency package to handle secrets in Node.js from a .env file into process.env. Inspired by dotenv.
yarn add secrets
Create a .env file in the root directory of your project.
It supports 3 types of .env files .env.json and .env.js
.env supports entries in the form of NAME=VALUE.
NODE_ENV=development
PORT=3000
SECRET=my_super_secret
.env.json supports JSON
{
"NODE_ENV": "development",
"PORT": 3000,
"SECRET": "my_super_secret"
}
.env.js supports JavaScript
module.exports = {
NODE_ENV: 'development',
PORT: 3000,
SECRET: 'my_super_secret',
}
That's it. As early as possible in your application, require secrets. process.env should have the keys and values you defined in your .env file.
// setups entries in process.env
import 'secrets' // or require('secrets')
...
// which can be access anywhere in your code
app.listen(process.env.PORT, function () {
console.log('Server running on localhost:' + process.env.PORT)
})
Verify environment variables are loaded in process.env
secret.verify('PORT', 'SECRET') // throw error if it's missing
module.exports = {
presets: ['module:metro-react-native-babel-preset'],
plugins: ['secrets/babel-plugin-secrets'],
}
To create secret .env environment files on demands on your github actions checkout du5rte/create-secret-file
Secrets should be place in the root of the project but it searches for .env files the same way node searches for node_modules folders, the closer to the root the higher the priority.
/Users/user/myProjects/myAwesomeProject/.env
/Users/user/myProjects/.env
/Users/user/.env
/Users/.env
The parsing engine currently supports the following rules:
BASIC=basic becomes {BASIC: 'basic'}# are treated as commentsEMPTY= becomes {EMPTY: ''})SINGLE_QUOTE='quoted' becomes {SINGLE_QUOTE: "quoted"})MULTILINE="new\nline" becomes{MULTILINE: 'new
line'}
JSON={"foo": "bar"} becomes {JSON:"{\"foo\": \"bar\"}")No! 🙅♂️, do not commit your .env files! Adding a .gitignore file to your repository should be your first line of defense against accidentally leaking any secrets. read more
See CONTRIBUTING.md
See LICENSE
FAQs
Secret handler for Node.js 🗝️
We found that secrets demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Deno 2.2 enhances Node.js compatibility, improves dependency management, adds OpenTelemetry support, and expands linting and task automation for developers.
Security News
React's CRA deprecation announcement sparked community criticism over framework recommendations, leading to quick updates acknowledging build tools like Vite as valid alternatives.
Security News
Ransomware payment rates hit an all-time low in 2024 as law enforcement crackdowns, stronger defenses, and shifting policies make attacks riskier and less profitable.