secure-env
Advanced tools
Readme
Secure-env is a module that loads environment variables from a .env.enc file.A encryption tool that would helps you prevent attacks from npm-malicious-packages.
Create a .env file in the root directory of your project. Add
environment-specific variables on new lines in the form of NAME=VALUE.
For example:
DB_HOST=localhost:27017
DB_USER=scott
DB_PASS=tiger
$ npm install -g secure-env
$ secure-env .env -s mySecretPassword
Alternatively if you want this installed locally run the command as follows:
$ ./node_modules/secure-env/dist/es5/lib/cli.js .env -s mySecretPassword
If you are running NPM > v5.2. You can use npx:
$ npx secure-env .env -s mySecretPassword
A new encrypted file .env.enc will be created in your project root directory.You can delete the .env file after this,to prevent stealing.
As early as possible in your application, require and configure dotenv.
let secureEnv = require('secure-env');
global.env = secureEnv({secret:'mySecretPassword'});
That's it.
global.env now has the keys and values you defined in your .env file.
var db = require('db')
db.connect({
host: global.env.DB_HOST,
username: global.env.DB_USER,
password: global.env.DB_PASS
})
$ secure-env --option <VALUE> <file-path-which-is-to-be-encrypted>
| Option | What does it do | Defaults |
|---|---|---|
| --secret | Specify the secret Key which would be later used to decrypt the file. | mySecret |
| --out | The encrypted file path that would be created. | env.enc |
| --algo | The encryption algorithm that is to be used to encrypt the env file. | aes256 |
| --decrypt | prints the decrypted text to stdout |
Default: .env
You can specify a custom path if your file containing environment variables is named or located differently.
require('secure-env')({path:'/custom/path/to/your/env/vars'});
Default: aes256
You may specify the encryption algorithm for your file containing environment variables using this option.
require('secure-env')({enc_algo:'aes256'});
Default: mySecret
Specify the secret Key which was used during encryption of raw file.Having a salt-hashed secret key is recommended.
require('secure-env')({secret:'mySecretPassword'});
Refer https://github.com/motdotla/dotenv/blob/master/README.md#parse
The parsing engine currently supports the following rules:
BASIC=basic becomes {BASIC: 'basic'}# are treated as commentsEMPTY= becomes {EMPTY: ''})SINGLE_QUOTE='quoted' becomes {SINGLE_QUOTE: "quoted"})MULTILINE="new\nline" becomes{MULTILINE: 'new
line'}
JSON={"foo": "bar"} becomes {JSON:"{\"foo\": \"bar\"}")trim) (FOO=" some value " becomes {FOO: 'some value'})
G.md)See LICENSE
Source-env uses these open source projects to work properly:
Source-env is inspired from and also uses code references from these open source projects:
FAQs
Use ENVs securely with encryption
The npm package secure-env receives a total of 5,214 weekly downloads. As such, secure-env popularity was classified as popular.
We found that secure-env demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.
Security News
This episode of the Risky Biz podcast discusses how the rise of small open source packages and the shift towards individual maintainers makes the ecosystem more vulnerable to supply chain attacks.
Product
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.