secure-env
Secure-env is a module that loads environment variables from a .env.enc
file. An encryption tool that would helps you prevent attacks from npm-malicious-packages.
Table Of Content
Usage
Options
Typescript
Usage
Create a .env
file in the root directory of your project. Add
environment-specific variables on new lines in the form of NAME=VALUE
.
For example:
DB_HOST=localhost:27017
DB_USER=scott
DB_PASS=tiger
Encrypt .env
$ npm install -g secure-env
$ secure-env .env -s mySecretPassword
Alternatively if you want this installed locally run the command as follows:
$ ./node_modules/secure-env/dist/cli.js .env -s mySecretPassword
If you are running NPM > v5.2. You can use npx
:
$ npx secure-env .env -s mySecretPassword
A new encrypted file .env.enc
will be created in your project root directory.You can delete the .env
file after this,to prevent stealing.
Decrypt .env.enc
As early as possible in your application, require and configure dotenv.
let secureEnv = require('secure-env');
global.env = secureEnv({ secret:'mySecretPassword' });
That's it.
global.env
now has the keys and values you defined in your .env
file.
var db = require('db')
db.connect({
host: global.env.DB_HOST,
username: global.env.DB_USER,
password: global.env.DB_PASS
})
Options
Encryption
$ secure-env --option <VALUE> <file-path-which-is-to-be-encrypted>
Option | What does it do | Defaults |
---|
--secret | Specify the secret Key which would be later used to decrypt the file. | mySecret |
--out | The encrypted file path that would be created. | env.enc |
--algo | The encryption algorithm that is to be used to encrypt the env file. | aes256 |
--decrypt | prints the decrypted text to stdout | |
Decryption
Path
Default: .env
You can specify a custom path if your file containing environment variables is
named or located differently.
require('secure-env')({ file:'/custom/path/to/your/env/vars' });
Decryption Algorithm
Default: aes256
You may specify the encryption algorithm for your file containing environment variables
using this option.
require('secure-env')({ decryptionAlgo:'aes256' });
Secret
Required
Specify the secret Key which was used during encryption of raw file.Having a salt-hashed secret key is recommended.
require('secure-env')({ secret: 'mySecretPassword' });
Typescript
Now a days, it's common to use typescript in a project.
With secure-env
you can type your env by using generics.
It's required for your interface to extend IObject
import SecureEnv, { IObject } from "secure-env"
interface IEnv extends IObject{
DB_HOST: string;
DB_USER: string;
DB_PASS: string;
}
const env = SecureEnv<IEnv>(your_options);
Parse rules
Refer https://github.com/motdotla/dotenv/blob/master/README.md#parse
The parsing engine currently supports the following rules:
BASIC=basic
becomes {BASIC: 'basic'}
- empty lines are skipped
- lines beginning with
#
are treated as comments - empty values become empty strings (
EMPTY=
becomes {EMPTY: ''}
) - single and double quoted values are escaped (
SINGLE_QUOTE='quoted'
becomes {SINGLE_QUOTE: "quoted"}
) - new lines are expanded if in double quotes (
MULTILINE="new\nline"
becomes
{MULTILINE: 'new
line'}
- inner quotes are maintained (think JSON) (
JSON={"foo": "bar"}
becomes {JSON:"{\"foo\": \"bar\"}"
) - whitespace is removed from both ends of the value (see more on
trim
) (FOO=" some value "
becomes {FOO: 'some value'}
)
G.md)
License
See LICENSE
Dependencies
Source-env uses these open source projects to work properly:
- Minimist - Argument parser without all the fanciful decoration.
Contributors
Acknowledgements
Source-env is inspired from and also uses code references from these open source projects: