Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

secure-env-ts

Package Overview
Dependencies
Maintainers
1
Versions
14
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

secure-env-ts

Use ENVs securely with encryption

  • 1.3.4
  • latest
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
53
decreased by-61.31%
Maintainers
1
Weekly downloads
 
Created
Source

npm version JavaScript Style Guide Maintenance GitHub license GitHub release Github all releases

secure-env

Secure-env is a module that loads environment variables from a .env.enc file. An encryption tool that would helps you prevent attacks from npm-malicious-packages.

Table Of Content

Usage

Options

Typescript

Usage

Create a .env file in the root directory of your project. Add environment-specific variables on new lines in the form of NAME=VALUE. For example:

DB_HOST=localhost:27017
DB_USER=scott
DB_PASS=tiger

Encrypt .env

$ npm install -g secure-env
$ secure-env .env -s mySecretPassword

Alternatively if you want this installed locally run the command as follows:

$ ./node_modules/secure-env/dist/cli.js .env -s mySecretPassword

If you are running NPM > v5.2. You can use npx:

$ npx secure-env .env -s mySecretPassword

A new encrypted file .env.enc will be created in your project root directory.You can delete the .env file after this,to prevent stealing.

Decrypt .env.enc

As early as possible in your application, require and configure dotenv.

let secureEnv = require('secure-env');
global.env = secureEnv({ secret:'mySecretPassword' });

That's it.

global.env now has the keys and values you defined in your .env file.

var db = require('db')
db.connect({
  host: global.env.DB_HOST,
  username: global.env.DB_USER,
  password: global.env.DB_PASS
})

Options

Encryption

$ secure-env --option <VALUE> <file-path-which-is-to-be-encrypted>
OptionWhat does it doDefaults
--secret Specify the secret Key which would be later used to decrypt the file.mySecret
--out The encrypted file path that would be created.env.enc
--algo The encryption algorithm that is to be used to encrypt the env file.aes256
--decryptprints the decrypted text to stdout

Decryption

Path

Default: .env

You can specify a custom path if your file containing environment variables is named or located differently.

require('secure-env')({ file:'/custom/path/to/your/env/vars' });
Decryption Algorithm

Default: aes256

You may specify the encryption algorithm for your file containing environment variables using this option.

require('secure-env')({ decryptionAlgo:'aes256' });
Secret

Required

Specify the secret Key which was used during encryption of raw file.Having a salt-hashed secret key is recommended.

require('secure-env')({ secret: 'mySecretPassword' });

Typescript

Now a days, it's common to use typescript in a project.
With secure-env you can type your env by using generics.

It's required for your interface to extend IObject

import SecureEnv, { IObject } from "secure-env"

interface IEnv extends IObject{
  DB_HOST: string;
  DB_USER: string;
  DB_PASS: string;
}

const env = SecureEnv<IEnv>(your_options);

Parse rules

Refer https://github.com/motdotla/dotenv/blob/master/README.md#parse

The parsing engine currently supports the following rules:

  • BASIC=basic becomes {BASIC: 'basic'}
  • empty lines are skipped
  • lines beginning with # are treated as comments
  • empty values become empty strings (EMPTY= becomes {EMPTY: ''})
  • single and double quoted values are escaped (SINGLE_QUOTE='quoted' becomes {SINGLE_QUOTE: "quoted"})
  • new lines are expanded if in double quotes (MULTILINE="new\nline" becomes
{MULTILINE: 'new
line'}
  • inner quotes are maintained (think JSON) (JSON={"foo": "bar"} becomes {JSON:"{\"foo\": \"bar\"}")
  • whitespace is removed from both ends of the value (see more on trim) (FOO=" some value " becomes {FOO: 'some value'}) G.md)

License

See LICENSE

Dependencies

Source-env uses these open source projects to work properly:

  • Minimist - Argument parser without all the fanciful decoration.

Contributors

Acknowledgements

Source-env is inspired from and also uses code references from these open source projects:

Keywords

FAQs

Package last updated on 10 Jan 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc