Product
Introducing Socket Fix for Safe, Automated Dependency Upgrades
Automatically fix and test dependency updates with socket fix—a new CLI tool that turns CVE alerts into safe, automated upgrades.
By John-David Dalton - Apr 25, 2025
🚀 Socket Launch Week 🚀 Day 5: Introducing Socket Fix.Learn More →
unify-secrets
Advanced tools
unify-secrets
Manage configuration variable obtains from environment or docker secrets
unify-secrets
A tiny module to make it easier to work with configurations - especially secrets - held in either environment variables, or docker secrets. Useful when a single code base may be used either directly on the local machine (using environment variables), or under docker-compose or a docker swarm, where environment variables are not secure and docker secrets should be used.
Installation
npm install --save unify-config
Usage
Motivation
When developing a server application in node it is good practice to use environment variables for configurations, especially for secrets. With docker-compose and docker swarm however, whilst environment variables can be used, they are not secure, and docker secrets are a better solution. (Despite not being obvious from the docker documentations, secrets work with docker-compose as well as docker swarm.)
Docker secrets are made available as files mounted at /run/secrets, whereas environment variable are found at process.env. If you use both a local environment with environment variables, and a docker environment with secrets in your development process, your code needs to handle two possible sources of config.
Typical use
const UnifySecrets = require('unify-secrets')
const c = new UnifySecrets()
c.addList(['API_TOKEN', 'DATABASE_URL'])
const connection = connectToDatabase(c.DATABASE_URL).
API
Kind: global class
- UnifySecrets
- new UnifySecrets()
- .config
- .addEnv(name) ⇒
string - .addSecret(name) ⇒
string - .add(name) ⇒
string - .addList(names) ⇒
Array.<string> - .addAllSecrets() ⇒
Array.<string>
new UnifySecrets()
Support setting application config values from either environment values or docker secrets
Provides a unified mechanism to load configurations whether running as:
- directly on local machine with environment variables
- under docker-compose using docker secrets
- under docker swarm using docker secrets
unifySecrets.config
Get full config object
Kind: instance property of UnifySecrets
Read only: true
unifySecrets.addEnv(name) ⇒ string
Try to add a config value from an environment variable
Kind: instance method of UnifySecrets
Returns: string - - found config value
| Param | Type |
|---|---|
| name | string |
unifySecrets.addSecret(name) ⇒ string
Try to add a config value from a docker secret
Kind: instance method of UnifySecrets
Returns: string - - found config value
| Param | Type |
|---|---|
| name | string |
unifySecrets.add(name) ⇒ string
Try to add config value from either environment variable or docker secret
If both sources exist, the docker secret will be used.
Kind: instance method of UnifySecrets
Returns: string - - found config value
| Param | Type |
|---|---|
| name | string |
unifySecrets.addList(names) ⇒ Array.<string>
Try to add all config value in a list
Kind: instance method of UnifySecrets
Returns: Array.<string> - - list of found values (or null for those not found)
| Param | Type |
|---|---|
| names | Array.<string> |
unifySecrets.addAllSecrets() ⇒ Array.<string>
Add all docker secrets
Kind: instance method of UnifySecrets
Returns: Array.<string> - - list of found secrets
FAQs
Manage configuration variable obtains from environment or docker secrets
The npm package unify-secrets receives a total of 215 weekly downloads. As such, unify-secrets popularity was classified as not popular.
We found that unify-secrets demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 01 Jun 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
CISA Rebuffs Funding Concerns as CVE Foundation Draws Criticism
CISA denies CVE funding issues amid backlash over a new CVE foundation formed by board members, raising concerns about transparency and program governance.
By Sarah Gooding - Apr 24, 2025
Product
Introducing Historical Analytics – Now in Beta
We’re excited to announce a powerful new capability in Socket: historical data and enhanced analytics.
By Phil Gates-Idem - Apr 24, 2025