npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

ciphenv

v3.0.2

Published

Ciphenv (Ciphered Env) is a tool for encrypting and decrypting .env* files using prefixes to indicate values to encrypt.

Downloads

57

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

dvprrshdvprrsh

Keywords

.envciphercipheredciphered-envdotenvencrypted-envsecure-envsecureencryptedenvironmentvariables

Readme

Ciphenv

GitHub Workflow Status GitHub package.json version Snyk Vulnerabilities for npm package Codacy grade npm npm

Ciphenv (Ciphered Env) is a simple CLI tool to encrypt/cipher your .env files using prefixes to indicate whether you want the value to be encrypted using a given secret.

Install

npm install --save ciphenv

or

npm install -g ciphenv

Usage

Create one or many .env file(s) and add some values in following the dotenv pattern, e.g.

DB_HOST="localhost"
DB_USER="root"
DB_PASS="s1mpl32"

Encryption

At Runtime

To encrypt at runtime Ciphenv provides the encryptValue utility function.

/**
 * @param secret the secret used to encrypt the values.
 * @param value the value to encrypt
 * @returns the encrypted value
 */
function encryptValue(secret: string, value: string): string;

Here is an example of this usage:

import dotenv from "dotenv";
import { encryptValue } from "ciphenv";

function encrypt(someValue: string) {
  return encryptValue(process.env.SECRET, someValue);
}

Using the CLI

For the values that you want to be encrypted add a prefix of DEC: (which indicates it is decrypted) to the value. For example, taking the previous example and assuming the DB_PASS would want to be encrypted:

DB_HOST="localhost"
DB_USER="root"
DB_PASS="DEC:s1mpl32"

Then, all that is needed is to run:

$ npx ciphenv encrypt -F --secret superSecret

# `.env.enc` file created

and the output in the .env.enc file would be:

DB_HOST="localhost"
DB_USER="root"
DB_PASS="ENC:********"

Encrypting Entire Files

Ciphenv is also able to encrypt whole files through the use of another special prefix, being DEC_FILE_PATH: (path to the decrypted file). This can be especially useful for PEM keys and other multiline values that require encryption.

Following from the example above, the syntax would look like this:

DB_HOST="localhost"
DB_USER="root"
DB_PASS="DEC:s1mpl32"
PEM="DEC_FILE_PATH:./keys/super-secret.pem"

after encryption, the resultant .env file would end up as so:

DB_HOST="localhost"
DB_USER="root"
DB_PASS="ENC:********"
PEM="ENC:********"

Decryption

At Runtime

To decrypt at runtime Ciphenv provides two utility functions decryptValues and decryptValue.

/**
 * @param secret the secret used to encrypt the values
 * @param env the parsed output from `dotenv` for the specified `.env*` file
 * @returns the unencrypted env object (without the `DEC:` prefix on the values)
 */
function decryptValues(secret: string, env: { [key: string]: any }): { [key: string]: any };

/**
 * @param secret the secret used to encrypt the values.
 * @param value the value to decrypt
 * @returns the decrypted value (without the `DEC:` prefix)
 */
function decryptValue(secret: string, value: string): string;

Here is an example of this usage:

import dotenv from "dotenv";
import { decryptValues } from "ciphenv";

const config = decryptValues(process.env.SECRET, dotenv.config({ path: `.env.${NODE_ENV}.enc` }).parsed);

Using the CLI

To decrypt the encrypted .env file from the CLI you can then just run:

$ npx ciphenv decrypt -F --secret superSecret

# `.env.dec` file created

and the output would be:

DB_HOST="localhost"
DB_USER="root"
DB_PASS="DEC:s1mpl32"

Just remember to not commit the decrypted .env file(s)!

Here are .gitignore entries which could be used to avoid committing the decrypted .env files when using the default naming pattern:

.env.*
!.env.*.enc

Decrypting Entire Files

Decrypting entire files places the decrypted file path back in to the .env file like so:

DB_HOST="localhost"
DB_USER="root"
DB_PASS="DEC:s1mpl32"
PEM="DEC_FILE_PATH:./keys/super-secret.pem"

and also creates the super-secret.pem file with it's decrypted contents again.

The above occurs partly to avoid any issues with re-encrypting the decrypted .env file as the value would be multiline, but also to have the behaviour that you may expect, where something decrypted should match the original used during encryption.

CLI Options

| Option, [alias] | Description | Value Type | Default | | --------------- | ------------------------------------------------------ | --------------------- | ------------------------------------ | | --version | Show version number | boolean | | | -R, --replace | Overwrite the specified .env* file with new contents | boolean | false | | -S, --secret | Secret to use for encryption | string* | (required) | | -F, --file | Path to .env* | string or boolean | false or .env if value is true | | -V, --value | Value to be encrypted | string | | | -h, --help | Show help | boolean | |