npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

cqr-env

v2.1.0

Published

Have multiple env files that can be encrypted and included in version control

Downloads

46

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

bernardoadcbernardoadc

Keywords

env.envenvironmentvariablesconfigsettingsprocess.envstagesnode_envdevelopmenttestproductionlocalencryptsecure-envencrypt-envdecrypt-env

Readme

CQr-env

Secured Multiple Env Files

Have multiple env files that can be encrypted and included in version control (e.g. git)

Motivation

This is yet another package for loading env files. After researching for npm packages, I've found several solutions but none to my avail. They all lack some handy features (at the same time or altogether):

  • have multiple env files
    • for staging purposes (production, development, testing, local, etc)
    • for modularization - a root env, a component env, some common env (motif), "external" env (for database A, for service B, for API C)
    • to segregate sensible information from non-sensible information (like credentials)
  • multiple formats (raw/shell-like, json, js), including javascript (dynamic, interpreted at runtime). JSON supported by JSON5 (comments, single-quotes, line breaks, trailing commas and more)
  • special cases for raw files: multiline strings, ignore blank lines, parse as js types (numbers as numbers, objects, etc.), don't parse comments (//, #, <!-- -->, /**/) - either //x=1 or x=1 //2
  • encrypt sensible information
    • allowing to include in version control (otherwise when sharing projects, one should send private env files separately)
    • possibility to use encrypted env file without decrypting it (decrypt on the fly)
    • if decrypted, change extension so to not commit it by mistake

Some packages researched: dotenv, dotenvjs, @alucarpd86/dotenv-json, @eddiewen/dotenvjson, envdot, envdotjs, envdotjson, envdotenv, dotenv-expand, dotenv-packed, dotenv-extended, expand-dotenv, dotenv-defaults, dotenv-flow, encrypt-env, environment-crypt, secure-env, encrypted-env

Usage

Loading multiple env files (.js, .json, raw)

📂 Project
├ 📂 modules
│ ├ 📂 x
│ │ └ 📄 x.env.js  // { mode: 'on' }
│ ├ 📂 y
│ │ └ 📄 y.env.json  // [1, 2, 3]
│ └ 📂 z
│   └ 📄 z.env  // url=example.com
└ 📄 index.js
/* index.js */
const env = require('cqr-env')(['**/*.env.js', '**/*.env.json', '**/*.env'])
// { x: { mode: 'on' }, y: [1, 2, 3], url: 'example.com' }

Don't use filename as key / specify key name

Obs: If a single file is loaded, name by default is false

📂 Project
├ 📄 development.env.js  // { host: 'localhost' }
├ 📄 production.env.js   // { host: 'example.com' }
└ 📄 index.js
/* index.js */
console.log(process.env.NODE_ENV) // 'production'

const env = require('cqr-env')(`${process.env.NODE_ENV}.js`) // implies { name: false }
// { host: 'example.com' }, not { production: { host: 'example.com' }}

const env = require('cqr-env')(`${process.env.NODE_ENV}.js`, { name: 'node_env' })
// { node_env: { host: 'example.com' }}

Set defaults

📂 Project
├ 📄 default.env.js      // { host: 'localhost', port: 1234 }
├ 📄 development.env.js  // { host: 'localhost' }
├ 📄 production.env.js   // { host: 'example.com' }
└ 📄 index.js
/* index.js */

// default file
process.env.NODE_ENV = ''
const env = require('cqr-env')(`${process.env.NODE_ENV || 'default'}.env.js`)
// { host: 'localhost', port: 1234 })

// using destructuring
process.env.NODE_ENV = 'production'
const secureEnv = require('cqr-env')
const Default = secureEnv('default.env.js')
const env2 = { ...Default, ...secureEnv(`${process.env.NODE_ENV}.env.js`) }
// { host: 'example.com', port: 1234})

Encrypt env files

  1. Add *.exposed to .gitignore to prevent any decrypted/unsafe files to be committed.
  2. Create a file with desired name and extension + .exposed. Fill sensible information.
  3. Set password key in environment variable. E.g.: setx proj_key 1234 or export proj_key=1234. You can use multiple password keys as you like - just create one env var for each.
  4. Encrypt file(s) using cqr-env -e "gloob" -v "key_name"

Execute cqr-env via npx, npm exec or npm x, or simply via npm scripts (e.g. npm run command with command in package.json scripts)

Decrypt env files (for editing)

  1. Decrypt file(s) using cqr-env -d "gloob" -v "key_name" (files must end with .encrypted)

Decrypt and load env files on-the-fly

📂 Project
├ 📄 production.env.js.encrypted   // 790ffd1b2e51f77aa5621331dfd4dbec586d4276076c2129562cd2baef4fbb937574ab2b9416b9e06b5bf9d273f7a5f8P7PhoZco+zGRQJnddS7VwmTxZr6gd+4jwCsp1yLG0ck+RzoRXgExT/3tvMgwGp0AVJ8MFtcsybRNbuv6dq0RM4HmAIwQCDi5con96O8YjyAmKlsBj2G1nDb1GZ7iBD2EWX8w9GlRop6b12H5FyxxLB9BUGYcdg83vTW5s3+PgNZ9Mlx2LFLZiApn4DR91GOsB13wgCoy/7CZa+6wOiguIOtw+H1pGWunmJmi8NR3HGhbJp7Gmj4b6URAFuUgg0FGKUY2JCLQfLM4ogSE3QbSZwlzQZ5mawRrNm8PhPrG0+RXozyClYo3e0SsZeqdVimL
└ 📄 index.js
/* index.js */
console.log(process.env.NODE_ENV) // 'production'

const env = require('cqr-env')(`${process.env.NODE_ENV}.env.js.encrypted`, 'key_name')
// { host: 'example.com', pw: 'abcde' }

Storing keys in files instead of environment variables

While this is discouraged, sometimes the environment variables aren't acessible and thus this provides an alternative method.

  1. Create a file with password key inside
  2. Add to .gitignore to prevent to be committed.
  3. Encrypt file(s) using cqr-env -e "gloob" -f path/to/file
  4. Decrypt file(s) using cqr-env -d "gloob" -f path/to/file (for editing)
  5. To decrypt and load env files on-the-fly, do:
/* index.js */
console.log(process.env.NODE_ENV) // 'production'

const env = require('cqr-env')(`${process.env.NODE_ENV}.env.js.encrypted`, { pwfile: 'path/to/file' })
// { host: 'example.com', pw: 'abcde' }

Options

envvar (string): name of the environment variable that contains the password/key to decrypt a protected file. If options is a string, it will be considered to be the envvar.

name (bool/string): use filename as key. false destruct keys into parent and string give it a name. If not set, default is false for single file and true for multiple files. If options is boolean, it will be considered to be name.

pwfile (string): path of the file that contains the password/key to decrypt a protected file.