npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

dotenv-vault-core

v0.7.1

Published

Decrypt .env.vault file

Downloads

3,988

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

motdotlamotdotla

Keywords

dotenvenv.env.env.vaultvaultenvironmentvariablesconfigsettings

Readme

THIS LIBRARY IS DEPRECATED. USE dotenv >= 16.1.0 instead. It added first-class support for decrypting .env.vault files as of May 30, 2023.

dotenv-vault-core NPM version

Extends the proven & trusted foundation of dotenv, with a .env.vault file.

The extended standard lets you sync your .env files – quickly & securely. Stop sharing them over insecure channels like Slack and email, and never lose an important .env file again.

You need a Dotenv Account to use Dotenv Vault. It is free to use with premium features.

Create your account

Install

# install locally (recommended)
npm install dotenv-vault-core --save

Or installing with yarn? yarn add dotenv-vault-core

Usage

.env

Basic usage works just like dotenv.

Create a .env file in the root of your project:

S3_BUCKET=YOURS3BUCKET
SECRET_KEY=YOURSECRETKEYGOESHERE

As early as possible in your application, import and configure dotenv:

require('dotenv-vault-core').config()
console.log(process.env) // remove this after you've confirmed it is working

That's it. process.env now has the keys and values you defined in your .env file:

require('dotenv-vault-core').config()

...

s3.getBucketCors({Bucket: process.env.S3_BUCKET}, function(err, data) {})

.env.vault

Extended usage uses a .env.vault file that allows you to sync your secrets across machines, team members, and environments.

Usage is similar to git. In the same directory as your .env file, run the command:

npx dotenv-vault new

Follow those instructions and then run:

$ npx dotenv-vault login

Then run push and pull:

$ npx dotenv-vault push
$ npx dotenv-vault pull

That's it!

You just synced your .env file. Commit your .env.vault file to code, and tell your teammates to run npx dotenv-vault pull.

Custom Path (Monorepos)

If you need to specify a custom path, for example in a monorepo, you can specify a path param in the config() call.

require('dotenv-vault-core').config('apps/some-app/.env.vault')

Multiple Environments

Run the command:

$ npx dotenv-vault open production

It will open up an interface to manage your production environment variables.

Build & Deploy Anywhere

Build your encrypted .env.vault:

$ npx dotenv-vault build

Safely commit and push your changes:

$ git commit -am "Updated .env.vault"
$ git push

Obtain your DOTENV_KEY:

$ npx dotenv-vault keys

Set DOTENV_KEY on your infrastructure. For example, on Heroku:

$ heroku config:set DOTENV_KEY="dotenv://:[email protected]/vault/.env.vault?environment=production"

All set! When your app boots, it will recognize a DOTENV_KEY is set, decrypt the .env.vault file, and load the variables to ENV.

Made a change to your production envs? Run npx dotenv-vault build, commit that safely to code, and deploy. It's simple and safe like that.

Dotenv.org

Create your account

You need a Dotenv Account to use Dotenv Vault. It is free to use with premium features.

Visit health.dotenv.org for more information.

FAQ

What happens if DOTENV_KEY is not set?

Dotenv Vault gracefully falls back to dotenv when DOTENV_KEY is not set. This is the default for development so that you can focus on editing your .env file and save the build command until you are ready to deploy those environment variables changes.

Should I commit my .env file?

No. We strongly recommend against committing your .env file to version control. It should only include environment-specific values such as database passwords or API keys. Your production database should have a different password than your development database.

Should I commit my .env.vault file?

Yes. It is safe and necessary to do so. It contains your encrypted envs, and your vault identifier.

What happens if my .env.vault is missing?

Dotenv Vault gracefully falls back to dotenv when .env.vault is missing. You will receive a warning that it is missing.

Can I share the DOTENV_KEY?

No. It is the key that unlocks your encrypted environment variables. Be very careful who you share this key with. Do not let it leak.

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Added some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request

Changelog

See CHANGELOG.md

License

MIT