npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

env-secure

v1.0.0

Published

A CLI tool to securely encrypt and decrypt .env files.

Downloads

4

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

dhruvsuvarnadhruvsuvarna

Keywords

Readme

env-secure

env-secure is a powerful command-line utility designed to safeguard your .env files by encrypting sensitive environment variables using AES-256 encryption. With env-secure, you can ensure that your secret keys, API keys, and other sensitive data are securely stored and only accessible to authorized users. The tool also supports key rotation, allowing you to update your encryption key without compromising security. Whether you're working locally or in a team, env-secure provides a simple and secure way to manage your environment variables.

Table of Contents

  1. Installation
  2. Usage
  3. Security Considerations
  4. How It Works
  5. Contributing
  6. License

Installation

To install env-secure, you need to have Node.js installed on your system. Once Node.js is installed, run the following command:

npm install -g env-secure

This will install env-secure globally, allowing you to use it from any directory.

Usage

Overview of the commands:

flowchart TD
    env-secure[env-secure] -->|can be used to initialize the secret key| set-key(env-secure set-key)
    env-secure[env-secure] -->|can be used to encrypt the .env file| encrypt(env-secure encrypt)
    env-secure[env-secure] -->|can be used to decrypt the .env file| decrypt(env-secure decrypt)
    env-secure[env-secure] -->|can be used to change the secret key value| rotate-key(env-secure rotate-key)

Set the Secret Key:

Before encrypting or decrypting your .env file, you need to set a secret key. This key is used for encryption and decryption.

env-secure set-key

You will be prompted to enter a secret key. This key will be saved in your .env file under the ENV_SECURE_KEY variable.

Example:

$ env-secure set-key
Enter your secret key: my-secret-key
Secret key saved successfully.

Encrypt a .env File:

To encrypt your .env file, run the following command:

env-secure encrypt

You will be prompted to enter a passphrase. This passphrase is used to encrypt the secret key, ensuring that no part of the .env.enc file is stored in plain text.

Example:

$ env-secure encrypt
Enter your passphrase: my-passphrase
Successfully encrypted .env to .env.enc.

This will create an encrypted .env.enc file and delete the original .env file.

Decrypt a .env.enc File:

To decrypt your .env.enc file, run the following command:

env-secure decrypt

You will be prompted to enter the passphrase you used during encryption. If the passphrase is correct, the .env.enc file will be decrypted, and the original .env file will be restored.

Example:

$ env-secure decrypt
Enter your passphrase: my-passphrase
Successfully decrypted .env.enc to .env.

Rotate the Secret Key:

To rotate the secret key, run the following command:

env-secure rotate-key

You will be prompted to:

Enter your current secret key.

Enter your new secret key.

Example:

$ env-secure rotate-key
Enter your current secret key: my-secret-key
Enter your new secret key: my-new-secret-key
Secret key updated successfully.

This will update the secret key in the .env file. No encryption or decryption is performed during rotation.

Security Considerations

  1. Secret Key:

    • The secret key is used for encrypting and decrypting your .env file. Keep it secure and do not share it.

    • If the secret key is compromised, rotate it immediately using the rotate-key command.

  2. Passphrase:

    • The passphrase is used to encrypt the secret key. Choose a strong passphrase and do not share it.

    • If the passphrase is forgotten, the .env.enc file cannot be decrypted.

  3. Encrypted File:

    • The .env.enc file contains no plain text. All data, including the secret key, is encrypted.

    • Store the .env.enc file securely and do not share it.

  4. Backup:

    • Always keep a backup of your original .env file before encrypting it.

How It Works

Encryption Process

  1. The secret key is encrypted using a passphrase-derived key.

  2. The encrypted secret key is stored in the .env.enc file as the first line.

  3. The rest of the .env file is encrypted using the secret key.

  4. The original .env file is deleted after encryption.

Decryption Process

  1. The encrypted secret key is extracted from the .env.enc file.

  2. The secret key is decrypted using the passphrase-derived key.

  3. The rest of the .env.enc file is decrypted using the secret key.

  4. The original .env file is restored, and the .env.enc file is deleted.

Rotation Process

  1. The secret key in the .env file is updated.

  2. No encryption or decryption is performed during rotation.

Contributing

Contributions are welcome! If you find a bug or have a feature request, please open an issue on the GitHub repository.

To contribute code:

  • Fork the repository.

  • Create a new branch for your feature or bug fix.

  • Submit a pull request.

License

This project is licensed under the MIT License. See the LICENSE file for details.

Support

If you have any questions or need help, please open an issue on the GitHub repository or contact me through Email.