npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

hidenv

v1.0.4

Published

Beautiful CLI tool to encrypt and decrypt .env files with AES-256-GCM

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

erik444erik444

Keywords

envenvironmentencryptionclisecurityaesdotenvsecretssecurecryptohidenv

Readme

🔐 HidEnv - Secure Environment Tool

A beautiful CLI tool to encrypt and decrypt .env files using military-grade AES-256-GCM encryption. Keep your secrets safe! 🛡️

Version Node License

🚀 Quick Start

# Install globally
npm install -g hidenv

# Quick test (try it now!)
echo "TEST_VAR=hello_world" > .env
hidenv --e mypassword    # Encrypt
hidenv --d mypassword    # Decrypt
cat .env                 # Verify: should show TEST_VAR=hello_world

# That's it! Your .env is now safely encrypted as .env.enc

⚡ One-Minute Test

Want to see it in action right now?

# Create test file
echo "DEMO=this_is_a_test" > .env

# Encrypt it
hidenv --e demo123

# Remove original
rm .env

# Decrypt it back
hidenv --d demo123

# Check it worked
cat .env
# Output: DEMO=this_is_a_test

🌟 Features

  • 🔒 Military-Grade Encryption: AES-256-GCM with scrypt key derivation
  • 🎨 Beautiful Interface: Interactive CLI with colors, spinners, and ASCII art
  • Lightning Fast: Direct encryption/decryption with command arguments
  • 🔑 Secure Input: Password masking and validation
  • 🌍 Cross-Platform: Works on Windows, macOS, and Linux
  • 📦 Zero Dependencies: Only crypto built-ins, no external crypto libraries

🚀 Installation

Global Installation

npm install -g secure-env-tool

Local Installation

git clone <repository-url>
cd secure-env-tool
npm install
npm link

📖 Usage

🎮 Interactive Mode

Launch the beautiful interactive interface:

hidenv

What you'll see:

 _   _ _     _ _____ _   ___     __
| | | (_) __| | ____| \ | \ \   / /
| |_| | |/ _` |  _| |  \| |\ \ / /
|  _  | | (_| | |___| |\  | \ V /
|_| |_|_|\__,_|_____|_| \_|  \_/

? What do you want to do? (Use arrow keys)
❯ 🔒 Encrypt .env
  🔓 Decrypt .env

? Enter your secret key: [hidden]
⠋ Encrypting...
✔ File encrypted as .env.enc

⚡ Command Line Mode

For automation and scripts:

🔒 Encrypt a .env file

# Interactive password prompt
hidenv --e
# Output: ✔ File encrypted as .env.enc

# Direct password (not recommended for production)
hidenv --e mypassword

🔓 Decrypt a .env.enc file

# Interactive password prompt
hidenv --d
# Output: ✔ File decrypted as .env

# Direct password (not recommended for production)
hidenv --d mypassword

📚 Show help

hidenv --help

🧪 Quick Test & Verification

Want to verify everything works correctly? Follow these simple steps:

🚀 Basic Test

# 1. Create a test .env file
echo "TEST_API_KEY=secret123" > .env
echo "TEST_PASSWORD=mypassword" >> .env

# 2. Encrypt with a test password
hidenv --e testpass123

# 3. Verify .env.enc was created
ls -la *.enc

# 4. Test decryption
hidenv --d testpass123

# 5. Verify content is restored
cat .env
# Should show:
# TEST_API_KEY=secret123
# TEST_PASSWORD=mypassword

🔒 Security Test

# Test with wrong password (should fail)
hidenv --d wrongpassword
# Expected: ✖ Error: Failed to decrypt. Check your password.

# Test with correct password (should work)
hidenv --d testpass123
# Expected: ✔ File decrypted as .env

🎮 Interactive Mode Test

# Launch interactive mode
hidenv

# Follow the prompts:
# 1. Choose "🔒 Encrypt .env" or "🔓 Decrypt .env"
# 2. Enter your password when prompted
# 3. Watch the beautiful spinner animation!

🔧 How it Works

📊 Visual Process Flow

┌─────────────────────────────────────────────────────────────────┐
│                        ENCRYPTION PROCESS                       │
├─────────────────────────────────────────────────────────────────┤
│ 1. Read .env file     │ 2. Generate Salt    │ 3. Derive Key      │
│    ┌─────────────┐    │    ┌─────────────┐   │   ┌─────────────┐  │
│    │ API_KEY=123 │    │    │ Random 16B  │   │   │ scrypt(pwd) │  │
│    │ DB_PASS=xyz │ ──▶│    │ Salt        │──▶│   │ + salt      │  │
│    └─────────────┘    │    └─────────────┘   │   └─────────────┘  │
├─────────────────────────────────────────────────────────────────┤
│ 4. Generate IV        │ 5. Encrypt Data     │ 6. Save .env.enc   │
│    ┌─────────────┐    │    ┌─────────────┐   │   ┌─────────────┐  │
│    │ Random 16B  │    │    │ AES-256-GCM │   │   │ Salt+IV+    │  │
│    │ IV          │ ──▶│    │ Encryption  │──▶│   │ Tag+Data    │  │
│    └─────────────┘    │    └─────────────┘   │   └─────────────┘  │
└─────────────────────────────────────────────────────────────────┘

Encryption Process

  1. 📁 Read: Parses your .env file preserving comments and formatting
  2. 🧂 Salt: Generates a cryptographically random 16-byte salt
  3. 🔑 Key Derivation: Uses scrypt with high cost parameters (N=16384, r=8, p=1)
  4. 🎲 IV Generation: Creates a random 16-byte initialization vector
  5. 🔒 Encrypt: Uses AES-256-GCM for authenticated encryption
  6. 📦 Package: Combines all components into a binary .env.enc file

Decryption Process

  1. 📖 Read: Opens and validates the .env.enc file format
  2. 🔍 Extract: Separates salt, IV, auth tag, and encrypted data
  3. 🔑 Key Derivation: Recreates the key using your password and extracted salt
  4. 🔓 Decrypt: Uses AES-256-GCM to decrypt and verify integrity
  5. Verify: Validates authentication tag to ensure no tampering
  6. 💾 Save: Writes the decrypted content back to .env

🛡️ Security Features

  • AES-256-GCM: Industry-standard authenticated encryption
  • scrypt: Memory-hard key derivation function (resistant to brute-force)
  • Random Salt: Prevents rainbow table attacks
  • Random IV: Ensures unique ciphertext even with same plaintext
  • Authentication Tag: Prevents tampering and ensures data integrity

🔒 Why Encrypt .env Files?

Environment files often contain sensitive information like:

  • API keys
  • Database passwords
  • Secret tokens
  • Configuration secrets

By encrypting these files, you can:

  • ✅ Store them safely in version control
  • ✅ Share them securely with team members
  • ✅ Backup sensitive configurations
  • ✅ Prevent accidental exposure

⚠️ Important Notes

  • Remember your password: Without it, your encrypted data cannot be recovered
  • Backup strategy: Keep secure backups of both encrypted files and passwords
  • Version control: Add .env to .gitignore, commit .env.enc instead
  • Team sharing: Share passwords through secure channels only

🚀 Production Workflow

  1. Initial setup with sensitive .env:

    # Create your .env file
echo "API_KEY=secret123" > .env
echo "DB_PASSWORD=supersecret" >> .env

# Encrypt it
hidenv --e mypassword

# Add encrypted version to git
git add .env.enc
git commit -m "Add encrypted environment variables"

  2. Team member setup:

    # Clone repository
git clone <repo>
cd <repo>

# Decrypt (password shared securely)
hidenv --d mypassword

# Now you have the .env file ready

  3. Updating secrets:

    # Edit .env file
nano .env

# Re-encrypt
hidenv --e mypassword

# Commit updated encrypted file
git add .env.enc
git commit -m "Update environment variables"

🎯 Real-World Examples

Example 1: Node.js API Project

Before (insecure):

# .env file in your repository (❌ DANGEROUS)
API_KEY=sk-abc123def456
DATABASE_URL=postgresql://user:pass@host:5432/db
JWT_SECRET=my-super-secret-key
STRIPE_SECRET=sk_test_123456789

After (secure):

# 1. Encrypt your secrets
hidenv --e

# 2. Only commit the encrypted version
git add .env.enc
git commit -m "Add encrypted environment variables"

# 3. Add .env to .gitignore
echo ".env" >> .gitignore

Example 2: Team Collaboration

Team Lead:

# Share the encrypted file via git
git add .env.enc
git commit -m "Add team environment variables"
git push origin main

# Share password securely (Slack DM, encrypted message, etc.)
# Password: "MyTeamSecurePass2024!"

Team Member:

# Clone and decrypt
git clone https://github.com/company/project.git
cd project
hidenv --d  # Enter shared password
npm install
npm start  # Environment ready! 🚀

Example 3: Multiple Environments

# Development environment
cp .env.dev .env
hidenv --e devpassword
mv .env.enc .env.dev.enc

# Production environment
cp .env.prod .env
hidenv --e prodpassword
mv .env.enc .env.prod.enc

# Deploy to production
hidenv --d prodpassword  # Creates .env from .env.enc
docker build -t myapp .

🔍 File Format Deep Dive

Binary Structure of .env.enc

┌──────────────────────────────────────────────────────────────┐
│                    .env.enc File Structure                   │
├──────────────────────────────────────────────────────────────┤
│ Magic Header  │ Version │ Salt (16B) │ Length │ Encrypted    │
│    "hidenv"     │   0x01  │  Random    │  4B    │ Content      │
│    (4 bytes)  │ (1 byte)│            │        │ (Variable)   │
└──────────────────────────────────────────────────────────────┘

Why this format?

  • 🔍 Magic Header: Identifies the file type instantly
  • 📊 Version: Allows future format updates
  • 🧂 Salt: Each encryption uses a unique salt
  • 📏 Length: Prevents buffer overflow attacks
  • 🔒 Content: Your encrypted environment variables

🚨 Security Best Practices

✅ DO's

  • ✅ Use strong, unique passwords (12+ characters)
  • ✅ Store .env.enc in version control
  • ✅ Share passwords through secure channels
  • ✅ Backup both encrypted files and passwords
  • ✅ Rotate passwords periodically
  • ✅ Use different passwords for different environments

🐛 Troubleshooting

Common Issues

❓ "File not found" error

# Make sure you're in the right directory
ls -la | grep env

# Check if file exists
hidenv --help  # Should show available options

❓ "Invalid password" error

# Password is case-sensitive, try again carefully
hidenv --d

# Check if .env.enc is corrupted
file .env.enc  # Should show "data"

❓ "Permission denied" error

# Fix file permissions
chmod 644 .env.enc
chmod 600 .env  # After decryption

🧪 Debug Commands

# Verify the tool is working correctly
node bin/cli.js --help

# Test with a simple example
echo "DEBUG_TEST=working" > .env
node bin/cli.js --e debug123
node bin/cli.js --d debug123
cat .env  # Should show: DEBUG_TEST=working

# Check file formats
ls -la .env*
# Should show both .env and .env.enc files

# Test error handling
node bin/cli.js --d wrongpassword
# Should show: ✖ Error: Failed to decrypt. Check your password.

Getting Help

  • 📖 Run hidenv --help for usage information
  • 🐛 Check file permissions and current directory
  • 🔑 Verify password is correct (case-sensitive)
  • 📁 Ensure .env or .env.enc files exist

Contributing

We welcome contributions! Here's how you can help:

  • 🐛 Report bugs on GitHub Issues
  • 💡 Suggest features via GitHub Discussions
  • 🔧 Submit pull requests with improvements
  • 📖 Improve documentation and examples
  • Star the project to show support

�📄 License

MIT License - see LICENSE file for details

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Made with ❤️ by erik

Keep your secrets safe! 🔐

GitHub stars