npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

launchkey

v0.1.0

Published

Manage app configs locally!

Downloads

17

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

artmllrartmllr

Keywords

Readme

LaunchKey

Manage app configs locally!

Why?

  1. Configuring apps through env vars is painful because they are all strings
  2. Relying on external providers encrypted keys leads to lock-in

What?

You manage configs for all envs in a single envs file that is checked into source control — but sensitive values are encrypted.

When needed, you generate decrypted JSON files out of it that can be simply require'd in your app. The important part here is that this only happens on the CI server or before deploy, meaning that even though the file is present in the repo, no one can get to the sensitive data because it is encrypted.

How?

You start with a plain text JSON file called envs.json, which includes configs for all envs. For example:

{
  "local": {
    "API_TOKEN": "foo-bar-baz",
    "API_ORIGIN": "http://localhost:8080"
  },
  "production": {
    "!API_TOKEN": "beep-boop-boom",
    "API_ORIGIN": "https://api.example.com"
  }
}

Notice how API_TOKEN inside the production config starts with !? This tells LaunchKey to encrypt this entry. We'll do that now.

Run: launchkey encrypt production. This will give you output that looks something like:

Success: "prod" env encrypted.
Secret key: 01C3751AYNCD6ATM0HYSCDJWXJ
(Keep your secret safe — you can't decrypt without it!)

Now if you open envs.json again, you will get something along the lines of:

{
  "local": {
    "API_TOKEN": "foo-bar-baz",
    "API_ORIGIN": "http://localhost:8080"
  },
  "production": {
    "!API_TOKEN": "ca3361ba49e9b46781c4e369ec4d9716f407c399d97bc61a5bec38855b3e0be985c1ddf5c19eeca6adcba2bc3618afd9mDejpNtCpPb6EqSJBKx6rKaejhtP+CD4JXqOLUgeeMY=",
    "API_ORIGIN": "https://api.example.com"
  }
}

The API_TOKEN key inside of production is now encrypted using the secret key.

Finally, once you want to generate production config to be used by your app (perhaps you do that during deploy on your CI server), you simply run: launchkey generate production --secret 01C3751AYNCD6ATM0HYSCDJWXJ.

This will output the following into config.json:

{
  "API_TOKEN": "beep-boop-boom",
  "API_ORIGIN": "https://api.example.com"
}