netlify-plugin-lockzero

Netlify Build Plugin that injects LockZero secrets into your build environment before any build commands run.

Installation

Via Netlify UI

1. Go to your site → Plugins → search for LockZero.
2. Click Install.
3. Configure the inputs under Site settings → Build & deploy → Environment.

Via netlify.toml

[[plugins]]
package = "netlify-plugin-lockzero"

  [plugins.inputs]
  # Reference an env var so the key is never committed to source control
  apiKey     = "${LOCKZERO_API_KEY}"
  namespaces = "openai,stripe,database"
  prefix     = ""          # optional — e.g. "LZ_" to namespace injected vars

Add LOCKZERO_API_KEY in Netlify → Site settings → Environment variables.

Inputs

| Name | Required | Default | Description | |--------------|----------|---------|-------------------------------------------------------------------| | apiKey | Yes | — | LockZero API key (lz_live_…) | | namespaces | Yes | — | Comma-separated namespaces to inject (e.g. openai,stripe) | | prefix | No | "" | Optional prefix for injected variable names (e.g. LZ_) |

How it works

In the onPreBuild lifecycle hook the plugin:

1. Calls GET https://api.lockzero.io/api/credentials/:namespace for each configured namespace.
2. Writes each key=value pair directly into process.env so the build command can read them.
3. Fails the build immediately if any namespace fetch fails (prevents silent missing-secret failures).
4. Logs a summary: LockZero: Injected 12 secrets from openai, stripe.

Development

npm install
npm run build

To test locally with the Netlify CLI:

npm install -g netlify-cli
netlify build --dry