npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

we-encrypt

v1.0.1

Published

A top-level secrets orchestrator. Not just another .env tool — this one encrypts, locks, and sets you up for secure local and team dev.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

kingjethrobest999kingjethrobest999

Keywords

encryptionsecretsenvsecurityclivault

Readme

🔐 Encrypt

"A top-level secrets orchestrator. Not just another .env tool — this one encrypts, locks, and sets you up for secure local and team dev."

🚀 Quick Start

Installation

# Clone the repository
git clone <your-repo-url>
cd best-encrypt

# Install dependencies
npm install

# Build the project
npm run build

# Make CLI globally available (optional)
npm link

Basic Usage

# Initialize vault
encrypt init

# Add secrets
encrypt set API_KEY=your-api-key-here
encrypt set DB_URL=postgres://localhost:5432/mydb

# Lock secrets before committing
encrypt lockup mySuperSecurePassword

# New developer setup
encrypt setup mySuperSecurePassword

Demo

Run the complete demo to see all features:

node demo.js

🧠 Core Concept

Encrypt replaces .env files with an encrypted local secrets vault that:

  • Encrypts secrets with triple-layer encryption (AES-256 + PBKDF2 + HMAC)
  • Locks secrets before committing to Git
  • Onboards teammates with a single command
  • Runtime access in your code without environment variables
  • Cross-platform support (Node.js, Python, Rust coming soon)

💻 In-Code Usage

JavaScript/TypeScript

import encrypt from 'encrypt'

// Method 1: Auto-unlock with environment variable (Recommended for production)
// Set ENCRYPT_PASSWORD=your-password in your environment
const openaiKey = encrypt.getSecret('OPENAI_API_KEY')
const dbUrl = encrypt.getSecret('DB_URL')

// Method 2: Explicit password parameter
const openaiKey = encrypt.get('OPENAI_API_KEY', 'your-password')

// Method 3: Works when vault is already unlocked
const openaiKey = encrypt.get('OPENAI_API_KEY')

// Use in your app
const config = {
  apiKey: openaiKey,
  database: dbUrl
}

Production Usage

// Set ENCRYPT_PASSWORD environment variable
// Works automatically in any environment
const apiKey = encrypt.getSecret('API_KEY')
const dbUrl = encrypt.getSecret('DB_URL')

Python

from encrypt import get_secret

# Method 1: Auto-unlock with environment variable (Recommended for production)
# Set ENCRYPT_PASSWORD=your-password in your environment
openai_key = get_secret("OPENAI_API_KEY")
db_url = get_secret("DB_URL")

# Method 2: Explicit password parameter
from encrypt import get
openai_key = get("OPENAI_API_KEY", "your-password")

🧪 CLI Commands

| Command | Description | | --------------------------- | ---------------------------------------- | | encrypt init | Create .encrypt vault | | encrypt lockup <password> | Encrypt and secure secrets with password | | encrypt setup <password> | Set up secrets on a new machine | | encrypt set KEY=value | Add/update a key | | encrypt get KEY | Fetch decrypted value | | encrypt unlock | Decrypt everything into .env | | encrypt status | Check if vault is locked, list keys | | encrypt reset | Remove vault (careful!) |

🔒 Triple Encryption Phases

  1. Phase 1: AES-256-GCM Encryption Each secret value is encrypted using AES-256-GCM with a randomly generated IV.

  2. Phase 2: Password Hashing (PBKDF2) The user's master password is used to derive an encryption key securely.

  3. Phase 3: HMAC Signatures Encrypted secrets are signed with HMAC to prevent tampering.

🧾 Example Workflow

🔐 Initial Setup

encrypt init

Creates:

/.encrypt/
  ├── .vault (encrypted storage)
  ├── config.json
  └── .gitignore (ensures raw secrets never get committed)

🔒 Lock Secrets Before Commit

encrypt lockup mySuperSecurePassword

This:

  • Encrypts all secret values in .encrypt/secrets.enc.json
  • Stores an encrypted hash of your password
  • Prevents accidental push of plaintext secrets

👤 New Developer Setup

git clone your-repo
cd your-repo
encrypt setup mySuperSecurePassword

This:

  • Prompts for password
  • Decrypts secrets into memory
  • Your app works 🎉

🔧 Development

# Install dependencies
npm install

# Build
npm run build

# Run in development
npm run dev

# Test
npm test

📁 Project Structure

src/
├── cli.ts          # CLI interface using Commander.js
├── crypto.ts       # Triple-layer encryption implementation
├── vault.ts        # Vault management and file operations
├── index.ts        # Runtime SDK for in-code usage
└── types.ts        # TypeScript type definitions

dist/               # Compiled JavaScript output
.encrypt/           # Encrypted vault directory (created at runtime)
├── vault.lock      # Vault configuration and password hash
├── secrets.enc.json # Encrypted secrets storage
└── vault.unlocked  # Lock file indicating vault status

🧪 Testing

# Test encryption/decryption
node test.js

# Run complete demo
node demo.js

# Test runtime SDK
node example.js

🛡️ Security Features

  • Triple-layer encryption for maximum security
  • Password-based key derivation using PBKDF2
  • HMAC signatures to prevent tampering
  • Memory-only decryption (secrets never written to disk when unlocked)
  • Git-safe (only encrypted files are committed)

🚀 Production Deployment

Environment Variable Method (Recommended)

Set the ENCRYPT_PASSWORD environment variable in your production environment:

# Docker
ENV ENCRYPT_PASSWORD=your-production-password

# Kubernetes
env:
- name: ENCRYPT_PASSWORD
  valueFrom:
    secretKeyRef:
      name: encrypt-secrets
      key: password

# Heroku
heroku config:set ENCRYPT_PASSWORD=your-password

# AWS Lambda
# Set ENCRYPT_PASSWORD in environment variables

Your Application Code

// Works automatically with ENCRYPT_PASSWORD environment variable
const apiKey = encrypt.getSecret('API_KEY')
const dbUrl = encrypt.getSecret('DB_URL')

// No need to manually unlock the vault!

Security Benefits

  • Secrets remain encrypted in .encrypt/ folder
  • Only decrypted in memory during runtime
  • No plaintext secrets ever written to disk
  • Environment-specific passwords for dev/staging/prod
  • Zero configuration required in your app code

🚀 Why Encrypt?

  • .env files are static and hard to share securely
  • GitHub secrets don't help in local development
  • Vault tools like HashiCorp are overkill for small projects
  • You want an easy way to lock your dev secrets before pushing and onboard teammates easily

This tool solves that problem in a slick, dev-friendly way.

📄 License

MIT