@onboardbase/global-env NPM

Global ENV

Dynamically evaluate environment variables at runtime.

This library assumes that environment variables are best stored remotely in a secure vault and attempts to load the secrets during initialization.

Motivation

Secrets can be statically analyzed in a node application through process.env, which exports all the key/value pairs of the current environment variables as static objects and can be inspected through the built files.

To mitigate the risk of spreading secrets unintentionally, this library attempts to take secrets as dynamic values that could be pulled from a remote resource and be kept in memory for the entire runtime of the application.

Install

To use global-env,

yarn

yarn add @onboardbase/global-env

npm

npm i @onboardbase/global-env

Usage

Using with in-memory variable source

Create a file called setupGlobalEnv.ts and add the below content.

import { setupStore, memoryStore, SECRET_KEY, SECRET_VALUE, env, allEnv } from "@onboardbase/global-env"

const MEMORY_SECRETS = {
    RECORD_LABEL: "IMOLENIZATION",
    SECRET_KEY: "MOHBAD"
}

memoryStore.getSecrets = async () => {
    return new Promise((resolve, reject) => {
        // Dynamically fetch secrets from a remote resource
        resolve(MEMORY_SECRETS)
    })
}
memoryStore.setSecret = async (key: SECRET_KEY, value: SECRET_VALUE) => {
    // Make an API call to update the secret
    const secrets = allEnv()
    secrets[key] = value
    console.log("Secret Updated on Remote", secrets)
}

(async function () {
    await setupStore(memoryStore)
})()

Import this file at the top of the root file of your project.

import "./setupGlobalEnv"

Finally, anywhere else:

import {env} from "@onboardbase/global-env"

console.log(env()) // logs all the secrets set during initialization
console.log(env("SECRET_KEY")) // => "MOHBAD"

Find an example here: https://github.com/Onboardbase/global-env/tree/main/example

Using a Remote source

If you want to fetch the environment variables from a remote source instead, you will have to setup global env like this:

import { setupStore, SecretStore, Env, env } from "@onboardbase/global-env";
import axios from "axios";

const remoteStore: SecretStore<Env> = {
  async getSecrets() {
    const response = await axios.get<Env>("<remote-url>");
    return response.data;
  },
  async setSecret() {},
};

(async function () {
  await setupStore(remoteStore);
})();

Using a .env file

If you want to fetch the environment variables from a .env file instead, you will have to setup global env like this:

import { dotEnv, setupStore, SecretStore, Env, env } from "@onboardbase/global-env";

const remoteStore: SecretStore<Env> = {
  async getSecrets() {
    return dotEnv()
  },
  async setSecret() {
    
  },
};

(async function () {
  await setupStore(remoteStore);
})();

You can then access the secrets in your Express Server like this:

import './setupGlobalEnv';
import express from 'express';
import { env } from '@onboardbase/global-env';
const app = express();

app.get('/secrets', async (req, res) => {
  console.log(env()); // logs the variables here
  res.send({success: true});
});

app.listen(3000, () => {
  console.log('Listening on port 3000!');
});

API

`exports.set(key: string, value: string): void`

It can be used to update the value of an env or create a new one. It attempts first to update the in-memory copy of the secrets and then calls the remote resource to complete the update on the upstream.