1.3.1 ā¢ Published 3 years ago
cqr-me v1.3.1
CQr-ME
Secured Multiple Env Files
Have multiple env files in json/js that can be encrypted and included in version control (e.g. git)
Motivation
This is yet another package for loading env files. After researching for npm packages, I've found several solutions but none to my avail. They all lack some handy features (at the same time or altogether):
- have multiple env files
- for staging purposes (production, development, testing, local, etc)
- for modularization - a root env, a component env, some common env (motif), "external" env (for database A, for service B, for API C)
- to segregate sensible information from non-sensible information (like credentials)
- multiple formats (raw/shell-like, json, js), preferably javascript (dynamic, interpreted at runtime)
- encrypt sensible information
- allowing to include in version control (otherwise when sharing projects, one should send private env files separately)
- possibility to use encrypted env file without decrypting it (decrypt on the fly)
- if decrypted, change extension so to not commit it by mistake
Some packages researched: dotenv, dotenvjs, @alucarpd86/dotenv-json, @eddiewen/dotenvjson, envdot, envdotjs, envdotjson, envdotenv, dotenv-expand, dotenv-packed, dotenv-extended, expand-dotenv, dotenv-defaults, dotenv-flow, encrypt-env, environment-crypt, secure-env, encrypted-env
Usage
Loading multiple env files (js/json)
š Project
ā š modules
ā ā š x
ā ā ā š x.env.js // { mode: 'on' }
ā ā š y
ā ā š y.env.json // [1, 2, 3]
ā š index.js
/* index.js */
const env = require('cqr-me')(['**/*.env.js', '**/*.env.json'])
// { x: { mode: 'on' }, y: [1, 2, 3] }
Don't use filename as key / specify key name
š Project
ā š development.env.js // { host: 'localhost' }
ā š production.env.js // { host: 'example.com' }
ā š index.js
/* index.js */
console.log(process.env.NODE_ENV) // 'production'
const env = require('cqr-me')(`${process.env.NODE_ENV}.js`, { name: false })
// { host: 'example.com' }, not { production: { host: 'example.com' }}
const env = require('cqr-me')(`${process.env.NODE_ENV}.js`, { name: 'node_env' })
// { node_env: { host: 'example.com' }}
Set defaults
š Project
ā š default.env.js // { host: 'localhost', port: 1234 }
ā š development.env.js // { host: 'localhost' }
ā š production.env.js // { host: 'example.com' }
ā š index.js
/* index.js */
// default file
process.env.NODE_ENV = ''
const env = require('cqr-me')(`${process.env.NODE_ENV || 'default'}.env.js`, { name: false })
// { host: 'localhost', port: 1234 })
// using destructuring
process.env.NODE_ENV = 'production'
const Default = require('cqr-me')('default.env.js', { name: false })
const env2 = { ...Default, ...pkg(`${process.env.NODE_ENV}.env.js`, { name: false }) }
// { host: 'example.com', port: 1234})
Encrypt env files
- Add
*.exposed
to .gitignore to prevent any decrypted/unsafe files to be committed. - Create a file with desired name and extension +
.exposed
. Fill sensible information. - Set password key in environment variable. E.g.:
setx proj_key 1234
orexport proj_key=1234
- Encrypt file(s) using
cqr-me e "gloob" "key_name"
(files must end with .exposed)
Decrypt env files (for editing)
- Decrypt file(s) using
cqr-me d "gloob" "key_name"
(files must end with .encrypted)
Decrypt and load env files on-the-fly
š Project
ā š production.env.js.encrypted // 790ffd1b2e51f77aa5621331dfd4dbec586d4276076c2129562cd2baef4fbb937574ab2b9416b9e06b5bf9d273f7a5f8P7PhoZco+zGRQJnddS7VwmTxZr6gd+4jwCsp1yLG0ck+RzoRXgExT/3tvMgwGp0AVJ8MFtcsybRNbuv6dq0RM4HmAIwQCDi5con96O8YjyAmKlsBj2G1nDb1GZ7iBD2EWX8w9GlRop6b12H5FyxxLB9BUGYcdg83vTW5s3+PgNZ9Mlx2LFLZiApn4DR91GOsB13wgCoy/7CZa+6wOiguIOtw+H1pGWunmJmi8NR3HGhbJp7Gmj4b6URAFuUgg0FGKUY2JCLQfLM4ogSE3QbSZwlzQZ5mawRrNm8PhPrG0+RXozyClYo3e0SsZeqdVimL
ā š index.js
/* index.js */
console.log(process.env.NODE_ENV) // 'production'
const env = require('cqr-me')(`${process.env.NODE_ENV}.env.js.encrypted`, { name: false, envvar: 'key_name' } )
// { host: 'example.com', pw: 'abcde' }
Options
name (bool/string): don't use filename as root. Instead, destruct keys into parent (false
) or give it a name (string
).