{"id":19256577,"url":"https://github.com/instant-dev/encrypt","last_synced_at":"2025-02-23T17:43:03.578Z","repository":{"id":199165904,"uuid":"702233105","full_name":"instant-dev/encrypt","owner":"instant-dev","description":"Simple encryption for Environment variables","archived":false,"fork":false,"pushed_at":"2023-10-17T21:01:54.000Z","size":15,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-05T08:54:43.155Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/instant-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-10-08T21:51:48.000Z","updated_at":"2023-10-08T21:52:06.000Z","dependencies_parsed_at":null,"dependency_job_id":"1b98bc36-83f8-4e1b-8fb5-aa579a59dadf","html_url":"https://github.com/instant-dev/encrypt","commit_stats":null,"previous_names":["instant-dev/encrypt"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/instant-dev%2Fencrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/instant-dev%2Fencrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/instant-dev%2Fencrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/instant-dev%2Fencrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/instant-dev","download_url":"https://codeload.github.com/instant-dev/encrypt/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240356096,"owners_count":19788512,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-09T19:06:12.281Z","updated_at":"2025-02-23T17:43:03.560Z","avatar_url":"https://github.com/instant-dev.png","language":"JavaScript","readme":"# Simple encryption for Environment variables\n![npm version](https://img.shields.io/npm/v/@instant.dev/encrypt?label=) ![Build Status](https://app.travis-ci.com/instant-dev/encrypt.svg?branch=main)\n\n## Encrypt environment variables\n\nThis package provides simple encryption / decryption methods, specialized for\nmanaging `.env` plaintext files in deployments, to prevent plaintext storage on\nyour web server. This is only meant to prevent an attacker with filesystem access\nfrom reading your secrets; it's up to you to store the encryption secret,\ninitialization vector (iv) and method separately. We recommend using your cloud\nhosts manual environment variable management to store `__ENV_ENCRYPTION_SECRET`,\n`__ENV_ENCRYPTION_IV` and `__ENV_ENCRYPTION_METHOD` which are used to decrypt the\nencrypted file.\n\n**Note:** If you store the encryption secret, iv and method in plaintext as part\nof environment variables, then the attack surface area is anyone with administrative\naccess to your server environment or the ability to execute code. This encryption\nis **only** meant to prevent those with filesystem access from reading your secrets.\n\n## How it works\n\nWe create an alternate `.env` file that looks like this;\n\n```\n__ENC_NzZjZGU0MjQxYmRlNTFiMjAxYjcwYmNhOThlNjhlNGU_0=MWU0MGQxODYwOTA0ZWI5Yjk0ZjU0OTI0Y2ZkZjQ0YWE_0\n__ENC_MzRkY2ZlZWQxNDU3NGNmMGVmOTMxZDRiNTUzNTE3ZDU_0=Y2M0MGM0OGQ3MjNhYTE1YTgzMzIxZmFjZDc3MGM5Mjk_0\n__ENC_OTI5NzA5NDNjMzM1M2NkZGNiOTk3MmI5Mjc5MmE4NzU_0=MDExZDU5Mjk4ZjZjOTQwNDYxODdmMTI3ZmE3NTU3N2E_0\n```\n\nThese variables should then be loaded into `process.env` either using `dotenv` or the\nNode 20 built-in env loader. They can then be decrypted on process boot via:\n\n```javascript\nconst et = new EncryptionTools();\net.decryptProcessEnv(process.env);\n```\n\nAnd that's it! You'll want to make sure `__ENV_ENCRYPTION_SECRET`,\n`__ENV_ENCRYPTION_IV` and `__ENV_ENCRYPTION_METHOD` are set in `process.env` available\non boot. The [instant.dev](https://github.com/instant-dev/instant) deployment tools,\n[@instant.dev/deploy](https://github.com/instant-dev/deploy) will do this automatically.\n\nEncrypting env vars while deploying:\n\n```javascript\nconst EncryptionTools = require('@instant.dev/encrypt');\nconst et = new EncryptionTools();\n\n// When deploying to \"staging\" environment\nconst encryptResult = et.encryptEnvFileFromPathname('.env.staging');\n// encryptResult.file is the file buffer\naddToPackagedFiles('.env', encryptResult.file);\n// encryptResult.env contains:\n// __ENV_ENCRYPTION_SECRET: \"...\"\n// __ENV_ENCRYPTION_IV: \"...\"\n// __ENV_ENCRYPTION_METHOD: \"...\"\nupdateEnvVars(encryptResult.env);\n```\n\nThen decrypting server-side, if vars are store in `.env`:\n\n```javascript\nconst dotenv = require('dotenv');\ndotenv.config();\net.decryptProcessEnv(process.env);\n```\n\n## Acknowledgements\n\nSpecial thank you to [Scott Gamble](https://x.com/threesided) who helps run all\nof the front-of-house work for instant.dev 💜!\n\n| Destination | Link |\n| ----------- | ---- |\n| Home | [instant.dev](https://instant.dev) |\n| GitHub | [github.com/instant-dev](https://github.com/instant-dev) |\n| Discord | [discord.gg/puVYgA7ZMh](https://discord.gg/puVYgA7ZMh) |\n| X / instant.dev | [x.com/instantdevs](https://x.com/instantdevs) |\n| X / Keith Horwood | [x.com/keithwhor](https://x.com/keithwhor) |\n| X / Scott Gamble | [x.com/threesided](https://x.com/threesided) |","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finstant-dev%2Fencrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finstant-dev%2Fencrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finstant-dev%2Fencrypt/lists"}