{"id":13451925,"url":"https://github.com/kunalpanchal/secure-env","last_synced_at":"2025-04-09T11:12:09.648Z","repository":{"id":25698828,"uuid":"105294835","full_name":"kunalpanchal/secure-env","owner":"kunalpanchal","description":"Env encryption tool that will help you prevent attacks from npm-malicious-packages.","archived":false,"fork":false,"pushed_at":"2024-01-05T12:36:01.000Z","size":135,"stargazers_count":64,"open_issues_count":17,"forks_count":20,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-04-02T10:14:09.970Z","etag":null,"topics":["environment-variables","node-env","npm-package"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/secure-env","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kunalpanchal.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-09-29T16:36:04.000Z","updated_at":"2023-10-28T10:07:15.000Z","dependencies_parsed_at":"2023-01-14T03:10:57.881Z","dependency_job_id":"250256ff-5f4c-4365-881b-cefc7f0c8bd2","html_url":"https://github.com/kunalpanchal/secure-env","commit_stats":{"total_commits":46,"total_committers":4,"mean_commits":11.5,"dds":"0.23913043478260865","last_synced_commit":"1cb34cf5028a1149c0ad10370ef04fe62ddb5c9e"},"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kunalpanchal%2Fsecure-env","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kunalpanchal%2Fsecure-env/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kunalpanchal%2Fsecure-env/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kunalpanchal%2Fsecure-env/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kunalpanchal","download_url":"https://codeload.github.com/kunalpanchal/secure-env/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248027411,"owners_count":21035594,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["environment-variables","node-env","npm-package"],"created_at":"2024-07-31T07:01:07.129Z","updated_at":"2025-04-09T11:12:09.614Z","avatar_url":"https://github.com/kunalpanchal.png","language":"JavaScript","funding_links":[],"categories":["JavaScript"],"sub_categories":[],"readme":"[![npm version](https://badge.fury.io/js/secure-env.svg)](https://badge.fury.io/js/secure-env)\n[![JavaScript Style Guide](https://img.shields.io/badge/code_style-standard-brightgreen.svg)](https://standardjs.com)\n[![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://GitHub.com/kunalpanchal/secure-env/graphs/commit-activity)\n[![GitHub license](https://img.shields.io/github/license/Naereen/StrapDown.js.svg)](https://github.com/kunalpanchal/secure-env/blob/master/LICENSE)\n[![GitHub release](https://img.shields.io/github/release/Naereen/StrapDown.js.svg)](https://gitHub.com/kunalpanchal/secure-env/releases/)\n[![Github all releases](https://img.shields.io/github/downloads/Naereen/StrapDown.js/total.svg)](https://gitHub.com/kunalpanchal/secure-env/releases/)\n\n\n# secure-env\n\nSecure-env is a module that loads environment variables from a `.env.enc` file.A encryption tool that would helps you prevent attacks from [npm-malicious-packages][npm-malicious-packages].\n\n## Usage\n\nCreate a `.env` file in the root directory of your project. Add\nenvironment-specific variables on new lines in the form of `NAME=VALUE`.\nFor example:\n\n```dosini\nDB_HOST=localhost:27017\nDB_USER=scott\nDB_PASS=tiger\n```\n\n### Encrypt .env\n\n```bash\n$ npm install -g secure-env\n$ secure-env .env -s mySecretPassword\n```\nAlternatively if you want this installed locally run the command as follows:\n\n```bash\n$ ./node_modules/secure-env/dist/es5/lib/cli.js .env -s mySecretPassword\n```\n\nIf you are running NPM \u003e v5.2. You can use `npx`:\n\n```bash\n$ npx secure-env .env -s mySecretPassword\n```\n\nA new encrypted file `.env.enc` will be created in your project root directory.You can delete the `.env` file after this,to prevent stealing. \n\n \n### Decrypt .env.enc\n \nAs early as possible in your application, require and configure dotenv.\n\n```javascript\nlet secureEnv = require('secure-env');\nglobal.env = secureEnv({secret:'mySecretPassword'});\n\n```\n\nThat's it.\n\n`global.env` now has the keys and values you defined in your `.env` file.\n\n```javascript\nvar db = require('db')\ndb.connect({\n  host: global.env.DB_HOST,\n  username: global.env.DB_USER,\n  password: global.env.DB_PASS\n})\n```\n\n## Options\n\n### Encryption\n\n```bash\n$ secure-env --option \u003cVALUE\u003e \u003cfile-path-which-is-to-be-encrypted\u003e\n```\n\n| Option | What does it do | Defaults |\n| ------ | ------ | ------ |\n| --secret \u003csecretKey\u003e | Specify the secret Key which would be later used to decrypt the file. | `mySecret` |\n| --out \u003cfile-path\u003e | The encrypted file path that would be created. | `env.enc` |\n| --algo \u003calgoName\u003e | The encryption algorithm that is to be used to encrypt the env file. | `aes256` |\n| --decrypt | prints the decrypted text to stdout\n\n\n### Decryption\n\n#### Path\n\nDefault: `.env`\n\nYou can specify a custom path if your file containing environment variables is\nnamed or located differently.\n\n```js\nrequire('secure-env')({path:'/custom/path/to/your/env/vars'});\n```\n\n#### Decryption Algorithm\n\nDefault: `aes256`\n\nYou may specify the encryption algorithm for your file containing environment variables\nusing this option.\n\n```js\nrequire('secure-env')({enc_algo:'aes256'});\n```\n\n#### Secret\n\nDefault: `mySecret`\n\nSpecify the secret Key which was used during encryption of raw file.Having a salt-hashed secret key is recommended.\n\n```js\nrequire('secure-env')({secret:'mySecretPassword'});\n```\n\n## Parse rules \n\nRefer https://github.com/motdotla/dotenv/blob/master/README.md#parse\n\nThe parsing engine currently supports the following rules:\n\n- `BASIC=basic` becomes `{BASIC: 'basic'}`\n- empty lines are skipped\n- lines beginning with `#` are treated as comments\n- empty values become empty strings (`EMPTY=` becomes `{EMPTY: ''}`)\n- single and double quoted values are escaped (`SINGLE_QUOTE='quoted'` becomes `{SINGLE_QUOTE: \"quoted\"}`)\n- new lines are expanded if in double quotes (`MULTILINE=\"new\\nline\"` becomes\n\n```\n{MULTILINE: 'new\nline'}\n```\n- inner quotes are maintained (think JSON) (`JSON={\"foo\": \"bar\"}` becomes `{JSON:\"{\\\"foo\\\": \\\"bar\\\"}\"`)\n- whitespace is removed from both ends of the value (see more on [`trim`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/Trim)) (`FOO=\"  some value  \"` becomes `{FOO: 'some value'}`)\nG.md)\n\n## License\n\nSee [LICENSE](LICENSE)\n\n## Dependencies\n\nSource-env uses these open source projects to work properly:\n\n* [Minimist][minimist] - Argument parser without all the fanciful decoration.\n\n## Contributors\n\n\u003ca href=\"https://github.com/kunalpanchal/secure-env/graphs/contributors\"\u003e\n  \u003cimg src=\"https://contributors-img.firebaseapp.com/image?repo=kunalpanchal/secure-env\" /\u003e\n\u003c/a\u003e\n\n\n## Acknowledgements\n\nSource-env is inspired from and also uses code references from these open source projects:\n\n* [Dotenv][dotenv]\n\n[npm-malicious-packages]: \u003chttps://iamakulov.com/notes/npm-malicious-packages/\u003e\n[minimist]: \u003chttps://www.npmjs.com/package/minimist\u003e\n[dotenv]: \u003chttps://github.com/motdotla/dotenv/\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkunalpanchal%2Fsecure-env","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkunalpanchal%2Fsecure-env","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkunalpanchal%2Fsecure-env/lists"}