npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

1env

v0.2.5

Published

One secret to encrypt them all

Downloads

57

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

vzakharovvzakharov

Keywords

Readme

One secret to encrypt them all

If you work for a responsible company, you probably have to store your secrets in a secure way. Due to this, sometimes, when you need to add or change a secret, you have to go through a lot of steps involving other people, and it can be a pain in the ass.

The 1env package offers a simple(r) way to approach your secrets, where you have just one (public) variable that, when decrypted, contains all your secrets in a JSON format. Thus, the only secret you have to worry about is the one that decrypts your secrets.

Installation

npm install 1env

Usage

  1. Create a file called .secrets.json in the root of your project, containing all your secrets.

  2. ADD IT TO YOUR .gitignore FILE.

  3. As early as possible in your code (but after env loaders such as dotenv), call these two functions:

// import { config } from 'dotenv'; // if you use dotenv
import { encryptSecrets, loadSecrets } from '1env';

// config(); // if you use dotenv
encryptSecrets();
loadSecrets();
  1. Set an environment variable named ONE_ENV_SECRET with a secure enough value. Alternatively, run the code above and it will suggest a value for you while throwing an error.

This is the key that will be used to encrypt and decrypt your secrets, and the only one you will have to worry about.

For example, if your company requires you to pass all screts through the devops team for encryption, you will only have to do it once and forget about it.

  1. After the first run, encryptSecrets will fail, and the console will show you the value of a ONE_ENV_ENCRYPTED variable you will have to set in your environment. Set it, and run again.

  2. If encryptSecrets succeeds, loadSecrets will load all your secrets into process.env.

That’s it! You can now access your secrets via process.env just like you would with any other environment variable.

Notes

  1. Whenever you change your .secrets.json file, the execution will fail again, indicating which value to set for ONE_ENV_ENCRYPTED.

  2. The execution will also fail if you don’t add .secrets.json to your .gitignore file. You’re welcome.

  3. The .secrets.json file is only needed while you’re developing your project, so that you can easily convert your secrets into the public ONE_ENV_ENCRYPTED variable. You can safely ignore/delete it when deploying your project to production.

  4. You do not need to remove encryptSecrets from your production code. It will simply do nothing and proceed to loadSecrets. (It will still give a warning, though, just to be sure.)