npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@instant.dev/encrypt

v0.0.7

Published

Simple encrypton and decryption tools

Downloads

13

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

keithwhorkeithwhor

Keywords

encrypt

Readme

Simple encryption for Environment variables

npm version Build Status

Encrypt environment variables

This package provides simple encryption / decryption methods, specialized for managing .env plaintext files in deployments, to prevent plaintext storage on your web server. This is only meant to prevent an attacker with filesystem access from reading your secrets; it's up to you to store the encryption secret, initialization vector (iv) and method separately. We recommend using your cloud hosts manual environment variable management to store __ENV_ENCRYPTION_SECRET, __ENV_ENCRYPTION_IV and __ENV_ENCRYPTION_METHOD which are used to decrypt the encrypted file.

Note: If you store the encryption secret, iv and method in plaintext as part of environment variables, then the attack surface area is anyone with administrative access to your server environment or the ability to execute code. This encryption is only meant to prevent those with filesystem access from reading your secrets.

How it works

We create an alternate .env file that looks like this;

__ENC_NzZjZGU0MjQxYmRlNTFiMjAxYjcwYmNhOThlNjhlNGU_0=MWU0MGQxODYwOTA0ZWI5Yjk0ZjU0OTI0Y2ZkZjQ0YWE_0
__ENC_MzRkY2ZlZWQxNDU3NGNmMGVmOTMxZDRiNTUzNTE3ZDU_0=Y2M0MGM0OGQ3MjNhYTE1YTgzMzIxZmFjZDc3MGM5Mjk_0
__ENC_OTI5NzA5NDNjMzM1M2NkZGNiOTk3MmI5Mjc5MmE4NzU_0=MDExZDU5Mjk4ZjZjOTQwNDYxODdmMTI3ZmE3NTU3N2E_0

These variables should then be loaded into process.env either using dotenv or the Node 20 built-in env loader. They can then be decrypted on process boot via:

const et = new EncryptionTools();
et.decryptProcessEnv(process.env);

And that's it! You'll want to make sure __ENV_ENCRYPTION_SECRET, __ENV_ENCRYPTION_IV and __ENV_ENCRYPTION_METHOD are set in process.env available on boot. The instant.dev deployment tools, @instant.dev/deploy will do this automatically.

Encrypting env vars while deploying:

const EncryptionTools = require('@instant.dev/encrypt');
const et = new EncryptionTools();

// When deploying to "staging" environment
const encryptResult = et.encryptEnvFileFromPathname('.env.staging');
// encryptResult.file is the file buffer
addToPackagedFiles('.env', encryptResult.file);
// encryptResult.env contains:
// __ENV_ENCRYPTION_SECRET: "..."
// __ENV_ENCRYPTION_IV: "..."
// __ENV_ENCRYPTION_METHOD: "..."
updateEnvVars(encryptResult.env);

Then decrypting server-side, if vars are store in .env:

const dotenv = require('dotenv');
dotenv.config();
et.decryptProcessEnv(process.env);

Acknowledgements

Special thank you to Scott Gamble who helps run all of the front-of-house work for instant.dev 💜!

| Destination | Link | | ----------- | ---- | | Home | instant.dev | | GitHub | github.com/instant-dev | | Discord | discord.gg/puVYgA7ZMh | | X / instant.dev | x.com/instantdevs | | X / Keith Horwood | x.com/keithwhor | | X / Scott Gamble | x.com/threesided |