@sodefa/gitenvs
v1.4.2
Published
Save your environment variables in git - encrypted!
Downloads
166
Readme
Git Envs
Save encrypted environment variables directly in git.
Setup
- Create a ts file in your root folder (we suggest
createEnvFiles.ts) - Copy the following template into the file:
import { GenerateEnvFilesFunction, Keys, main } from '@sodefa/gitenvs'
type Stage = 'production' | 'staging' | 'development'
const generateEnvFiles: GenerateEnvFilesFunction<Stage> = ({
resolveSecret,
}) => {
return [
{
envFilePath: 'path/to/your/app/.env.local',
envVars: [
{
key: 'ENV_NAME',
values: {
default: 'EMPTY',
production: resolveSecret(''),
staging: resolveSecret(''),
development: resolveSecret(''),
},
},
],
},
]
}
const keys: Keys<Stage> = {
production: {
publicKey: '',
encryptedPrivateKey: '',
},
staging: {
publicKey: '',
encryptedPrivateKey: '',
},
development: {
publicKey: '',
encryptedPrivateKey: '',
},
}
main({
generateEnvFiles,
keys,
})- Setup the stages as you need them
developmentis the default stage that is used if you do not specify any stage
- Create new public / private keys for every stage you defined by running
npx ts-node createEnvFiles.ts createKeys(or how you called your file)- Copy the object with
publicKey&encryptedPrivateKeyand paste them into thekeysobject in yourcreateEnvFiles.tsfile - !WARNING! Do not copy & paste the passphrase into
createEnvFiles.ts. It is a secret! Save it into your password manager.
- Copy the object with
- Add the following command to your
package.json:"env:create": "cross-env npx tsx createEnvFiles.ts createEnvFiles"
if you setup just one stage other than 'development' you have to add GITENV_STAGE=YourStageName in front of the npx part. Otherwise the default stage will be used which is 'development'"env:ui": "npx tsx watch createEnvFiles.ts ui""prepare": "yarn env:create"(This is so that the .env files will be created after node_modules were installed)
- Add
*.passphraseto your.gitignore
Adding new environment variables
- Start the UI by running
yarn env:uiand go tohttp://localhost:1337 - Define environment variables in your
createEnvFiles.tsfile- The
defaultvalue will be used if no value for the current stage is provided - If you want to use an encrypted enviroment variable go to the UI and enter the plaintext under
Encryption - Copy the encrypted secret and paste it into the
resolveSecretfunction. Example:resolveSecret('jk3Z35gkHKQtWlLWl4HXdhEJQAJdyIHTzQ4nH/uq84+SdD2ty2Q6qEECfjbAr79U65slD+8BxmFbSMwkAFdXtpkJpw+vHzwi+uVbMIDuq/yHW39XQ9Tv+5qGO3xIZnnE1HrkIOYNFc5O+YLb5dsBTasBwbMrVEBSUL1jA7NdL1IHo9lidrMPFfPxTdyB6COfuhu+UBq1MSXvjVabXXYuU2LXCBVeGhfRRVqs9lxPzb0ilplldsxns3nWRc3g2C5mOc3P2Ki9PjPEmaSvAi/CDgtrXuhMQ4yjeTTLmsZ9iDzyC9RR6apoJBj0NMkFxrnoJg/gG9Jyrgofbi2vfgmchFTPNB41KggNFEMGf428oihXW/k0o9tZWkyiCkXyysjHNJ/hz5g10tEBII1DTifWSe4H2LAfvAliOz8EzTMopXnra5LjlP1exDiTBTwg1GQj6VJ0tcYGnDLkGbkHVXZSZxQwgHWyUKcipb3J2O+21qMWcsRPGo4mzH0X6ORKnD+v4oGI34YDvcedMuQEfs2pmmX+EYwQx3TRgNk6Uy3ZAU84nM2z3IFeLBjhra5/mIH68y/MFMN/Kle6lEa28RR3bz2ToMDrDfvEyIQV+T2X0h8YiUDhol6UWA6OPGY8p2xS8Inz/byQCjbPO0z9hk1Vq9nzMkaupAy/KzZcorwtSPc=')
- The
Decrypting environment variables locally
- This is for debugging purposes only
- Copy the passphrases you got from the
createKeyscommand and paste them into the textarea underDecryption - All secrets will be revealed
Setting up local dev environment
- You want to give all your developers the development passphrase so that they can work
- You can send them a file called
development.passphrasewhich just contains the passphrase - They should place it under the root folder and the local .env files will be created if they run
env:create/yarn install
Setting up servers
- On servers you want to provide the passphrase through environment variables. You have to provide two env vars:
GITENV_STAGEdefines which stage should be usedGITENV_PRIVATE_KEY_PASSPHRASE_${stageName}contains the passpharse. Replace${stageName}with the stage name you used inGITENV_STAGE