npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

dotsec

v4.0.0-alpha.42

Published

The solution offers encryption and decryption of `.env` files to and from `.sec` files, the ability to run a command with the values of a `.env`/`.sec` file in its environment. The AWS plugin adds the ability to push selected `.env`/`.sec` entries to AWS

Downloads

406

Readme

dotsec

The solution offers encryption and decryption of .env files to and from .sec files, the ability to run a command with the values of a .env/.sec file in its environment. The AWS plugin adds the ability to push selected .env/.sec entries to AWS Systems Manager Parameter Store and AWS Secrets Manager.

Currently there are two methods of encryption supported:

Why?

Environment variables are a great way to configure your application. However, they shouldn't be committed to your repository. This is because they often contain sensitive information, like passwords, API keys, and other secrets. This is where dotsec comes in. It allows you to encrypt your environment variables, and store them in a .sec file, which can be committed to your repository.

Features

  • Encryption of .env files to .sec files.
  • Decryption of .sec files to .env files.
  • Run a command with the values of a .env file in its environment.
  • Run a command with the values of a .sec file in its environment.
  • Push selected .env/.sec entries to AWS Systems Manager Parameter Store.
  • Push selected .env/.sec entries to AWS Secrets Manager.
  • Holds no opinion on how you should manage your organization's user roles and permissions, you know best.

AWS plugin

  • Supported KMS key types: symmetric and assymetric:
    • SYMMETRIC_DEFAULT
    • RSA_2048
      • RSAES_OAEP_SHA_256
    • RSA_3072
      • RSAES_OAEP_SHA_256
    • RSA_4096
      • RSAES_OAEP_SHA_256
    • SM2PKE

Requirements

  • For initialisation enough credentials for creating a KMS key, and alias.
  • For usage enough credentials for using the KMS key to encrypt and/or decrypt.
  • An AWS KMS key with an alias.

Installation

npm install --save-dev dotsec @dotsec/plugin-aws

Add the folowing to dotsec.config.ts:

import { DotsecPluginAws } from "@dotsec/plugin-aws";
import { DotsecConfig } from "dotsec";

export const dotsec: DotsecConfig<{ plugins: DotsecPluginAws }> = {
  defaults: {
    encryptionEngine: "aws",
  },
};

Usage

If you don't have a .env file, create one:

I_CAN_SEE="clearly now"
SINGING="in the rain"
I_BLESS_THE_RAINS="down in Africa"

Execute a command and use the values of a .env file in its environment

npx dotsec run --with-env node -e "console.log(process.env.I_BLESS_THE_RAINS)"

Encrypt a .env file to .sec

npx dotsec encrypt

Execute a command and use the values of a .sec file in its environment

npx dotsec run --with-sec node -e "console.log(process.env.I_BLESS_THE_RAINS)"

Decrypt a .sec file to .env

npx dotsec decrypt

Push selected .env entries to AWS Systems Manager Parameter Store

Edit the dotsec.config.ts file. Add the following to the aws object:

{
    ...
    variables: {
        "I_BLESS_THE_RAINS": {
            push: {
                aws: {
                    ssm: true
                }
            }
        }
    }
}

Run the following command:

npx dotsec push

You might want to set AWS_REGION before running the command. If you don't, the region will be set to eu-west-1.

FAQ

Is it safe to commit a .sec and dotsec.config.ts file alongside your code?

Yes it is. But it is up to you to make sure that access to the KMS key is restricted to the people who need to decrypt and/or encrypt the .sec file.

Should I use this in production?

We do, however, since this package is relatively new, I don't think you should.

Roadmap

  • Write some tests already.
  • Add support in-code use like dotsec.config()
  • Add support for Node preload modules like node -r dotsec/register index.js
  • Add watcher for .env file changes and automatically encrypt
  • Write guide on postinstall for npm/yarn/pnpm
  • ~~Add chunking for encoding larger files with assymetric keys. Current limit is 4kb.~~
  • Add support for other encryption SDKs like GCP KMS, Azure Key Vault, etc.
  • ~~Split up dotsec package in multiple packages, one for each encryption SDK.~~
  • Add support for pulling entries to GitHub actions secrets.

Limitations

  • The only supported encryption SDK is the AWS Encryption SDK. For now.
  • ~~Assymetric keys are supported, but the encrypted file size is limited to the payload size of the key. Until chunking is implemented, that is.~~
  • AWS Secrets Manager secrets which are marked for deletion cannot be updated until the deletion is complete. As of writing, the minimum deletion time is 7 days. This means that if you want to update a deleted AWS Secrets Manager secret, you have to wait at least 7 days before you can update it again. This is a limitation of AWS Secrets Manager, not dotsec