npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

secreta

v2.1.0

Published

A smarter config and secret management package

Downloads

8

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

drtobdrtob

Keywords

configsecretenvenvironment

Readme

secreta logo

SECRETA - A smarter secret and config manangement package

SECRETAA secret is a secret if and only if it is kept secret

Secreta is a secret and config manangement module that allows you to smartly manage your app configurations and secrets. It provides a way to secure API keys, External Service Links, Database credentials, app configs and more with Industry-grade encryption denying unauthorized access. It provides a permission level which enables each member of the team have access to the exact permission and access to secrets they need to do their work. It eliminates the need to worry about secrets being committed to git repos. All secrets are encrypted with industry-standard encryption algorithm. No one can decrypt without a matching key.

100% Free and Open Source!

What's included

  • One key - You only need to remember one key to manage all your secrets.

  • Access control to secrets and configs - with hierarchical permission level.

  • Industry-grade encryption - to protect against unauthorized access even if configs where released into wrong hands.

  • Predefined environment configuration template - Consisting of development (default), staging and production configs. More can be added at wish

  • Eleminates worries of unintentional configs commit - You can now safely commit your configs to gitHub, Bitbucket, Gitlab e.t.c. All configs are encrypted

  • Configs are inherited - No need to re-declare properties for every environment, just a subtle overwrite. You are done!

Motivation

Keeping organized and remembering app configs especially when you have loads of secrets keys, database configs (host, username, and passwords), app IDs, external API keys and variable enviroment configuration is really daunting. And more importantly, being able to define enviroment variables in a single file and load at runtime any given enviroment configuration seems to be a luxury. Also, exposing your whole system configs to third party, adhoc staff and one-time freelancers is not something you want for your organization.

Having the ability to manage all your secrets, database configs, API keys and more with just ONE KEY is not bad (~ if not splendid ~). Also being able to optionally secure your secrets with industry-grade encryption when your feel you need more protection while working with third-parties is plus. Above all, have the ease of switching and testing all your enviroments (development, staging, production) variables from a single point.

What makes secreta different from other config manangement modules'

secreta vs dotenv

| feature | dotenv | secreta | | ---- | --------------------- | -------------------------------------------------------------------------------------------------------------------- | | Dynamic Loading | Does not support dynamic environment variables loading. | Support dynamic environment variables loading | | DataTypes | .env file only natively support string. Does not support boolean or number values without additionally overhead | Full support for all DataTypes includes Array, boolean, number e.t.c. Support all DataTypes that can be stored with json | | File | .env file | .json file | | Encryption | Does not provide encryption. Relies on ignnoring .env file to git commit to prevent accidental config commit | Provides industry-grade encryption to encrypt configs. No worries if config is committed to git (as long as it is encrypted, no one can see your secrets) | | Duplication | Requires you to define separate environment variables for each environment | Configs can be the inhereted. No need for duplication. General configs can be set in development (default) environment and other enviroments can overwrite and add more environment-specific variables|

Quick Start

Install secreta:

npm i secreta

or use yarn

yarn add secreta

Initialize Secreta: This will generate a .secreta folder with secreta file where configs and secrets can be safely stored and used in your app

secreta init

Define your configs:

Open <project-root>/.secreta/secreta.json and define your configs. set your key and environment in `/.secreta/config.js' file. Boom! All done.

Load config:

Config can be loaded either in encrypted or unencrypted state

import { config }  from "secreta";

console.log(config.MYSQL_PASSWORD)

You can encrypt your config prior to pushing to git repo (gitHub, gitLab, Bitbucket, e.t.c)

Or even create pre-push hook https://www.npmjs.com/package/pre-push to enhance workflow

Encrypt configs: This encrypts your secrets and configs with Industry-grade encryption algorithm

secreta encrypt

You may wish to decrypt your config after encryption

Decrypt configs: This decrypts your configs, if for any reason you need to see the plain version

secreta decrypt

Configuring environment:

open <project-root>/.secreta/config.js' file and make variable reference to keyandenvironment` properties. Config can be loaded based on environment (development, staging, production or any other you defined in secreta.json)


const { load } = require('secreta')

module.exports = load({key: process.env.MY_ONLY_KEY, environment: process.env.NODE_ENV})

Testing

You can clone the repo and move the sandbox folder to a folder on the same level with secreta Run the following command in secreta folder

npm link

Run the following command in sandbox folder

npm link secreta

You can now play as you like in the sandbox!

How can I support the developers?

  • Star our GitHub repo :star:
  • Create pull requests, submit bugs, suggest new features or documentation updates :wrench:

License

MIT license.

From Developers

Made with :heart: by Tobbyas Techwares. Follow us on Twitter to get the latest news first! We're always happy to receive your feedback!