kunalpanchal / secure-env Goto Github PK
View Code? Open in Web Editor NEWEnv encryption tool that will help you prevent attacks from npm-malicious-packages.
Home Page: https://www.npmjs.com/package/secure-env
License: MIT License
Env encryption tool that will help you prevent attacks from npm-malicious-packages.
Home Page: https://www.npmjs.com/package/secure-env
License: MIT License
Hi @kunalpanchal ,
I'm using your npm package with react js application. it is not working properly.
I followed the below steps,
Installed it locally like :
In package.json it looks like:
Created .env file in the root directory and added below key values
CLIENT_ID=1234
API_KEY=4455
My current npm version is :
It is greater than v5.2, so I ran the below command.
npx secure-env .env -s SecretkeyHelloWorld
After that it is created env.enc file. and I deleted .env file to prevent stealing.
I have added below lines in index.js,
let secureEnv = require('secure-env');
global.env = secureEnv({secret:'SecretkeyHelloWorld'});
When I hover on packages it shows some warning message:
I start the application using below command
npm start
The env variables is displaying as undefined:
I also tried REACT_APP as prefix in .env file, still it's not working.
REACT_APP_CLIENT_ID=1234
REACT_APP_API_KEY=4455
Please let me know if I've missed out anything.
I have a problem decrypting the file that I create after encrypting it.
Could you please provide me with a full example of a directory + the commands to encrypt and decrypt some file, with both JS code and terminal commands?
This issue was meant to be for another repo.
Sorry :(
Hi there,
Is there any way to install it locally in my project?
I have tried yarn add secure-env and then when I try to execute from the root folder of my project I get the message below.
$ secure-env .env -s mySecret
bash: secure-env: command not found
When I decrypt an encrypted file using command line
npx secure-env -d -o config/credentials/development.env.enc -s development_key
I encountered the following error.
Secure-env : ERROR OCCURED .env.enc does not exist.
It seems like that the following line causes this error.
https://github.com/kunalpanchal/secure-env/blob/master/lib/cryptography.js#L17
It is fixed by modifying the line as follows. Could you include this fix in the next release?
var inputFile = options.file || options.outputFile || '.env.enc';
I tried running the command to run it locally but got a Error Code: 800A03F6 Microsoft JScript compilation error. Invalid character. This is happening in windows command terminal and I gave it the full path to the file.
Thanx for the repo,
getting a deprecation warning [DEP0106] DeprecationWarning: crypto.createDecipher is deprecated
. Any update possible as this concerns security?
Hug,
I recently updated my package.json with Yarn and I have this issue on start
Secure-env : ERROR OCCURED Error: Unknown cipher
An idea ?
The use case is that developers and production servers each have copies of a private key. The env.enc is committed to the git repository, and assuming the developer knows the private key they can add or remove from the env.enc. Ideally a server such as heroku or aws would only need one env varaible which is the secret key to get the rest of the env variables.
At the moment however, it appears as though once someone locks and commits the env.enc, the other developers have no way of reading the env variables even if they know the secret key because the file can only be unencrypted programmatically and not with a cli
I ran a vulnerability scan and this was flagged out, is it possible to update the minimist version and reupload into npm. Thanks!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.