why if add console.log(global.env.token)
console show me my token not encrypted
this is big security Probleme

Hi @kunalpanchal ,
I'm using your npm package with react js application. it is not working properly.
I followed the below steps,

1. Installed it locally like :

   

2. In package.json it looks like:

   

3. Created .env file in the root directory and added below key values
   CLIENT_ID=1234
API_KEY=4455

4. My current npm version is :

   

5. It is greater than v5.2, so I ran the below command.
   npx secure-env .env -s SecretkeyHelloWorld

6. After that it is created env.enc file. and I deleted .env file to prevent stealing.

7. I have added below lines in index.js,
   let secureEnv = require('secure-env');
global.env = secureEnv({secret:'SecretkeyHelloWorld'});

   

8. When I hover on packages it shows some warning message:

   

9. I start the application using below command
   npm start

10. The env variables is displaying as undefined:

I also tried REACT_APP as prefix in .env file, still it's not working.
REACT_APP_CLIENT_ID=1234
REACT_APP_API_KEY=4455

Please let me know if I've missed out anything.

I have a problem decrypting the file that I create after encrypting it.

Could you please provide me with a full example of a directory + the commands to encrypt and decrypt some file, with both JS code and terminal commands?

This issue was meant to be for another repo.
Sorry :(

I used this command to decrypt.
npx secure-env --decrypt .env.enc -s xsecretx > .env
The file was decrypted properly.
Then without making any changes, i encrypted it again.
npx secure-env .env -s xsecretx
Now if i'm decrypting again im getting a currepted file

can you help me solve this issue

Hi there,

Is there any way to install it locally in my project?
I have tried yarn add secure-env and then when I try to execute from the root folder of my project I get the message below.

$ secure-env .env -s mySecret
bash: secure-env: command not found

Content

When I decrypt an encrypted file using command line

npx secure-env -d -o config/credentials/development.env.enc -s development_key

I encountered the following error.

Secure-env :  ERROR OCCURED .env.enc does not exist.

It seems like that the following line causes this error.
https://github.com/kunalpanchal/secure-env/blob/master/lib/cryptography.js#L17

It is fixed by modifying the line as follows. Could you include this fix in the next release?

    var inputFile = options.file || options.outputFile || '.env.enc';

I tried running the command to run it locally but got a Error Code: 800A03F6 Microsoft JScript compilation error. Invalid character. This is happening in windows command terminal and I gave it the full path to the file.

Thanx for the repo,
getting a deprecation warning [DEP0106] DeprecationWarning: crypto.createDecipher is deprecated. Any update possible as this concerns security?

Hug,
I recently updated my package.json with Yarn and I have this issue on start
Secure-env : ERROR OCCURED Error: Unknown cipher
An idea ?

The use case is that developers and production servers each have copies of a private key. The env.enc is committed to the git repository, and assuming the developer knows the private key they can add or remove from the env.enc. Ideally a server such as heroku or aws would only need one env varaible which is the secret key to get the rest of the env variables.

At the moment however, it appears as though once someone locks and commits the env.enc, the other developers have no way of reading the env variables even if they know the secret key because the file can only be unencrypted programmatically and not with a cli

I ran a vulnerability scan and this was flagged out, is it possible to update the minimist version and reupload into npm. Thanks!