tkalfigo / dotenvenc Goto Github PK

using react-native-dotenv and dotenvc. i have an encrypted .env.enc, it runs in the simulator, but it doesn't work when build on debug apk. how to make .env.enc run on debug / release apk

Hi, I don't know if it's possible with this module, but would we be able to decrypt the .env.enc file and not have any .env file stored on disk?

I'm getting this warning:

$ npx dotenvenc -e $DOTENVENC_KEY
(node:7361) Warning: Use Cipheriv for counter mode of aes-256-ctr

I am developing a SPA using ReactJs. I will deploy my application into different environments like, prod, development and testing etc.
using docker. what is the solution to handle the encryption password.

or from system env ?

This is a feature request, I suppose.

The core dotenv library lets you use a custom path for your .env, in case it's somewhere other than the app root. Could we get support for that in dotenvenc too?

I ask because I'm using Mocha to run tests which are stored in different directories. Each directory (or its parent) may have its own .env file. Your module does traverse parent folders starting from the folder it's executed from, which is awesome, but unfortunately that doesn't help when using Mocha since the execution directory is different to the test script's directory.

I'll try to illustrate it:

project_root/
    node_modules/
        mocha/
            bin/
                mocha
    folder1/
        .env
    folder2/
        .env
    folder3/
        subfolder1/
            example.js
            example.spec.js
        .env

I'd like to be able to encrypt that .env file inside folder3/ and decrypt it inside example.spec.js with require('dotenvenc')(process.env.DOTENVENC_KEY, __dirname). That would cause dotenvenc to start looking for .env.enc files located in subfolder1/, then start checking parent folders.

The current behaviour is that dotenvenc starts looking inside project_root/node_modules/mocha/bin/, since example.spec.js is being executed via Mocha. It scans parent folders until reaching project_root/ and then tells me to bugger off.

Hi there,

Do you have any plans to cut a release with the newly merged dependency bumps that fix security issues?

Thanks!