@dotenc/cli 0.1.4 → 0.2.2

package/dist/commands/debug.js

@@ -4,10 +4,10 @@ import os from "node:os";
 import path from "node:path";
 import { decrypt, encrypt } from "../helpers/crypto.js";
 export const debugCommand = async () => {
-    const token = crypto.randomBytes(32).toString("base64");
+    const key = crypto.randomBytes(32).toString("base64");
     const encryptedFilePath = path.join(os.tmpdir(), "dotenc.enc");
-    await encrypt(token, "Test", encryptedFilePath);
-    const content = await decrypt(token, encryptedFilePath);
+    await encrypt(key, "Test", encryptedFilePath);
+    const content = await decrypt(key, encryptedFilePath);
     await fs.unlink(encryptedFilePath);
     if (content !== "Test") {
         throw new Error("Decrypted content is not equal to the original content");

package/dist/commands/edit.js

@@ -6,7 +6,7 @@ import path from "node:path";
 import { createHash } from "../helpers/createHash.js";
 import { decrypt, encrypt } from "../helpers/crypto.js";
 import { getDefaultEditor } from "../helpers/getDefaultEditor.js";
-import { getToken } from "../helpers/token.js";
+import { getKey } from "../helpers/key.js";
 import { chooseEnvironmentPrompt } from "../prompts/chooseEnvironment.js";
 export const editCommand = async (environmentArg) => {
     let environment = environmentArg;
@@ -18,9 +18,9 @@ export const editCommand = async (environmentArg) => {
         console.error(`Environment file not found: ${environmentFilePath}`);
         return;
     }
-    const token = await getToken(environment);
+    const key = await getKey(environment);
     const tempFilePath = path.join(os.tmpdir(), `.env.${environment}`);
-    const content = await decrypt(token, environmentFilePath);
+    const content = await decrypt(key, environmentFilePath);
     await fs.writeFile(tempFilePath, content);
     const initialHash = createHash(content);
     const editor = await getDefaultEditor();
@@ -38,7 +38,7 @@ export const editCommand = async (environmentArg) => {
         console.log(`No changes were made to the environment file for "${environment}".`);
     }
     else {
-        await encrypt(token, newContent, environmentFilePath);
+        await encrypt(key, newContent, environmentFilePath);
         console.log(`Encrypted environment file for "${environment}" and saved it to ${environmentFilePath}.`);
     }
     await fs.unlink(tempFilePath);

package/dist/commands/init.js

@@ -2,23 +2,23 @@ import crypto from "node:crypto";
 import { createEnvironment } from "../helpers/createEnvironment.js";
 import { createLocalEnvironment } from "../helpers/createLocalEnvironment.js";
 import { createProject } from "../helpers/createProject.js";
-import { addToken } from "../helpers/token.js";
+import { addKey } from "../helpers/key.js";
 import { createEnvironmentPrompt } from "../prompts/createEnvironment.js";
 export const initCommand = async (environmentArg) => {
     // Generate a unique project ID
     const { projectId } = await createProject();
     // Setup local environment
     await createLocalEnvironment();
-    // Generate a random token
-    const token = crypto.randomBytes(32).toString("base64");
+    // Generate a random key
+    const key = crypto.randomBytes(32).toString("base64");
     // Prompt for the environment name
     let environment = environmentArg;
     if (!environment) {
         environment = await createEnvironmentPrompt("What should the environment be named?", "development");
     }
-    await createEnvironment(environment, token);
-    // Store the token
-    await addToken(projectId, environment, token);
+    await createEnvironment(environment, key);
+    // Store the key
+    await addKey(projectId, environment, key);
     // Output success message
     console.log("Initialization complete!");
     console.log("Next steps:");

package/dist/commands/{token → key}/export.js

@@ -1,12 +1,12 @@
+import { getKey } from "../../helpers/key.js";
 import { getProjectConfig } from "../../helpers/projectConfig.js";
-import { getToken } from "../../helpers/token.js";
-export const tokenExportCommand = async (environmentArg) => {
+export const keyExportCommand = async (environmentArg) => {
     const environment = environmentArg;
     const { projectId } = await getProjectConfig();
     if (!projectId) {
         console.error('No project found. Run "dotenc init" to create one.');
         return;
     }
-    const token = await getToken(environment);
-    console.log(`Token for the ${environment} environment: ${token}`);
+    const key = await getKey(environment);
+    console.log(`Key for the ${environment} environment: ${key}`);
 };

package/dist/commands/{token → key}/import.js

@@ -1,12 +1,12 @@
+import { addKey } from "../../helpers/key.js";
 import { getProjectConfig } from "../../helpers/projectConfig.js";
-import { addToken } from "../../helpers/token.js";
-export const tokenImportCommand = async (token, environmentArg) => {
+export const keyImportCommand = async (key, environmentArg) => {
     const environment = environmentArg;
     const { projectId } = await getProjectConfig();
     if (!projectId) {
         console.error('No project found. Run "dotenc init" to create one.');
         return;
     }
-    await addToken(projectId, environment, token);
-    console.log(`Token imported to the ${environment} environment.`);
+    await addKey(projectId, environment, key);
+    console.log(`Key imported to the ${environment} environment.`);
 };

package/dist/commands/run.js

@@ -3,23 +3,30 @@ import { existsSync } from "node:fs";
 import fs from "node:fs/promises";
 import path from "node:path";
 import { decrypt } from "../helpers/crypto.js";
+import { getKey } from "../helpers/key.js";
 import { parseEnv } from "../helpers/parseEnv.js";
-import { getToken } from "../helpers/token.js";
 export const runCommand = async (command, args, options) => {
     // Get the environment
-    const environment = options.env || process.env.DOTENC_ENV;
-    if (!environment) {
+    const environmentArg = options.env || process.env.DOTENC_ENV;
+    if (!environmentArg) {
         console.error('No environment provided. Use -e or set DOTENC_ENV to the environment you want to run the command in.\nTo start a new environment, use "dotenc init [environment]".');
         return;
     }
-    const environmentFilePath = path.join(process.cwd(), `.env.${environment}.enc`);
-    if (!existsSync(environmentFilePath)) {
-        console.error(`Environment file not found: ${environmentFilePath}`);
-        return;
-    }
-    const token = await getToken(environment);
-    const content = await decrypt(token, environmentFilePath);
-    const decryptedEnv = parseEnv(content);
+    const environments = environmentArg.split(",");
+    const decryptedEnvs = await Promise.all(environments.map(async (environment) => {
+        const environmentFilePath = path.join(process.cwd(), `.env.${environment}.enc`);
+        if (!existsSync(environmentFilePath)) {
+            console.error(`Environment file not found: ${environmentFilePath}`);
+            return;
+        }
+        const key = await getKey(environment);
+        const content = await decrypt(key, environmentFilePath);
+        const decryptedEnv = parseEnv(content);
+        return decryptedEnv;
+    }));
+    const decryptedEnv = decryptedEnvs.reduce((acc, env) => {
+        return { ...acc, ...env };
+    }, {});
     // Get the local environment
     let localEnv = {};
     const localEnvironmentFilePath = path.join(process.cwd(), ".env");

package/dist/helpers/createEnvironment.js

@@ -1,10 +1,10 @@
 import { existsSync } from "node:fs";
 import path from "node:path";
 import { encrypt } from "./crypto.js";
-export const createEnvironment = async (name, token) => {
+export const createEnvironment = async (name, key) => {
     const filePath = path.join(process.cwd(), `.env.${name}.enc`);
     if (existsSync(filePath)) {
         throw new Error(`Environment "${name}" already exists.`);
     }
-    await encrypt(token, `# ${name} environment\n`, filePath);
+    await encrypt(key, `# ${name} environment\n`, filePath);
 };

package/dist/helpers/crypto.js

@@ -6,19 +6,19 @@ const IV_LENGTH = 12; // 96 bits, recommended for GCM
 const AUTH_TAG_LENGTH = 16; // 128 bits, standard for GCM
 /**
  * Encrypts a file using AES-256-GCM.
- * @param {string} token - The encryption key (must be 32 bytes for AES-256).
+ * @param {string} key - The encryption key (must be 32 bytes for AES-256).
  * @param {string} input - The input string to encrypt.
  * @param {string} outputFile - Path to the output encrypted file.
  */
-export async function encrypt(token, input, outputFile) {
-    const tokenBuffer = Buffer.from(token, "base64");
-    if (tokenBuffer.length !== 32) {
-        throw new Error("Token must be 32 bytes (256 bits) for AES-256-GCM.");
+export async function encrypt(key, input, outputFile) {
+    const keyBuffer = Buffer.from(key, "base64");
+    if (keyBuffer.length !== 32) {
+        throw new Error("Key must be 32 bytes (256 bits) for AES-256-GCM.");
     }
     // Generate a random IV
     const iv = crypto.randomBytes(IV_LENGTH);
     // Create the cipher
-    const cipher = crypto.createCipheriv(ALGORITHM, tokenBuffer, iv);
+    const cipher = crypto.createCipheriv(ALGORITHM, keyBuffer, iv);
     // Encrypt the data
     const encrypted = Buffer.concat([cipher.update(input), cipher.final()]);
     // Get the auth tag
@@ -30,13 +30,13 @@ export async function encrypt(token, input, outputFile) {
 }
 /**
  * Decrypts a file using AES-256-GCM.
- * @param {string} token - The decryption key (must be 32 bytes for AES-256).
+ * @param {string} key - The decryption key (must be 32 bytes for AES-256).
  * @param {string} inputFile - The input file to decrypt.
  */
-export async function decrypt(token, inputFile) {
-    const tokenBuffer = Buffer.from(token, "base64");
-    if (tokenBuffer.length !== 32) {
-        throw new Error("Token must be 32 bytes (256 bits) for AES-256-GCM.");
+export async function decrypt(key, inputFile) {
+    const keyBuffer = Buffer.from(key, "base64");
+    if (keyBuffer.length !== 32) {
+        throw new Error("Key must be 32 bytes (256 bits) for AES-256-GCM.");
     }
     // Read the encrypted file
     const encryptedData = await fs.readFile(inputFile);
@@ -48,7 +48,7 @@ export async function decrypt(token, inputFile) {
     const ciphertext = encryptedData.subarray(IV_LENGTH, encryptedData.length - AUTH_TAG_LENGTH);
     try {
         // Create the decipher
-        const decipher = crypto.createDecipheriv(ALGORITHM, tokenBuffer, iv);
+        const decipher = crypto.createDecipheriv(ALGORITHM, keyBuffer, iv);
         decipher.setAuthTag(authTag);
         // Decrypt the ciphertext
         const decrypted = Buffer.concat([
@@ -61,7 +61,7 @@ export async function decrypt(token, inputFile) {
         if (error instanceof Error &&
             error.message.includes("unable to authenticate")) {
             throw new Error("Failed to decrypt file. This could be because:\n" +
-                "1. The encryption token may be incorrect\n" +
+                "1. The encryption key may be incorrect\n" +
                 "2. The encrypted file may be corrupted\n" +
                 "3. The encrypted file may have been tampered with");
         }

package/dist/helpers/key.js

@@ -0,0 +1,39 @@
+import { existsSync } from "node:fs";
+import fs from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+import { getProjectConfig } from "./projectConfig.js";
+export const getKey = async (environment) => {
+    if (process.env.DOTENC_KEY) {
+        return process.env.DOTENC_KEY;
+    }
+    const { projectId } = await getProjectConfig();
+    const keysFile = path.join(os.homedir(), ".dotenc", "keys.json");
+    if (existsSync(keysFile)) {
+        const keys = JSON.parse(await fs.readFile(keysFile, "utf-8"));
+        return keys[projectId][environment];
+    }
+    throw new Error("No key found. Please set the DOTENC_KEY environment variable or import the key using `dotenc import-key -e <environment> <key>`.");
+};
+/**
+ * Adds or updates a key for a specific project and environment.
+ */
+export const addKey = async (projectId, environment, key) => {
+    const keysFile = path.join(os.homedir(), ".dotenc", "keys.json");
+    // Ensure the keys file exists
+    if (!existsSync(keysFile)) {
+        await fs.mkdir(path.dirname(keysFile), { recursive: true });
+        await fs.writeFile(keysFile, "{}", { mode: 0o600 }); // Create an empty JSON file with secure permissions
+    }
+    // Read the existing keys
+    const keys = JSON.parse(await fs.readFile(keysFile, "utf8"));
+    // Add or update the key
+    if (!keys[projectId]) {
+        keys[projectId] = {};
+    }
+    keys[projectId][environment] = key;
+    // Write the updated keys back to the file
+    await fs.writeFile(keysFile, JSON.stringify(keys, null, 2), {
+        mode: 0o600,
+    });
+};

package/dist/helpers/parseEnv.js

@@ -1,21 +1,87 @@
 /**
  * Parses a .env file content and returns an object of key-value pairs.
+ * Supports multiline values when they are properly quoted.
+ * Supports nested quotes (e.g., "value with 'quotes' inside" or 'value with "quotes" inside')
  */
 export const parseEnv = (content) => {
     const env = {};
-    const lines = content.split("\n");
-    for (const line of lines) {
-        const trimmedLine = line.trim();
-        // Skip empty lines and comments
-        if (!trimmedLine || trimmedLine.startsWith("#")) {
+    let currentKey = "";
+    let currentValue = "";
+    let isInSingleQuotes = false;
+    let isInDoubleQuotes = false;
+    let isInComment = false;
+    let isInKey = true;
+    const commit = (trim) => {
+        if (currentKey.trim()) {
+            env[currentKey.trim()] = trim ? currentValue.trim() : currentValue;
+        }
+        currentKey = "";
+        currentValue = "";
+        isInSingleQuotes = false;
+        isInDoubleQuotes = false;
+        isInComment = false;
+        isInKey = true;
+    };
+    for (const char of content) {
+        // Handle single quoted content
+        if (isInSingleQuotes) {
+            if (char === "'") {
+                commit(false);
+            }
+            else {
+                currentValue += char;
+            }
+            continue;
+        }
+        // Handle double quoted content
+        if (isInDoubleQuotes) {
+            if (char === '"') {
+                commit(false);
+            }
+            else {
+                currentValue += char;
+            }
+            continue;
+        }
+        // Handle comments
+        if (isInComment) {
+            if (char === "\n") {
+                isInComment = false;
+            }
+            continue;
+        }
+        if (char === "#") {
+            isInComment = true;
             continue;
         }
-        // Parse key-value pairs
-        const [key, ...valueParts] = trimmedLine.split("=");
-        const value = valueParts.join("=").trim();
-        if (key) {
-            env[key.trim()] = value.replace(/(^['"])|(['"]$)/g, ""); // Remove surrounding quotes
+        // Handle keys
+        if (isInKey) {
+            if (char === "=") {
+                isInKey = false;
+            }
+            else {
+                currentKey += char;
+            }
+            continue;
+        }
+        // Handle newlines
+        if (char === "\n") {
+            commit(true);
+        }
+        // Handle single quote opening
+        if (char === "'") {
+            isInSingleQuotes = true;
+            continue;
+        }
+        // Handle double quote opening
+        if (char === '"') {
+            isInDoubleQuotes = true;
+            continue;
         }
+        // Handle value
+        currentValue += char;
     }
+    // Handle EOF
+    commit(true);
     return env;
 };

package/dist/helpers/parseEnv.test.js

@@ -0,0 +1,28 @@
+import { describe, expect, test } from "vitest";
+import { parseEnv } from "./parseEnv.js";
+describe("parseEnv", () => {
+    test("should parse a simple key-value pair", () => {
+        const env = parseEnv("FOO=bar");
+        expect(env.FOO).toBe("bar");
+    });
+    test("should parse a key-value pair with a space", () => {
+        const env = parseEnv("FOO = bar");
+        expect(env.FOO).toBe("bar");
+    });
+    test("should parse a complex env file", () => {
+        const env = parseEnv(`FOO="
+bar"
+  BAR='baz
+foo
+'BAZ=123
+
+# Comment here "!#' foo
+
+HELLO = WORLD
+`);
+        expect(env.FOO).toBe("\nbar");
+        expect(env.BAR).toBe("baz\nfoo\n");
+        expect(env.BAZ).toBe("123");
+        expect(env.HELLO).toBe("WORLD");
+    });
+});

package/dist/program.js

@@ -6,9 +6,9 @@ import { configCommand } from "./commands/config.js";
 import { debugCommand } from "./commands/debug.js";
 import { editCommand } from "./commands/edit.js";
 import { initCommand } from "./commands/init.js";
+import { keyExportCommand } from "./commands/key/export.js";
+import { keyImportCommand } from "./commands/key/import.js";
 import { runCommand } from "./commands/run.js";
-import { tokenExportCommand } from "./commands/token/export.js";
-import { tokenImportCommand } from "./commands/token/import.js";
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 const pkg = JSON.parse(fs.readFileSync(path.join(__dirname, "../package.json"), "utf8"));
@@ -30,15 +30,15 @@ program
     .addOption(new Option("-e, --environment <environment>", "the environment to run the command in"))
     .description("run a command in an environment")
     .action(runCommand);
-const token = program.command("token").description("Manage stored tokens");
-token
-    .command("import <environment> <token>")
-    .description("import a token for an environment")
-    .action(tokenImportCommand);
-token
+const key = program.command("key").description("Manage stored keys");
+key
+    .command("import <environment> <key>")
+    .description("import a key for an environment")
+    .action(keyImportCommand);
+key
     .command("export <environment>")
-    .description("export a token from an environment")
-    .action(tokenExportCommand);
+    .description("export a key from an environment")
+    .action(keyExportCommand);
 program
     .command("config <key> [value]")
     .addOption(new Option("-r, --remove", "remove a configuration key"))

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dotenc/cli",
-  "version": "0.1.4",
+  "version": "0.2.2",
   "description": "🔐 Secure, encrypted environment variables that live in your codebase",
   "type": "module",
   "bin": {
@@ -33,10 +33,12 @@
     "@types/node": "^22.13.7",
     "tsc-alias": "^1.8.11",
     "tsx": "^4.19.3",
-    "typescript": "^5.8.2"
+    "typescript": "^5.8.2",
+    "vitest": "^3.0.9"
   },
   "dependencies": {
     "@paralleldrive/cuid2": "^2.2.2",
+    "chalk": "^5.4.1",
     "commander": "^13.1.0",
     "inquirer": "^12.4.2",
     "zod": "^3.24.2"
@@ -44,6 +46,7 @@
   "scripts": {
     "dev": "tsx src/cli.ts",
     "start": "node dist/cli.js",
-    "build": "tsc && tsc-alias"
+    "build": "tsc && tsc-alias",
+    "test": "vitest"
   }
 }

package/dist/helpers/token.js

@@ -1,39 +0,0 @@
-import { existsSync } from "node:fs";
-import fs from "node:fs/promises";
-import os from "node:os";
-import path from "node:path";
-import { getProjectConfig } from "./projectConfig.js";
-export const getToken = async (environment) => {
-    if (process.env.DOTENC_TOKEN) {
-        return process.env.DOTENC_TOKEN;
-    }
-    const { projectId } = await getProjectConfig();
-    const tokensFile = path.join(os.homedir(), ".dotenc", "tokens.json");
-    if (existsSync(tokensFile)) {
-        const tokens = JSON.parse(await fs.readFile(tokensFile, "utf-8"));
-        return tokens[projectId][environment];
-    }
-    throw new Error("No token found. Please set the TOKEN environment variable or import the token using `dotenc import-token -e <environment> <token>`.");
-};
-/**
- * Adds or updates a token for a specific project and environment.
- */
-export const addToken = async (projectId, environment, token) => {
-    const tokensFile = path.join(os.homedir(), ".dotenc", "tokens.json");
-    // Ensure the tokens file exists
-    if (!existsSync(tokensFile)) {
-        await fs.mkdir(path.dirname(tokensFile), { recursive: true });
-        await fs.writeFile(tokensFile, "{}", { mode: 0o600 }); // Create an empty JSON file with secure permissions
-    }
-    // Read the existing tokens
-    const tokens = JSON.parse(await fs.readFile(tokensFile, "utf8"));
-    // Add or update the token
-    if (!tokens[projectId]) {
-        tokens[projectId] = {};
-    }
-    tokens[projectId][environment] = token;
-    // Write the updated tokens back to the file
-    await fs.writeFile(tokensFile, JSON.stringify(tokens, null, 2), {
-        mode: 0o600,
-    });
-};