@dotenvx/dotenvx-ops 0.26.0 → 0.28.0

package/CHANGELOG.md

@@ -2,7 +2,19 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
-[Unreleased](https://github.com/dotenvx/dotenvx-ops/compare/v0.26.0...main)
+[Unreleased](https://github.com/dotenvx/dotenvx-ops/compare/v0.28.0...main)
+
+## [0.28.0](https://github.com/dotenvx/dotenvx-ops/compare/v0.27.0...v0.28.0) (2025-12-22)
+
+### Added
+
+* Add `backup` command for backing up .env.keys files. Will serve as entry-level low priced product to serve many. ([#18](https://github.com/dotenvx/dotenvx-ops/pull/18))
+
+## [0.27.0](https://github.com/dotenvx/dotenvx-ops/compare/v0.26.0...v0.27.0) (2025-12-14)
+
+### Added
+
+* Add `rotate openai connect` ([#16](https://github.com/dotenvx/dotenvx-ops/pull/17))
 
 ## [0.26.0](https://github.com/dotenvx/dotenvx-ops/compare/v0.25.2...v0.26.0) (2025-12-14)
 

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "0.26.0",
+  "version": "0.28.0",
   "name": "@dotenvx/dotenvx-ops",
   "description": "Dotenvx Ops – commercial tooling for .env files",
   "author": "@motdotla",

package/src/cli/actions/backup.js

@@ -0,0 +1,53 @@
+// const fs = require('fs')
+// const crypto = require('crypto')
+
+const { logger } = require('@dotenvx/dotenvx')
+
+const { createSpinner } = require('./../../lib/helpers/createSpinner')
+
+const Backup = require('./../../lib/services/backup')
+
+const spinner = createSpinner('backing up')
+
+async function backup () {
+  // debug opts
+  const options = this.opts()
+
+  try {
+    logger.debug(`options: ${JSON.stringify(options)}`)
+
+    spinner.start()
+
+    const {
+      projectUsernameName,
+      files
+    } = await new Backup(options.hostname, options.force).run()
+    logger.debug(`files: ${JSON.stringify(files)}`)
+
+    // write output files
+    // for (const file of files) {
+    //   // const { filepath, src, sha } = file
+    // }
+
+    spinner.stop()
+
+    logger.success(`✔ backed up [${projectUsernameName}]`)
+  } catch (error) {
+    spinner.stop()
+    if (error.message) {
+      logger.error(error.message)
+    } else {
+      logger.error(error)
+    }
+    if (error.help) {
+      logger.help(error.help)
+    }
+    if (error.stack) {
+      logger.debug(error.stack)
+    }
+
+    process.exit(1)
+  }
+}
+
+module.exports = backup

package/src/cli/actions/rotate/openai/connect.js

@@ -0,0 +1,75 @@
+const { logger } = require('@dotenvx/dotenvx')
+const prompts = require('@inquirer/prompts')
+const Session = require('./../../../../db/session')
+const RotateOpenaiConnect = require('./../../../../lib/services/rotateOpenaiConnect')
+const { createSpinner } = require('./../../../../lib/helpers/createSpinner')
+const GetAccount = require('./../../../../lib/api/getAccount')
+
+const spinner = createSpinner('waiting on browser completion')
+
+async function connect () {
+  const options = this.opts()
+  logger.debug(`options: ${JSON.stringify(options)}`)
+
+  try {
+    const sesh = new Session()
+    const hostname = options.hostname
+    const token = options.token || sesh.token()
+    let org = options.org
+    let username = options.username
+    let password = options.password
+    const email = options.email
+
+    // user must be logged in to use feature
+    const accountJson = await new GetAccount(hostname, token).run()
+
+    if (!org) {
+      const choices = accountJson.organizations.map(o => ({
+        name: o.provider_slug,
+        value: o.provider_slug
+      }))
+
+      if (choices.length === 1) {
+        org = choices[0].value // just use first choice
+      } else {
+        org = await prompts.select({
+          message: 'Select dotenvx organization',
+          choices
+        })
+      }
+    }
+
+    if (!username) {
+      username = await prompts.input({ message: 'openai username:' })
+    }
+
+    if (!password) {
+      password = await prompts.password({ message: 'openai password:' })
+    }
+
+    spinner.start()
+
+    const { uid, url } = await new RotateOpenaiConnect(hostname, token, org, username, password, email).run()
+
+    spinner.stop()
+
+    logger.success(`✔ connected [${url}]`)
+    logger.help(`⮕ next run [dotenvx-ops rotate dotenvx://${uid}]`)
+  } catch (error) {
+    spinner.stop()
+    if (error.message) {
+      logger.error(error.message)
+    } else {
+      logger.error(error)
+    }
+    if (error.help) {
+      logger.help(error.help)
+    }
+    if (error.stack) {
+      logger.debug(error.stack)
+    }
+    process.exit(1)
+  }
+}
+
+module.exports = connect

package/src/cli/commands/rotate/openai.js

@@ -0,0 +1,25 @@
+const { Command } = require('commander')
+
+const openai = new Command('openai')
+
+const Session = require('./../../../db/session')
+const sesh = new Session()
+
+openai
+  .description('openai')
+  .allowUnknownOption()
+
+// dotenvx-ops rotate openai connect
+const connectAction = require('./../../actions/rotate/openai/connect')
+openai
+  .command('connect')
+  .description('connect passcard')
+  .option('--org <organizationSlug>')
+  .option('--username <username>')
+  .option('--password <password>')
+  .option('--email <email>')
+  .option('--hostname <url>', 'set hostname', sesh.hostname())
+  .option('--token <token>', 'set token')
+  .action(connectAction)
+
+module.exports = openai

package/src/cli/commands/rotate.js

@@ -11,6 +11,7 @@ rotate
 
 rotate.addCommand(require('./rotate/github'))
 rotate.addCommand(require('./rotate/npm'))
+rotate.addCommand(require('./rotate/openai'))
 
 // dotenvx-ops rotate (fallback positional argument handler)
 const rotateAction = require('../actions/rotate')

package/src/cli/dotenvx-ops.js

@@ -30,6 +30,14 @@ program
   .version(packageJson.version)
   .allowUnknownOption()
 
+// dotenvx-ops backup
+const backupAction = require('./actions/backup')
+program
+  .command('backup')
+  .description('backup .env.keys file(s)')
+  .option('-h, --hostname <url>', 'set hostname', sesh.hostname())
+  .action(backupAction)
+
 // dotenvx-ops observe base64String
 const observeAction = require('./actions/observe')
 program.command('observe')

package/src/lib/api/postBackup.js

@@ -0,0 +1,65 @@
+const { http } = require('../../lib/helpers/http')
+const buildApiError = require('../../lib/helpers/buildApiError')
+const packageJson = require('../../lib/helpers/packageJson')
+
+class PostBackup {
+  constructor (hostname, token, devicePublicKey, encoded, dotenvxProjectId, pwd = null, gitUrl = null, gitBranch = null, systemUuid = null, osPlatform = null, osArch = null) {
+    this.hostname = hostname || 'https://ops.dotenvx.com'
+    this.token = token
+    this.devicePublicKey = devicePublicKey
+    this.encoded = encoded
+    this.dotenvxProjectId = dotenvxProjectId
+    this.pwd = pwd
+    this.gitUrl = gitUrl
+    this.gitBranch = gitBranch
+    this.systemUuid = systemUuid
+    this.osPlatform = osPlatform
+    this.osArch = osArch
+  }
+
+  async run () {
+    const token = this.token
+    const devicePublicKey = this.devicePublicKey
+    const url = `${this.hostname}/api/backup`
+    const encoded = this.encoded
+    const dotenvxProjectId = this.dotenvxProjectId
+    const backedupAt = new Date().toISOString()
+    const pwd = this.pwd
+    const gitUrl = this.gitUrl
+    const gitBranch = this.gitBranch
+    const systemUuid = this.systemUuid
+    const osPlatform = this.osPlatform
+    const osArch = this.osArch
+
+    const resp = await http(url, {
+      method: 'POST',
+      headers: {
+        Authorization: `Bearer ${token}`,
+        'Content-Type': 'application/json'
+      },
+      body: JSON.stringify({
+        device_public_key: devicePublicKey,
+        encoded,
+        dotenvx_project_id: dotenvxProjectId,
+        backedup_at: backedupAt,
+        pwd,
+        git_url: gitUrl,
+        git_branch: gitBranch,
+        system_uuid: systemUuid,
+        os_platform: osPlatform,
+        os_arch: osArch,
+        cli_version: packageJson.version
+      })
+    })
+
+    const json = await resp.body.json()
+
+    if (resp.statusCode >= 400) {
+      throw buildApiError(resp.statusCode, json)
+    }
+
+    return json
+  }
+}
+
+module.exports = PostBackup

package/src/lib/helpers/playwrightConnect.js

@@ -4,12 +4,6 @@ const { chromium } = require('playwright')
 const VIEWPORT_WIDTH = 1200
 const VIEWPORT_HEIGHT = 742
 const VIEWPORT = { width: VIEWPORT_WIDTH, height: VIEWPORT_HEIGHT }
-const CHROME_ARGS = [
-  '--app=data:,', // starts a blank popup
-  '--disable-infobars',
-  '--disable-session-crashed-bubble',
-  '--noerrdialogs'
-]
 
 async function playwrightConnect (channel = 'chrome') {
   const browser = await ensurePlaywrightBrowser(channel)
@@ -21,13 +15,13 @@ async function playwrightConnect (channel = 'chrome') {
 
 async function ensurePlaywrightBrowser (channel = 'chrome') {
   try {
-    return await chromium.launch({ headless: false, channel, args: CHROME_ARGS })
+    return await chromium.launch({ headless: false, channel })
   } catch (err) {
     if (String(err).includes('Executable doesn\'t exist')) {
       logger.info('Installing chromium...')
       const cp = require('child_process')
       cp.execSync('npx playwright install chromium', { stdio: 'inherit' })
-      return await chromium.launch({ headless: false, args: CHROME_ARGS })
+      return await chromium.launch({ headless: false })
     }
   }
 }

package/src/lib/services/backup.js

@@ -0,0 +1,68 @@
+const fs = require('fs')
+const path = require('path')
+const si = require('systeminformation')
+const dotenvx = require('@dotenvx/dotenvx')
+
+const Session = require('./../../db/session')
+
+const gitUrl = require('./../helpers/gitUrl')
+const gitBranch = require('./../helpers/gitBranch')
+const dotenvxProjectId = require('./../helpers/dotenvxProjectId')
+
+// api calls
+const PostBackup = require('./../api/postBackup')
+
+class Backup {
+  constructor (hostname) {
+    this.hostname = hostname
+    this.cwd = process.cwd()
+  }
+
+  async run () {
+    const sesh = new Session()
+    const token = sesh.token()
+    const devicePublicKey = sesh.devicePublicKey()
+
+    // required
+    const files = this._files()
+    const payload = { files }
+    const encoded = Buffer.from(JSON.stringify(payload)).toString('base64')
+    const _dotenvxProjectId = dotenvxProjectId(this.cwd)
+
+    // optional
+    const _pwd = this.cwd
+    const _gitUrl = gitUrl()
+    const _gitBranch = gitBranch()
+
+    const system = await si.system()
+    const _systemUuid = system.uuid
+
+    const osInfo = await si.osInfo()
+    const _osPlatform = osInfo.platform
+    const _osArch = osInfo.arch
+
+    const data = await new PostBackup(this.hostname, token, devicePublicKey, encoded, _dotenvxProjectId, _pwd, _gitUrl, _gitBranch, _systemUuid, _osPlatform, _osArch).run()
+
+    return {
+      id: data.id,
+      dotenvxProjectId: data.dotenvx_project_id,
+      projectUsernameName: data.project_username_name,
+      files: data.files
+    }
+  }
+
+  _files () {
+    const out = []
+    const filepaths = dotenvx.ls(this.cwd, '.env.keys*')
+
+    for (const fp of filepaths) {
+      const abs = path.join(this.cwd, fp)
+      const src = fs.readFileSync(abs, 'utf8')
+      out.push({ filepath: fp, src })
+    }
+
+    return out
+  }
+}
+
+module.exports = Backup

package/src/lib/services/rotateOpenaiConnect.js

@@ -0,0 +1,60 @@
+const PostRotateConnect = require('./../api/postRotateConnect')
+
+const playwrightConnect = require('./../helpers/playwrightConnect')
+
+const TIMEOUT = 500 // visibility timeout
+const TIMEOUT_MEDIUM = 5000 // visibility timeout
+const TIMEOUT_LONG = 10000 // visibility timeout
+const SLUG = 'openai' // hardcoded
+
+class RotateOpenaiConnect {
+  constructor (hostname, token, org, username, password, email = null) {
+    this.hostname = hostname
+    this.org = org
+    this.token = token
+    this.username = username
+    this.password = password
+
+    // optional
+    this.email = username
+  }
+
+  async run () {
+    const hostname = this.hostname
+    const token = this.token
+    const org = this.org
+    const username = this.username
+    const password = this.password
+    const email = this.email
+
+    const { browser, context, page } = await playwrightConnect()
+
+    const emailSelector = 'input[type="email"]'
+    const passwordSelector = 'input[type="password"]'
+
+    await page.goto('https://platform.openai.com/login', { waitUntil: 'domcontentloaded' })
+    await page.waitForTimeout(TIMEOUT)
+    await page.fill(emailSelector, username)
+    await page.waitForTimeout(TIMEOUT_MEDIUM)
+    await page.getByRole('button', { name: /continue|confirm|/i }).first().click()
+    await page.waitForTimeout(TIMEOUT_LONG)
+    await page.fill(passwordSelector, password) // await page.fill('input[autocomplete="current-password"]', password)
+    await page.waitForTimeout(TIMEOUT)
+    await page.press('input[type="password"]', 'Enter')
+    await page.waitForNavigation({ timeout: 0 })
+    await page.waitForSelector('a[href="/settings"]', { state: 'visible', timeout: 0 })
+
+    const playwrightStorageStateStringified = JSON.stringify(await context.storageState())
+
+    const { uid, url } = await new PostRotateConnect(hostname, token, org, SLUG, username, password, email, playwrightStorageStateStringified).run()
+
+    await browser.close()
+
+    return {
+      uid,
+      url
+    }
+  }
+}
+
+module.exports = RotateOpenaiConnect