@dotenvx/dotenvx 0.11.0 → 0.13.0

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "0.11.0",
+  "version": "0.13.0",
   "name": "@dotenvx/dotenvx",
   "description": "a better dotenv–from the creator of `dotenv`",
   "author": "@motdotla",

package/src/cli/actions/decrypt.js

@@ -0,0 +1,93 @@
+const fs = require('fs')
+
+const main = require('./../../lib/main')
+const logger = require('./../../shared/logger')
+const helpers = require('./../helpers')
+const createSpinner = require('./../../shared/createSpinner')
+
+const spinner = createSpinner('decrypting')
+
+// constants
+const ENCODING = 'utf8'
+
+async function decrypt () {
+  spinner.start()
+  await helpers.sleep(500) // better dx
+
+  const options = this.opts()
+  logger.debug(`options: ${JSON.stringify(options)}`)
+
+  const vaultFilepath = helpers.resolvePath('.env.vault')
+  const keysFilepath = helpers.resolvePath('.env.keys')
+  const changedEnvFilenames = new Set()
+  const unchangedEnvFilenames = new Set()
+
+  // logger.verbose(`checking for .env.vault`)
+  if (!fs.existsSync(vaultFilepath)) {
+    spinner.fail(`.env.vault file missing: ${vaultFilepath}`)
+    logger.help('? generate one with [dotenvx encrypt]')
+    process.exit(1)
+  }
+
+  // logger.verbose(`checking for .env.keys`)
+  if (!fs.existsSync(keysFilepath)) {
+    spinner.fail(`.env.keys file missing: ${keysFilepath}`)
+    logger.help('? a .env.keys file must be present in order to decrypt your .env.vault contents to .env file(s)')
+    process.exit(1)
+  }
+
+  const dotenvKeys = (main.configDotenv({ path: keysFilepath }).parsed || {})
+  const dotenvVault = (main.configDotenv({ path: vaultFilepath }).parsed || {})
+
+  Object.entries(dotenvKeys).forEach(([dotenvKey, value]) => {
+    // determine environment
+    const environment = dotenvKey.replace('DOTENV_KEY_', '').toLowerCase()
+    // determine corresponding vault key
+    const vaultKey = `DOTENV_VAULT_${environment.toUpperCase()}`
+
+    // attempt to find ciphertext
+    const ciphertext = dotenvVault[vaultKey]
+
+    // give warning if not found
+    if (ciphertext && ciphertext.length >= 1) {
+      const key = helpers._parseEncryptionKeyFromDotenvKey(value.trim())
+
+      // Decrypt
+      const decrypted = main.decrypt(ciphertext, key)
+
+      // envFilename
+      let envFilename = `.env.${environment}`
+      if (environment === 'development') {
+        envFilename = '.env'
+      }
+
+      // check if exists
+      if (fs.existsSync(envFilename) && (fs.readFileSync(envFilename, { encoding: ENCODING }).toString() === decrypted)) {
+        unchangedEnvFilenames.add(envFilename)
+      } else {
+        changedEnvFilenames.add(envFilename)
+        fs.writeFileSync(envFilename, decrypted)
+      }
+    } else {
+      logger.warn(`${vaultKey} missing in .env.vault: ${vaultFilepath}`)
+    }
+  })
+
+  let changedMsg = ''
+  if (changedEnvFilenames.size > 0) {
+    changedMsg = `decrypted (${Array.from(changedEnvFilenames).join(',')})`
+  }
+
+  let unchangedMsg = ''
+  if (unchangedEnvFilenames.size > 0) {
+    unchangedMsg = `no changes (${Array.from(unchangedEnvFilenames).join(',')})`
+  }
+
+  if (changedMsg.length > 0) {
+    spinner.succeed(`${changedMsg} ${unchangedMsg}`)
+  } else {
+    spinner.done(`${unchangedMsg}`)
+  }
+}
+
+module.exports = decrypt

package/src/cli/actions/encrypt.js

@@ -150,19 +150,6 @@ async function encrypt () {
 
     logger.help2(`ℹ run [DOTENV_KEY='${tryKey}' dotenvx run -- yourcommand] to test decryption locally`)
   }
-
-  // logger.verbose('')
-  // logger.verbose('next:')
-  // logger.verbose('')
-  // logger.verbose('    1. commit .env.vault safely to code')
-  // logger.verbose('    2. set DOTENV_KEY on server (or ci)')
-  // logger.verbose('    3. push your code')
-  // logger.verbose('')
-  // logger.verbose('protips:')
-  // logger.verbose('')
-  // logger.verbose('    * .env.keys file holds your decryption DOTENV_KEYs')
-  // logger.verbose('    * DO NOT commit .env.keys to code')
-  // logger.verbose('    * share .env.keys file over secure channels only')
 }
 
 module.exports = encrypt

package/src/cli/{ignores.js → actions/gitignore.js}

@@ -1,6 +1,7 @@
 const fs = require('fs')
 
 const FORMATS = ['.env*', '!.env.vault']
+const logger = require('./../../shared/logger')
 
 class Generic {
   constructor (filename, touchFile = false) {
@@ -16,6 +17,8 @@ class Generic {
   run () {
     if (!fs.existsSync(this.filename)) {
       if (this.touchFile === true) {
+        logger.info(`creating ${this.filename}`)
+
         fs.writeFileSync(this.filename, '')
       } else {
         return
@@ -25,6 +28,8 @@ class Generic {
     const lines = fs.readFileSync(this.filename, 'utf8').split(/\r?\n/)
     this.formats.forEach(format => {
       if (!lines.includes(format.trim())) {
+        logger.info(`appending ${format} to ${this.filename}`)
+
         this.append(format)
       }
     })
@@ -55,13 +60,23 @@ class Vercel {
   }
 }
 
-class AppendToIgnores {
-  run () {
-    new Docker().run()
-    new Git().run()
-    new Npm().run()
-    new Vercel().run()
-  }
+function gitignore () {
+  const options = this.opts()
+  logger.debug(`options: ${JSON.stringify(options)}`)
+
+  logger.verbose('appending to .gitignore')
+  new Git().run()
+
+  logger.verbose('appending to .dockerignore (if existing)')
+  new Docker().run()
+
+  logger.verbose('appending to .npmignore (if existing)')
+  new Npm().run()
+
+  logger.verbose('appending to .vercelignore (if existing)')
+  new Vercel().run()
+
+  logger.success('done')
 }
 
-module.exports = { AppendToIgnores, Generic }
+module.exports = gitignore

package/src/cli/actions/run.js

@@ -84,11 +84,18 @@ async function run () {
         readableFilepaths.add(envFilepath)
         result.injected.forEach(key => injected.add(key))
       } catch (e) {
+        // calculate development help message depending on state of repo
+        const vaultFilepath = helpers.resolvePath('.env.vault')
+        let developmentHelp = `? in development: add one with [echo "HELLO=World" > .env] and re-run [dotenvx run -- ${commandArgs.join(' ')}]`
+        if (fs.existsSync(vaultFilepath)) {
+          developmentHelp = `? in development: use [dotenvx decrypt] to decrypt .env.vault to .env and then re-run [dotenvx run -- ${commandArgs.join(' ')}]`
+        }
+
         switch (e.code) {
           // missing .env
           case 'ENOENT':
             logger.warnv(`missing ${envFilepath} file (${filepath})`)
-            logger.help(`? in development: add one with [echo "HELLO=World" > .env] and re-run [dotenvx run -- ${commandArgs.join(' ')}]`)
+            logger.help(developmentHelp)
             logger.help('? for production: set [DOTENV_KEY] on your server and re-deploy')
             logger.help('? for ci: set [DOTENV_KEY] on your ci and re-build')
             break

package/src/cli/dotenvx.js

@@ -66,6 +66,12 @@ program.command('encrypt')
   .option('-f, --env-file <paths...>', 'path(s) to your env file(s)', helpers.findEnvFiles('./'))
   .action(require('./actions/encrypt'))
 
+// dotenvx decrypt
+program.command('decrypt')
+  .description('decrypt .env.vault to .env*')
+  .addHelpText('after', examples.encrypt)
+  .action(require('./actions/decrypt'))
+
 // dotenvx precommit
 program.command('precommit')
   .description('prevent committing .env files to code')
@@ -79,6 +85,12 @@ program.command('prebuild')
   .addHelpText('after', examples.prebuild)
   .action(require('./actions/prebuild'))
 
+// dotenvx gitignore
+program.command('gitignore')
+  .description('append to .gitignore file (and if existing, .dockerignore, .npmignore, and .vercelignore)')
+  .addHelpText('after', examples.gitignore)
+  .action(require('./actions/gitignore'))
+
 // dotenvx hub
 program.addCommand(require('./commands/hub'))
 

package/src/cli/examples.js

@@ -83,9 +83,27 @@ Try it:
   `
 }
 
+const gitignore = function () {
+  return `
+Examples:
+
+  \`\`\`
+  $ dotenvx gitignore
+  \`\`\`
+
+Try it:
+
+  \`\`\`
+  $ dotenvx gitignore
+  done
+  \`\`\`
+  `
+}
+
 module.exports = {
   run,
   encrypt,
   precommit,
-  prebuild
+  prebuild,
+  gitignore
 }