@dotenvx/dotenvx 0.4.0 → 0.6.0

package/README.md

@@ -72,6 +72,28 @@ More examples
   Hello World
   ```
 
+  </details>
+* <details><summary>Java ☕️</summary><br>
+
+  ```sh
+  $ echo 'public class Index { public static void main(String[] args) { System.out.println("Hello " + System.getenv("HELLO")); } }' > index.java
+
+  $ dotenvx run -- java index.java
+  Hello World
+  ```
+
+  </details>
+* <details><summary>.NET 🔵</summary><br>
+
+  ```sh
+  $ dotnet new console -n HelloWorld -o HelloWorld
+  $ cd HelloWorld
+  $ echo 'Console.WriteLine($"Hello {Environment.GetEnvironmentVariable("HELLO")}");' > Program.cs && echo "HELLO=World" > .env
+
+  $ dotenvx run -- dotnet run
+  Hello World
+  ```
+
   </details>
 * <details><summary>Frameworks ▲</summary><br>
 
@@ -124,6 +146,35 @@ More examples
   ```
 
   </details>
+* <details><summary>npm</summary><br>
+
+  ```sh
+  $ npm install @dotenvx/dotenvx --save
+  ```
+
+  ```json
+  {
+    "scripts": {
+      "start": "./node_modules/.bin/dotenvx run -- node index.js"
+    },
+    "dependencies": {
+      "@dotenvx/dotenvx": "^0.5.0"
+    }
+  }
+  ```
+
+  ```sh
+  $ npm run start
+
+  > start
+  > ./node_modules/.bin/dotenvx run -- node index.js
+
+  [dotenvx][INFO] injecting 1 environment variable from .env
+  Hello World
+  ```
+
+  </details>
+
 * <details><summary>Git</summary><br>
 
   ```sh
@@ -143,14 +194,14 @@ Pass the `--env-file` flag (shorthand `-f`) to run any environment from a `.env.
 
 ```sh
 $ dotenvx run --env-file=.env.production -- node index.js
-[dotenvx][INFO] Injecting 12 production environment variables into your application process
+[dotenvx][INFO] injecting 12 environment variables from .env.production
 ```
 
 Combine multiple `.env` files if you like.
 
 ```
 $ dotenvx run --env-file=.env.local --env-file=.env -- node index.js
-[dotenvx][INFO] Injecting 12 local, 1 development environment variables into your application process
+[dotenvx][INFO] injecting 13 environment variables from .env.local,.env
 ```
 
 &nbsp;
@@ -158,7 +209,7 @@ $ dotenvx run --env-file=.env.local --env-file=.env -- node index.js
 ## Encrypt Your Env Files
 
 ```
-dotenvx encrypt
+$ dotenvx encrypt
 ```
 
 > This will encrypt your `.env` file to a `.env.vault` file. Commit your `.env.vault` file safely to code.
@@ -188,7 +239,7 @@ Run it with `dotenvx`.
 
 ```sh
 $ dotenvx run -- node index.js
-[dotenvx@x.x.x][WARN] ENOENT: no such file or directory, open '/../../.env'
+[dotenvx][WARN] ENOENT: no such file or directory, open '/../../.env'
 Hello undefined
 ```
 
@@ -205,7 +256,7 @@ Run it again.
 
 ```sh
 $ dotenvx run -- node index.js
-[dotenvx@x.x.x][INFO] Injecting 0 environment variables into your application process
+[dotenvx][INFO] injecting 0 environment variables from .env
 Hello undefined
 ```
 
@@ -213,10 +264,10 @@ Hrm, still undefined. Pass the `--debug` flag to debug the issue. I'll give you
 
 ```sh
 $ dotenvx run --debug -- node index.js
-[dotenvx@x.x.x][VERBOSE] Loading env from /../../.env
-[dotenvx@x.x.x][DEBUG] Reading env from /../../.env
-[dotenvx@x.x.x][DEBUG] Parsing env from /../../.env
-[dotenvx@x.x.x][DEBUG] {"JELLO":"World"}
+[dotenvx][VERBOSE] Loading env from /../../.env
+[dotenvx][DEBUG] Reading env from /../../.env
+[dotenvx][DEBUG] Parsing env from /../../.env
+[dotenvx][DEBUG] {"JELLO":"World"}
 
 # Oops, HELLO not JELLO ^^
 ```
@@ -232,7 +283,7 @@ One last time. [Le tired](https://youtu.be/kCpjgl2baLs?t=45).
 
 ```sh
 $ dotenvx run -- node index.js
-[dotenvx@x.x.x][INFO] Injecting 1 environment variable into your application process
+[dotenvx][INFO] injecting 1 environment variable from .env
 Hello World
 ```
 
@@ -269,7 +320,6 @@ npx @dotenvx/dotenvx help
 npm i @dotenvx/dotenvx --save
 ```
 ```json
-// package.json
 "scripts": {
   "start": "./node_modules/.bin/dotenvx run -- nodex index.js"
 }

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "0.4.0",
+  "version": "0.6.0",
   "name": "@dotenvx/dotenvx",
   "description": "a better dotenv–from the creator of `dotenv`",
   "author": "@motdotla",
@@ -21,7 +21,7 @@
   "scripts": {
     "standard": "standard",
     "standard:fix": "standard --fix",
-    "test": "jest"
+    "test": "jest --verbose"
   },
   "dependencies": {
     "commander": "^11.1.0",

package/src/cli/dotenvx.js

@@ -2,7 +2,6 @@
 
 const fs = require('fs')
 const { Command } = require('commander')
-const dotenv = require('dotenv')
 const program = new Command()
 
 // constants
@@ -10,6 +9,7 @@ const ENCODING = 'utf8'
 
 const logger = require('./../shared/logger')
 const helpers = require('./helpers')
+const { AppendToIgnores } = require('./ignores')
 const packageJson = require('./../shared/packageJson')
 const main = require('./../lib/main')
 
@@ -20,6 +20,8 @@ program
   .option('-v, --verbose', 'sets log level to verbose')
   .option('-d, --debug', 'sets log level to debug')
   .hook('preAction', (thisCommand, actionCommand) => {
+    new AppendToIgnores().run()
+
     const options = thisCommand.opts()
 
     if (options.logLevel) {
@@ -59,40 +61,97 @@ program.command('run')
     logger.debug('configuring options')
     logger.debug(options)
 
-    // convert to array if needed
-    let optionEnvFile = options.envFile
-    if (!Array.isArray(optionEnvFile)) {
-      optionEnvFile = [optionEnvFile]
-    }
+    // load from .env.vault file
+    if (process.env.DOTENV_KEY && process.env.DOTENV_KEY.length > 0) {
+      const filepath = helpers.resolvePath('.env.vault')
+
+      if (!fs.existsSync(filepath)) {
+        logger.error(`you set DOTENV_KEY but your .env.vault file is missing: ${filepath}`)
+      } else {
+        logger.verbose(`injecting encrypted env from ${filepath}`)
+
+        try {
+          logger.debug(`reading encrypted env from ${filepath}`)
+          const src = fs.readFileSync(filepath, { encoding: ENCODING })
+
+          logger.debug(`parsing encrypted env from ${filepath}`)
+          const parsedVault = main.parse(src)
+
+          logger.debug(`decrypting encrypted env from ${filepath}`)
+          // handle scenario for comma separated keys - for use with key rotation
+          // example: DOTENV_KEY="dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=prod,dotenv://:key_7890@dotenv.org/vault/.env.vault?environment=prod"
+          const dotenvKeys = process.env.DOTENV_KEY.split(',')
+          const length = dotenvKeys.length
+
+          let decrypted
+          for (let i = 0; i < length; i++) {
+            try {
+              // Get full dotenvKey
+              const dotenvKey = dotenvKeys[i].trim()
+
+              const key = helpers._parseEncryptionKeyFromDotenvKey(dotenvKey)
+              const ciphertext = helpers._parseCipherTextFromDotenvKeyAndParsedVault(dotenvKey, parsedVault)
+
+              // Decrypt
+              decrypted = main.decrypt(ciphertext, key)
+
+              break
+            } catch (error) {
+              // last key
+              if (i + 1 >= length) {
+                throw error
+              }
+              // try next key
+            }
+          }
+          logger.debug(decrypted)
+
+          logger.debug(`parsing decrypted env from ${filepath}`)
+          const parsed = main.parse(decrypted)
+
+          logger.debug(`writing decrypted env from ${filepath}`)
+          const result = main.write(process.env, parsed, options.overload)
+
+          logger.info(`injecting ${result.written.size} environment ${helpers.pluralize('variable', result.written.size)} from encrypted .env.vault`)
+        } catch (e) {
+          logger.error(e)
+        }
+      }
+    } else {
+      // convert to array if needed
+      let optionEnvFile = options.envFile
+      if (!Array.isArray(optionEnvFile)) {
+        optionEnvFile = [optionEnvFile]
+      }
 
-    const env = {}
-    const readableFilepaths = new Set()
-    const written = new Set()
+      const readableFilepaths = new Set()
+      const written = new Set()
 
-    for (const envFilepath of optionEnvFile) {
-      const filepath = helpers.resolvePath(envFilepath)
+      for (const envFilepath of optionEnvFile) {
+        const filepath = helpers.resolvePath(envFilepath)
 
-      logger.verbose(`injecting env from ${filepath}`)
+        logger.verbose(`injecting env from ${filepath}`)
 
-      try {
-        logger.debug(`reading env from ${filepath}`)
-        const src = fs.readFileSync(filepath, { encoding: ENCODING })
+        try {
+          logger.debug(`reading env from ${filepath}`)
+          const src = fs.readFileSync(filepath, { encoding: ENCODING })
 
-        logger.debug(`parsing env from ${filepath}`)
-        const parsed = main.parse(src)
+          logger.debug(`parsing env from ${filepath}`)
+          const parsed = main.parse(src)
 
-        logger.debug(`writing env from ${filepath}`)
-        const result = main.write(process.env, parsed, options.overload)
+          logger.debug(`writing env from ${filepath}`)
+          const result = main.write(process.env, parsed, options.overload)
 
-        readableFilepaths.add(envFilepath)
-        result.written.forEach(key => written.add(key))
-      } catch (e) {
-        logger.warn(e)
+          readableFilepaths.add(envFilepath)
+          result.written.forEach(key => written.add(key))
+        } catch (e) {
+          logger.warn(e)
+        }
       }
-    }
 
-    if (readableFilepaths.size > 0) {
-      logger.info(`injecting ${written.size} environment ${helpers.pluralize('variable', written.size)} from ${[...readableFilepaths]}`)
+      if (readableFilepaths.size > 0) {
+        logger.info(`injecting ${written.size} environment ${helpers.pluralize('variable', written.size)} from ${[...readableFilepaths]}`)
+      }
     }
 
     // Extract command and arguments after '--'
@@ -103,7 +162,7 @@ program.command('run')
     } else {
       const subCommand = process.argv.slice(commandIndex + 1)
 
-      helpers.executeCommand(subCommand, env)
+      helpers.executeCommand(subCommand, process.env)
     }
   })
 
@@ -124,7 +183,7 @@ program.command('encrypt')
     try {
       logger.verbose(`generating .env.keys from ${optionEnvFile}`)
 
-      const dotenvKeys = (dotenv.configDotenv({ path: '.env.keys' }).parsed || {})
+      const dotenvKeys = (main.configDotenv({ path: '.env.keys' }).parsed || {})
 
       for (const envFilepath of optionEnvFile) {
         const filepath = helpers.resolvePath(envFilepath)
@@ -169,8 +228,8 @@ program.command('encrypt')
     try {
       logger.verbose(`generating .env.vault from ${optionEnvFile}`)
 
-      const dotenvKeys = (dotenv.configDotenv({ path: '.env.keys' }).parsed || {})
-      const dotenvVaults = (dotenv.configDotenv({ path: '.env.vault' }).parsed || {})
+      const dotenvKeys = (main.configDotenv({ path: '.env.keys' }).parsed || {})
+      const dotenvVaults = (main.configDotenv({ path: '.env.vault' }).parsed || {})
 
       for (const envFilepath of optionEnvFile) {
         const filepath = helpers.resolvePath(envFilepath)
@@ -211,8 +270,6 @@ program.command('encrypt')
     }
 
     logger.info(`encrypted ${optionEnvFile} to .env.vault`)
-
-    // logger.info(`encrypting`)
   })
 
 program.parse(process.argv)

package/src/cli/helpers.js

@@ -4,6 +4,7 @@ const crypto = require('crypto')
 const { spawn } = require('child_process')
 const xxhash = require('xxhashjs')
 const XXHASH_SEED = 0xABCD
+const NONCE_BYTES = 12
 
 const main = require('./../lib/main')
 
@@ -69,17 +70,17 @@ const generateDotenvKey = function (environment) {
 }
 
 const encryptFile = function (filepath, dotenvKey, encoding) {
-  const key = this._parseEncryptionKeyFromDotenvKey(dotenvKey)
+  const key = _parseEncryptionKeyFromDotenvKey(dotenvKey)
   const message = fs.readFileSync(filepath, encoding)
 
-  const ciphertext = this.encrypt(key, message)
+  const ciphertext = encrypt(key, message)
 
   return ciphertext
 }
 
 const encrypt = function (key, message) {
   // set up nonce
-  const nonce = this._generateNonce()
+  const nonce = crypto.randomBytes(NONCE_BYTES)
 
   // set up cipher
   const cipher = crypto.createCipheriv('aes-256-gcm', key, nonce)
@@ -98,11 +99,11 @@ const encrypt = function (key, message) {
 }
 
 const changed = function (ciphertext, dotenvKey, filepath, encoding) {
-  const key = this._parseEncryptionKeyFromDotenvKey(dotenvKey)
+  const key = _parseEncryptionKeyFromDotenvKey(dotenvKey)
   const decrypted = main.decrypt(ciphertext, key)
   const raw = fs.readFileSync(filepath, encoding)
 
-  return this.hash(decrypted) !== this.hash(raw)
+  return hash(decrypted) !== hash(raw)
 }
 
 const hash = function (str) {
@@ -111,7 +112,12 @@ const hash = function (str) {
 
 const _parseEncryptionKeyFromDotenvKey = function (dotenvKey) {
   // Parse DOTENV_KEY. Format is a URI
-  const uri = new URL(dotenvKey)
+  let uri
+  try {
+    uri = new URL(dotenvKey)
+  } catch (e) {
+    throw new Error(`INVALID_DOTENV_KEY: ${e.message}`)
+  }
 
   // Get decrypt key
   const key = uri.password
@@ -122,12 +128,29 @@ const _parseEncryptionKeyFromDotenvKey = function (dotenvKey) {
   return Buffer.from(key.slice(-64), 'hex')
 }
 
-const _generateNonce = function () {
-  return crypto.randomBytes(this._nonceBytes())
-}
+const _parseCipherTextFromDotenvKeyAndParsedVault = function (dotenvKey, parsedVault) {
+  // Parse DOTENV_KEY. Format is a URI
+  let uri
+  try {
+    uri = new URL(dotenvKey)
+  } catch (e) {
+    throw new Error(`INVALID_DOTENV_KEY: ${e.message}`)
+  }
 
-const _nonceBytes = function () {
-  return 12
+  // Get environment
+  const environment = uri.searchParams.get('environment')
+  if (!environment) {
+    throw new Error('INVALID_DOTENV_KEY: Missing environment part')
+  }
+
+  // Get ciphertext payload
+  const environmentKey = `DOTENV_VAULT_${environment.toUpperCase()}`
+  const ciphertext = parsedVault[environmentKey] // DOTENV_VAULT_PRODUCTION
+  if (!ciphertext) {
+    throw new Error(`NOT_FOUND_DOTENV_ENVIRONMENT: cannot locate environment ${environmentKey} in your .env.vault file`)
+  }
+
+  return ciphertext
 }
 
 module.exports = {
@@ -142,6 +165,5 @@ module.exports = {
   changed,
   hash,
   _parseEncryptionKeyFromDotenvKey,
-  _generateNonce,
-  _nonceBytes
+  _parseCipherTextFromDotenvKeyAndParsedVault
 }

package/src/cli/ignores.js

@@ -0,0 +1,67 @@
+const fs = require('fs')
+
+const FORMATS = ['.env*', '!.env.vault', '.flaskenv*']
+
+class Generic {
+  constructor (filename, touchFile = false) {
+    this.filename = filename
+    this.formats = FORMATS
+    this.touchFile = touchFile
+  }
+
+  append (str) {
+    fs.appendFileSync(this.filename, `\n${str}`)
+  }
+
+  run () {
+    if (!fs.existsSync(this.filename)) {
+      if (this.touchFile === true) {
+        fs.writeFileSync(this.filename, '')
+      } else {
+        return
+      }
+    }
+
+    const lines = fs.readFileSync(this.filename, 'utf8').split(/\r?\n/)
+    this.formats.forEach(format => {
+      if (!lines.includes(format.trim())) {
+        this.append(format)
+      }
+    })
+  }
+}
+
+class Git {
+  run () {
+    new Generic('.gitignore', true).run()
+  }
+}
+
+class Docker {
+  run () {
+    new Generic('.dockerignore').run()
+  }
+}
+
+class Npm {
+  run () {
+    new Generic('.npmignore').run()
+  }
+}
+
+class Vercel {
+  run () {
+    new Generic('.vercelignore').run()
+  }
+}
+
+class AppendToIgnores {
+  run () {
+    new Docker().run()
+    new Git().run()
+    new Npm().run()
+    new Vercel().run()
+  }
+}
+
+module.exports = { AppendToIgnores, Generic }

package/src/lib/main.js

@@ -9,6 +9,10 @@ const decrypt = function (encrypted, keyStr) {
   return dotenv.decrypt(encrypted, keyStr)
 }
 
+const configDotenv = function (options) {
+  return dotenv.configDotenv(options)
+}
+
 const parse = function (src) {
   const result = dotenv.parse(src)
 
@@ -57,6 +61,7 @@ const write = function (processEnv = {}, parsed = {}, overload = false) {
 
 module.exports = {
   config,
+  configDotenv,
   decrypt,
   parse,
   write