@dotenvx/dotenvx 0.7.3 → 0.8.0

package/README.md

@@ -112,6 +112,16 @@ More examples
   Hello World
   ```
 
+  </details>
+* <details><summary>Bash 🖥️</summary><br>
+
+  ```sh
+  $ echo "HELLO=World" > .env
+
+  $ dotenvx run --quiet -- sh -c 'echo $HELLO'
+  World
+  ```
+
   </details>
 * <details><summary>Frameworks ▲</summary><br>
 

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "0.7.3",
+  "version": "0.8.0",
   "name": "@dotenvx/dotenvx",
   "description": "a better dotenv–from the creator of `dotenv`",
   "author": "@motdotla",
@@ -24,8 +24,17 @@
     "test": "jest --verbose"
   },
   "dependencies": {
+    "@inquirer/prompts": "^3.3.0",
+    "axios": "^1.6.2",
+    "chalk": "^4.1.2",
+    "clipboardy": "^2.3.0",
     "commander": "^11.1.0",
+    "conf": "^10.2.0",
     "dotenv": "^16.3.1",
+    "open": "^8.4.2",
+    "ora": "^5.4.1",
+    "qrcode-terminal": "^0.12.0",
+    "update-notifier": "^5.1.0",
     "execa": "^5.1.1",
     "winston": "^3.11.0",
     "xxhashjs": "^0.2.2"

package/src/cli/actions/encrypt.js

@@ -0,0 +1,168 @@
+const fs = require('fs')
+
+const main = require('./../../lib/main')
+const logger = require('./../../shared/logger')
+const helpers = require('./../helpers')
+const createSpinner = require('./../../shared/createSpinner')
+
+const spinner = createSpinner('encrypting')
+
+// constants
+const ENCODING = 'utf8'
+
+async function encrypt () {
+  spinner.start()
+  await helpers.sleep(500) // better dx
+
+  const options = this.opts()
+  logger.debug(`options: ${JSON.stringify(options)}`)
+
+  let optionEnvFile = options.envFile
+  if (!Array.isArray(optionEnvFile)) {
+    optionEnvFile = [optionEnvFile]
+  }
+
+  const addedKeys = new Set()
+  const addedVaults = new Set()
+  const addedEnvFilepaths = new Set()
+
+  // must be at least one .env* file
+  if (optionEnvFile.length < 1) {
+    spinner.fail('no .env* files found')
+    logger.help('? add one with [echo "HELLO=World" > .env] and then run [dotenvx encrypt]')
+    process.exit(1)
+  }
+
+  try {
+    logger.verbose(`generating .env.keys from ${optionEnvFile}`)
+
+    const dotenvKeys = (main.configDotenv({ path: '.env.keys' }).parsed || {})
+
+    for (const envFilepath of optionEnvFile) {
+      const filepath = helpers.resolvePath(envFilepath)
+      if (!fs.existsSync(filepath)) {
+        spinner.fail(`file does not exist at [${filepath}]`)
+        logger.help(`? add it with [echo "HELLO=World" > ${envFilepath}] and then run [dotenvx encrypt]`)
+        process.exit(1)
+      }
+
+      const environment = helpers.guessEnvironment(filepath)
+      const key = `DOTENV_KEY_${environment.toUpperCase()}`
+
+      let value = dotenvKeys[key]
+
+      // first time seeing new DOTENV_KEY_${environment}
+      if (!value || value.length === 0) {
+        logger.verbose(`generating ${key}`)
+        value = helpers.generateDotenvKey(environment)
+        logger.debug(`generating ${key} as ${value}`)
+
+        dotenvKeys[key] = value
+
+        addedKeys.add(key) // for info logging to user
+      } else {
+        logger.verbose(`existing ${key}`)
+        logger.debug(`existing ${key} as ${value}`)
+      }
+    }
+
+    let keysData = `#/!!!!!!!!!!!!!!!!!!!.env.keys!!!!!!!!!!!!!!!!!!!!!!/
+#/   DOTENV_KEYs. DO NOT commit to source control   /
+#/   [how it works](https://dotenv.org/env-keys)    /
+#/--------------------------------------------------/\n`
+
+    for (const key in dotenvKeys) {
+      const value = dotenvKeys[key]
+      keysData += `${key}="${value}"\n`
+    }
+
+    fs.writeFileSync('.env.keys', keysData)
+  } catch (error) {
+    spinner.fail(error.message)
+    process.exit(1)
+  }
+
+  // used later in logging to user
+  const dotenvKeys = (main.configDotenv({ path: '.env.keys' }).parsed || {})
+
+  try {
+    logger.verbose(`generating .env.vault from ${optionEnvFile}`)
+
+    const dotenvVaults = (main.configDotenv({ path: '.env.vault' }).parsed || {})
+
+    for (const envFilepath of optionEnvFile) {
+      const filepath = helpers.resolvePath(envFilepath)
+      const environment = helpers.guessEnvironment(filepath)
+      const vault = `DOTENV_VAULT_${environment.toUpperCase()}`
+
+      let ciphertext = dotenvVaults[vault]
+      const dotenvKey = dotenvKeys[`DOTENV_KEY_${environment.toUpperCase()}`]
+
+      if (!ciphertext || ciphertext.length === 0 || helpers.changed(ciphertext, dotenvKey, filepath, ENCODING)) {
+        logger.verbose(`encrypting ${vault}`)
+        ciphertext = helpers.encryptFile(filepath, dotenvKey, ENCODING)
+        logger.verbose(`encrypting ${vault} as ${ciphertext}`)
+
+        dotenvVaults[vault] = ciphertext
+
+        addedVaults.add(vault) // for info logging to user
+        addedEnvFilepaths.add(envFilepath) // for info logging to user
+      } else {
+        logger.verbose(`existing ${vault}`)
+        logger.debug(`existing ${vault} as ${ciphertext}`)
+      }
+    }
+
+    let vaultData = `#/-------------------.env.vault---------------------/
+#/         cloud-agnostic vaulting standard         /
+#/   [how it works](https://dotenv.org/env-vault)   /
+#/--------------------------------------------------/\n\n`
+
+    for (const vault in dotenvVaults) {
+      const value = dotenvVaults[vault]
+      const environment = vault.replace('DOTENV_VAULT_', '').toLowerCase()
+      vaultData += `# ${environment}\n`
+      vaultData += `${vault}="${value}"\n\n`
+    }
+
+    fs.writeFileSync('.env.vault', vaultData)
+  } catch (e) {
+    spinner.fail(e.message)
+    process.exit(1)
+  }
+
+  if (addedEnvFilepaths.size > 0) {
+    spinner.succeed(`encrypted to .env.vault (${[...addedEnvFilepaths]})`)
+    logger.help2('ℹ commit .env.vault to code: [git commit -am ".env.vault"]')
+  } else {
+    spinner.done(`no changes (${optionEnvFile})`)
+  }
+
+  if (addedKeys.size > 0) {
+    spinner.succeed(`${helpers.pluralize('key', addedKeys.size)} added to .env.keys (${[...addedKeys]})`)
+    logger.help2('ℹ push .env.keys up to hub: [dotenvx hub push]')
+  }
+
+  if (addedVaults.size > 0) {
+    const DOTENV_VAULT_X = [...addedVaults][addedVaults.size - 1]
+    const DOTENV_KEY_X = DOTENV_VAULT_X.replace('_VAULT_', '_KEY_')
+    const tryKey = dotenvKeys[DOTENV_KEY_X] || '<dotenv_key_environment>'
+
+    logger.help2(`ℹ run [DOTENV_KEY='${tryKey}' dotenvx run -- yourcommand] to test decryption locally`)
+  }
+
+  // logger.verbose('')
+  // logger.verbose('next:')
+  // logger.verbose('')
+  // logger.verbose('    1. commit .env.vault safely to code')
+  // logger.verbose('    2. set DOTENV_KEY on server (or ci)')
+  // logger.verbose('    3. push your code')
+  // logger.verbose('')
+  // logger.verbose('protips:')
+  // logger.verbose('')
+  // logger.verbose('    * .env.keys file holds your decryption DOTENV_KEYs')
+  // logger.verbose('    * DO NOT commit .env.keys to code')
+  // logger.verbose('    * share .env.keys file over secure channels only')
+}
+
+module.exports = encrypt

package/src/cli/actions/hub/login.js

@@ -0,0 +1,105 @@
+const open = require('open')
+const axios = require('axios')
+const clipboardy = require('clipboardy')
+const { confirm } = require('@inquirer/prompts')
+
+const createSpinner = require('./../../../shared/createSpinner')
+const store = require('./../../../shared/store')
+const logger = require('./../../../shared/logger')
+const helpers = require('./../../helpers')
+
+const OAUTH_CLIENT_ID = 'oac_dotenvxcli'
+
+const spinner = createSpinner('waiting on user authorization')
+
+async function pollTokenUrl (tokenUrl, deviceCode, interval) {
+  logger.http(`POST ${tokenUrl} with deviceCode ${deviceCode} at interval ${interval}`)
+
+  try {
+    const response = await axios.post(tokenUrl, {
+      client_id: OAUTH_CLIENT_ID,
+      device_code: deviceCode,
+      grant_type: 'urn:ietf:params:oauth:grant-type:device_code'
+    })
+
+    logger.http(response.data)
+
+    if (response.data.access_token) {
+      spinner.start()
+      store.setToken(response.data.full_username, response.data.access_token)
+      store.setHostname(response.data.hostname)
+      spinner.succeed(`logged in as ${response.data.username}`)
+      process.exit(0)
+    } else {
+      // continue polling if no access_token. shouldn't ever get here it server is implemented correctly
+      setTimeout(() => pollTokenUrl(tokenUrl, deviceCode, interval), interval * 1000)
+    }
+  } catch (error) {
+    if (error.response && error.response.data) {
+      logger.http(error.response.data)
+
+      // continue polling if authorization_pending
+      if (error.response.data.error === 'authorization_pending') {
+        setTimeout(() => pollTokenUrl(tokenUrl, deviceCode, interval), interval * 1000)
+      } else {
+        spinner.start()
+        spinner.fail(error.response.data.error_description)
+        process.exit(1)
+      }
+    } else {
+      spinner.start()
+      spinner.fail(error)
+      process.exit(1)
+    }
+  }
+}
+
+async function login () {
+  const options = this.opts()
+  logger.debug(`options: ${JSON.stringify(options)}`)
+
+  const hostname = options.hostname
+  const deviceCodeUrl = `${hostname}/oauth/device/code`
+  const tokenUrl = `${hostname}/oauth/token`
+
+  try {
+    const response = await axios.post(deviceCodeUrl, {
+      client_id: OAUTH_CLIENT_ID
+    })
+    const data = response.data
+    const deviceCode = data.device_code
+    const userCode = data.user_code
+    const verificationUri = data.verification_uri
+    const interval = data.interval
+
+    try { clipboardy.writeSync(userCode) } catch (_e) {}
+
+    // qrcode.generate(verificationUri, { small: true }) // too verbose
+
+    // begin polling
+    pollTokenUrl(tokenUrl, deviceCode, interval)
+
+    // optionally allow user to open browser
+    const answer = await confirm({ message: `press Enter to open [${verificationUri}] and enter code [${helpers.formatCode(userCode)}]...` })
+
+    if (answer) {
+      await open(verificationUri)
+
+      spinner.start()
+    }
+  } catch (error) {
+    if (error.response && error.response.data) {
+      logger.http(error.response.data)
+
+      spinner.start()
+      spinner.fail(error.response.data.error_description)
+      process.exit(1)
+    } else {
+      spinner.start()
+      spinner.fail(error.toString())
+      process.exit(1)
+    }
+  }
+}
+
+module.exports = login

package/src/cli/actions/hub/open.js

@@ -0,0 +1,33 @@
+const openBrowser = require('open')
+const { confirm } = require('@inquirer/prompts')
+
+const createSpinner = require('./../../../shared/createSpinner')
+const logger = require('./../../../shared/logger')
+const helpers = require('./../../helpers')
+
+async function open () {
+  const options = this.opts()
+  logger.debug(`options: ${JSON.stringify(options)}`)
+
+  const hostname = options.hostname
+  const remoteOriginUrl = helpers.getRemoteOriginUrl()
+  const usernameName = helpers.extractUsernameName(remoteOriginUrl)
+
+  const openUrl = `${hostname}/gh/${usernameName}`
+
+  // optionally allow user to open browser
+  const answer = await confirm({ message: `press Enter to open [${openUrl}]...` })
+
+  if (answer) {
+    const spinner = createSpinner('opening')
+    spinner.start()
+
+    await helpers.sleep(500) // better dx
+
+    await openBrowser(openUrl)
+
+    spinner.succeed(`opened [${usernameName}]`)
+  }
+}
+
+module.exports = open

package/src/cli/actions/hub/push.js

@@ -0,0 +1,111 @@
+const fs = require('fs')
+const { execSync } = require('child_process')
+const axios = require('axios')
+
+const store = require('./../../../shared/store')
+const logger = require('./../../../shared/logger')
+const helpers = require('./../../helpers')
+const createSpinner = require('./../../../shared/createSpinner')
+
+const spinner = createSpinner('pushing')
+
+// constants
+const ENCODING = 'utf8'
+
+function isGitRepository () {
+  try {
+    // Redirect standard error to null to suppress Git error messages
+    const result = execSync('git rev-parse --is-inside-work-tree 2> /dev/null').toString().trim()
+    return result === 'true'
+  } catch (_error) {
+    return false
+  }
+}
+
+function isGithub (url) {
+  return url.includes('github.com')
+}
+
+// Create a simple-git instance for the current directory
+async function push () {
+  spinner.start()
+  await helpers.sleep(500) // better dx
+
+  const options = this.opts()
+  logger.debug(`options: ${JSON.stringify(options)}`)
+
+  const hostname = options.hostname
+  const pushUrl = `${hostname}/v1/push`
+  const keysFilename = '.env.keys'
+  const vaultFilename = '.env.vault'
+
+  if (!isGitRepository()) {
+    spinner.fail('oops, must be a git repository')
+    logger.help('? create one with [git init .]')
+    process.exit(1)
+  }
+
+  const remoteOriginUrl = helpers.getRemoteOriginUrl()
+  if (!remoteOriginUrl) {
+    spinner.fail('oops, must have a remote origin (git remote -v)')
+    logger.help('? create it at [github.com/new] and then run [git remote add origin git@github.com:username/repository.git]')
+    process.exit(1)
+  }
+
+  if (!isGithub(remoteOriginUrl)) {
+    spinner.fail('oops, must be a github.com remote origin (git remote -v)')
+    logger.help('? create it at [github.com/new] and then run [git remote add origin git@github.com:username/repository.git]')
+    logger.help2('ℹ need support for other origins? [please tell us](https://github.com/dotenvx/dotenvx/issues)')
+    process.exit(1)
+  }
+
+  if (!fs.existsSync(keysFilename)) {
+    spinner.fail('oops, missing .env.keys file')
+    logger.help('? generate one with [dotenvx encrypt]')
+    logger.help2('ℹ a .env.keys file holds decryption keys for a .env.vault file')
+    process.exit(1)
+  }
+
+  if (!fs.existsSync(vaultFilename)) {
+    spinner.fail('oops, missing .env.vault file')
+    logger.help('? generate one with [dotenvx encrypt]')
+    logger.help2('ℹ a .env.vault file holds encrypted secrets per environment')
+    process.exit(1)
+  }
+
+  const oauthToken = store.getToken()
+  const dotenvKeysContent = fs.readFileSync(keysFilename, ENCODING)
+  const dotenvVaultContent = fs.readFileSync(vaultFilename, ENCODING)
+  const usernameName = helpers.extractUsernameName(remoteOriginUrl)
+
+  try {
+    const postData = {
+      username_name: usernameName,
+      DOTENV_KEYS: dotenvKeysContent,
+      DOTENV_VAULT: dotenvVaultContent
+    }
+    const options = {
+      headers: {
+        Authorization: `Bearer ${oauthToken}`
+      }
+    }
+    await axios.post(pushUrl, postData, options)
+  } catch (error) {
+    if (error.response && error.response.data) {
+      logger.http(error.response.data)
+      spinner.fail(error.response.data.error.message)
+      if (error.response.status === 404) {
+        logger.help(`? try visiting [${hostname}gh/${usernameName}] in your browser`)
+      }
+      process.exit(1)
+    } else {
+      spinner.fail(error.toString())
+      process.exit(1)
+    }
+  }
+
+  spinner.succeed(`pushed [${usernameName}]`)
+  logger.help2('ℹ run [dotenvx hub open] to view on hub')
+}
+
+module.exports = push

package/src/cli/actions/hub/status.js

@@ -0,0 +1,8 @@
+const store = require('./../../../shared/store')
+const logger = require('./../../../shared/logger')
+
+async function status () {
+  logger.info(`logged in to ${store.getHostname()} as ${store.getUsername()}`)
+}
+
+module.exports = status

package/src/cli/actions/hub/token.js

@@ -0,0 +1,9 @@
+const store = require('./../../../shared/store')
+const logger = require('./../../../shared/logger')
+
+async function token () {
+  logger.debug(store.configPath())
+  logger.blank(store.getToken())
+}
+
+module.exports = token

package/src/cli/actions/run.js

@@ -0,0 +1,108 @@
+const fs = require('fs')
+const logger = require('./../../shared/logger')
+const helpers = require('./../helpers')
+const main = require('./../../lib/main')
+
+const ENCODING = 'utf8'
+
+async function run () {
+  const options = this.opts()
+  logger.debug(`options: ${JSON.stringify(options)}`)
+
+  // load from .env.vault file
+  if (process.env.DOTENV_KEY && process.env.DOTENV_KEY.length > 0) {
+    const filepath = helpers.resolvePath('.env.vault')
+
+    if (!fs.existsSync(filepath)) {
+      logger.error(`you set DOTENV_KEY but your .env.vault file is missing: ${filepath}`)
+    } else {
+      logger.verbose(`loading env from encrypted ${filepath}`)
+
+      try {
+        const src = fs.readFileSync(filepath, { encoding: ENCODING })
+        const parsedVault = main.parse(src)
+
+        logger.debug(`decrypting encrypted env from ${filepath}`)
+        // handle scenario for comma separated keys - for use with key rotation
+        // example: DOTENV_KEY="dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=prod,dotenv://:key_7890@dotenv.org/vault/.env.vault?environment=prod"
+        const dotenvKeys = process.env.DOTENV_KEY.split(',')
+        const length = dotenvKeys.length
+
+        let decrypted
+        for (let i = 0; i < length; i++) {
+          try {
+            // Get full dotenvKey
+            const dotenvKey = dotenvKeys[i].trim()
+
+            const key = helpers._parseEncryptionKeyFromDotenvKey(dotenvKey)
+            const ciphertext = helpers._parseCipherTextFromDotenvKeyAndParsedVault(dotenvKey, parsedVault)
+
+            // Decrypt
+            decrypted = main.decrypt(ciphertext, key)
+
+            break
+          } catch (error) {
+            // last key
+            if (i + 1 >= length) {
+              throw error
+            }
+            // try next key
+          }
+        }
+        logger.debug(decrypted)
+        const parsed = main.parse(decrypted)
+        const result = main.inject(process.env, parsed, options.overload)
+
+        logger.successv(`injecting env (${result.injected.size}) from encrypted .env.vault`)
+      } catch (e) {
+        logger.error(e)
+      }
+    }
+  } else {
+    // convert to array if needed
+    let optionEnvFile = options.envFile
+    if (!Array.isArray(optionEnvFile)) {
+      optionEnvFile = [optionEnvFile]
+    }
+
+    const readableFilepaths = new Set()
+    const injected = new Set()
+
+    for (const envFilepath of optionEnvFile) {
+      const filepath = helpers.resolvePath(envFilepath)
+
+      logger.verbose(`loading env from ${filepath}`)
+
+      try {
+        const src = fs.readFileSync(filepath, { encoding: ENCODING })
+        const parsed = main.parse(src)
+        const result = main.inject(process.env, parsed, options.overload)
+
+        readableFilepaths.add(envFilepath)
+        result.injected.forEach(key => injected.add(key))
+      } catch (e) {
+        logger.warn(e)
+      }
+    }
+
+    if (readableFilepaths.size > 0) {
+      logger.successv(`injecting env (${injected.size}) from ${[...readableFilepaths]}`)
+    }
+  }
+
+  // Extract command and arguments after '--'
+  const commandIndex = process.argv.indexOf('--')
+  if (commandIndex === -1 || commandIndex === process.argv.length - 1) {
+    logger.error('missing command after [dotenvx run --]')
+    logger.error('')
+    logger.error('  get help: [dotenvx help run]')
+    logger.error('  or try:   [dotenvx run -- npm run dev]')
+    process.exit(1)
+  } else {
+    const subCommand = process.argv.slice(commandIndex + 1)
+
+    await helpers.executeCommand(subCommand, process.env)
+  }
+}
+
+module.exports = run

package/src/cli/commands/hub.js

@@ -0,0 +1,39 @@
+const { Command } = require('commander')
+
+const store = require('./../../shared/store')
+
+const hub = new Command('hub')
+
+hub
+  .description('Interact with the hub')
+
+hub
+  .command('login')
+  .description('authenticate to dotenvx hub')
+  .option('-h, --hostname <url>', 'set hostname', store.getHostname())
+  .action(require('./../actions/hub/login'))
+
+hub
+  .command('push')
+  .description('push .env.keys to dotenvx hub')
+  .option('-h, --hostname <url>', 'set hostname', store.getHostname())
+  .action(require('./../actions/hub/push'))
+
+hub
+  .command('open')
+  .description('view repository on dotenvx hub')
+  .option('-h, --hostname <url>', 'set hostname', store.getHostname())
+  .action(require('./../actions/hub/open'))
+
+hub
+  .command('token')
+  .description('print the auth token dotenvx hub is configured to use')
+  .option('-h, --hostname <url>', 'set hostname', 'https://hub.dotenvx.com')
+  .action(require('./../actions/hub/token'))
+
+hub
+  .command('status')
+  .description('display logged in user')
+  .action(require('./../actions/hub/status'))
+
+module.exports = hub

package/src/cli/dotenvx.js

@@ -1,18 +1,20 @@
 #!/usr/bin/env node
 
-const fs = require('fs')
+const updateNotifier = require('update-notifier')
 const { Command } = require('commander')
 const program = new Command()
 
-// constants
-const ENCODING = 'utf8'
-
 const logger = require('./../shared/logger')
 const helpers = require('./helpers')
 const examples = require('./examples')
 const { AppendToIgnores } = require('./ignores')
 const packageJson = require('./../shared/packageJson')
-const main = require('./../lib/main')
+
+// once a day check for any updates
+const notifier = updateNotifier({ pkg: packageJson })
+if (notifier.update) {
+  logger.warn(`Update available ${notifier.update.current} → ${notifier.update.latest} [see changelog](dotenvx.com/changelog)`)
+}
 
 // global log levels
 program
@@ -58,266 +60,16 @@ program.command('run')
   .addHelpText('after', examples.run)
   .option('-f, --env-file <paths...>', 'path(s) to your env file(s)', '.env')
   .option('-o, --overload', 'override existing env variables')
-  .action(async function () {
-    const options = this.opts()
-    logger.debug('configuring options')
-    logger.debug(options)
-
-    // load from .env.vault file
-    if (process.env.DOTENV_KEY && process.env.DOTENV_KEY.length > 0) {
-      const filepath = helpers.resolvePath('.env.vault')
-
-      if (!fs.existsSync(filepath)) {
-        logger.error(`you set DOTENV_KEY but your .env.vault file is missing: ${filepath}`)
-      } else {
-        logger.verbose(`loading env from encrypted ${filepath}`)
-
-        try {
-          logger.debug(`reading encrypted env from ${filepath}`)
-          const src = fs.readFileSync(filepath, { encoding: ENCODING })
-
-          logger.debug(`parsing encrypted env from ${filepath}`)
-          const parsedVault = main.parse(src)
-
-          logger.debug(`decrypting encrypted env from ${filepath}`)
-          // handle scenario for comma separated keys - for use with key rotation
-          // example: DOTENV_KEY="dotenv://:key_1234@dotenv.org/vault/.env.vault?environment=prod,dotenv://:key_7890@dotenv.org/vault/.env.vault?environment=prod"
-          const dotenvKeys = process.env.DOTENV_KEY.split(',')
-          const length = dotenvKeys.length
-
-          let decrypted
-          for (let i = 0; i < length; i++) {
-            try {
-              // Get full dotenvKey
-              const dotenvKey = dotenvKeys[i].trim()
-
-              const key = helpers._parseEncryptionKeyFromDotenvKey(dotenvKey)
-              const ciphertext = helpers._parseCipherTextFromDotenvKeyAndParsedVault(dotenvKey, parsedVault)
-
-              // Decrypt
-              decrypted = main.decrypt(ciphertext, key)
-
-              break
-            } catch (error) {
-              // last key
-              if (i + 1 >= length) {
-                throw error
-              }
-              // try next key
-            }
-          }
-          logger.debug(decrypted)
-
-          logger.debug(`parsing decrypted env from ${filepath}`)
-          const parsed = main.parse(decrypted)
-
-          logger.debug(`writing decrypted env from ${filepath}`)
-          const result = main.write(process.env, parsed, options.overload)
-
-          logger.info(`loading env (${result.written.size}) from encrypted .env.vault`)
-        } catch (e) {
-          logger.error(e)
-        }
-      }
-    } else {
-      // convert to array if needed
-      let optionEnvFile = options.envFile
-      if (!Array.isArray(optionEnvFile)) {
-        optionEnvFile = [optionEnvFile]
-      }
-
-      const readableFilepaths = new Set()
-      const written = new Set()
-
-      for (const envFilepath of optionEnvFile) {
-        const filepath = helpers.resolvePath(envFilepath)
-
-        logger.verbose(`loading env from ${filepath}`)
-
-        try {
-          logger.debug(`reading env from ${filepath}`)
-          const src = fs.readFileSync(filepath, { encoding: ENCODING })
-
-          logger.debug(`parsing env from ${filepath}`)
-          const parsed = main.parse(src)
-
-          logger.debug(`writing env from ${filepath}`)
-          const result = main.write(process.env, parsed, options.overload)
-
-          readableFilepaths.add(envFilepath)
-          result.written.forEach(key => written.add(key))
-        } catch (e) {
-          logger.warn(e)
-        }
-      }
-
-      if (readableFilepaths.size > 0) {
-        logger.info(`loading env (${written.size}) from ${[...readableFilepaths]}`)
-      }
-    }
-
-    // Extract command and arguments after '--'
-    const commandIndex = process.argv.indexOf('--')
-    if (commandIndex === -1 || commandIndex === process.argv.length - 1) {
-      logger.error('missing command after [dotenvx run --]')
-      logger.error('')
-      logger.error('  get help: [dotenvx help run]')
-      logger.error('  or try:   [dotenvx run -- npm run dev]')
-      process.exit(1)
-    } else {
-      const subCommand = process.argv.slice(commandIndex + 1)
-
-      await helpers.executeCommand(subCommand, process.env)
-    }
-  })
+  .action(require('./actions/run'))
 
 // dotenvx encrypt
 program.command('encrypt')
   .description('encrypt .env.* to .env.vault')
   .addHelpText('after', examples.encrypt)
   .option('-f, --env-file <paths...>', 'path(s) to your env file(s)', helpers.findEnvFiles('./'))
-  .action(function () {
-    const options = this.opts()
-    logger.debug('configuring options')
-    logger.debug(options)
-
-    let optionEnvFile = options.envFile
-    if (!Array.isArray(optionEnvFile)) {
-      optionEnvFile = [optionEnvFile]
-    }
-
-    const addedKeys = new Set()
-    const addedVaults = new Set()
-    const addedEnvFilepaths = new Set()
-
-    try {
-      logger.verbose(`generating .env.keys from ${optionEnvFile}`)
+  .action(require('./actions/encrypt'))
 
-      const dotenvKeys = (main.configDotenv({ path: '.env.keys' }).parsed || {})
-
-      for (const envFilepath of optionEnvFile) {
-        const filepath = helpers.resolvePath(envFilepath)
-        if (!fs.existsSync(filepath)) {
-          throw new Error(`file does not exist: ${filepath}`)
-        }
-
-        const environment = helpers.guessEnvironment(filepath)
-        const key = `DOTENV_KEY_${environment.toUpperCase()}`
-
-        let value = dotenvKeys[key]
-
-        // first time seeing new DOTENV_KEY_${environment}
-        if (!value || value.length === 0) {
-          logger.verbose(`generating ${key}`)
-          value = helpers.generateDotenvKey(environment)
-          logger.debug(`generating ${key} as ${value}`)
-
-          dotenvKeys[key] = value
-
-          addedKeys.add(key) // for info logging to user
-        } else {
-          logger.verbose(`existing ${key}`)
-          logger.debug(`existing ${key} as ${value}`)
-        }
-      }
-
-      let keysData = `#/!!!!!!!!!!!!!!!!!!!.env.keys!!!!!!!!!!!!!!!!!!!!!!/
-#/   DOTENV_KEYs. DO NOT commit to source control   /
-#/   [how it works](https://dotenv.org/env-keys)    /
-#/--------------------------------------------------/\n`
-
-      for (const key in dotenvKeys) {
-        const value = dotenvKeys[key]
-        keysData += `${key}="${value}"\n`
-      }
-
-      fs.writeFileSync('.env.keys', keysData)
-    } catch (e) {
-      logger.error(e)
-      process.exit(1)
-    }
-
-    // used later in logging to user
-    const dotenvKeys = (main.configDotenv({ path: '.env.keys' }).parsed || {})
-
-    try {
-      logger.verbose(`generating .env.vault from ${optionEnvFile}`)
-
-      const dotenvVaults = (main.configDotenv({ path: '.env.vault' }).parsed || {})
-
-      for (const envFilepath of optionEnvFile) {
-        const filepath = helpers.resolvePath(envFilepath)
-        const environment = helpers.guessEnvironment(filepath)
-        const vault = `DOTENV_VAULT_${environment.toUpperCase()}`
-
-        let ciphertext = dotenvVaults[vault]
-        const dotenvKey = dotenvKeys[`DOTENV_KEY_${environment.toUpperCase()}`]
-
-        if (!ciphertext || ciphertext.length === 0 || helpers.changed(ciphertext, dotenvKey, filepath, ENCODING)) {
-          logger.verbose(`encrypting ${vault}`)
-          ciphertext = helpers.encryptFile(filepath, dotenvKey, ENCODING)
-          logger.verbose(`encrypting ${vault} as ${ciphertext}`)
-
-          dotenvVaults[vault] = ciphertext
-
-          addedVaults.add(vault) // for info logging to user
-          addedEnvFilepaths.add(envFilepath) // for info logging to user
-        } else {
-          logger.verbose(`existing ${vault}`)
-          logger.debug(`existing ${vault} as ${ciphertext}`)
-        }
-      }
-
-      let vaultData = `#/-------------------.env.vault---------------------/
-#/         cloud-agnostic vaulting standard         /
-#/   [how it works](https://dotenv.org/env-vault)   /
-#/--------------------------------------------------/\n\n`
-
-      for (const vault in dotenvVaults) {
-        const value = dotenvVaults[vault]
-        const environment = vault.replace('DOTENV_VAULT_', '').toLowerCase()
-        vaultData += `# ${environment}\n`
-        vaultData += `${vault}="${value}"\n\n`
-      }
-
-      fs.writeFileSync('.env.vault', vaultData)
-    } catch (e) {
-      logger.error(e)
-      process.exit(1)
-    }
-
-    if (addedEnvFilepaths.size > 0) {
-      logger.info(`encrypted to .env.vault (${[...addedEnvFilepaths]})`)
-    } else {
-      logger.info(`no changes (${optionEnvFile})`)
-    }
-    if (addedKeys.size > 0) {
-      logger.info(`${helpers.pluralize('key', addedKeys.size)} added to .env.keys (${[...addedKeys]})`)
-    }
-
-    if (addedVaults.size > 0) {
-      const DOTENV_VAULT_X = [...addedVaults][addedVaults.size - 1]
-      const DOTENV_KEY_X = DOTENV_VAULT_X.replace('_VAULT_', '_KEY_')
-      const tryKey = dotenvKeys[DOTENV_KEY_X] || '<dotenv_key_environment>'
-
-      logger.info('')
-      logger.info('next, try it:')
-      logger.info('')
-      logger.info(`  [DOTENV_KEY='${tryKey}' dotenvx run -- your-cmd]`)
-    }
-
-    logger.verbose('')
-    logger.verbose('next:')
-    logger.verbose('')
-    logger.verbose('    1. commit .env.vault safely to code')
-    logger.verbose('    2. set DOTENV_KEY on server (or ci)')
-    logger.verbose('    3. push your code')
-    logger.verbose('')
-    logger.verbose('tips:')
-    logger.verbose('')
-    logger.verbose('    * .env.keys file holds your decryption DOTENV_KEYs')
-    logger.verbose('    * DO NOT commit .env.keys to code')
-    logger.verbose('    * share .env.keys file over secure channels only')
-  })
+// dotenvx hub
+program.addCommand(require('./commands/hub'))
 
 program.parse(process.argv)

package/src/cli/examples.js

@@ -16,7 +16,7 @@ Try it:
   $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
 
   $ dotenvx run -- node index.js
-  [dotenvx][info] loading env (1) from .env
+  [dotenvx] injecting env (1) from .env
   Hello World
   \`\`\`
   `
@@ -38,11 +38,11 @@ Try it:
   $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
 
   $ dotenvx encrypt
-  [dotenvx][info] encrypted to .env.vault (.env,.env.production)
-  [dotenvx][info] keys added to .env.keys (DOTENV_KEY_PRODUCTION,DOTENV_KEY_PRODUCTION)
+  encrypted to .env.vault (.env,.env.production)
+  keys added to .env.keys (DOTENV_KEY_PRODUCTION,DOTENV_KEY_PRODUCTION)
 
   $ DOTENV_KEY='<dotenv_key_production>' dotenvx run -- node index.js
-  [dotenvx][info] loading env (1) from encrypted .env.vault
+  [dotenvx] injecting env (1) from encrypted .env.vault
   Hello production
   \`\`\`
   `

package/src/cli/helpers.js

@@ -2,6 +2,7 @@ const fs = require('fs')
 const path = require('path')
 const execa = require('execa')
 const crypto = require('crypto')
+const { execSync } = require('child_process')
 const xxhash = require('xxhashjs')
 
 const XXHASH_SEED = 0xABCD
@@ -13,6 +14,10 @@ const logger = require('./../shared/logger')
 const RESERVED_ENV_FILES = ['.env.vault', '.env.projects', '.env.keys', '.env.me', '.env.x']
 const REPORT_ISSUE_LINK = 'https://github.com/dotenvx/dotenvx/issues/new'
 
+const sleep = function (ms) {
+  return new Promise(resolve => setTimeout(resolve, ms))
+}
+
 // resolve path based on current running process location
 const resolvePath = function (filepath) {
   return path.resolve(process.cwd(), filepath)
@@ -205,7 +210,36 @@ const _parseCipherTextFromDotenvKeyAndParsedVault = function (dotenvKey, parsedV
   return ciphertext
 }
 
+const formatCode = function (str) {
+  const parts = []
+
+  for (let i = 0; i < str.length; i += 4) {
+    parts.push(str.substring(i, i + 4))
+  }
+
+  return parts.join('-')
+}
+
+const getRemoteOriginUrl = function () {
+  try {
+    const url = execSync('git remote get-url origin 2> /dev/null').toString().trim()
+    return url
+  } catch (_error) {
+    return null
+  }
+}
+
+const extractUsernameName = function (url) {
+  // Removing the protocol part and splitting by slashes and colons
+  // Removing the protocol part and .git suffix, then splitting by slashes and colons
+  const parts = url.replace(/(^\w+:|^)\/\//, '').replace(/\.git$/, '').split(/[/:]/)
+
+  // Extract the 'username/repository' part
+  return parts.slice(-2).join('/')
+}
+
 module.exports = {
+  sleep,
   resolvePath,
   executeCommand,
   pluralize,
@@ -216,6 +250,9 @@ module.exports = {
   encrypt,
   changed,
   hash,
+  formatCode,
+  getRemoteOriginUrl,
+  extractUsernameName,
   _parseEncryptionKeyFromDotenvKey,
   _parseCipherTextFromDotenvKeyAndParsedVault
 }

package/src/lib/main.js

@@ -21,12 +21,12 @@ const parse = function (src) {
   return result
 }
 
-const write = function (processEnv = {}, parsed = {}, overload = false) {
+const inject = function (processEnv = {}, parsed = {}, overload = false) {
   if (typeof parsed !== 'object') {
-    throw new Error('OBJECT_REQUIRED: Please check the parsed argument being passed to write')
+    throw new Error('OBJECT_REQUIRED: Please check the parsed argument being passed to inject')
   }
 
-  const written = new Set()
+  const injected = new Set()
   const preExisting = new Set()
 
   // set processEnv
@@ -34,19 +34,19 @@ const write = function (processEnv = {}, parsed = {}, overload = false) {
     if (Object.prototype.hasOwnProperty.call(processEnv, key)) {
       if (overload === true) {
         processEnv[key] = parsed[key]
-        written.add(key)
+        injected.add(key)
 
         logger.verbose(`${key} set`)
         logger.debug(`${key} set to ${parsed[key]}`)
       } else {
         preExisting.add(key)
 
-        logger.verbose(`${key} pre-exists`)
-        logger.debug(`${key} pre-exists as ${processEnv[key]}`)
+        logger.verbose(`${key} pre-exists (protip: use --overload to override)`)
+        logger.debug(`${key} pre-exists as ${processEnv[key]} (protip: use --overload to override)`)
       }
     } else {
       processEnv[key] = parsed[key]
-      written.add(key)
+      injected.add(key)
 
       logger.verbose(`${key} set`)
       logger.debug(`${key} set to ${parsed[key]}`)
@@ -54,7 +54,7 @@ const write = function (processEnv = {}, parsed = {}, overload = false) {
   }
 
   return {
-    written,
+    injected,
     preExisting
   }
 }
@@ -64,5 +64,5 @@ module.exports = {
   configDotenv,
   decrypt,
   parse,
-  write
+  inject
 }

package/src/shared/createSpinner.js

@@ -0,0 +1,15 @@
+const ora = require('ora')
+const chalk = require('chalk')
+
+const createSpinner = function (initialMessage = '') {
+  const spinner = ora(initialMessage)
+
+  return {
+    start: (message) => spinner.start(message),
+    succeed: (message) => spinner.succeed(chalk.keyword('green')(message)),
+    done: (message) => spinner.succeed(message),
+    fail: (message) => spinner.fail(chalk.bold.red(message))
+  }
+}
+
+module.exports = createSpinner

package/src/shared/logger.js

@@ -1,4 +1,5 @@
 const winston = require('winston')
+const chalk = require('chalk')
 
 const printf = winston.format.printf
 const combine = winston.format.combine
@@ -7,14 +8,65 @@ const transports = winston.transports
 
 const packageJson = require('./packageJson')
 
+const levels = {
+  error: 0,
+  warn: 1,
+  success: 2,
+  successv: 2,
+  info: 2,
+  help: 2,
+  help2: 2,
+  blank: 2,
+  http: 3,
+  verbose: 4,
+  debug: 5,
+  silly: 6
+}
+
+const error = chalk.bold.red
+const warn = chalk.keyword('orangered')
+const success = chalk.keyword('green')
+const successv = chalk.keyword('olive') // yellow-ish tint that 'looks' like dotenv
+const help = chalk.keyword('blue')
+const help2 = chalk.keyword('gray')
+const http = chalk.keyword('green')
+const verbose = chalk.keyword('plum')
+const debug = chalk.keyword('plum')
+
 const dotenvxFormat = printf(({ level, message, label, timestamp }) => {
   const formattedMessage = typeof message === 'object' ? JSON.stringify(message) : message
 
-  return `[dotenvx@${packageJson.version}][${level.toLowerCase()}] ${formattedMessage}`
+  switch (level.toLowerCase()) {
+    case 'error':
+      return error(formattedMessage)
+    case 'warn':
+      return warn(formattedMessage)
+    case 'success':
+      return success(formattedMessage)
+    case 'successv': // success with 'version'
+      return successv(`[dotenvx@${packageJson.version}] ${formattedMessage}`)
+    case 'info':
+      return formattedMessage
+    case 'help':
+      return help(formattedMessage)
+    case 'help2':
+      return help2(formattedMessage)
+    case 'http':
+      return http(formattedMessage)
+    case 'verbose':
+      return verbose(formattedMessage)
+    case 'debug':
+      return debug(formattedMessage)
+    case 'blank': // custom
+      return formattedMessage
+    default: // handle uncaught
+      return formattedMessage
+  }
 })
 
 const logger = createLogger({
   level: 'info',
+  levels,
   format: combine(
     dotenvxFormat
   ),

package/src/shared/store.js

@@ -0,0 +1,101 @@
+const Conf = require('conf')
+const main = require('./../lib/main')
+
+function jsonToEnv (json) {
+  return Object.entries(json).map(function ([key, value]) {
+    return key + '=' + `"${value}"`
+  }).join('\n')
+}
+
+function convertFullUsernameToEnvFormat (fullUsername) {
+  // gh/motdotla => GH_MOTDOTLA_DOTENVX_TOKEN
+  return fullUsername
+    .toUpperCase()
+    .replace(/\//g, '_') // Replace all slashes with underscores
+    .concat('_DOTENVX_TOKEN') // Append '_DOTENVX_TOKEN' at the end
+}
+
+function findFirstMatchingKey (data) {
+  const dotenvxTokenValue = data.DOTENVX_TOKEN
+
+  for (const [key, value] of Object.entries(data)) {
+    if (key !== 'DOTENVX_TOKEN' && value === dotenvxTokenValue) {
+      return key
+    }
+  }
+
+  return null // Return null if no matching key is found
+}
+
+function parseUsernameFromTokenKey (key) {
+  // Remove the leading GH_/GL_ and trailing '_DOTENVX_TOKEN'
+  const modifiedKey = key.replace(/^(GH_|GL_)/, '').replace(/_DOTENVX_TOKEN$/, '')
+
+  // Convert to lowercase
+  return modifiedKey.toLowerCase()
+}
+
+const confStore = new Conf({
+  projectName: 'dotenvx',
+  configName: '.env',
+  // looks better on user's machine
+  // https://github.com/sindresorhus/conf/tree/v10.2.0#projectsuffix.
+  projectSuffix: '',
+  fileExtension: '',
+  // in the spirit of dotenv and format inherently puts limits on config complexity
+  serialize: function (json) {
+    return jsonToEnv(json)
+  },
+  // Convert .env format to an object
+  deserialize: function (env) {
+    return main.parse(env)
+  }
+})
+
+const getHostname = function () {
+  return confStore.get('DOTENVX_HOSTNAME') || 'https://hub.dotenvx.com'
+}
+
+const getUsername = function () {
+  const key = findFirstMatchingKey(confStore.store)
+
+  if (key) {
+    return parseUsernameFromTokenKey(key)
+  } else {
+    return null
+  }
+}
+
+const getToken = function () {
+  return confStore.get('DOTENVX_TOKEN')
+}
+
+const setToken = function (fullUsername, accessToken) {
+  // current logged in user
+  confStore.set('DOTENVX_TOKEN', accessToken)
+
+  // for future use to switch between accounts locally
+  const memory = convertFullUsernameToEnvFormat(fullUsername)
+  confStore.set(memory, accessToken)
+
+  return accessToken
+}
+
+const setHostname = function (hostname) {
+  confStore.set('DOTENVX_HOSTNAME', hostname)
+
+  return hostname
+}
+
+const configPath = function () {
+  return confStore.path
+}
+
+module.exports = {
+  getHostname,
+  getToken,
+  getUsername,
+  setHostname,
+  setToken,
+  configPath
+}