@dotenvx/dotenvx 1.4.0 → 1.6.0

package/src/cli/actions/ext/vault/migrate.js

@@ -1,47 +1,30 @@
 const { logger } = require('./../../../../shared/logger')
 
-function migrate (directory) {
-  // debug args
-  logger.debug(`directory: ${directory}`)
-
+function migrate () {
   const options = this.opts()
   logger.debug(`options: ${JSON.stringify(options)}`)
 
-  try {
-    logger.help2('To migrate your .env.vault file to encrypted .env file(s):')
-    logger.help('')
-    logger.help('  1. Run [dotenvx ext vault decrypt]')
-    logger.help('  2. Run [ls -a .env*]')
-    logger.help('')
-    logger.help2('Lastly, encrypt each .env(.environment) file:')
-    logger.help('')
-    logger.help('  3. Run [dotenvx encrypt -f .env.production]')
-    logger.help2('')
-    logger.help2('For example:')
-    logger.help2('')
-    logger.help2('  $ dotenvx encrypt -f .env')
-    logger.help2('  $ dotenvx encrypt -f .env.ci')
-    logger.help2('  $ dotenvx encrypt -f .env.production')
-    logger.help2('')
-    logger.help2('Afterward:')
-    logger.help2('')
-    logger.help2('Update production with your new DOTENV_PRIVATE_KEY_PRODUCTION located in .env.keys')
-    logger.help2('')
-    logger.success('Learn more at [https://dotenvx.com/docs/quickstart#add-encryption]')
-    logger.help2('')
-  } catch (error) {
-    logger.error(error.message)
-    if (error.help) {
-      logger.help(error.help)
-    }
-    if (error.debug) {
-      logger.debug(error.debug)
-    }
-    if (error.code) {
-      logger.debug(`ERROR_CODE: ${error.code}`)
-    }
-    process.exit(1)
-  }
+  logger.help2('To migrate your .env.vault file to encrypted .env file(s):')
+  logger.help('')
+  logger.help('  1. Run [dotenvx ext vault decrypt]')
+  logger.help('  2. Run [ls -a .env*]')
+  logger.help('')
+  logger.help2('Lastly, encrypt each .env(.environment) file:')
+  logger.help('')
+  logger.help('  3. Run [dotenvx encrypt -f .env.production]')
+  logger.help2('')
+  logger.help2('For example:')
+  logger.help2('')
+  logger.help2('  $ dotenvx encrypt -f .env')
+  logger.help2('  $ dotenvx encrypt -f .env.ci')
+  logger.help2('  $ dotenvx encrypt -f .env.production')
+  logger.help2('')
+  logger.help2('Afterward:')
+  logger.help2('')
+  logger.help2('Update production with your new DOTENV_PRIVATE_KEY_PRODUCTION located in .env.keys')
+  logger.help2('')
+  logger.success('Learn more at [https://dotenvx.com/docs/quickstart#add-encryption]')
+  logger.help2('')
 }
 
 module.exports = migrate

package/src/cli/actions/get.js

@@ -21,17 +21,18 @@ function get (key) {
   const value = main.get(key, envs, options.overload, process.env.DOTENV_KEY, options.all)
 
   if (typeof value === 'object' && value !== null) {
+    let space = 0
     if (options.prettyPrint) {
-      logger.blank0(JSON.stringify(value, null, 2))
-    } else {
-      logger.blank0(value)
+      space = 2
     }
+
+    process.stdout.write(JSON.stringify(value, null, space))
   } else {
     if (value === undefined) {
-      logger.blank0('')
+      process.stdout.write('')
       process.exit(1)
     } else {
-      logger.blank0(value)
+      process.stdout.write(value)
     }
   }
 }

package/src/cli/actions/run.js

@@ -1,118 +1,11 @@
 const path = require('path')
-const execa = require('execa')
-const which = require('which')
 const { logger } = require('./../../shared/logger')
 
+const executeCommand = require('./../../lib/helpers/executeCommand')
 const Run = require('./../../lib/services/run')
 
 const conventions = require('./../../lib/helpers/conventions')
 
-const executeCommand = async function (commandArgs, env) {
-  const signals = [
-    'SIGHUP', 'SIGQUIT', 'SIGILL', 'SIGTRAP', 'SIGABRT',
-    'SIGBUS', 'SIGFPE', 'SIGUSR1', 'SIGSEGV', 'SIGUSR2'
-  ]
-
-  logger.debug(`executing process command [${commandArgs.join(' ')}]`)
-
-  // handler for SIGINT
-  let commandProcess
-  const sigintHandler = () => {
-    logger.debug('received SIGINT')
-    logger.debug('checking command process')
-    logger.debug(commandProcess)
-
-    if (commandProcess) {
-      logger.debug('sending SIGINT to command process')
-      commandProcess.kill('SIGINT') // Send SIGINT to the command process
-    } else {
-      logger.debug('no command process to send SIGINT to')
-    }
-  }
-  // handler for SIGTERM
-  const sigtermHandler = () => {
-    logger.debug('received SIGTERM')
-    logger.debug('checking command process')
-    logger.debug(commandProcess)
-
-    if (commandProcess) {
-      logger.debug('sending SIGTERM to command process')
-      commandProcess.kill('SIGTERM') // Send SIGTEM to the command process
-    } else {
-      logger.debug('no command process to send SIGTERM to')
-    }
-  }
-
-  const handleOtherSignal = (signal) => {
-    logger.debug(`received ${signal}`)
-  }
-
-  try {
-    // ensure the first command is expanded
-    try {
-      commandArgs[0] = path.resolve(which.sync(`${commandArgs[0]}`))
-      logger.debug(`expanding process command to [${commandArgs.join(' ')}]`)
-    } catch (e) {
-      logger.debug(`could not expand process command. using [${commandArgs.join(' ')}]`)
-    }
-
-    // expand any other commands that follow a --
-    let expandNext = false
-    for (let i = 0; i < commandArgs.length; i++) {
-      if (commandArgs[i] === '--') {
-        expandNext = true
-      } else if (expandNext) {
-        try {
-          commandArgs[i] = path.resolve(which.sync(`${commandArgs[i]}`))
-          logger.debug(`expanding process command to [${commandArgs.join(' ')}]`)
-        } catch (e) {
-          logger.debug(`could not expand process command. using [${commandArgs.join(' ')}]`)
-        }
-        expandNext = false
-      }
-    }
-
-    commandProcess = execa(commandArgs[0], commandArgs.slice(1), {
-      stdio: 'inherit',
-      env: { ...process.env, ...env }
-    })
-
-    process.on('SIGINT', sigintHandler)
-    process.on('SIGTERM', sigtermHandler)
-
-    signals.forEach(signal => {
-      process.on(signal, () => handleOtherSignal(signal))
-    })
-
-    // Wait for the command process to finish
-    const { exitCode } = await commandProcess
-
-    if (exitCode !== 0) {
-      logger.debug(`received exitCode ${exitCode}`)
-      throw new Error(`Command exited with exit code ${exitCode}`)
-    }
-  } catch (error) {
-    // no color on these errors as they can be standard errors for things like jest exiting with exitCode 1 for a single failed test.
-    if (error.signal !== 'SIGINT' && error.signal !== 'SIGTERM') {
-      if (error.code === 'ENOENT') {
-        logger.errornocolor(`Unknown command: ${error.command}`)
-      } else if (error.message.includes('Command failed with exit code 1')) {
-        logger.errornocolor(`Command exited with exit code 1: ${error.command}`)
-      } else {
-        logger.errornocolor(error.message)
-      }
-    }
-
-    // Exit with the error code from the command process, or 1 if unavailable
-    process.exit(error.exitCode || 1)
-  } finally {
-    // Clean up: Remove the SIGINT handler
-    process.removeListener('SIGINT', sigintHandler)
-    // Clean up: Remove the SIGTERM handler
-    process.removeListener('SIGTERM', sigtermHandler)
-  }
-}
-
 async function run () {
   const commandArgs = this.args
   logger.debug(`process command [${commandArgs.join(' ')}]`)
@@ -160,11 +53,11 @@ async function run () {
         if (processedEnv.error.code === 'MISSING_ENV_FILE') {
           // do not warn for conventions (too noisy)
           if (!options.convention) {
-            logger.warnv(processedEnv.error)
+            logger.warnv(processedEnv.error.message)
             logger.help(`? add one with [echo "HELLO=World" > ${processedEnv.filepath}] and re-run [dotenvx run -- ${commandArgs.join(' ')}]`)
           }
         } else {
-          logger.warnv(processedEnv.error)
+          logger.warnv(processedEnv.error.message)
         }
       } else {
         // debug parsed

package/src/cli/actions/set.js

@@ -38,10 +38,10 @@ function set (key, value) {
 
       if (processedEnvFile.error) {
         if (processedEnvFile.error.code === 'MISSING_ENV_FILE') {
-          logger.warn(processedEnvFile.error)
+          logger.warn(processedEnvFile.error.message)
           logger.help(`? add one with [echo "HELLO=World" > ${processedEnvFile.envFilepath}] and re-run [dotenvx set]`)
         } else {
-          logger.warn(processedEnvFile.error)
+          logger.warn(processedEnvFile.error.message)
         }
       } else {
         fs.writeFileSync(processedEnvFile.filepath, processedEnvFile.envSrc, ENCODING)

package/src/cli/commands/ext.js

@@ -1,11 +1,23 @@
 const { Command } = require('commander')
 
 const examples = require('./../examples')
+const executeExtension = require('../../lib/helpers/executeExtension')
 
 const ext = new Command('ext')
 
 ext
   .description('🔌 extensions')
+  .allowUnknownOption()
+
+ext.addHelpText('after', '  hub                               🚫 DEPRECATED: to be replaced by [dotenvx pro]')
+
+ext
+  .argument('[command]', 'dynamic ext command')
+  .argument('[args...]', 'dynamic ext command arguments')
+  .action((command, args, cmdObj) => {
+    const rawArgs = process.argv.slice(3) // adjust the index based on where actual args start
+    executeExtension(ext, command, rawArgs)
+  })
 
 // dotenvx ext ls
 ext.command('ls')
@@ -53,6 +65,5 @@ ext.command('settings')
   .action(require('./../actions/ext/settings'))
 
 ext.addCommand(require('./../commands/ext/vault'))
-ext.addCommand(require('./../commands/ext/hub'))
 
 module.exports = ext

package/src/cli/dotenvx.js

@@ -1,5 +1,6 @@
 #!/usr/bin/env node
 
+/* c8 ignore start */
 const fs = require('fs')
 const path = require('path')
 const { execSync } = require('child_process')
@@ -72,14 +73,17 @@ program.command('get')
   })
 
 // dotenvx set
+const setAction = require('./actions/set')
 program.command('set')
   .description('set a single environment variable')
+  .addHelpText('after', examples.set)
+  .allowUnknownOption()
   .argument('KEY', 'KEY')
   .argument('value', 'value')
   .option('-f, --env-file <paths...>', 'path(s) to your env file(s)', '.env')
   .option('-c, --encrypt', 'encrypt value (default: true)', true)
   .option('-p, --plain', 'store value as plain text', false)
-  .action(require('./actions/set'))
+  .action(setAction)
 
 // dotenvx encrypt
 const encryptAction = require('./actions/encrypt')
@@ -87,8 +91,18 @@ program.command('encrypt')
   .description('convert .env file(s) to encrypted .env file(s)')
   .option('-f, --env-file <paths...>', 'path(s) to your env file(s)')
   .option('-k, --key <keys...>', 'keys(s) to encrypt (default: all keys in file)')
+  .option('--stdout', 'send to stdout')
   .action(encryptAction)
 
+// dotenvx decrypt
+const decryptAction = require('./actions/decrypt')
+program.command('decrypt')
+  .description('convert encrypted .env file(s) to plain .env file(s)')
+  .option('-f, --env-file <paths...>', 'path(s) to your env file(s)')
+  .option('-k, --key <keys...>', 'keys(s) to encrypt (default: all keys in file)')
+  .option('--stdout', 'send to stdout')
+  .action(decryptAction)
+
 // dotenvx pro
 program.command('pro')
   .description('🏆 pro')
@@ -113,20 +127,6 @@ program.command('pro')
 // dotenvx ext
 program.addCommand(require('./commands/ext'))
 
-//
-// DEPRECATED AND hidden
-//
-program.addCommand(require('./commands/vault'))
-
-program.command('convert')
-  .description('DEPRECATED: moved to [dotenvx encrypt]')
-  .option('-f, --env-file <paths...>', 'path(s) to your env file(s)')
-  .action(function (...args) {
-    logger.warn('DEPRECATION NOTICE: [dotenvx convert] has moved to [dotenvx encrypt]')
-
-    encryptAction.apply(this, args)
-  })
-
 const lsAction = require('./actions/ext/ls')
 program.command('ls')
   .description('DEPRECATED: moved to [dotenvx ext ls]')
@@ -203,5 +203,6 @@ program.helpInformation = function () {
 
   return filteredLines.join('\n')
 }
+/* c8 ignore stop */
 
 program.parse(process.argv)

package/src/cli/examples.js

@@ -100,10 +100,26 @@ Try it:
   `
 }
 
+const set = function () {
+  return `
+Examples:
+
+  \`\`\`
+  $ dotenvx set KEY value
+  $ dotenvx set KEY "value with spaces"
+  $ dotenvx set KEY -- "---value with a dash---"
+  $ dotenvx set KEY -- "-----BEGIN OPENSSH PRIVATE KEY-----
+                        b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+                        -----END OPENSSH PRIVATE KEY-----"
+  \`\`\`
+  `
+}
+
 module.exports = {
   run,
   vaultEncrypt,
   precommit,
   prebuild,
-  gitignore
+  gitignore,
+  set
 }

package/src/lib/helpers/execute.js

@@ -0,0 +1,9 @@
+const execa = require('execa')
+
+const execute = {
+  execa (command, args, options) {
+    return execa(command, args, options)
+  }
+}
+
+module.exports = execute

package/src/lib/helpers/executeCommand.js

@@ -0,0 +1,117 @@
+const path = require('path')
+const which = require('which')
+const execute = require('./../../lib/helpers/execute')
+const { logger } = require('./../../shared/logger')
+
+async function executeCommand (commandArgs, env) {
+  const signals = [
+    'SIGHUP', 'SIGQUIT', 'SIGILL', 'SIGTRAP', 'SIGABRT',
+    'SIGBUS', 'SIGFPE', 'SIGUSR1', 'SIGSEGV', 'SIGUSR2'
+  ]
+
+  logger.debug(`executing process command [${commandArgs.join(' ')}]`)
+
+  // handler for SIGINT
+  let commandProcess
+  const sigintHandler = () => {
+    logger.debug('received SIGINT')
+    logger.debug('checking command process')
+    logger.debug(commandProcess)
+
+    if (commandProcess) {
+      logger.debug('sending SIGINT to command process')
+      commandProcess.kill('SIGINT') // Send SIGINT to the command process
+    /* c8 ignore start */
+    } else {
+      logger.debug('no command process to send SIGINT to')
+    }
+    /* c8 ignore stop */
+  }
+  // handler for SIGTERM
+
+  /* c8 ignore start */
+  const sigtermHandler = () => {
+    logger.debug('received SIGTERM')
+    logger.debug('checking command process')
+    logger.debug(commandProcess)
+
+    if (commandProcess) {
+      logger.debug('sending SIGTERM to command process')
+      commandProcess.kill('SIGTERM') // Send SIGTEM to the command process
+    } else {
+      logger.debug('no command process to send SIGTERM to')
+    }
+  }
+
+  const handleOtherSignal = (signal) => {
+    logger.debug(`received ${signal}`)
+  }
+  /* c8 ignore stop */
+
+  try {
+    // ensure the first command is expanded
+    try {
+      commandArgs[0] = path.resolve(which.sync(`${commandArgs[0]}`))
+      logger.debug(`expanding process command to [${commandArgs.join(' ')}]`)
+    } catch (e) {
+      logger.debug(`could not expand process command. using [${commandArgs.join(' ')}]`)
+    }
+
+    // expand any other commands that follow a --
+    let expandNext = false
+    for (let i = 0; i < commandArgs.length; i++) {
+      if (commandArgs[i] === '--') {
+        expandNext = true
+      } else if (expandNext) {
+        try {
+          commandArgs[i] = path.resolve(which.sync(`${commandArgs[i]}`))
+          logger.debug(`expanding process command to [${commandArgs.join(' ')}]`)
+        } catch (e) {
+          logger.debug(`could not expand process command. using [${commandArgs.join(' ')}]`)
+        }
+        expandNext = false
+      }
+    }
+
+    commandProcess = execute.execa(commandArgs[0], commandArgs.slice(1), {
+      stdio: 'inherit',
+      env: { ...process.env, ...env }
+    })
+
+    process.on('SIGINT', sigintHandler)
+    process.on('SIGTERM', sigtermHandler)
+
+    signals.forEach(signal => {
+      process.on(signal, () => handleOtherSignal(signal))
+    })
+
+    // Wait for the command process to finish
+    const { exitCode } = await commandProcess
+
+    if (exitCode !== 0) {
+      logger.debug(`received exitCode ${exitCode}`)
+      throw new Error(`Command exited with exit code ${exitCode}`)
+    }
+  } catch (error) {
+    // no color on these errors as they can be standard errors for things like jest exiting with exitCode 1 for a single failed test.
+    if (error.signal !== 'SIGINT' && error.signal !== 'SIGTERM') {
+      if (error.code === 'ENOENT') {
+        logger.errornocolor(`Unknown command: ${error.command}`)
+      } else if (error.message.includes('Command failed with exit code 1')) {
+        logger.errornocolor(`Command exited with exit code 1: ${error.command}`)
+      } else {
+        logger.errornocolor(error.message)
+      }
+    }
+
+    // Exit with the error code from the command process, or 1 if unavailable
+    process.exit(error.exitCode || 1)
+  } finally {
+    // Clean up: Remove the SIGINT handler
+    process.removeListener('SIGINT', sigintHandler)
+    // Clean up: Remove the SIGTERM handler
+    process.removeListener('SIGTERM', sigtermHandler)
+  }
+}
+
+module.exports = executeCommand

package/src/lib/helpers/executeExtension.js

@@ -0,0 +1,38 @@
+const path = require('path')
+const childProcess = require('child_process')
+const { logger } = require('../../shared/logger')
+
+function executeExtension (ext, command, rawArgs) {
+  if (!command) {
+    ext.outputHelp()
+    process.exit(1)
+    return
+  }
+
+  // construct the full command line manually including flags
+  const commandIndex = rawArgs.indexOf(command)
+  const forwardedArgs = rawArgs.slice(commandIndex + 1)
+
+  logger.debug(`command: ${command}`)
+  logger.debug(`args: ${JSON.stringify(forwardedArgs)}`)
+
+  const binPath = path.join(process.cwd(), 'node_modules', '.bin')
+  const newPath = `${binPath}:${process.env.PATH}`
+  const env = { ...process.env, PATH: newPath }
+
+  const result = childProcess.spawnSync(`dotenvx-ext-${command}`, forwardedArgs, { stdio: 'inherit', env })
+  if (result.error) {
+    if (command === 'hub') {
+      logger.warn(`[INSTALLATION_NEEDED] install dotenvx-ext-${command} to use [dotenvx ext ${command}] commands`)
+      logger.help('? see installation instructions [https://github.com/dotenvx/dotenvx-ext-hub]')
+    } else {
+      logger.info(`error: unknown command '${command}'`)
+    }
+  }
+
+  if (result.status !== 0) {
+    process.exit(result.status)
+  }
+}
+
+module.exports = executeExtension

package/src/lib/helpers/findOrCreatePublicKey.js

@@ -24,20 +24,23 @@ function findOrCreatePublicKey (envFilepath, envKeysFilepath) {
   // parsed
   const envParsed = dotenv.parse(envSrc)
   const keysParsed = dotenv.parse(keysSrc)
+  const existingPublicKey = envParsed[publicKeyName]
+  const existingPrivateKey = keysParsed[privateKeyName]
 
   // if DOTENV_PUBLIC_KEY_${environment} already present then go no further
-  if (envParsed[publicKeyName] && envParsed[publicKeyName].length > 0) {
+  if (existingPublicKey && existingPublicKey.length > 0) {
     return {
       envSrc,
       keysSrc,
-      publicKey: envParsed[publicKeyName],
-      privateKey: keysParsed[privateKeyName],
+      publicKey: existingPublicKey,
+      privateKey: existingPrivateKey,
+      publicKeyAdded: false,
       privateKeyAdded: false
     }
   }
 
   // generate key pair
-  const { publicKey, privateKey } = keyPair()
+  const { publicKey, privateKey } = keyPair(existingPrivateKey)
 
   // publicKey
   const prependPublicKey = [
@@ -65,17 +68,20 @@ function findOrCreatePublicKey (envFilepath, envKeysFilepath) {
 
   envSrc = `${prependPublicKey}\n${envSrc}`
   keysSrc = keysSrc.length > 1 ? keysSrc : `${firstTimeKeysSrc}\n`
-  keysSrc = `${keysSrc}\n${appendPrivateKey}`
 
-  fs.writeFileSync(envFilepath, envSrc)
-  fs.writeFileSync(envKeysFilepath, keysSrc)
+  let privateKeyAdded = false
+  if (!existingPrivateKey) {
+    keysSrc = `${keysSrc}\n${appendPrivateKey}`
+    privateKeyAdded = true
+  }
 
   return {
     envSrc,
     keysSrc,
     publicKey,
     privateKey,
-    privateKeyAdded: true
+    publicKeyAdded: true,
+    privateKeyAdded
   }
 }
 

package/src/lib/helpers/isEncrypted.js

@@ -1,8 +1,7 @@
 const ENCRYPTION_PATTERN = /^encrypted:.+/
-const PUBLIC_KEY_PATTERN = /^DOTENV_PUBLIC_KEY/
 
 function isEncrypted (key, value) {
-  return PUBLIC_KEY_PATTERN.test(key) || ENCRYPTION_PATTERN.test(value)
+  return ENCRYPTION_PATTERN.test(value)
 }
 
 module.exports = isEncrypted

package/src/lib/helpers/isFullyEncrypted.js

@@ -1,12 +1,13 @@
 const dotenv = require('dotenv')
 
 const isEncrypted = require('./isEncrypted')
+const isPublicKey = require('./isPublicKey')
 
 function isFullyEncrypted (src) {
   const parsed = dotenv.parse(src)
 
   for (const [key, value] of Object.entries(parsed)) {
-    const result = isEncrypted(key, value)
+    const result = isEncrypted(key, value) || isPublicKey(key, value)
     if (!result) {
       return false
     }

package/src/lib/helpers/isIgnoringDotenvKeys.js

@@ -13,7 +13,7 @@ function isIgnoringDotenvKeys () {
     return false
   }
 
-  return false
+  return true
 }
 
 module.exports = isIgnoringDotenvKeys

package/src/lib/helpers/isPublicKey.js

@@ -0,0 +1,7 @@
+const PUBLIC_KEY_PATTERN = /^DOTENV_PUBLIC_KEY/
+
+function isPublicKey (key, value) {
+  return PUBLIC_KEY_PATTERN.test(key)
+}
+
+module.exports = isPublicKey

package/src/lib/helpers/keyPair.js

@@ -1,7 +1,13 @@
 const { PrivateKey } = require('eciesjs')
 
-function keyPair () {
-  const kp = new PrivateKey()
+function keyPair (existingPrivateKey) {
+  let kp
+
+  if (existingPrivateKey) {
+    kp = new PrivateKey(Buffer.from(existingPrivateKey, 'hex'))
+  } else {
+    kp = new PrivateKey()
+  }
 
   const publicKey = kp.publicKey.toHex()
   const privateKey = kp.secret.toString('hex')