@dotenvx/dotenvx 1.5.0 → 1.6.0

package/src/cli/actions/get.js

@@ -21,17 +21,18 @@ function get (key) {
   const value = main.get(key, envs, options.overload, process.env.DOTENV_KEY, options.all)
 
   if (typeof value === 'object' && value !== null) {
+    let space = 0
     if (options.prettyPrint) {
-      logger.blank0(JSON.stringify(value, null, 2))
-    } else {
-      logger.blank0(value)
+      space = 2
     }
+
+    process.stdout.write(JSON.stringify(value, null, space))
   } else {
     if (value === undefined) {
-      logger.blank0('')
+      process.stdout.write('')
       process.exit(1)
     } else {
-      logger.blank0(value)
+      process.stdout.write(value)
     }
   }
 }

package/src/cli/actions/run.js

@@ -1,118 +1,11 @@
 const path = require('path')
-const execa = require('execa')
-const which = require('which')
 const { logger } = require('./../../shared/logger')
 
+const executeCommand = require('./../../lib/helpers/executeCommand')
 const Run = require('./../../lib/services/run')
 
 const conventions = require('./../../lib/helpers/conventions')
 
-const executeCommand = async function (commandArgs, env) {
-  const signals = [
-    'SIGHUP', 'SIGQUIT', 'SIGILL', 'SIGTRAP', 'SIGABRT',
-    'SIGBUS', 'SIGFPE', 'SIGUSR1', 'SIGSEGV', 'SIGUSR2'
-  ]
-
-  logger.debug(`executing process command [${commandArgs.join(' ')}]`)
-
-  // handler for SIGINT
-  let commandProcess
-  const sigintHandler = () => {
-    logger.debug('received SIGINT')
-    logger.debug('checking command process')
-    logger.debug(commandProcess)
-
-    if (commandProcess) {
-      logger.debug('sending SIGINT to command process')
-      commandProcess.kill('SIGINT') // Send SIGINT to the command process
-    } else {
-      logger.debug('no command process to send SIGINT to')
-    }
-  }
-  // handler for SIGTERM
-  const sigtermHandler = () => {
-    logger.debug('received SIGTERM')
-    logger.debug('checking command process')
-    logger.debug(commandProcess)
-
-    if (commandProcess) {
-      logger.debug('sending SIGTERM to command process')
-      commandProcess.kill('SIGTERM') // Send SIGTEM to the command process
-    } else {
-      logger.debug('no command process to send SIGTERM to')
-    }
-  }
-
-  const handleOtherSignal = (signal) => {
-    logger.debug(`received ${signal}`)
-  }
-
-  try {
-    // ensure the first command is expanded
-    try {
-      commandArgs[0] = path.resolve(which.sync(`${commandArgs[0]}`))
-      logger.debug(`expanding process command to [${commandArgs.join(' ')}]`)
-    } catch (e) {
-      logger.debug(`could not expand process command. using [${commandArgs.join(' ')}]`)
-    }
-
-    // expand any other commands that follow a --
-    let expandNext = false
-    for (let i = 0; i < commandArgs.length; i++) {
-      if (commandArgs[i] === '--') {
-        expandNext = true
-      } else if (expandNext) {
-        try {
-          commandArgs[i] = path.resolve(which.sync(`${commandArgs[i]}`))
-          logger.debug(`expanding process command to [${commandArgs.join(' ')}]`)
-        } catch (e) {
-          logger.debug(`could not expand process command. using [${commandArgs.join(' ')}]`)
-        }
-        expandNext = false
-      }
-    }
-
-    commandProcess = execa(commandArgs[0], commandArgs.slice(1), {
-      stdio: 'inherit',
-      env: { ...process.env, ...env }
-    })
-
-    process.on('SIGINT', sigintHandler)
-    process.on('SIGTERM', sigtermHandler)
-
-    signals.forEach(signal => {
-      process.on(signal, () => handleOtherSignal(signal))
-    })
-
-    // Wait for the command process to finish
-    const { exitCode } = await commandProcess
-
-    if (exitCode !== 0) {
-      logger.debug(`received exitCode ${exitCode}`)
-      throw new Error(`Command exited with exit code ${exitCode}`)
-    }
-  } catch (error) {
-    // no color on these errors as they can be standard errors for things like jest exiting with exitCode 1 for a single failed test.
-    if (error.signal !== 'SIGINT' && error.signal !== 'SIGTERM') {
-      if (error.code === 'ENOENT') {
-        logger.errornocolor(`Unknown command: ${error.command}`)
-      } else if (error.message.includes('Command failed with exit code 1')) {
-        logger.errornocolor(`Command exited with exit code 1: ${error.command}`)
-      } else {
-        logger.errornocolor(error.message)
-      }
-    }
-
-    // Exit with the error code from the command process, or 1 if unavailable
-    process.exit(error.exitCode || 1)
-  } finally {
-    // Clean up: Remove the SIGINT handler
-    process.removeListener('SIGINT', sigintHandler)
-    // Clean up: Remove the SIGTERM handler
-    process.removeListener('SIGTERM', sigtermHandler)
-  }
-}
-
 async function run () {
   const commandArgs = this.args
   logger.debug(`process command [${commandArgs.join(' ')}]`)
@@ -160,11 +53,11 @@ async function run () {
         if (processedEnv.error.code === 'MISSING_ENV_FILE') {
           // do not warn for conventions (too noisy)
           if (!options.convention) {
-            logger.warnv(processedEnv.error)
+            logger.warnv(processedEnv.error.message)
             logger.help(`? add one with [echo "HELLO=World" > ${processedEnv.filepath}] and re-run [dotenvx run -- ${commandArgs.join(' ')}]`)
           }
         } else {
-          logger.warnv(processedEnv.error)
+          logger.warnv(processedEnv.error.message)
         }
       } else {
         // debug parsed

package/src/cli/actions/set.js

@@ -38,10 +38,10 @@ function set (key, value) {
 
       if (processedEnvFile.error) {
         if (processedEnvFile.error.code === 'MISSING_ENV_FILE') {
-          logger.warn(processedEnvFile.error)
+          logger.warn(processedEnvFile.error.message)
           logger.help(`? add one with [echo "HELLO=World" > ${processedEnvFile.envFilepath}] and re-run [dotenvx set]`)
         } else {
-          logger.warn(processedEnvFile.error)
+          logger.warn(processedEnvFile.error.message)
         }
       } else {
         fs.writeFileSync(processedEnvFile.filepath, processedEnvFile.envSrc, ENCODING)

package/src/cli/commands/ext.js

@@ -1,9 +1,7 @@
-const path = require('path')
-const { spawnSync } = require('child_process')
 const { Command } = require('commander')
-const { logger } = require('../../shared/logger')
 
 const examples = require('./../examples')
+const executeExtension = require('../../lib/helpers/executeExtension')
 
 const ext = new Command('ext')
 
@@ -17,36 +15,8 @@ ext
   .argument('[command]', 'dynamic ext command')
   .argument('[args...]', 'dynamic ext command arguments')
   .action((command, args, cmdObj) => {
-    if (!command) {
-      ext.outputHelp()
-      process.exit(1)
-    }
-
-    // construct the full command line manually including flags
     const rawArgs = process.argv.slice(3) // adjust the index based on where actual args start
-    const commandIndex = rawArgs.indexOf(command)
-    const forwardedArgs = rawArgs.slice(commandIndex + 1)
-
-    logger.debug(`command: ${command}`)
-    logger.debug(`args: ${JSON.stringify(forwardedArgs)}`)
-
-    const binPath = path.join(process.cwd(), 'node_modules', '.bin')
-    const newPath = `${binPath}:${process.env.PATH}`
-    const env = { ...process.env, PATH: newPath }
-
-    const result = spawnSync(`dotenvx-ext-${command}`, forwardedArgs, { stdio: 'inherit', env })
-    if (result.error) {
-      if (command === 'hub') {
-        logger.warn(`[INSTALLATION_NEEDED] install dotenvx-ext-${command} to use [dotenvx ext ${command}] commands`)
-        logger.help('? see installation instructions [https://github.com/dotenvx/dotenvx-ext-hub]')
-      } else {
-        logger.info(`error: unknown command '${command}'`)
-      }
-    }
-
-    if (result.status !== 0) {
-      process.exit(result.status)
-    }
+    executeExtension(ext, command, rawArgs)
   })
 
 // dotenvx ext ls

package/src/cli/dotenvx.js

@@ -1,5 +1,6 @@
 #!/usr/bin/env node
 
+/* c8 ignore start */
 const fs = require('fs')
 const path = require('path')
 const { execSync } = require('child_process')
@@ -90,8 +91,18 @@ program.command('encrypt')
   .description('convert .env file(s) to encrypted .env file(s)')
   .option('-f, --env-file <paths...>', 'path(s) to your env file(s)')
   .option('-k, --key <keys...>', 'keys(s) to encrypt (default: all keys in file)')
+  .option('--stdout', 'send to stdout')
   .action(encryptAction)
 
+// dotenvx decrypt
+const decryptAction = require('./actions/decrypt')
+program.command('decrypt')
+  .description('convert encrypted .env file(s) to plain .env file(s)')
+  .option('-f, --env-file <paths...>', 'path(s) to your env file(s)')
+  .option('-k, --key <keys...>', 'keys(s) to encrypt (default: all keys in file)')
+  .option('--stdout', 'send to stdout')
+  .action(decryptAction)
+
 // dotenvx pro
 program.command('pro')
   .description('🏆 pro')
@@ -116,20 +127,6 @@ program.command('pro')
 // dotenvx ext
 program.addCommand(require('./commands/ext'))
 
-//
-// DEPRECATED AND hidden
-//
-program.addCommand(require('./commands/vault'))
-
-program.command('convert')
-  .description('DEPRECATED: moved to [dotenvx encrypt]')
-  .option('-f, --env-file <paths...>', 'path(s) to your env file(s)')
-  .action(function (...args) {
-    logger.warn('DEPRECATION NOTICE: [dotenvx convert] has moved to [dotenvx encrypt]')
-
-    encryptAction.apply(this, args)
-  })
-
 const lsAction = require('./actions/ext/ls')
 program.command('ls')
   .description('DEPRECATED: moved to [dotenvx ext ls]')
@@ -206,5 +203,6 @@ program.helpInformation = function () {
 
   return filteredLines.join('\n')
 }
+/* c8 ignore stop */
 
 program.parse(process.argv)

package/src/lib/helpers/execute.js

@@ -0,0 +1,9 @@
+const execa = require('execa')
+
+const execute = {
+  execa (command, args, options) {
+    return execa(command, args, options)
+  }
+}
+
+module.exports = execute

package/src/lib/helpers/executeCommand.js

@@ -0,0 +1,117 @@
+const path = require('path')
+const which = require('which')
+const execute = require('./../../lib/helpers/execute')
+const { logger } = require('./../../shared/logger')
+
+async function executeCommand (commandArgs, env) {
+  const signals = [
+    'SIGHUP', 'SIGQUIT', 'SIGILL', 'SIGTRAP', 'SIGABRT',
+    'SIGBUS', 'SIGFPE', 'SIGUSR1', 'SIGSEGV', 'SIGUSR2'
+  ]
+
+  logger.debug(`executing process command [${commandArgs.join(' ')}]`)
+
+  // handler for SIGINT
+  let commandProcess
+  const sigintHandler = () => {
+    logger.debug('received SIGINT')
+    logger.debug('checking command process')
+    logger.debug(commandProcess)
+
+    if (commandProcess) {
+      logger.debug('sending SIGINT to command process')
+      commandProcess.kill('SIGINT') // Send SIGINT to the command process
+    /* c8 ignore start */
+    } else {
+      logger.debug('no command process to send SIGINT to')
+    }
+    /* c8 ignore stop */
+  }
+  // handler for SIGTERM
+
+  /* c8 ignore start */
+  const sigtermHandler = () => {
+    logger.debug('received SIGTERM')
+    logger.debug('checking command process')
+    logger.debug(commandProcess)
+
+    if (commandProcess) {
+      logger.debug('sending SIGTERM to command process')
+      commandProcess.kill('SIGTERM') // Send SIGTEM to the command process
+    } else {
+      logger.debug('no command process to send SIGTERM to')
+    }
+  }
+
+  const handleOtherSignal = (signal) => {
+    logger.debug(`received ${signal}`)
+  }
+  /* c8 ignore stop */
+
+  try {
+    // ensure the first command is expanded
+    try {
+      commandArgs[0] = path.resolve(which.sync(`${commandArgs[0]}`))
+      logger.debug(`expanding process command to [${commandArgs.join(' ')}]`)
+    } catch (e) {
+      logger.debug(`could not expand process command. using [${commandArgs.join(' ')}]`)
+    }
+
+    // expand any other commands that follow a --
+    let expandNext = false
+    for (let i = 0; i < commandArgs.length; i++) {
+      if (commandArgs[i] === '--') {
+        expandNext = true
+      } else if (expandNext) {
+        try {
+          commandArgs[i] = path.resolve(which.sync(`${commandArgs[i]}`))
+          logger.debug(`expanding process command to [${commandArgs.join(' ')}]`)
+        } catch (e) {
+          logger.debug(`could not expand process command. using [${commandArgs.join(' ')}]`)
+        }
+        expandNext = false
+      }
+    }
+
+    commandProcess = execute.execa(commandArgs[0], commandArgs.slice(1), {
+      stdio: 'inherit',
+      env: { ...process.env, ...env }
+    })
+
+    process.on('SIGINT', sigintHandler)
+    process.on('SIGTERM', sigtermHandler)
+
+    signals.forEach(signal => {
+      process.on(signal, () => handleOtherSignal(signal))
+    })
+
+    // Wait for the command process to finish
+    const { exitCode } = await commandProcess
+
+    if (exitCode !== 0) {
+      logger.debug(`received exitCode ${exitCode}`)
+      throw new Error(`Command exited with exit code ${exitCode}`)
+    }
+  } catch (error) {
+    // no color on these errors as they can be standard errors for things like jest exiting with exitCode 1 for a single failed test.
+    if (error.signal !== 'SIGINT' && error.signal !== 'SIGTERM') {
+      if (error.code === 'ENOENT') {
+        logger.errornocolor(`Unknown command: ${error.command}`)
+      } else if (error.message.includes('Command failed with exit code 1')) {
+        logger.errornocolor(`Command exited with exit code 1: ${error.command}`)
+      } else {
+        logger.errornocolor(error.message)
+      }
+    }
+
+    // Exit with the error code from the command process, or 1 if unavailable
+    process.exit(error.exitCode || 1)
+  } finally {
+    // Clean up: Remove the SIGINT handler
+    process.removeListener('SIGINT', sigintHandler)
+    // Clean up: Remove the SIGTERM handler
+    process.removeListener('SIGTERM', sigtermHandler)
+  }
+}
+
+module.exports = executeCommand

package/src/lib/helpers/executeExtension.js

@@ -0,0 +1,38 @@
+const path = require('path')
+const childProcess = require('child_process')
+const { logger } = require('../../shared/logger')
+
+function executeExtension (ext, command, rawArgs) {
+  if (!command) {
+    ext.outputHelp()
+    process.exit(1)
+    return
+  }
+
+  // construct the full command line manually including flags
+  const commandIndex = rawArgs.indexOf(command)
+  const forwardedArgs = rawArgs.slice(commandIndex + 1)
+
+  logger.debug(`command: ${command}`)
+  logger.debug(`args: ${JSON.stringify(forwardedArgs)}`)
+
+  const binPath = path.join(process.cwd(), 'node_modules', '.bin')
+  const newPath = `${binPath}:${process.env.PATH}`
+  const env = { ...process.env, PATH: newPath }
+
+  const result = childProcess.spawnSync(`dotenvx-ext-${command}`, forwardedArgs, { stdio: 'inherit', env })
+  if (result.error) {
+    if (command === 'hub') {
+      logger.warn(`[INSTALLATION_NEEDED] install dotenvx-ext-${command} to use [dotenvx ext ${command}] commands`)
+      logger.help('? see installation instructions [https://github.com/dotenvx/dotenvx-ext-hub]')
+    } else {
+      logger.info(`error: unknown command '${command}'`)
+    }
+  }
+
+  if (result.status !== 0) {
+    process.exit(result.status)
+  }
+}
+
+module.exports = executeExtension

package/src/lib/helpers/findOrCreatePublicKey.js

@@ -24,20 +24,23 @@ function findOrCreatePublicKey (envFilepath, envKeysFilepath) {
   // parsed
   const envParsed = dotenv.parse(envSrc)
   const keysParsed = dotenv.parse(keysSrc)
+  const existingPublicKey = envParsed[publicKeyName]
+  const existingPrivateKey = keysParsed[privateKeyName]
 
   // if DOTENV_PUBLIC_KEY_${environment} already present then go no further
-  if (envParsed[publicKeyName] && envParsed[publicKeyName].length > 0) {
+  if (existingPublicKey && existingPublicKey.length > 0) {
     return {
       envSrc,
       keysSrc,
-      publicKey: envParsed[publicKeyName],
-      privateKey: keysParsed[privateKeyName],
+      publicKey: existingPublicKey,
+      privateKey: existingPrivateKey,
+      publicKeyAdded: false,
       privateKeyAdded: false
     }
   }
 
   // generate key pair
-  const { publicKey, privateKey } = keyPair()
+  const { publicKey, privateKey } = keyPair(existingPrivateKey)
 
   // publicKey
   const prependPublicKey = [
@@ -65,17 +68,20 @@ function findOrCreatePublicKey (envFilepath, envKeysFilepath) {
 
   envSrc = `${prependPublicKey}\n${envSrc}`
   keysSrc = keysSrc.length > 1 ? keysSrc : `${firstTimeKeysSrc}\n`
-  keysSrc = `${keysSrc}\n${appendPrivateKey}`
 
-  fs.writeFileSync(envFilepath, envSrc)
-  fs.writeFileSync(envKeysFilepath, keysSrc)
+  let privateKeyAdded = false
+  if (!existingPrivateKey) {
+    keysSrc = `${keysSrc}\n${appendPrivateKey}`
+    privateKeyAdded = true
+  }
 
   return {
     envSrc,
     keysSrc,
     publicKey,
     privateKey,
-    privateKeyAdded: true
+    publicKeyAdded: true,
+    privateKeyAdded
   }
 }
 

package/src/lib/helpers/isEncrypted.js

@@ -1,8 +1,7 @@
 const ENCRYPTION_PATTERN = /^encrypted:.+/
-const PUBLIC_KEY_PATTERN = /^DOTENV_PUBLIC_KEY/
 
 function isEncrypted (key, value) {
-  return PUBLIC_KEY_PATTERN.test(key) || ENCRYPTION_PATTERN.test(value)
+  return ENCRYPTION_PATTERN.test(value)
 }
 
 module.exports = isEncrypted

package/src/lib/helpers/isFullyEncrypted.js

@@ -1,12 +1,13 @@
 const dotenv = require('dotenv')
 
 const isEncrypted = require('./isEncrypted')
+const isPublicKey = require('./isPublicKey')
 
 function isFullyEncrypted (src) {
   const parsed = dotenv.parse(src)
 
   for (const [key, value] of Object.entries(parsed)) {
-    const result = isEncrypted(key, value)
+    const result = isEncrypted(key, value) || isPublicKey(key, value)
     if (!result) {
       return false
     }

package/src/lib/helpers/isIgnoringDotenvKeys.js

@@ -13,7 +13,7 @@ function isIgnoringDotenvKeys () {
     return false
   }
 
-  return false
+  return true
 }
 
 module.exports = isIgnoringDotenvKeys

package/src/lib/helpers/isPublicKey.js

@@ -0,0 +1,7 @@
+const PUBLIC_KEY_PATTERN = /^DOTENV_PUBLIC_KEY/
+
+function isPublicKey (key, value) {
+  return PUBLIC_KEY_PATTERN.test(key)
+}
+
+module.exports = isPublicKey

package/src/lib/helpers/keyPair.js

@@ -1,7 +1,13 @@
 const { PrivateKey } = require('eciesjs')
 
-function keyPair () {
-  const kp = new PrivateKey()
+function keyPair (existingPrivateKey) {
+  let kp
+
+  if (existingPrivateKey) {
+    kp = new PrivateKey(Buffer.from(existingPrivateKey, 'hex'))
+  } else {
+    kp = new PrivateKey()
+  }
 
   const publicKey = kp.publicKey.toHex()
   const privateKey = kp.secret.toString('hex')

package/src/lib/helpers/smartDotenvPrivateKey.js

@@ -2,27 +2,85 @@ const fs = require('fs')
 const path = require('path')
 const dotenv = require('dotenv')
 
-const guessPrivateKeyName = require('./guessPrivateKeyName')
+const ENCODING = 'utf8'
+const PUBLIC_KEY_SCHEMA = 'DOTENV_PUBLIC_KEY'
+const PRIVATE_KEY_SCHEMA = 'DOTENV_PRIVATE_KEY'
 
-function smartDotenvPrivateKey (envFilepath) {
-  const privateKeyName = guessPrivateKeyName(envFilepath) // DOTENV_PRIVATE_KEY_${ENVIRONMENT}
+const guessPrivateKeyName = require('./guessPrivateKeyName')
 
-  // process.env wins
+function searchProcessEnv (privateKeyName) {
   if (process.env[privateKeyName] && process.env[privateKeyName].length > 0) {
     return process.env[privateKeyName]
   }
+}
 
-  // fallback to presence of .env.keys - path/to/.env.keys
+function searchKeysFile (privateKeyName, envFilepath) {
   const directory = path.dirname(envFilepath)
   const envKeysFilepath = path.resolve(directory, '.env.keys')
+
   if (fs.existsSync(envKeysFilepath)) {
-    const keysSrc = fs.readFileSync(envKeysFilepath)
+    const keysSrc = fs.readFileSync(envKeysFilepath, { encoding: ENCODING })
     const keysParsed = dotenv.parse(keysSrc)
 
     if (keysParsed[privateKeyName] && keysParsed[privateKeyName].length > 0) {
       return keysParsed[privateKeyName]
     }
   }
+}
+
+function invertForPrivateKeyName (envFilepath) {
+  if (!fs.existsSync(envFilepath)) {
+    return null
+  }
+
+  const envSrc = fs.readFileSync(envFilepath, { encoding: ENCODING })
+  const envParsed = dotenv.parse(envSrc)
+
+  let publicKeyName
+  for (const keyName of Object.keys(envParsed)) {
+    if (keyName === PUBLIC_KEY_SCHEMA || keyName.startsWith(PUBLIC_KEY_SCHEMA)) {
+      publicKeyName = keyName // find DOTENV_PUBLIC_KEY* in filename
+    }
+  }
+
+  if (publicKeyName) {
+    return publicKeyName.replace(PUBLIC_KEY_SCHEMA, PRIVATE_KEY_SCHEMA) // return inverted (DOTENV_PUBLIC_KEY* -> DOTENV_PRIVATE_KEY*) if found
+  }
+
+  return null
+}
+
+function smartDotenvPrivateKey (envFilepath) {
+  let privateKey = null
+  let privateKeyName = guessPrivateKeyName(envFilepath) // DOTENV_PRIVATE_KEY_${ENVIRONMENT}
+
+  // 1. attempt process.env first
+  privateKey = searchProcessEnv(privateKeyName)
+  if (privateKey) {
+    return privateKey
+  }
+
+  // 2. attempt .env.keys second (path/to/.env.keys)
+  privateKey = searchKeysFile(privateKeyName, envFilepath)
+  if (privateKey) {
+    return privateKey
+  }
+
+  // 3. attempt inverting `DOTENV_PUBLIC_KEY*` name inside file (unlocks custom filenames not matching .env.${ENVIRONMENT} pattern)
+  privateKeyName = invertForPrivateKeyName(envFilepath)
+  if (privateKeyName) {
+    // 3.1 attempt process.env first
+    privateKey = searchProcessEnv(privateKeyName)
+    if (privateKey) {
+      return privateKey
+    }
+
+    // 3.2. attempt .env.keys second (path/to/.env.keys)
+    privateKey = searchKeysFile(privateKeyName, envFilepath)
+    if (privateKey) {
+      return privateKey
+    }
+  }
 
   return null
 }