@dotenvx/dotenvx 1.5.0 → 1.6.0

package/src/lib/main.js

@@ -10,6 +10,7 @@ const Run = require('./services/run')
 const Sets = require('./services/sets')
 const Status = require('./services/status')
 const Encrypt = require('./services/encrypt')
+const Decrypt = require('./services/decrypt')
 const Genexample = require('./services/genexample')
 const Settings = require('./services/settings')
 const VaultEncrypt = require('./services/vaultEncrypt')
@@ -162,11 +163,6 @@ const parse = function (src) {
   return dotenv.parse(src)
 }
 
-/** @type {import('./main').vaultEncrypt} */
-const vaultEncrypt = function (directory, envFile) {
-  return new VaultEncrypt(directory, envFile).run()
-}
-
 /** @type {import('./main').ls} */
 const ls = function (directory, envFile) {
   return new Ls(directory, envFile).run()
@@ -198,6 +194,11 @@ const encrypt = function (envFile, key) {
   return new Encrypt(envFile, key).run()
 }
 
+/** @type {import('./main').encrypt} */
+const decrypt = function (envFile, key) {
+  return new Decrypt(envFile, key).run()
+}
+
 /** @type {import('./main').status} */
 const status = function (directory) {
   return new Status(directory).run()
@@ -211,8 +212,8 @@ const settings = function (key = null) {
 
 // misc/cleanup
 
-/** @type {import('./main').decrypt} */
-const decrypt = function (encrypted, keyStr) {
+/** @type {import('./main').vaultDecrypt} */
+const vaultDecrypt = function (encrypted, keyStr) {
   try {
     return dotenv.decrypt(encrypted, keyStr)
   } catch (e) {
@@ -236,6 +237,11 @@ const decrypt = function (encrypted, keyStr) {
   }
 }
 
+/** @type {import('./main').vaultEncrypt} */
+const vaultEncrypt = function (directory, envFile) {
+  return new VaultEncrypt(directory, envFile).run()
+}
+
 module.exports = {
   // dotenv proxies
   config,
@@ -243,7 +249,7 @@ module.exports = {
   parse,
   // actions related
   encrypt,
-  vaultEncrypt,
+  decrypt,
   ls,
   get,
   set,
@@ -252,5 +258,6 @@ module.exports = {
   // settings
   settings,
   // misc/cleanup
-  decrypt
+  vaultEncrypt,
+  vaultDecrypt
 }

package/src/lib/services/decrypt.js

@@ -2,124 +2,105 @@ const fs = require('fs')
 const path = require('path')
 const dotenv = require('dotenv')
 
-const ENCODING = 'utf8'
+const smartDotenvPrivateKey = require('./../helpers/smartDotenvPrivateKey')
+const guessPrivateKeyName = require('./../helpers/guessPrivateKeyName')
+const decryptValue = require('./../helpers/decryptValue')
+const isEncrypted = require('./../helpers/isEncrypted')
+const replace = require('./../helpers/replace')
 
-const libDecrypt = require('./../../lib/helpers/decrypt')
+const ENCODING = 'utf8'
 
 class Decrypt {
-  constructor (directory = '.', environment) {
-    this.directory = directory
-    this.environment = environment
-
-    this.envKeysFilepath = path.resolve(this.directory, '.env.keys')
-    this.envVaultFilepath = path.resolve(this.directory, '.env.vault')
-
-    this.processedEnvs = []
-    this.changedFilenames = new Set()
-    this.unchangedFilenames = new Set()
+  constructor (envFile = '.env', key = []) {
+    this.envFile = envFile
+    this.key = key
+    this.processedEnvFiles = []
+    this.changedFilepaths = new Set()
+    this.unchangedFilepaths = new Set()
   }
 
   run () {
-    if (!fs.existsSync(this.envVaultFilepath)) {
-      const code = 'MISSING_ENV_VAULT_FILE'
-      const message = `missing .env.vault (${this.envVaultFilepath})`
-      const help = `? generate one with [dotenvx encrypt ${this.directory}]`
-
-      const error = new Error(message)
-      error.code = code
-      error.help = help
-      throw error
-    }
-
-    if (!fs.existsSync(this.envKeysFilepath)) {
-      const code = 'MISSING_ENV_KEYS_FILE'
-      const message = `missing .env.keys (${this.envKeysFilepath})`
-      const help = '? a .env.keys file must be present in order to decrypt your .env.vault contents to .env file(s)'
-
-      const error = new Error(message)
-      error.code = code
-      error.help = help
-      throw error
-    }
-
-    const dotenvKeys = dotenv.configDotenv({ path: this.envKeysFilepath }).parsed
-    const dotenvVault = dotenv.configDotenv({ path: this.envVaultFilepath }).parsed
-    const environments = this._environments()
-
-    if (environments.length > 0) {
-      // iterate over the environments
-      for (const environment of environments) {
-        const value = dotenvKeys[`DOTENV_KEY_${environment.toUpperCase()}`]
-        const row = this._processRow(value, dotenvVault, environment)
-
-        this.processedEnvs.push(row)
+    const envFilepaths = this._envFilepaths()
+    const keys = this._keys()
+    for (const envFilepath of envFilepaths) {
+      const filepath = path.resolve(envFilepath)
+
+      const row = {}
+      row.keys = []
+      row.filepath = filepath
+      row.envFilepath = envFilepath
+
+      try {
+        // get the src
+        let src = fs.readFileSync(filepath, { encoding: ENCODING })
+
+        // if DOTENV_PRIVATE_KEY_* already set in process.env then use it
+        const privateKey = smartDotenvPrivateKey(envFilepath)
+        row.privateKey = privateKey
+        row.privateKeyName = guessPrivateKeyName(filepath)
+
+        // track possible changes
+        row.changed = false
+
+        // iterate over all non-encrypted values and encrypt them
+        const parsed = dotenv.parse(src)
+        for (const [key, value] of Object.entries(parsed)) {
+          if (keys.length < 1 || keys.includes(key)) { // optionally control which key to decrypt
+            const encrypted = isEncrypted(key, value)
+            if (encrypted) {
+              row.keys.push(key) // track key(s)
+
+              const plainValue = decryptValue(value, privateKey)
+              // once newSrc is built write it out
+              src = replace(src, key, plainValue)
+
+              row.changed = true // track change
+            }
+          }
+        }
+
+        if (row.changed) {
+          row.envSrc = src
+          this.changedFilepaths.add(envFilepath)
+        } else {
+          row.envSrc = src
+          this.unchangedFilepaths.add(envFilepath)
+        }
+      } catch (e) {
+        if (e.code === 'ENOENT') {
+          const error = new Error(`missing ${envFilepath} file (${filepath})`)
+          error.code = 'MISSING_ENV_FILE'
+
+          row.error = error
+        } else {
+          row.error = e
+        }
       }
-    } else {
-      for (const [dotenvKey, value] of Object.entries(dotenvKeys)) {
-        const environment = dotenvKey.replace('DOTENV_KEY_', '').toLowerCase()
-        const row = this._processRow(value, dotenvVault, environment)
 
-        this.processedEnvs.push(row)
-      }
+      this.processedEnvFiles.push(row)
     }
 
     return {
-      processedEnvs: this.processedEnvs,
-      changedFilenames: [...this.changedFilenames],
-      unchangedFilenames: [...this.unchangedFilenames]
+      processedEnvFiles: this.processedEnvFiles,
+      changedFilepaths: [...this.changedFilepaths],
+      unchangedFilepaths: [...this.unchangedFilepaths]
     }
   }
 
-  _processRow (value, dotenvVault, environment) {
-    environment = environment.toLowerCase() // important so we don't later write .env.DEVELOPMENT for example
-    const vaultKey = `DOTENV_VAULT_${environment.toUpperCase()}`
-    const ciphertext = dotenvVault[vaultKey] // attempt to find ciphertext
-
-    const row = {}
-    row.environment = environment
-    row.dotenvKey = value ? value.trim() : value
-    row.ciphertext = ciphertext
-
-    if (ciphertext && ciphertext.length >= 1) {
-      // Decrypt
-      const decrypted = libDecrypt(ciphertext, value.trim())
-      row.decrypted = decrypted
-
-      // envFilename
-      // replace _ with . to support filenames like .env.development.local
-      let envFilename = `.env.${environment.replace('_', '.')}`
-      if (environment === 'development') {
-        envFilename = '.env'
-      }
-      row.filename = envFilename
-      row.filepath = path.resolve(this.directory, envFilename)
-
-      // check if exists and is changing
-      if (fs.existsSync(row.filepath) && (fs.readFileSync(row.filepath, { encoding: ENCODING }).toString() === decrypted)) {
-        this.unchangedFilenames.add(envFilename)
-      } else {
-        row.shouldWrite = true
-        this.changedFilenames.add(envFilename)
-      }
-    } else {
-      const message = `${vaultKey} missing in .env.vault: ${this.envVaultFilepath}`
-      const warning = new Error(message)
-      row.warning = warning
+  _envFilepaths () {
+    if (!Array.isArray(this.envFile)) {
+      return [this.envFile]
     }
 
-    return row
+    return this.envFile
   }
 
-  _environments () {
-    if (this.environment === undefined) {
-      return []
-    }
-
-    if (!Array.isArray(this.environment)) {
-      return [this.environment]
+  _keys () {
+    if (!Array.isArray(this.key)) {
+      return [this.key]
     }
 
-    return this.environment
+    return this.key
   }
 }
 

package/src/lib/services/encrypt.js

@@ -6,6 +6,7 @@ const findOrCreatePublicKey = require('./../helpers/findOrCreatePublicKey')
 const guessPrivateKeyName = require('./../helpers/guessPrivateKeyName')
 const encryptValue = require('./../helpers/encryptValue')
 const isEncrypted = require('./../helpers/isEncrypted')
+const isPublicKey = require('./../helpers/isPublicKey')
 const replace = require('./../helpers/replace')
 
 const ENCODING = 'utf8'
@@ -37,25 +38,29 @@ class Encrypt {
         const envKeysFilepath = path.join(path.dirname(filepath), '.env.keys')
         const {
           envSrc,
+          keysSrc,
           publicKey,
           privateKey,
+          publicKeyAdded,
           privateKeyAdded
         } = findOrCreatePublicKey(filepath, envKeysFilepath)
+
+        // handle .env.keys write
+        fs.writeFileSync(envKeysFilepath, keysSrc)
+
+        src = envSrc // src was potentially modified by findOrCreatePublicKey so we set it again here
+
+        row.changed = publicKeyAdded // track change
         row.publicKey = publicKey
         row.privateKey = privateKey
-        row.privateKeyName = guessPrivateKeyName(filepath)
         row.privateKeyAdded = privateKeyAdded
-
-        src = envSrc // src was potentially changed by findOrCreatePublicKey so we set it again here
-
-        // track possible changes
-        row.changed = false
+        row.privateKeyName = guessPrivateKeyName(filepath)
 
         // iterate over all non-encrypted values and encrypt them
         const parsed = dotenv.parse(src)
         for (const [key, value] of Object.entries(parsed)) {
           if (keys.length < 1 || keys.includes(key)) { // optionally control which key to encrypt
-            const encrypted = isEncrypted(key, value)
+            const encrypted = isEncrypted(key, value) || isPublicKey(key, value)
             if (!encrypted) {
               row.keys.push(key) // track key(s)
 

package/src/lib/services/sets.js

@@ -43,14 +43,21 @@ class Sets {
           const envKeysFilepath = path.join(path.dirname(filepath), '.env.keys')
           const {
             envSrc,
+            keysSrc,
             publicKey,
             privateKey,
+            publicKeyAdded,
             privateKeyAdded
           } = findOrCreatePublicKey(filepath, envKeysFilepath)
-          src = envSrc // overwrite the original read (because findOrCreatePublicKey) rewrite to it
+
+          // handle .env.keys write
+          fs.writeFileSync(envKeysFilepath, keysSrc)
+
+          src = envSrc // src was potentially modified by findOrCreatePublicKey so we set it again here
+
           value = encryptValue(value, publicKey)
 
-          row.changed = true // track change
+          row.changed = publicKeyAdded // track change
           row.encryptedValue = value
           row.publicKey = publicKey
           row.privateKey = privateKey

package/src/lib/services/status.js

@@ -4,7 +4,7 @@ const diff = require('diff')
 const chalk = require('chalk')
 
 const Ls = require('./ls')
-const Decrypt = require('./decrypt')
+const VaultDecrypt = require('./vaultDecrypt')
 
 const containsDirectory = require('./../helpers/containsDirectory')
 const guessEnvironment = require('./../helpers/guessEnvironment')
@@ -60,7 +60,7 @@ class Status {
       row.raw = fs.readFileSync(filepath, { encoding: ENCODING })
 
       // grab decrypted
-      const { processedEnvs } = new Decrypt(this.directory, row.environment).run()
+      const { processedEnvs } = new VaultDecrypt(this.directory, row.environment).run()
       const result = processedEnvs[0]
 
       // handle warnings

package/src/lib/services/vaultDecrypt.js

@@ -0,0 +1,126 @@
+const fs = require('fs')
+const path = require('path')
+const dotenv = require('dotenv')
+
+const ENCODING = 'utf8'
+
+const libDecrypt = require('./../../lib/helpers/decrypt')
+
+class VaultDecrypt {
+  constructor (directory = '.', environment) {
+    this.directory = directory
+    this.environment = environment
+
+    this.envKeysFilepath = path.resolve(this.directory, '.env.keys')
+    this.envVaultFilepath = path.resolve(this.directory, '.env.vault')
+
+    this.processedEnvs = []
+    this.changedFilenames = new Set()
+    this.unchangedFilenames = new Set()
+  }
+
+  run () {
+    if (!fs.existsSync(this.envVaultFilepath)) {
+      const code = 'MISSING_ENV_VAULT_FILE'
+      const message = `missing .env.vault (${this.envVaultFilepath})`
+      const help = `? generate one with [dotenvx encrypt ${this.directory}]`
+
+      const error = new Error(message)
+      error.code = code
+      error.help = help
+      throw error
+    }
+
+    if (!fs.existsSync(this.envKeysFilepath)) {
+      const code = 'MISSING_ENV_KEYS_FILE'
+      const message = `missing .env.keys (${this.envKeysFilepath})`
+      const help = '? a .env.keys file must be present in order to decrypt your .env.vault contents to .env file(s)'
+
+      const error = new Error(message)
+      error.code = code
+      error.help = help
+      throw error
+    }
+
+    const dotenvKeys = dotenv.configDotenv({ path: this.envKeysFilepath }).parsed
+    const dotenvVault = dotenv.configDotenv({ path: this.envVaultFilepath }).parsed
+    const environments = this._environments()
+
+    if (environments.length > 0) {
+      // iterate over the environments
+      for (const environment of environments) {
+        const value = dotenvKeys[`DOTENV_KEY_${environment.toUpperCase()}`]
+        const row = this._processRow(value, dotenvVault, environment)
+
+        this.processedEnvs.push(row)
+      }
+    } else {
+      for (const [dotenvKey, value] of Object.entries(dotenvKeys)) {
+        const environment = dotenvKey.replace('DOTENV_KEY_', '').toLowerCase()
+        const row = this._processRow(value, dotenvVault, environment)
+
+        this.processedEnvs.push(row)
+      }
+    }
+
+    return {
+      processedEnvs: this.processedEnvs,
+      changedFilenames: [...this.changedFilenames],
+      unchangedFilenames: [...this.unchangedFilenames]
+    }
+  }
+
+  _processRow (value, dotenvVault, environment) {
+    environment = environment.toLowerCase() // important so we don't later write .env.DEVELOPMENT for example
+    const vaultKey = `DOTENV_VAULT_${environment.toUpperCase()}`
+    const ciphertext = dotenvVault[vaultKey] // attempt to find ciphertext
+
+    const row = {}
+    row.environment = environment
+    row.dotenvKey = value ? value.trim() : value
+    row.ciphertext = ciphertext
+
+    if (ciphertext && ciphertext.length >= 1) {
+      // Decrypt
+      const decrypted = libDecrypt(ciphertext, value.trim())
+      row.decrypted = decrypted
+
+      // envFilename
+      // replace _ with . to support filenames like .env.development.local
+      let envFilename = `.env.${environment.replace('_', '.')}`
+      if (environment === 'development') {
+        envFilename = '.env'
+      }
+      row.filename = envFilename
+      row.filepath = path.resolve(this.directory, envFilename)
+
+      // check if exists and is changing
+      if (fs.existsSync(row.filepath) && (fs.readFileSync(row.filepath, { encoding: ENCODING }).toString() === decrypted)) {
+        this.unchangedFilenames.add(envFilename)
+      } else {
+        row.shouldWrite = true
+        this.changedFilenames.add(envFilename)
+      }
+    } else {
+      const message = `${vaultKey} missing in .env.vault: ${this.envVaultFilepath}`
+      const warning = new Error(message)
+      row.warning = warning
+    }
+
+    return row
+  }
+
+  _environments () {
+    if (this.environment === undefined) {
+      return []
+    }
+
+    if (!Array.isArray(this.environment)) {
+      return [this.environment]
+    }
+
+    return this.environment
+  }
+}
+
+module.exports = VaultDecrypt

package/src/shared/logger.js

@@ -9,7 +9,6 @@ const transports = winston.transports
 const packageJson = require('./../lib/helpers/packageJson')
 
 const levels = {
-  blank0: 0,
   error: 0,
   errorv: 0,
   errorvp: 0,
@@ -47,8 +46,6 @@ const dotenvxFormat = printf(({ level, message, label, timestamp }) => {
   const formattedMessage = typeof message === 'object' ? JSON.stringify(message) : message
 
   switch (level.toLowerCase()) {
-    case 'blank0': // special blank that always displays - even with quiet flag (for use with get action)
-      return formattedMessage
     case 'error':
       return error(formattedMessage)
     case 'errorv':

package/src/cli/commands/vault.js

@@ -1,57 +0,0 @@
-const { Command } = require('commander')
-
-const examples = require('./../examples')
-const { logger } = require('./../../shared/logger')
-
-const vault = new Command('vault')
-
-vault
-  .description('DEPRECATED: moved to [dotenvx ext vault]')
-
-// dotenvx vault migrate
-const migrateAction = require('./../actions/ext/vault/migrate')
-vault.command('migrate')
-  .description('DEPRECATED: moved to [dotenvx ext vault migrate]')
-  .action(function (...args) {
-    logger.warn('DEPRECATION NOTICE: [dotenvx vault migrate] moved to [dotenvx ext vault migrate]')
-
-    migrateAction.apply(this, args)
-  })
-
-// dotenvx vault encrypt
-const encryptAction = require('./../actions/ext/vault/encrypt')
-vault.command('encrypt')
-  .description('DEPRECATED: moved to [dotenvx ext vault encrypt]')
-  .addHelpText('after', examples.vaultEncrypt)
-  .argument('[directory]', 'directory to encrypt', '.')
-  .option('-f, --env-file <paths...>', 'path(s) to your env file(s)')
-  .action(function (...args) {
-    logger.warn('DEPRECATION NOTICE: [dotenvx vault encrypt] moved to [dotenvx ext vault encrypt]')
-
-    encryptAction.apply(this, args)
-  })
-
-// dotenvx vault decrypt
-const decryptAction = require('./../actions/ext/vault/decrypt')
-vault.command('decrypt')
-  .description('DEPRECATED: moved to [dotenvx ext vault decrypt]')
-  .argument('[directory]', 'directory to decrypt', '.')
-  .option('-e, --environment <environments...>', 'environment(s) to decrypt')
-  .action(function (...args) {
-    logger.warn('DEPRECATION NOTICE: [dotenvx vault decrypt] moved to [dotenvx ext vault decrypt]')
-
-    decryptAction.apply(this, args)
-  })
-
-// dotenvx vault status
-const statusAction = require('./../actions/ext/vault/status')
-vault.command('status')
-  .description('DEPRECATED: moved to [dotenvx ext vault status]')
-  .argument('[directory]', 'directory to check status against', '.')
-  .action(function (...args) {
-    logger.warn('DEPRECATION NOTICE: [dotenvx vault status] moved to [dotenvx ext vault status]')
-
-    statusAction.apply(this, args)
-  })
-
-module.exports = vault

package/src/lib/helpers/clipboardy/linux.js

@@ -1,57 +0,0 @@
-'use strict'
-const path = require('path')
-const execa = require('execa')
-
-const xsel = 'xsel'
-const xselFallback = path.join(__dirname, './fallbacks/linux/xsel')
-
-const copyArguments = ['--clipboard', '--input']
-const pasteArguments = ['--clipboard', '--output']
-
-const makeError = (xselError, fallbackError) => {
-  let error
-  if (xselError.code === 'ENOENT') {
-    error = new Error('Couldn\'t find the `xsel` binary and fallback didn\'t work. On Debian/Ubuntu you can install xsel with: sudo apt install xsel')
-  } else {
-    error = new Error('Both xsel and fallback failed')
-    error.xselError = xselError
-  }
-
-  error.fallbackError = fallbackError
-  return error
-}
-
-const xselWithFallback = async (argumentList, options) => {
-  try {
-    return await execa.stdout(xsel, argumentList, options)
-  } catch (xselError) {
-    try {
-      return await execa.stdout(xselFallback, argumentList, options)
-    } catch (fallbackError) {
-      throw makeError(xselError, fallbackError)
-    }
-  }
-}
-
-const xselWithFallbackSync = (argumentList, options) => {
-  try {
-    return execa.sync(xsel, argumentList, options)
-  } catch (xselError) {
-    try {
-      return execa.sync(xselFallback, argumentList, options)
-    } catch (fallbackError) {
-      throw makeError(xselError, fallbackError)
-    }
-  }
-}
-
-module.exports = {
-  copy: async options => {
-    await xselWithFallback(copyArguments, options)
-  },
-  copySync: options => {
-    xselWithFallbackSync(copyArguments, options)
-  },
-  paste: options => xselWithFallback(pasteArguments, options),
-  pasteSync: options => xselWithFallbackSync(pasteArguments, options)
-}

package/src/lib/helpers/clipboardy/macos.js

@@ -1,14 +0,0 @@
-'use strict'
-const execa = require('execa')
-
-const env = {
-  ...process.env,
-  LC_CTYPE: 'UTF-8'
-}
-
-module.exports = {
-  copy: async options => execa('pbcopy', { ...options, env }),
-  paste: async options => execa.stdout('pbpaste', { ...options, env }),
-  copySync: options => execa.sync('pbcopy', { ...options, env }),
-  pasteSync: options => execa.sync('pbpaste', { ...options, env })
-}