@dotenvx/dotenvx 1.5.0 → 1.6.1

package/CHANGELOG.md

@@ -2,7 +2,30 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
-## [Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.5.0...main)
+## [Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.6.1...main)
+
+## 1.6.1
+
+### Added
+
+* added support for `.env1` (`.env*`) file format. (private key expands to `DOTENV_PRIVATE_KEY_DEVELOPMENT1`) ([#312](https://github.com/dotenvx/dotenvx/pull/312))
+
+## 1.6.0
+
+### Added
+
+* add `dotenvx decrypt` command. works inversely to `dotenvx encrypt`. same flags. ([#294](https://github.com/dotenvx/dotenvx/pull/294))
+* add `--stdout` option to `dotenvx decrypt`. example: `dotenvx decrypt -f .env.production > somefile.txt` ([#298](https://github.com/dotenvx/dotenvx/pull/298))
+* add `--stdout` option to `dotenvx encrypt`. example: `dotenvx encrypt -f .env.production > somefile.txt` ([#298](https://github.com/dotenvx/dotenvx/pull/298))
+
+### Changed
+
+* smarter private key finder. if you rename your file to `secrets.txt` it can still decrypt from `DOTENV_PRIVATE_KEY` by seeking out the invert of the `DOTENV_PUBLIC_KEY` inside `secrets.txt` ([#302](https://github.com/dotenvx/dotenvx/pull/302))
+
+### Removed
+
+* remove `dotenvx convert` - still at `dotenvx encrypt`
+* remove `dotenvx vault` - still at `dotenvx ext vault`
 
 ## 1.5.0
 

package/README.md

@@ -9,7 +9,7 @@
  
 
 
-### Quickstart [![npm version](https://img.shields.io/npm/v/@dotenvx/dotenvx.svg)](https://www.npmjs.com/package/@dotenvx/dotenvx) [![test count](https://img.shields.io/endpoint?url=https://gist.githubusercontent.com/motdotenv/bb76445765a9731e7d824a6efdf53524/raw/dotenvxTestCount.json)](https://github.com/dotenvx/dotenvx/tree/main/tests) [![npm installs](https://img.shields.io/npm/dm/@dotenvx/dotenvx)](https://www.npmjs.com/package/@dotenvx/dotenvx)
+### Quickstart [![npm version](https://img.shields.io/npm/v/@dotenvx/dotenvx.svg)](https://www.npmjs.com/package/@dotenvx/dotenvx) [![test count](https://img.shields.io/endpoint?url=https://gist.githubusercontent.com/motdotenv/bb76445765a9731e7d824a6efdf53524/raw/dotenvxTestCount.json)](https://github.com/dotenvx/dotenvx/tree/main/tests) [![npm installs](https://img.shields.io/npm/dt/@dotenvx/dotenvx)](https://www.npmjs.com/package/@dotenvx/dotenvx)
 
 Install and use it in code just like `dotenv`.
 
@@ -660,6 +660,16 @@ More examples
   Note the `DOTENV_PRIVATE_KEY_CI` (and any `DOTENV_PRIVATE_KEY*`) can take multiple private keys by simply comma separating them.
 
   </details>
+* <details><summary>`--stdout`</summary><br>
+
+  ```sh
+  $ echo "HELLO=World" > .env
+  $ dotenvx encrypt --stdout
+  $ dotenvx encrypt --stdout > .env.encrypted
+  ```
+
+  </details>
+
 * <details><summary>other curves</summary><br>
 
   > `secp256k1` is a well-known and battle tested curve, in use with Bitcoin and other cryptocurrencies, but we are open to adding support for more curves.
@@ -1139,6 +1149,81 @@ More examples
   ```
 
   </details>
+* <details><summary>`encrypt --stdout`</summary><br>
+
+  Encrypt the contents of a `.env` file and send to stdout.
+
+  ```sh
+  $ echo "HELLO=World" > .env
+  $ dotenvx encrypt --stdout
+  #/-------------------[DOTENV_PUBLIC_KEY]--------------------/
+  #/            public-key encryption for .env files          /
+  #/       [how it works](https://dotenvx.com/encryption)     /
+  #/----------------------------------------------------------/
+  DOTENV_PUBLIC_KEY="034af93e93708b994c10f236c96ef88e47291066946cce2e8d98c9e02c741ced45"
+  # .env
+  HELLO="encrypted:BDqDBibm4wsYqMpCjTQ6BsDHmMadg9K3dAt+Z9HPMfLEIRVz50hmLXPXRuDBXaJi/LwWYEVUNiq0HISrslzQPaoyS8Lotg3gFWJTsNCdOWnqpjF2xNUX2RQiP05kAbEXM6MWVjDr"
+  ```
+
+  or send to a file:
+
+  ```sh
+  $ echo "HELLO=World" > .env
+  $ dotenvx encrypt --stdout > somefile.txt
+  ```
+
+  </details>
+* <details><summary>`decrypt`</summary><br>
+
+  Decrypt the contents of an encrypted `.env` file to an unencrypted `.env` file.
+
+  ```sh
+  $ echo "HELLO=World" > .env
+  $ dotenvx encrypt
+  ✔ encrypted (.env)
+  $ dotenvx decrypt
+  ✔ decrypted (.env)
+  ```
+
+  </details>
+* <details><summary>`decrypt -f`</summary><br>
+
+  Decrypt the contents of a specified encrypted `.env` file to an unencrypted `.env` file.
+
+  ```sh
+  $ echo "HELLO=World" > .env
+  $ echo "HELLO=Production" > .env.production
+
+  $ dotenvx encrypt -f .env.production
+  ✔ encrypted (.env.production)
+  $ dotenvx decrypt -f .env.production
+  ✔ decrypted (.env.production)
+  ```
+
+  </details>
+* <details><summary>`decrypt --stdout`</summary><br>
+
+  Decrypt the contents of an encrypted `.env` file and send to stdout.
+
+  ```sh
+  $ dotenvx decrypt --stdout
+  #/-------------------[DOTENV_PUBLIC_KEY]--------------------/
+  #/            public-key encryption for .env files          /
+  #/       [how it works](https://dotenvx.com/encryption)     /
+  #/----------------------------------------------------------/
+  DOTENV_PUBLIC_KEY="034af93e93708b994c10f236c96ef88e47291066946cce2e8d98c9e02c741ced45"
+  # .env
+  HELLO="World"
+  ```
+
+  or send to a file:
+
+  ```sh
+  $ dotenvx decrypt --stdout > somefile.txt
+  ```
+
+  </details>
+
 * <details><summary>`help`</summary><br>
 
   Output help for `dotenvx`.
@@ -1162,8 +1247,9 @@ More examples
     get [options] [key]               return a single environment variable
     set [options] <KEY> <value>       set a single environment variable
     encrypt [options]                 convert .env file(s) to encrypted .env file(s)
+    decrypt [options]                 convert encrypted .env file(s) to plain .env file(s)
     pro                               🏆 pro
-    ext                               🔌 extensions
+    ext [command] [args...]           🔌 extensions
     help [command]                    display help for command
   ```
 

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "1.5.0",
+  "version": "1.6.1",
   "name": "@dotenvx/dotenvx",
   "description": "a better dotenv–from the creator of `dotenv`",
   "author": "@motdotla",
@@ -8,7 +8,10 @@
     "env"
   ],
   "homepage": "https://github.com/dotenvx/dotenvx",
-  "repository": "dotenvx/dotenvx",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/dotenvx/dotenvx.git"
+  },
   "license": "BSD-3-Clause",
   "files": [
     "src/**/*",
@@ -23,7 +26,9 @@
   "scripts": {
     "standard": "standard",
     "standard:fix": "standard --fix",
-    "test": "tap run --show-full-coverage",
+    "test": "tap run --allow-empty-coverage --disable-coverage --timeout=60000",
+    "test-coverage": "tap run --show-full-coverage --timeout=60000",
+    "test-single": "tap run --coverage-report=none tests/cli/actions/decrypt.test.js",
     "testshell": "bash shellspec",
     "prerelease": "npm test && npm run testshell",
     "release": "standard-version",
@@ -31,8 +36,6 @@
   },
   "funding": "https://dotenvx.com",
   "dependencies": {
-    "@clack/core": "^0.3.4",
-    "arch": "^2.1.1",
     "chalk": "^4.1.2",
     "commander": "^11.1.0",
     "conf": "^10.2.0",
@@ -42,11 +45,8 @@
     "execa": "^5.1.1",
     "fdir": "^6.1.1",
     "ignore": "^5.3.0",
-    "is-wsl": "^2.1.1",
     "object-treeify": "1.1.33",
-    "open": "^8.4.2",
     "picomatch": "^3.0.1",
-    "undici": "^5.28.3",
     "which": "^4.0.0",
     "winston": "^3.11.0",
     "xxhashjs": "^0.2.2"
@@ -59,7 +59,7 @@
     "sinon": "^14.0.1",
     "standard": "^17.1.0",
     "standard-version": "^9.5.0",
-    "tap": "^18.7.0"
+    "tap": "^19.2.0"
   },
   "publishConfig": {
     "access": "public",

package/src/cli/actions/decrypt.js

@@ -0,0 +1,71 @@
+const fs = require('fs')
+const { logger } = require('./../../shared/logger')
+
+const main = require('./../../lib/main')
+
+const ENCODING = 'utf8'
+
+function decrypt () {
+  const options = this.opts()
+  logger.debug(`options: ${JSON.stringify(options)}`)
+
+  // stdout - should not have a try so that exit codes can surface to stdout
+  if (options.stdout) {
+    const {
+      processedEnvFiles
+    } = main.decrypt(options.envFile, options.key)
+
+    for (const processedEnvFile of processedEnvFiles) {
+      process.stdout.write(processedEnvFile.envSrc)
+    }
+    process.exit(0) // exit early
+  } else {
+    try {
+      const {
+        processedEnvFiles,
+        changedFilepaths,
+        unchangedFilepaths
+      } = main.decrypt(options.envFile, options.key)
+
+      for (const processedEnvFile of processedEnvFiles) {
+        logger.verbose(`decrypting ${processedEnvFile.envFilepath} (${processedEnvFile.filepath})`)
+        if (processedEnvFile.error) {
+          if (processedEnvFile.error.code === 'MISSING_ENV_FILE') {
+            logger.warn(processedEnvFile.error.message)
+            logger.help(`? add one with [echo "HELLO=World" > ${processedEnvFile.envFilepath}] and re-run [dotenvx decrypt]`)
+          } else {
+            logger.warn(processedEnvFile.error.message)
+          }
+        } else if (processedEnvFile.changed) {
+          fs.writeFileSync(processedEnvFile.filepath, processedEnvFile.envSrc, ENCODING)
+
+          logger.verbose(`decrypted ${processedEnvFile.envFilepath} (${processedEnvFile.filepath})`)
+        } else {
+          logger.verbose(`no changes ${processedEnvFile.envFilepath} (${processedEnvFile.filepath})`)
+        }
+      }
+
+      if (changedFilepaths.length > 0) {
+        logger.success(`✔ decrypted (${changedFilepaths.join(',')})`)
+      } else if (unchangedFilepaths.length > 0) {
+        logger.info(`no changes (${unchangedFilepaths})`)
+      } else {
+        // do nothing - scenario when no .env files found
+      }
+    } catch (error) {
+      logger.error(error.message)
+      if (error.help) {
+        logger.help(error.help)
+      }
+      if (error.debug) {
+        logger.debug(error.debug)
+      }
+      if (error.code) {
+        logger.debug(`ERROR_CODE: ${error.code}`)
+      }
+      process.exit(1)
+    }
+  }
+}
+
+module.exports = decrypt

package/src/cli/actions/encrypt.js

@@ -7,66 +7,78 @@ const isIgnoringDotenvKeys = require('../../lib/helpers/isIgnoringDotenvKeys')
 
 const ENCODING = 'utf8'
 
-async function encrypt () {
+function encrypt () {
   const options = this.opts()
   logger.debug(`options: ${JSON.stringify(options)}`)
 
-  try {
+  // stdout - should not have a try so that exit codes can surface to stdout
+  if (options.stdout) {
     const {
-      processedEnvFiles,
-      changedFilepaths,
-      unchangedFilepaths
+      processedEnvFiles
     } = main.encrypt(options.envFile, options.key)
 
     for (const processedEnvFile of processedEnvFiles) {
-      logger.verbose(`encrypting ${processedEnvFile.envFilepath} (${processedEnvFile.filepath})`)
-      if (processedEnvFile.error) {
-        if (processedEnvFile.error.code === 'MISSING_ENV_FILE') {
-          logger.warn(processedEnvFile.error)
-          logger.help(`? add one with [echo "HELLO=World" > ${processedEnvFile.envFilepath}] and re-run [dotenvx encrypt]`)
+      process.stdout.write(processedEnvFile.envSrc)
+    }
+    process.exit(0) // exit early
+  } else {
+    try {
+      const {
+        processedEnvFiles,
+        changedFilepaths,
+        unchangedFilepaths
+      } = main.encrypt(options.envFile, options.key)
+
+      for (const processedEnvFile of processedEnvFiles) {
+        logger.verbose(`encrypting ${processedEnvFile.envFilepath} (${processedEnvFile.filepath})`)
+        if (processedEnvFile.error) {
+          if (processedEnvFile.error.code === 'MISSING_ENV_FILE') {
+            logger.warn(processedEnvFile.error.message)
+            logger.help(`? add one with [echo "HELLO=World" > ${processedEnvFile.envFilepath}] and re-run [dotenvx encrypt]`)
+          } else {
+            logger.warn(processedEnvFile.error.message)
+          }
+        } else if (processedEnvFile.changed) {
+          fs.writeFileSync(processedEnvFile.filepath, processedEnvFile.envSrc, ENCODING)
+
+          logger.verbose(`encrypted ${processedEnvFile.envFilepath} (${processedEnvFile.filepath})`)
         } else {
-          logger.warn(processedEnvFile.error)
+          logger.verbose(`no changes ${processedEnvFile.envFilepath} (${processedEnvFile.filepath})`)
         }
-      } else if (processedEnvFile.changed) {
-        fs.writeFileSync(processedEnvFile.filepath, processedEnvFile.envSrc, ENCODING)
+      }
 
-        logger.verbose(`encrypted ${processedEnvFile.envFilepath} (${processedEnvFile.filepath})`)
+      if (changedFilepaths.length > 0) {
+        logger.success(`✔ encrypted (${changedFilepaths.join(',')})`)
+      } else if (unchangedFilepaths.length > 0) {
+        logger.info(`no changes (${unchangedFilepaths})`)
       } else {
-        logger.verbose(`no changes ${processedEnvFile.envFilepath} (${processedEnvFile.filepath})`)
+        // do nothing - scenario when no .env files found
       }
-    }
 
-    if (changedFilepaths.length > 0) {
-      logger.success(`✔ encrypted (${changedFilepaths.join(',')})`)
-    } else if (unchangedFilepaths.length > 0) {
-      logger.info(`no changes (${unchangedFilepaths})`)
-    } else {
-      // do nothing - scenario when no .env files found
-    }
+      for (const processedEnvFile of processedEnvFiles) {
+        if (processedEnvFile.privateKeyAdded) {
+          logger.success(`✔ key added to .env.keys (${processedEnvFile.privateKeyName})`)
 
-    for (const processedEnvFile of processedEnvFiles) {
-      if (processedEnvFile.privateKeyAdded) {
-        logger.success(`✔ key added to .env.keys (${processedEnvFile.privateKeyName})`)
+          if (!isIgnoringDotenvKeys()) {
+            logger.help2('ℹ add .env.keys to .gitignore: [echo ".env.keys" >> .gitignore]')
+          }
 
-        if (!isIgnoringDotenvKeys()) {
-          logger.help2('ℹ add .env.keys to .gitignore: [echo ".env.keys" >> .gitignore]')
+          logger.help2(`ℹ run [${processedEnvFile.privateKeyName}='${processedEnvFile.privateKey}' dotenvx run -- yourcommand] to test decryption locally`)
         }
-
-        logger.help2(`ℹ run [${processedEnvFile.privateKeyName}='${processedEnvFile.privateKey}' dotenvx run -- yourcommand] to test decryption locally`)
       }
+    } catch (error) {
+      logger.error(error.message)
+      if (error.help) {
+        logger.help(error.help)
+      }
+      if (error.debug) {
+        logger.debug(error.debug)
+      }
+      if (error.code) {
+        logger.debug(`ERROR_CODE: ${error.code}`)
+      }
+      process.exit(1)
     }
-  } catch (error) {
-    logger.error(error.message)
-    if (error.help) {
-      logger.help(error.help)
-    }
-    if (error.debug) {
-      logger.debug(error.debug)
-    }
-    if (error.code) {
-      logger.debug(`ERROR_CODE: ${error.code}`)
-    }
-    process.exit(1)
   }
 }
 

package/src/cli/actions/ext/genexample.js

@@ -1,18 +1,10 @@
 const fs = require('fs')
 const main = require('./../../../lib/main')
 const { logger } = require('./../../../shared/logger')
-const { createSpinner } = require('./../../../shared/createSpinner')
-
-const sleep = require('./../../../lib/helpers/sleep')
-
-const spinner = createSpinner('generating')
 
 const ENCODING = 'utf8'
 
-async function genexample (directory) {
-  spinner.start()
-  await sleep(500) // better dx
-
+function genexample (directory) {
   logger.debug(`directory: ${directory}`)
 
   const options = this.opts()
@@ -34,12 +26,12 @@ async function genexample (directory) {
     fs.writeFileSync(exampleFilepath, envExampleFile, ENCODING)
 
     if (addedKeys.length > 0) {
-      spinner.succeed(`updated .env.example (${addedKeys.length})`)
+      logger.success(`updated .env.example (${addedKeys.length})`)
     } else {
-      spinner.done('no changes (.env.example)')
+      logger.blank('no changes (.env.example)')
     }
   } catch (error) {
-    spinner.fail(error.message)
+    logger.error(error.message)
     if (error.help) {
       logger.help(error.help)
     }

package/src/cli/actions/ext/gitignore.js

@@ -77,3 +77,8 @@ function gitignore () {
 }
 
 module.exports = gitignore
+module.exports.Git = Git
+module.exports.Docker = Docker
+module.exports.Npm = Npm
+module.exports.Vercel = Vercel
+module.exports.Generic = Generic

package/src/cli/actions/ext/prebuild.js

@@ -14,6 +14,7 @@ function prebuild () {
     logger.errorvpb('.dockerignore missing')
     logger.help2('? add it with [touch .dockerignore]')
     process.exit(1)
+    return
   }
 
   // 2. check .env* files against .dockerignore file

package/src/cli/actions/ext/scan.js

@@ -1,25 +1,28 @@
-const execa = require('execa')
+const childProcess = require('child_process')
 
 const { logger } = require('./../../../shared/logger')
 
-async function scan () {
+function scan () {
   const options = this.opts()
   logger.debug(`options: ${JSON.stringify(options)}`)
 
   try {
-    await execa('gitleaks', ['version'])
+    // redirect stderr to stdout to capture and ignore it
+    childProcess.execSync('gitleaks version', { stdio: ['ignore', 'pipe', 'ignore'] })
   } catch (error) {
-    logger.error('gitleaks command not found')
+    logger.error('gitleaks: command not found')
     logger.help('? install gitleaks:      [brew install gitleaks]')
     logger.help2('? other install options: [https://github.com/gitleaks/gitleaks]')
     process.exit(1)
+    return
   }
 
   try {
-    const { stderr } = await execa('gitleaks', ['detect', '-v'])
-    logger.blank(stderr) // gitleaks sends output as stderr for strange reason
+    const output = childProcess.execSync('gitleaks detect -v 2>&1', { stdio: 'pipe' }).toString() // gitleaks sends output as stderr for strange reason
+    logger.blank(output)
   } catch (error) {
     logger.error(error.message)
+
     process.exit(1)
   }
 }

package/src/cli/actions/ext/settings.js

@@ -11,13 +11,14 @@ function settings (key = null) {
   const value = main.settings(key)
 
   if (typeof value === 'object' && value !== null) {
+    let space = 0
     if (options.prettyPrint) {
-      logger.blank(JSON.stringify(value, null, 2))
-    } else {
-      logger.blank(value)
+      space = 2
     }
+
+    process.stdout.write(JSON.stringify(value, null, space))
   } else {
-    logger.blank(value)
+    process.stdout.write(value)
   }
 }
 

package/src/cli/actions/ext/vault/decrypt.js

@@ -1,17 +1,10 @@
 const fs = require('fs')
 
 const { logger } = require('./../../../../shared/logger')
-const { createSpinner } = require('./../../../../shared/createSpinner')
-const sleep = require('./../../../../lib/helpers/sleep')
 
-const Decrypt = require('./../../../../lib/services/decrypt')
-
-const spinner = createSpinner('decrypting')
-
-async function decrypt (directory) {
-  spinner.start()
-  await sleep(500) // better dx
+const VaultDecrypt = require('./../../../../lib/services/vaultDecrypt')
 
+function decrypt (directory) {
   logger.debug(`directory: ${directory}`)
 
   const options = this.opts()
@@ -22,7 +15,7 @@ async function decrypt (directory) {
       processedEnvs,
       changedFilenames,
       unchangedFilenames
-    } = new Decrypt(directory, options.environment).run()
+    } = new VaultDecrypt(directory, options.environment).run()
 
     for (const env of processedEnvs) {
       if (env.warning) {
@@ -49,12 +42,12 @@ async function decrypt (directory) {
     }
 
     if (changedMsg.length > 0) {
-      spinner.succeed(`${changedMsg} ${unchangedMsg}`)
+      logger.success(`${changedMsg} ${unchangedMsg}`)
     } else {
-      spinner.done(`${unchangedMsg}`)
+      logger.blank(`${unchangedMsg}`)
     }
   } catch (error) {
-    spinner.fail(error.message)
+    logger.error(error.message)
     if (error.help) {
       logger.help(error.help)
     }

package/src/cli/actions/ext/vault/encrypt.js

@@ -3,16 +3,9 @@ const path = require('path')
 
 const main = require('./../../../../lib/main')
 const { logger } = require('./../../../../shared/logger')
-const { createSpinner } = require('./../../../../shared/createSpinner')
-const sleep = require('./../../../../lib/helpers/sleep')
 const pluralize = require('./../../../../lib/helpers/pluralize')
 
-const spinner = createSpinner('encrypting')
-
-async function encrypt (directory) {
-  spinner.start()
-  await sleep(500) // better dx
-
+function encrypt (directory) {
   logger.debug(`directory: ${directory}`)
 
   const options = this.opts()
@@ -50,14 +43,14 @@ async function encrypt (directory) {
     fs.writeFileSync(path.resolve(directory, '.env.vault'), dotenvVaultFile)
 
     if (addedDotenvFilenames.length > 0) {
-      spinner.succeed(`encrypted to .env.vault (${addedDotenvFilenames})`)
+      logger.success(`encrypted to .env.vault (${addedDotenvFilenames})`)
       logger.help2('ℹ commit .env.vault to code: [git commit -am ".env.vault"]')
     } else {
-      spinner.done(`no changes (${envFile})`)
+      logger.blank(`no changes (${envFile})`)
     }
 
     if (addedKeys.length > 0) {
-      spinner.succeed(`${pluralize('key', addedKeys.length)} added to .env.keys (${addedKeys})`)
+      logger.success(`${pluralize('key', addedKeys.length)} added to .env.keys (${addedKeys})`)
     }
 
     if (addedVaults.length > 0) {
@@ -68,7 +61,7 @@ async function encrypt (directory) {
       logger.help2(`ℹ run [DOTENV_KEY='${tryKey}' dotenvx run -- yourcommand] to test decryption locally`)
     }
   } catch (error) {
-    spinner.fail(error.message)
+    logger.error(error.message)
     if (error.help) {
       logger.help(error.help)
     }