@dotenvx/dotenvx 1.55.1 → 1.57.0

package/src/cli/dotenvx.js

@@ -13,6 +13,9 @@ const executeDynamic = require('./../lib/helpers/executeDynamic')
 const removeDynamicHelpSection = require('./../lib/helpers/removeDynamicHelpSection')
 const removeOptionsHelpParts = require('./../lib/helpers/removeOptionsHelpParts')
 
+const Session = require('./../db/session')
+const sesh = new Session()
+
 // for use with run
 const envs = []
 function collectEnvs (type) {
@@ -68,12 +71,11 @@ program.command('run')
   .option('-e, --env <strings...>', 'environment variable(s) set as string (example: "HELLO=World")', collectEnvs('env'), [])
   .option('-f, --env-file <paths...>', 'path(s) to your env file(s)', collectEnvs('envFile'), [])
   .option('-fk, --env-keys-file <path>', 'path to your .env.keys file (default: same path as your env file)')
-  .option('-fv, --env-vault-file <paths...>', 'path(s) to your .env.vault file(s)', collectEnvs('envVaultFile'), [])
   .option('-o, --overload', 'override existing env variables (by default, existing env vars take precedence over .env files)')
   .option('--strict', 'process.exit(1) on any errors', false)
   .option('--convention <name>', 'load a .env convention (available conventions: [\'nextjs\', \'flow\'])')
   .option('--ignore <errorCodes...>', 'error code(s) to ignore (example: --ignore=MISSING_ENV_FILE)')
-  .option('--ops-off', 'disable dotenvx-ops features', false)
+  .option('--ops-off', 'disable dotenvx-ops features', sesh.opsOff())
   .action(function (...args) {
     this.envs = envs
     runAction.apply(this, args)
@@ -88,15 +90,15 @@ program.command('get')
   .option('-e, --env <strings...>', 'environment variable(s) set as string (example: "HELLO=World")', collectEnvs('env'), [])
   .option('-f, --env-file <paths...>', 'path(s) to your env file(s)', collectEnvs('envFile'), [])
   .option('-fk, --env-keys-file <path>', 'path to your .env.keys file (default: same path as your env file)')
-  .option('-fv, --env-vault-file <paths...>', 'path(s) to your .env.vault file(s)', collectEnvs('envVaultFile'), [])
   .option('-o, --overload', 'override existing env variables (by default, existing env vars take precedence over .env files)')
   .option('--strict', 'process.exit(1) on any errors', false)
   .option('--convention <name>', 'load a .env convention (available conventions: [\'nextjs\', \'flow\'])')
   .option('--ignore <errorCodes...>', 'error code(s) to ignore (example: --ignore=MISSING_ENV_FILE)')
   .option('-a, --all', 'include all machine envs as well')
   .option('-pp, --pretty-print', 'pretty print output')
+  .option('--pp', 'pretty print output (alias)')
   .option('--format <type>', 'format of the output (json, shell, eval)', 'json')
-  .option('--ops-off', 'disable dotenvx-ops features', false)
+  .option('--ops-off', 'disable dotenvx-ops features', sesh.opsOff())
   .action(function (...args) {
     this.envs = envs
     getAction.apply(this, args)
@@ -106,7 +108,7 @@ program.command('get')
 const setAction = require('./actions/set')
 program.command('set')
   .usage('<KEY> <value> [options]')
-  .description('set a single environment variable')
+  .description('encrypt a single environment variable')
   .addHelpText('after', examples.set)
   .allowUnknownOption()
   .argument('KEY', 'KEY')
@@ -115,7 +117,7 @@ program.command('set')
   .option('-fk, --env-keys-file <path>', 'path to your .env.keys file (default: same path as your env file)')
   .option('-c, --encrypt', 'encrypt value', true)
   .option('-p, --plain', 'store value as plain text', false)
-  .option('--ops-off', 'disable dotenvx-ops features', false)
+  .option('--ops-off', 'disable dotenvx-ops features', sesh.opsOff())
   .action(function (...args) {
     this.envs = envs
     setAction.apply(this, args)
@@ -129,7 +131,7 @@ program.command('encrypt')
   .option('-fk, --env-keys-file <path>', 'path to your .env.keys file (default: same path as your env file)')
   .option('-k, --key <keys...>', 'keys(s) to encrypt (default: all keys in file)')
   .option('-ek, --exclude-key <excludeKeys...>', 'keys(s) to exclude from encryption (default: none)')
-  .option('--ops-off', 'disable dotenvx-ops features', false)
+  .option('--ops-off', 'disable dotenvx-ops features', sesh.opsOff())
   .option('--stdout', 'send to stdout')
   .action(function (...args) {
     this.envs = envs
@@ -144,13 +146,28 @@ program.command('decrypt')
   .option('-fk, --env-keys-file <path>', 'path to your .env.keys file (default: same path as your env file)')
   .option('-k, --key <keys...>', 'keys(s) to decrypt (default: all keys in file)')
   .option('-ek, --exclude-key <excludeKeys...>', 'keys(s) to exclude from decryption (default: none)')
-  .option('--ops-off', 'disable dotenvx-ops features', false)
+  .option('--ops-off', 'disable dotenvx-ops features', sesh.opsOff())
   .option('--stdout', 'send to stdout')
   .action(function (...args) {
     this.envs = envs
     decryptAction.apply(this, args)
   })
 
+// dotenvx rotate
+const rotateAction = require('./actions/rotate')
+program.command('rotate')
+  .description('rotate keypair(s) and re-encrypt .env file(s)')
+  .option('-f, --env-file <paths...>', 'path(s) to your env file(s)', collectEnvs('envFile'), [])
+  .option('-fk, --env-keys-file <path>', 'path to your .env.keys file (default: same path as your env file)')
+  .option('-k, --key <keys...>', 'keys(s) to encrypt (default: all keys in file)')
+  .option('-ek, --exclude-key <excludeKeys...>', 'keys(s) to exclude from encryption (default: none)')
+  .option('--ops-off', 'disable dotenvx-ops features', sesh.opsOff())
+  .option('--stdout', 'send to stdout')
+  .action(function (...args) {
+    this.envs = envs
+    rotateAction.apply(this, args)
+  })
+
 // dotenvx keypair
 const keypairAction = require('./actions/keypair')
 program.command('keypair')
@@ -159,8 +176,9 @@ program.command('keypair')
   .argument('[KEY]', 'environment variable key name')
   .option('-f, --env-file <paths...>', 'path(s) to your env file(s)')
   .option('-fk, --env-keys-file <path>', 'path to your .env.keys file (default: same path as your env file)')
-  .option('--ops-off', 'disable dotenvx-ops features', false)
+  .option('--ops-off', 'disable dotenvx-ops features', sesh.opsOff())
   .option('-pp, --pretty-print', 'pretty print output')
+  .option('--pp', 'pretty print output (alias)')
   .option('--format <type>', 'format of the output (json, shell)', 'json')
   .action(keypairAction)
 
@@ -173,21 +191,6 @@ program.command('ls')
   .option('-ef, --exclude-env-file <excludeFilenames...>', 'path(s) to exclude from your env file(s) (default: none)')
   .action(lsAction)
 
-// dotenvx rotate
-const rotateAction = require('./actions/rotate')
-program.command('rotate')
-  .description('rotate keypair(s) and re-encrypt .env file(s)')
-  .option('-f, --env-file <paths...>', 'path(s) to your env file(s)', collectEnvs('envFile'), [])
-  .option('-fk, --env-keys-file <path>', 'path to your .env.keys file (default: same path as your env file)')
-  .option('-k, --key <keys...>', 'keys(s) to encrypt (default: all keys in file)')
-  .option('-ek, --exclude-key <excludeKeys...>', 'keys(s) to exclude from encryption (default: none)')
-  .option('--ops-off', 'disable dotenvx-ops features', false)
-  .option('--stdout', 'send to stdout')
-  .action(function (...args) {
-    this.envs = envs
-    rotateAction.apply(this, args)
-  })
-
 // dotenvx help
 program.command('help [command]')
   .description('display help for command')
@@ -249,7 +252,8 @@ program.helpInformation = function () {
   const filteredLines = lines.filter(line =>
     !line.includes('DEPRECATED') &&
     !line.includes('help [command]') &&
-    !line.includes('🔌 extensions')
+    !line.includes('🔌 extensions') &&
+    !/^\s*ls\b/.test(line)
   )
 
   return filteredLines.join('\n')

package/src/cli/examples.js

@@ -66,11 +66,11 @@ Examples:
   $ dotenvx ext gitignore --pattern .env.keys
   \`\`\`
 
-Try it:
+  Try it:
 
   \`\`\`
   $ dotenvx ext gitignore
-  ✔ ignored .env* (.gitignore)
+  ▣ ignored .env* (.gitignore)
   \`\`\`
   `
 }

package/src/db/session.js

@@ -0,0 +1,21 @@
+const Ops = require('./../lib/extensions/ops')
+
+class Session {
+  constructor () {
+    this.ops = new Ops()
+    this.opsStatus = this.ops.status()
+  }
+
+  //
+  // opsOff/On
+  //
+  opsOn () {
+    return this.opsStatus === 'on'
+  }
+
+  opsOff () {
+    return !this.opsOn()
+  }
+}
+
+module.exports = Session

package/src/lib/extensions/ops.js

@@ -0,0 +1,98 @@
+const path = require('path')
+const childProcess = require('child_process')
+
+// const { logger } = require('./../../shared/logger')
+
+class Ops {
+  constructor () {
+    this.opsLib = null
+
+    if (this._isForcedOff()) {
+      return
+    }
+
+    // check npm lib
+    try { this.opsLib = this._opsNpm() } catch (_e) {}
+
+    // check binary cli
+    if (!this.opsLib) {
+      try { this.opsLib = this._opsCli() } catch (_e) {}
+    }
+
+    if (this.opsLib) {
+      // logger.successv(`🛡️ ops: ${this.opsLib.status()}`)
+    }
+  }
+
+  status () {
+    if (this._isForcedOff() || !this.opsLib) {
+      return 'off'
+    }
+
+    return this.opsLib.status()
+  }
+
+  keypair (publicKey) {
+    if (this._isForcedOff() || !this.opsLib) {
+      return {}
+    }
+
+    return this.opsLib.keypair(publicKey)
+  }
+
+  observe (payload) {
+    if (!this._isForcedOff() && this.opsLib && this.opsLib.status() !== 'off') {
+      const encoded = Buffer.from(JSON.stringify(payload)).toString('base64')
+      this.opsLib.observe(encoded)
+    }
+  }
+
+  //
+  // private
+  //
+  _opsNpm () {
+    const npmBin = path.resolve(process.cwd(), 'node_modules/.bin/dotenvx-ops')
+    return this._opsLib(npmBin)
+  }
+
+  _opsCli () {
+    return this._opsLib('dotenvx-ops')
+  }
+
+  _opsLib (binary) {
+    childProcess.execFileSync(binary, ['--version'], { stdio: ['pipe', 'pipe', 'ignore'] })
+
+    return {
+      status: () => {
+        return childProcess.execFileSync(binary, ['status'], { stdio: ['pipe', 'pipe', 'ignore'] }).toString().trim()
+      },
+      keypair: (publicKey) => {
+        const args = ['keypair']
+        if (publicKey) {
+          args.push(publicKey)
+        }
+        const output = childProcess.execFileSync(binary, args, { stdio: ['pipe', 'pipe', 'ignore'] }).toString().trim()
+        const parsed = JSON.parse(output.toString())
+        return parsed
+      },
+      observe: (encoded) => {
+        try {
+          const subprocess = childProcess.spawn(binary, ['observe', encoded], {
+            stdio: 'ignore',
+            detached: true
+          })
+
+          subprocess.unref() // let it run independently
+        } catch (e) {
+          // noop
+        }
+      }
+    }
+  }
+
+  _isForcedOff () {
+    return process.env.DOTENVX_OPS_OFF === 'true'
+  }
+}
+
+module.exports = Ops

package/src/lib/helpers/buildEnvs.js

@@ -1,10 +1,7 @@
-const path = require('path')
-
 const conventions = require('./conventions')
 const dotenvOptionPaths = require('./dotenvOptionPaths')
-const DeprecationNotice = require('./deprecationNotice')
 
-function buildEnvs (options, DOTENV_KEY = undefined) {
+function buildEnvs (options) {
   // build envs using user set option.path
   const optionPaths = dotenvOptionPaths(options) // [ '.env' ]
 
@@ -13,18 +10,8 @@ function buildEnvs (options, DOTENV_KEY = undefined) {
     envs = conventions(options.convention).concat(envs)
   }
 
-  new DeprecationNotice({ DOTENV_KEY }).dotenvKey() // DEPRECATION NOTICE
-
   for (const optionPath of optionPaths) {
-    // if DOTENV_KEY is set then assume we are checking envVaultFile
-    if (DOTENV_KEY) {
-      envs.push({
-        type: 'envVaultFile',
-        value: path.join(path.dirname(optionPath), '.env.vault')
-      })
-    } else {
-      envs.push({ type: 'envFile', value: optionPath })
-    }
+    envs.push({ type: 'envFile', value: optionPath })
   }
 
   return envs

package/src/lib/helpers/{decryptKeyValue.js → cryptography/decryptKeyValue.js}

@@ -1,6 +1,6 @@
 const { decrypt } = require('eciesjs')
 
-const Errors = require('./errors')
+const Errors = require('./../errors')
 
 const PREFIX = 'encrypted:'
 

package/src/lib/helpers/cryptography/index.js

@@ -0,0 +1,14 @@
+module.exports = {
+  opsKeypair: require('./opsKeypair'),
+  localKeypair: require('./localKeypair'),
+  encryptValue: require('./encryptValue'),
+  decryptKeyValue: require('./decryptKeyValue'),
+  isEncrypted: require('./isEncrypted'),
+  isPublicKey: require('./isPublicKey'),
+  provision: require('./provision'),
+  provisionWithPrivateKey: require('./provisionWithPrivateKey'),
+  mutateSrc: require('./mutateSrc'),
+
+  // other
+  isFullyEncrypted: require('./../isFullyEncrypted')
+}

package/src/lib/helpers/{isPublicKey.js → cryptography/isPublicKey.js}

@@ -1,6 +1,6 @@
 const PUBLIC_KEY_PATTERN = /^DOTENV_PUBLIC_KEY/
 
-function isPublicKey (key, value) {
+function isPublicKey (key) {
   return PUBLIC_KEY_PATTERN.test(key)
 }
 

package/src/lib/helpers/{keypair.js → cryptography/localKeypair.js}

@@ -1,6 +1,6 @@
 const { PrivateKey } = require('eciesjs')
 
-function keypair (existingPrivateKey) {
+function localKeypair (existingPrivateKey) {
   let kp
 
   if (existingPrivateKey) {
@@ -18,4 +18,4 @@ function keypair (existingPrivateKey) {
   }
 }
 
-module.exports = keypair
+module.exports = localKeypair

package/src/lib/helpers/cryptography/mutateKeysSrc.js

@@ -0,0 +1,38 @@
+const FIRST_TIME_KEYS_SRC = [
+  '#/------------------!DOTENV_PRIVATE_KEYS!-------------------/',
+  '#/ private decryption keys. DO NOT commit to source control /',
+  '#/     [how it works](https://dotenvx.com/encryption)       /',
+  // '#/           backup with: `dotenvx ops backup`              /',
+  '#/----------------------------------------------------------/'
+].join('\n')
+
+const path = require('path')
+const fsx = require('./../fsx')
+
+function mutateKeysSrc ({ envFilepath, keysFilepath, privateKeyName, privateKeyValue }) {
+  const filename = path.basename(envFilepath)
+  const filepath = path.resolve(envFilepath)
+  let resolvedKeysFilepath = path.join(path.dirname(filepath), '.env.keys')
+  if (keysFilepath) {
+    resolvedKeysFilepath = path.resolve(keysFilepath)
+  }
+  const appendPrivateKey = [`# ${filename}`, `${privateKeyName}=${privateKeyValue}`, ''].join('\n')
+
+  let keysSrc = ''
+  if (fsx.existsSync(resolvedKeysFilepath)) {
+    keysSrc = fsx.readFileX(resolvedKeysFilepath)
+  }
+  keysSrc = keysSrc.length > 1 ? keysSrc : `${FIRST_TIME_KEYS_SRC}\n`
+  keysSrc = `${keysSrc}\n${appendPrivateKey}`
+
+  fsx.writeFileX(resolvedKeysFilepath, keysSrc) // TODO: don't write if ops
+
+  const envKeysFilepath = keysFilepath || path.join(path.dirname(envFilepath), path.basename(resolvedKeysFilepath))
+
+  return {
+    keysSrc,
+    envKeysFilepath
+  }
+}
+
+module.exports = mutateKeysSrc

package/src/lib/helpers/cryptography/mutateSrc.js

@@ -0,0 +1,24 @@
+const path = require('path')
+const preserveShebang = require('./../preserveShebang')
+const prependPublicKey = require('./../prependPublicKey')
+
+function mutateSrc ({ envSrc, envFilepath, keysFilepath, publicKeyName, publicKeyValue }) {
+  const filename = path.basename(envFilepath)
+  const filepath = path.resolve(envFilepath)
+  let resolvedKeysFilepath = path.join(path.dirname(filepath), '.env.keys')
+  if (keysFilepath) {
+    resolvedKeysFilepath = path.resolve(keysFilepath)
+  }
+  const relativeFilepath = path.relative(path.dirname(filepath), resolvedKeysFilepath)
+
+  const ps = preserveShebang(envSrc)
+  const prependedPublicKey = prependPublicKey(publicKeyName, publicKeyValue, filename, relativeFilepath)
+
+  envSrc = `${ps.firstLinePreserved}${prependedPublicKey}\n${ps.envSrc}`
+
+  return {
+    envSrc
+  }
+}
+
+module.exports = mutateSrc

package/src/lib/helpers/cryptography/opsKeypair.js

@@ -0,0 +1,14 @@
+const Ops = require('../../extensions/ops')
+
+function opsKeypair (existingPublicKey) {
+  const kp = new Ops().keypair(existingPublicKey)
+  const publicKey = kp.public_key
+  const privateKey = kp.private_key
+
+  return {
+    publicKey,
+    privateKey
+  }
+}
+
+module.exports = opsKeypair

package/src/lib/helpers/cryptography/provision.js

@@ -0,0 +1,47 @@
+const mutateSrc = require('./mutateSrc')
+const mutateKeysSrc = require('./mutateKeysSrc')
+const opsKeypair = require('./opsKeypair')
+const localKeypair = require('./localKeypair')
+const { keyNames } = require('../keyResolution')
+
+function provision ({ envSrc, envFilepath, keysFilepath, opsOn }) {
+  opsOn = opsOn === true
+  const { publicKeyName, privateKeyName } = keyNames(envFilepath)
+
+  let publicKey
+  let privateKey
+  let keysSrc
+  let envKeysFilepath
+  let privateKeyAdded = false
+
+  if (opsOn) {
+    const kp = opsKeypair()
+    publicKey = kp.publicKey
+    privateKey = kp.privateKey
+  } else {
+    const kp = localKeypair()
+    publicKey = kp.publicKey
+    privateKey = kp.privateKey
+  }
+
+  const mutated = mutateSrc({ envSrc, envFilepath, keysFilepath, publicKeyName, publicKeyValue: publicKey })
+  envSrc = mutated.envSrc
+
+  if (!opsOn) {
+    const mutated = mutateKeysSrc({ envFilepath, keysFilepath, privateKeyName, privateKeyValue: privateKey })
+    keysSrc = mutated.keysSrc
+    envKeysFilepath = mutated.envKeysFilepath
+    privateKeyAdded = true
+  }
+
+  return {
+    envSrc,
+    keysSrc,
+    publicKey,
+    privateKey,
+    privateKeyAdded,
+    envKeysFilepath
+  }
+}
+
+module.exports = provision

package/src/lib/helpers/cryptography/provisionWithPrivateKey.js

@@ -0,0 +1,26 @@
+const Errors = require('./../errors')
+const mutateSrc = require('./mutateSrc')
+const localKeypair = require('./localKeypair')
+
+function provisionWithPrivateKey ({ envSrc, envFilepath, keysFilepath, privateKeyValue, publicKeyValue, publicKeyName }) {
+  const { publicKey, privateKey } = localKeypair(privateKeyValue) // opsOn doesn't matter here since privateKeyValue was already discovered prior (via ops and local) and passed as privateKeyValue
+
+  // if derivation doesn't match what's in the file (or preset in env)
+  if (publicKeyValue && publicKeyValue !== publicKey) {
+    throw new Errors({ publicKey, publicKeyExisting: publicKeyValue }).mispairedPrivateKey()
+  }
+
+  // scenario when encrypting a monorepo second .env file from a prior generated -fk .env.keys file
+  if (!publicKeyValue) {
+    const mutated = mutateSrc({ envSrc, envFilepath, keysFilepath, publicKeyName, publicKeyValue: publicKey })
+    envSrc = mutated.envSrc
+  }
+
+  return {
+    envSrc,
+    publicKey,
+    privateKey
+  }
+}
+
+module.exports = provisionWithPrivateKey

package/src/lib/helpers/envResolution/determine.js

@@ -0,0 +1,46 @@
+const dotenvPrivateKeyNames = require('./../dotenvPrivateKeyNames')
+const guessPrivateKeyFilename = require('./../guessPrivateKeyFilename')
+
+const TYPE_ENV_FILE = 'envFile'
+const DEFAULT_ENVS = [{ type: TYPE_ENV_FILE, value: '.env' }]
+
+function envsFromDotenvPrivateKey (privateKeyNames) {
+  const envs = []
+
+  for (const privateKeyName of privateKeyNames) {
+    const filename = guessPrivateKeyFilename(privateKeyName)
+    envs.push({ type: TYPE_ENV_FILE, value: filename })
+  }
+
+  return envs
+}
+
+function determine (envs = [], processEnv) {
+  const privateKeyNames = dotenvPrivateKeyNames(processEnv)
+  if (!envs || envs.length <= 0) {
+    // if process.env.DOTENV_PRIVATE_KEY or process.env.DOTENV_PRIVATE_KEY_${environment} is set, assume inline encryption methodology
+    if (privateKeyNames.length > 0) {
+      return envsFromDotenvPrivateKey(privateKeyNames)
+    }
+
+    return DEFAULT_ENVS // default to .env file expectation
+  } else {
+    let fileAlreadySpecified = false
+
+    for (const env of envs) {
+      if (env.type === TYPE_ENV_FILE) {
+        fileAlreadySpecified = true
+      }
+    }
+
+    // return early since envs array objects already contain 1 .env file
+    if (fileAlreadySpecified) {
+      return envs
+    }
+
+    // no .env file specified as a flag so default to .env
+    return [...DEFAULT_ENVS, ...envs]
+  }
+}
+
+module.exports = determine

package/src/lib/helpers/{guessEnvironment.js → envResolution/environment.js}

@@ -1,7 +1,7 @@
 const path = require('path')
 
-function guessEnvironment (filepath) {
-  const filename = path.basename(filepath)
+function environment (filepath) {
+  const filename = path.basename(filepath).toLowerCase()
 
   const parts = filename.split('.')
   const possibleEnvironmentList = [...parts.slice(2)]
@@ -17,13 +17,11 @@ function guessEnvironment (filepath) {
     return possibleEnvironmentList[0]
   }
 
-  if (
-    possibleEnvironmentList.length === 2
-  ) {
+  if (possibleEnvironmentList.length === 2) {
     return possibleEnvironmentList.join('_')
   }
 
   return possibleEnvironmentList.slice(0, 2).join('_')
 }
 
-module.exports = guessEnvironment
+module.exports = environment

package/src/lib/helpers/envResolution/index.js

@@ -0,0 +1,8 @@
+module.exports = {
+  buildEnvs: require('./../buildEnvs'),
+  determine: require('./determine'),
+  findEnvFiles: require('./../findEnvFiles'),
+  dotenvOptionPaths: require('./../dotenvOptionPaths'),
+  environment: require('./environment'),
+  conventions: require('./../conventions')
+}

package/src/lib/helpers/errors.js

@@ -8,6 +8,8 @@ class Errors {
     this.key = options.key
     this.privateKey = options.privateKey
     this.privateKeyName = options.privateKeyName
+    this.publicKey = options.publicKey
+    this.publicKeyExisting = options.publicKeyExisting
     this.command = options.command
 
     this.message = options.message
@@ -55,6 +57,17 @@ class Errors {
     return e
   }
 
+  mispairedPrivateKey () {
+    const code = 'MISPAIRED_PRIVATE_KEY'
+    const message = `[${code}] private key's derived public key (${truncate(this.publicKey)}) does not match the existing public key (${truncate(this.publicKeyExisting)})`
+    const help = `[${code}] https://github.com/dotenvx/dotenvx/issues/752`
+
+    const e = new Error(message)
+    e.code = code
+    e.help = help
+    return e
+  }
+
   looksWrongPrivateKey () {
     const code = 'WRONG_PRIVATE_KEY'
     const message = `[${code}] could not decrypt ${this.key} using private key '${this.privateKeyName}=${truncate(this.privateKey)}'`

package/src/lib/helpers/executeDynamic.js

@@ -23,20 +23,17 @@ function executeDynamic (program, command, rawArgs) {
   const result = childProcess.spawnSync(`dotenvx-${command}`, forwardedArgs, { stdio: 'inherit', env })
   if (result.error) {
     if (command === 'ops') {
-      const ops = ` _______________________________________________________________________
-|                                                                       |
-|  dotenvx-ops: production grade dotenvx–with operational primitives    |
-|                                                                       |
-|  ░▒▓██████▓▒░░▒▓███████▓▒░ ░▒▓███████▓▒░                              |
-| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░                                     |
-| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░                                     |
-| ░▒▓█▓▒░░▒▓█▓▒░▒▓███████▓▒░ ░▒▓██████▓▒░                               |
-| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░             ░▒▓█▓▒░                              |
-| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░             ░▒▓█▓▒░                              |
-|  ░▒▓██████▓▒░░▒▓█▓▒░      ░▒▓███████▓▒░                               |
-|                                                                       |
-|  Learn more at https://dotenvx.com/ops                                |
-|_______________________________________________________________________|`
+      const ops = ` ___________________________________________________________________
+|                                                                   |
+|   ██████╗ ██████╗ ███████╗                                        |
+|  ██╔═══██╗██╔══██╗██╔════╝                                        |
+|  ██║   ██║██████╔╝███████╗                                        |
+|  ██║   ██║██╔═══╝ ╚════██║                                        |
+|  ╚██████╔╝██║     ███████║                                        |
+|   ╚═════╝ ╚═╝     ╚══════╝                                        |
+|                                                                   |
+|  Learn more at [https://dotenvx.com/ops]                          |
+|___________________________________________________________________|`
 
       console.log(ops)
       console.log('')

package/src/lib/helpers/findEnvFiles.js

@@ -1,6 +1,6 @@
 const fsx = require('./fsx')
 
-const RESERVED_ENV_FILES = ['.env.vault', '.env.project', '.env.keys', '.env.me', '.env.x', '.env.example']
+const RESERVED_ENV_FILES = ['.env.project', '.env.keys', '.env.me', '.env.x', '.env.example']
 
 function findEnvFiles (directory) {
   try {