@dotenvx/dotenvx 1.59.1 → 1.60.1

package/src/lib/helpers/detectEncodingSync.js

@@ -0,0 +1,22 @@
+const fs = require('fs')
+
+function detectEncodingSync (filepath) {
+  const buffer = fs.readFileSync(filepath)
+
+  // check for UTF-16LE BOM (Byte Order Mark)
+  if (buffer.length >= 2 && buffer[0] === 0xFF && buffer[1] === 0xFE) {
+    return 'utf16le'
+  }
+
+  /* c8 ignore start */
+  // check for UTF-8 BOM
+  if (buffer.length >= 3 && buffer[0] === 0xEF && buffer[1] === 0xBB && buffer[2] === 0xBF) {
+    return 'utf8'
+  }
+
+  /* c8 ignore stop */
+
+  return 'utf8'
+}
+
+module.exports = detectEncodingSync

package/src/lib/helpers/errors.js

@@ -13,6 +13,7 @@ const ISSUE_BY_CODE = {
   MISPAIRED_PRIVATE_KEY: 'https://github.com/dotenvx/dotenvx/issues/752',
   MISSING_DIRECTORY: 'https://github.com/dotenvx/dotenvx/issues/758',
   MISSING_ENV_FILE: 'https://github.com/dotenvx/dotenvx/issues/484',
+  MISSING_ENV_KEYS_FILE: 'https://github.com/dotenvx/dotenvx/issues/775',
   MISSING_ENV_FILES: 'https://github.com/dotenvx/dotenvx/issues/760',
   MISSING_KEY: 'https://github.com/dotenvx/dotenvx/issues/759',
   MISSING_LOG_LEVEL: 'must be valid log level',
@@ -25,6 +26,7 @@ class Errors {
   constructor (options = {}) {
     this.filepath = options.filepath
     this.envFilepath = options.envFilepath
+    this.envKeysFilepath = options.envKeysFilepath
 
     this.key = options.key
     this.privateKey = options.privateKey
@@ -202,6 +204,19 @@ class Errors {
     return e
   }
 
+  missingEnvKeysFile () {
+    const code = 'MISSING_ENV_KEYS_FILE'
+    const envKeysFilepath = this.envKeysFilepath || '.env.keys'
+    const message = `[${code}] missing file (${envKeysFilepath})`
+    const help = `fix: [${ISSUE_BY_CODE[code]}]`
+
+    const e = new Error(message)
+    e.code = code
+    e.help = help
+    e.messageWithHelp = `${message}. ${help}`
+    return e
+  }
+
   missingEnvFiles () {
     const code = 'MISSING_ENV_FILES'
     const message = `[${code}] no .env* files found`

package/src/lib/helpers/fsx.js

@@ -2,7 +2,15 @@ const fs = require('fs')
 
 const ENCODING = 'utf8'
 
-function readFileX (filepath, encoding = null) {
+async function readFileX (filepath, encoding = null) {
+  if (!encoding) {
+    encoding = ENCODING
+  }
+
+  return fs.promises.readFile(filepath, encoding)
+}
+
+function readFileXSync (filepath, encoding = null) {
   if (!encoding) {
     encoding = ENCODING
   }
@@ -10,12 +18,26 @@ function readFileX (filepath, encoding = null) {
   return fs.readFileSync(filepath, encoding) // utf8 default so it returns a string
 }
 
-function writeFileX (filepath, str) {
+function writeFileXSync (filepath, str) {
   return fs.writeFileSync(filepath, str, ENCODING) // utf8 always
 }
 
+async function writeFileX (filepath, str) {
+  return fs.promises.writeFile(filepath, str, ENCODING)
+}
+
+async function exists (filepath) {
+  try {
+    await fs.promises.access(filepath)
+    return true
+  } catch (_e) {
+    return false
+  }
+}
+
 const fsx = {
   chmodSync: fs.chmodSync,
+  exists,
   existsSync: fs.existsSync,
   readdirSync: fs.readdirSync,
   readFileSync: fs.readFileSync,
@@ -24,7 +46,9 @@ const fsx = {
 
   // fsx special commands
   readFileX,
-  writeFileX
+  readFileXSync,
+  writeFileX,
+  writeFileXSync
 }
 
 module.exports = fsx

package/src/lib/helpers/installPrecommitHook.js

@@ -55,12 +55,12 @@ class InstallPrecommitHook {
   }
 
   _currentHook () {
-    return fsx.readFileX(this.hookPath)
+    return fsx.readFileXSync(this.hookPath)
   }
 
   _createHook () {
     // If the pre-commit file doesn't exist, create a new one with the hookScript
-    fsx.writeFileX(this.hookPath, HOOK_SCRIPT)
+    fsx.writeFileXSync(this.hookPath, HOOK_SCRIPT)
     fsx.chmodSync(this.hookPath, '755') // Make the file executable
   }
 

package/src/lib/helpers/isIgnoringDotenvKeys.js

@@ -6,7 +6,7 @@ function isIgnoringDotenvKeys () {
     return false
   }
 
-  const gitignore = fsx.readFileX('.gitignore')
+  const gitignore = fsx.readFileXSync('.gitignore')
   const ig = ignore(gitignore).add(gitignore)
 
   if (!ig.ignores('.env.keys')) {

package/src/lib/helpers/keyResolution/index.js

@@ -1,13 +1,15 @@
 module.exports = {
   keyNames: require('./keyNames'),
   keyValues: require('./keyValues'),
+  keyValuesSync: require('./keyValuesSync'),
 
   // private
-  // private keys are resolved via keyValues()
+  // private keys are resolved via keyValuesSync()
 
   // other
   readProcessKey: require('./readProcessKey'),
   readFileKey: require('./readFileKey'),
+  readFileKeySync: require('./readFileKeySync'),
   guessPrivateKeyFilename: require('./../guessPrivateKeyFilename'),
   dotenvPrivateKeyNames: require('./../dotenvPrivateKeyNames')
 }

package/src/lib/helpers/keyResolution/keyValues.js

@@ -7,15 +7,15 @@ const readProcessKey = require('./readProcessKey')
 const readFileKey = require('./readFileKey')
 const opsKeypair = require('../cryptography/opsKeypair')
 
-function invertForPrivateKeyName (filepath) {
+async function invertForPrivateKeyName (filepath) {
   const PUBLIC_KEY_SCHEMA = 'DOTENV_PUBLIC_KEY'
   const PRIVATE_KEY_SCHEMA = 'DOTENV_PRIVATE_KEY'
 
-  if (!fsx.existsSync(filepath)) {
+  if (!(await fsx.exists(filepath))) {
     return null
   }
 
-  const envSrc = fsx.readFileX(filepath)
+  const envSrc = await fsx.readFileX(filepath)
   const envParsed = dotenvParse(envSrc)
 
   let publicKeyName
@@ -32,9 +32,9 @@ function invertForPrivateKeyName (filepath) {
   return null
 }
 
-function keyValues (filepath, opts = {}) {
+async function keyValues (filepath, opts = {}) {
   let keysFilepath = opts.keysFilepath || null
-  const opsOn = opts.opsOn === true
+  const noOps = opts.noOps === true
   const names = keyNames(filepath)
   const publicKeyName = names.publicKeyName // DOTENV_PUBLIC_KEY_${ENVIRONMENT}
   let privateKeyName = names.privateKeyName // DOTENV_PRIVATE_KEY_${ENVIRONMENT}
@@ -45,7 +45,7 @@ function keyValues (filepath, opts = {}) {
   // public key: process.env first, then .env*
   publicKey = readProcessKey(publicKeyName)
   if (!publicKey) {
-    publicKey = readFileKey(publicKeyName, filepath) || null
+    publicKey = await readFileKey(publicKeyName, filepath) || null
   }
 
   // private key: process.env first, then .env.keys, then invert public key
@@ -57,28 +57,28 @@ function keyValues (filepath, opts = {}) {
       keysFilepath = path.resolve(path.dirname(filepath), '.env.keys') // typical scenario
     }
 
-    privateKey = readFileKey(privateKeyName, keysFilepath)
+    privateKey = await readFileKey(privateKeyName, keysFilepath)
   }
   // invert
   if (!privateKey) {
-    privateKeyName = invertForPrivateKeyName(filepath)
+    privateKeyName = await invertForPrivateKeyName(filepath)
     if (privateKeyName) {
       privateKey = readProcessKey(privateKeyName)
       if (!privateKey) {
-        privateKey = readFileKey(privateKeyName, keysFilepath)
+        privateKey = await readFileKey(privateKeyName, keysFilepath)
       }
     }
   }
 
   // ops
-  if (opsOn && !privateKey && publicKey && publicKey.length > 0) {
-    const kp = opsKeypair(publicKey)
+  if (!noOps && !privateKey && publicKey && publicKey.length > 0) {
+    const kp = await opsKeypair(publicKey)
     privateKey = kp.privateKey
   }
 
   return {
     publicKeyValue: publicKey || null, // important to make sure name is rendered
-    privateKeyValue: privateKey || null // importan to make sure name is rendered
+    privateKeyValue: privateKey || null // important to make sure name is rendered
   }
 }
 

package/src/lib/helpers/keyResolution/keyValuesSync.js

@@ -0,0 +1,85 @@
+const path = require('path')
+
+const fsx = require('./../fsx')
+const dotenvParse = require('./../dotenvParse')
+const keyNames = require('./keyNames')
+const readProcessKey = require('./readProcessKey')
+const readFileKeySync = require('./readFileKeySync')
+const opsKeypairSync = require('../cryptography/opsKeypairSync')
+
+function invertForPrivateKeyName (filepath) {
+  const PUBLIC_KEY_SCHEMA = 'DOTENV_PUBLIC_KEY'
+  const PRIVATE_KEY_SCHEMA = 'DOTENV_PRIVATE_KEY'
+
+  if (!fsx.existsSync(filepath)) {
+    return null
+  }
+
+  const envSrc = fsx.readFileXSync(filepath)
+  const envParsed = dotenvParse(envSrc)
+
+  let publicKeyName
+  for (const keyName of Object.keys(envParsed)) {
+    if (keyName === PUBLIC_KEY_SCHEMA || keyName.startsWith(PUBLIC_KEY_SCHEMA)) {
+      publicKeyName = keyName // find DOTENV_PUBLIC_KEY* in filename
+    }
+  }
+
+  if (publicKeyName) {
+    return publicKeyName.replace(PUBLIC_KEY_SCHEMA, PRIVATE_KEY_SCHEMA) // return inverted (DOTENV_PUBLIC_KEY* -> DOTENV_PRIVATE_KEY*) if found
+  }
+
+  return null
+}
+
+function keyValuesSync (filepath, opts = {}) {
+  let keysFilepath = opts.keysFilepath || null
+  const noOps = opts.noOps === true
+  const names = keyNames(filepath)
+  const publicKeyName = names.publicKeyName // DOTENV_PUBLIC_KEY_${ENVIRONMENT}
+  let privateKeyName = names.privateKeyName // DOTENV_PRIVATE_KEY_${ENVIRONMENT}
+
+  let publicKey = null
+  let privateKey = null
+
+  // public key: process.env first, then .env*
+  publicKey = readProcessKey(publicKeyName)
+  if (!publicKey) {
+    publicKey = readFileKeySync(publicKeyName, filepath) || null
+  }
+
+  // private key: process.env first, then .env.keys, then invert public key
+  privateKey = readProcessKey(privateKeyName)
+  if (!privateKey) {
+    if (keysFilepath) { // user specified -fk flag
+      keysFilepath = path.resolve(keysFilepath)
+    } else {
+      keysFilepath = path.resolve(path.dirname(filepath), '.env.keys') // typical scenario
+    }
+
+    privateKey = readFileKeySync(privateKeyName, keysFilepath)
+  }
+  // invert
+  if (!privateKey) {
+    privateKeyName = invertForPrivateKeyName(filepath)
+    if (privateKeyName) {
+      privateKey = readProcessKey(privateKeyName)
+      if (!privateKey) {
+        privateKey = readFileKeySync(privateKeyName, keysFilepath)
+      }
+    }
+  }
+
+  // ops
+  if (!noOps && !privateKey && publicKey && publicKey.length > 0) {
+    const kp = opsKeypairSync(publicKey)
+    privateKey = kp.privateKey
+  }
+
+  return {
+    publicKeyValue: publicKey || null, // important to make sure name is rendered
+    privateKeyValue: privateKey || null // important to make sure name is rendered
+  }
+}
+
+module.exports = keyValuesSync

package/src/lib/helpers/keyResolution/readFileKey.js

@@ -1,14 +1,16 @@
 const fsx = require('./../fsx')
 const dotenvParse = require('./../dotenvParse')
 
-function readFileKey (keyName, filepath) {
-  if (fsx.existsSync(filepath)) {
-    const src = fsx.readFileX(filepath)
-    const parsed = dotenvParse(src)
-
-    if (parsed[keyName] && parsed[keyName].length > 0) {
-      return parsed[keyName]
-    }
+async function readFileKey (keyName, filepath) {
+  if (!(await fsx.exists(filepath))) {
+    return undefined
+  }
+
+  const src = await fsx.readFileX(filepath)
+  const parsed = dotenvParse(src)
+
+  if (parsed[keyName] && parsed[keyName].length > 0) {
+    return parsed[keyName]
   }
 }
 

package/src/lib/helpers/keyResolution/readFileKeySync.js

@@ -0,0 +1,15 @@
+const fsx = require('./../fsx')
+const dotenvParse = require('./../dotenvParse')
+
+function readFileKeySync (keyName, filepath) {
+  if (fsx.existsSync(filepath)) {
+    const src = fsx.readFileXSync(filepath)
+    const parsed = dotenvParse(src)
+
+    if (parsed[keyName] && parsed[keyName].length > 0) {
+      return parsed[keyName]
+    }
+  }
+}
+
+module.exports = readFileKeySync

package/src/lib/helpers/kits/sample.js

@@ -1,35 +1,23 @@
 const SAMPLE_ENV_KIT = `
 HELLO="Dotenvx"
 
-# ── Database ─────────────────────────────────────
+# ── Hosting ──────────────────────────────────────
+AWS_ACCESS_KEY_ID="xxxx"
+AWS_SECRET_ACCESS_KEY="xxxx"
 DATABASE_URL="postgresql://postgres:pass@db.ref.supabase.co:5432/postgres"
+VERCEL_TOKEN="vcp_xxxx"
 
-# ── Auth ─────────────────────────────────────────
-AUTH0_CLIENT_ID="xxxx"
-AUTH0_CLIENT_SECRET="xxxx"
-
-# ── AI / LLM ────────────────────────────────────
+# ── AI ───────────────────────────────────────────
 OPENAI_API_KEY="sk-xxxx"
 ANTHROPIC_API_KEY="sk-ant-xxxx"
 
-# ── Email ────────────────────────────────────────
+# ── Infrastructure ───────────────────────────────
+AUTH0_CLIENT_ID="xxxx"
+AUTH0_CLIENT_SECRET="xxxx"
 RESEND_API_KEY="re_xxxx"
-
-# ── Cloud Storage ────────────────────────────────
-AWS_ACCESS_KEY_ID="xxxx"
-AWS_SECRET_ACCESS_KEY="xxxx"
-
-# ── Analytics / Monitoring ───────────────────────
-SENTRY_DSN="https://hex@o1234.ingest.us.sentry.io/1234567"
-
-# ── Payments ─────────────────────────────────────
 STRIPE_API_KEY="sk_test_xxxx"
-
-# ── Feature Flags ────────────────────────────────
 FLAGSMITH_ENV_ID="xxxx"
-
-# ── CI/CD / Deployment ──────────────────────────
-VERCEL_TOKEN="vcp_xxxx"
+SENTRY_DSN="https://hex@o1234.ingest.us.sentry.io/1234567"
 `.trimStart()
 
 module.exports = SAMPLE_ENV_KIT

package/src/lib/main.d.ts

@@ -151,7 +151,12 @@ export interface DotenvConfigOptions {
    * Turn off Dotenvx Ops features - https://dotenvx.com/ops
    *
    * @default false
-   * @example require('@dotenvx/dotenvx').config({ opsOff: true })
+   * @example require('@dotenvx/dotenvx').config({ noOps: true })
+   */
+  noOps?: boolean;
+
+  /**
+   * @deprecated use `noOps` instead.
    */
   opsOff?: boolean;
 }
@@ -210,7 +215,12 @@ export interface SetOptions {
    * Turn off Dotenvx Ops features - https://dotenvx.com/ops
    *
    * @default false
-   * @example require('@dotenvx/dotenvx').set(key, value, { opsOff: true })
+   * @example require('@dotenvx/dotenvx').set(key, value, { noOps: true })
+   */
+  noOps?: boolean;
+
+  /**
+   * @deprecated use `noOps` instead.
    */
   opsOff?: boolean;
 }
@@ -225,7 +235,8 @@ export type SetProcessedEnv = {
   encryptedValue?: string;
   publicKey?: string;
   privateKey?: string;
-  privateKeyAdded?: boolean;
+  localPrivateKeyAdded?: boolean;
+  remotePrivateKeyAdded?: boolean;
   privateKeyName?: string;
   error?: Error;
 };
@@ -285,7 +296,12 @@ export interface GetOptions {
    * Turn off Dotenvx Ops features - https://dotenvx.com/ops
    *
    * @default false
-   * @example require('@dotenvx/dotenvx').get('KEY', { opsOff: true })
+   * @example require('@dotenvx/dotenvx').get('KEY', { noOps: true })
+   */
+  noOps?: boolean;
+
+  /**
+   * @deprecated use `noOps` instead.
    */
   opsOff?: boolean;
 }

package/src/lib/main.js

@@ -12,6 +12,7 @@ const Sets = require('./services/sets')
 const Get = require('./services/get')
 const Keypair = require('./services/keypair')
 const Genexample = require('./services/genexample')
+const Session = require('./../db/session')
 
 // helpers
 const buildEnvs = require('./helpers/buildEnvs')
@@ -39,27 +40,22 @@ const config = function (options = {}) {
   // envKeysFile
   const envKeysFile = options.envKeysFile
 
-  // dotenvx-ops related
-  const opsOn = options.opsOff !== true
-
   if (options) {
     setLogLevel(options)
     setLogName(options)
     setLogVersion(options)
   }
 
+  // dotenvx-ops related
+  const noOps = resolveNoOps(options)
+
   try {
     const envs = buildEnvs(options)
     const {
       processedEnvs,
       readableFilepaths,
       uniqueInjectedKeys
-    } = new Run(envs, overload, processEnv, envKeysFile, opsOn).run()
-
-    if (opsOn) {
-      // removed radar feature for now. contact me at mot@dotenvx.com if still needed for your organization.
-      // try { new Ops().observe({ beforeEnv, processedEnvs, afterEnv }) } catch {}
-    }
+    } = new Run(envs, overload, processEnv, envKeysFile, noOps).runSync()
 
     let lastError
     /** @type {Record<string, string>} */
@@ -169,13 +165,13 @@ const set = function (key, value, options = {}) {
 
   const envs = buildEnvs(options)
   const envKeysFilepath = options.envKeysFile
-  const opsOn = options.opsOff !== true
+  const noOps = resolveNoOps(options)
 
   const {
     processedEnvs,
     changedFilepaths,
     unchangedFilepaths
-  } = new Sets(key, value, envs, encrypt, envKeysFilepath, opsOn).run()
+  } = new Sets(key, value, envs, encrypt, envKeysFilepath, noOps).runSync()
 
   let withEncryption = ''
 
@@ -191,15 +187,23 @@ const set = function (key, value, options = {}) {
       const message = error.messageWithHelp || (error.help ? `${error.message}. ${error.help}` : error.message)
       logger.warn(message)
     } else {
-      fsx.writeFileX(processedEnv.filepath, processedEnv.envSrc)
+      fsx.writeFileXSync(processedEnv.filepath, processedEnv.envSrc)
 
       logger.verbose(`${processedEnv.key} set${withEncryption} (${processedEnv.envFilepath})`)
       logger.debug(`${processedEnv.key} set${withEncryption} to ${processedEnv.value} (${processedEnv.envFilepath})`)
     }
   }
 
-  const keyAddedEnv = processedEnvs.find((processedEnv) => processedEnv.privateKeyAdded)
-  const keyAddedSuffix = keyAddedEnv ? ` + key (${localDisplayPath(keyAddedEnv.envKeysFilepath)})` : ''
+  let keyAddedSuffix = ''
+  const localKeyAddedEnv = processedEnvs.find((processedEnv) => processedEnv.localPrivateKeyAdded)
+  const remoteKeyAddedEnv = processedEnvs.find((processedEnv) => processedEnv.remotePrivateKeyAdded)
+
+  if (localKeyAddedEnv) {
+    keyAddedSuffix = ` + key (${localDisplayPath(localKeyAddedEnv.envKeysFilepath)})`
+  }
+  if (remoteKeyAddedEnv) {
+    keyAddedSuffix = ' + key ⛨'
+  }
 
   if (changedFilepaths.length > 0) {
     if (encrypt) {
@@ -207,11 +211,11 @@ const set = function (key, value, options = {}) {
     } else {
       logger.success(`◇ set ${key} (${changedFilepaths.join(',')})`)
     }
-  } else if (encrypt && keyAddedEnv) {
-    const keyAddedEnvFilepath = keyAddedEnv.envFilepath || changedFilepaths[0] || '.env'
+  } else if (encrypt && localKeyAddedEnv) {
+    const keyAddedEnvFilepath = localKeyAddedEnv.envFilepath || changedFilepaths[0] || '.env'
     logger.success(`◈ encrypted ${key} (${keyAddedEnvFilepath})${keyAddedSuffix}`)
   } else if (unchangedFilepaths.length > 0) {
-    logger.info(`○ no changes (${unchangedFilepaths})`)
+    logger.info(`○ no change (${unchangedFilepaths})`)
   } else {
     // do nothing
   }
@@ -228,12 +232,12 @@ const set = function (key, value, options = {}) {
 /* @type {import('./main').get} */
 const get = function (key, options = {}) {
   const envs = buildEnvs(options)
-  const opsOn = options.opsOff !== true
+  const noOps = resolveNoOps(options)
 
   // ignore
   const ignore = options.ignore || []
 
-  const { parsed, errors } = new Get(key, envs, options.overload, options.all, options.envKeysFile, opsOn).run()
+  const { parsed, errors } = new Get(key, envs, options.overload, options.all, options.envKeysFile, noOps).runSync()
 
   for (const error of errors || []) {
     if (ignore.includes(error.code)) {
@@ -286,9 +290,8 @@ const genexample = function (directory, envFile) {
 }
 
 /** @type {import('./main').keypair} */
-const keypair = function (envFile, key, envKeysFile = null, opsOff = false) {
-  const opsOn = opsOff !== true
-  const keypairs = new Keypair(envFile, envKeysFile, opsOn).run()
+const keypair = function (envFile, key, envKeysFile = null, noOps = false) {
+  const keypairs = new Keypair(envFile, envKeysFile, noOps).runSync()
   if (key) {
     return keypairs[key]
   } else {
@@ -296,6 +299,11 @@ const keypair = function (envFile, key, envKeysFile = null, opsOff = false) {
   }
 }
 
+function resolveNoOps (options = {}) {
+  const sesh = new Session()
+  return options.noOps === true || options.opsOff === true || sesh.noOpsSync()
+}
+
 module.exports = {
   // dotenv proxies
   config,

package/src/lib/services/decrypt.js

@@ -25,19 +25,19 @@ const dotenvParse = require('./../helpers/dotenvParse')
 const detectEncoding = require('./../helpers/detectEncoding')
 
 class Decrypt {
-  constructor (envs = [], key = [], excludeKey = [], envKeysFilepath = null, opsOn = false) {
+  constructor (envs = [], key = [], excludeKey = [], envKeysFilepath = null, noOps = false) {
     this.envs = determine(envs, process.env)
     this.key = key
     this.excludeKey = excludeKey
     this.envKeysFilepath = envKeysFilepath
-    this.opsOn = opsOn
+    this.noOps = noOps
 
     this.processedEnvs = []
     this.changedFilepaths = new Set()
     this.unchangedFilepaths = new Set()
   }
 
-  run () {
+  async run () {
     // example
     // envs [
     //   { type: 'envFile', value: '.env' }
@@ -51,7 +51,7 @@ class Decrypt {
 
     for (const env of this.envs) {
       if (env.type === TYPE_ENV_FILE) {
-        this._decryptEnvFile(env.value)
+        await this._decryptEnvFile(env.value)
       }
     }
 
@@ -62,7 +62,7 @@ class Decrypt {
     }
   }
 
-  _decryptEnvFile (envFilepath) {
+  async _decryptEnvFile (envFilepath) {
     const row = {}
     row.keys = []
     row.type = TYPE_ENV_FILE
@@ -72,12 +72,12 @@ class Decrypt {
     row.envFilepath = envFilepath
 
     try {
-      const encoding = detectEncoding(filepath)
-      let envSrc = fsx.readFileX(filepath, { encoding })
+      const encoding = await detectEncoding(filepath)
+      let envSrc = await fsx.readFileX(filepath, { encoding })
       const envParsed = dotenvParse(envSrc)
 
       const { privateKeyName } = keyNames(envFilepath)
-      const { privateKeyValue } = keyValues(envFilepath, { keysFilepath: this.envKeysFilepath, opsOn: this.opsOn })
+      const { privateKeyValue } = await keyValues(envFilepath, { keysFilepath: this.envKeysFilepath, noOps: this.noOps })
 
       row.privateKey = privateKeyValue
       row.privateKeyName = privateKeyName