dotsec 0.1.1 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +71 -1
- package/dist/cli.js +638 -124
- package/dist/cli.js.map +3 -3
- package/dist/esm/cli.js +639 -121
- package/dist/esm/cli.js.map +3 -3
- package/package.json +12 -3
package/README.md
CHANGED
|
@@ -1,3 +1,73 @@
|
|
|
1
1
|
# dotsec
|
|
2
2
|
|
|
3
|
-
Secure dot env.
|
|
3
|
+
Secure dot env. Encrypts your .env so you can safely store it in your project.
|
|
4
|
+
|
|
5
|
+
## Usage
|
|
6
|
+
|
|
7
|
+
### Execute a command and use the values of a .env file in its environment
|
|
8
|
+
|
|
9
|
+
```sh
|
|
10
|
+
npx dotsec --env-file .env {command}
|
|
11
|
+
```
|
|
12
|
+
|
|
13
|
+
#### Secure usage
|
|
14
|
+
|
|
15
|
+
Create a user managed AWS KMS key, add an alias. Refer to the AWS documentation for [creating keys](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) and [managing aliases](https://docs.aws.amazon.com/kms/latest/developerguide/alias-manage.html#alias-create)
|
|
16
|
+
|
|
17
|
+
> the default key alias is set to `alias/top-secret`
|
|
18
|
+
|
|
19
|
+
### Execute a command and use the decrypted values of a .sec file in its environment
|
|
20
|
+
|
|
21
|
+
```sh
|
|
22
|
+
npx dotsec {command}
|
|
23
|
+
```
|
|
24
|
+
|
|
25
|
+
#### Other commands
|
|
26
|
+
|
|
27
|
+
### Encrypting a `.env` file into a `.sec` file
|
|
28
|
+
|
|
29
|
+
```sh
|
|
30
|
+
npx dotsec encrypt-env
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
### Decrypting a `.sec` file into a `.env` file
|
|
34
|
+
|
|
35
|
+
```sh
|
|
36
|
+
npx dotsec decrypt-env
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
### Using a `.sec` file as environment variables
|
|
40
|
+
|
|
41
|
+
```sh
|
|
42
|
+
npx dotsec node index.js
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
## Using json secrets
|
|
46
|
+
|
|
47
|
+
### Encrypting a `secrets.json` file into a `secrets.encrypted.json` file
|
|
48
|
+
|
|
49
|
+
```sh
|
|
50
|
+
npx dotsec encrypt-secrets-json
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
### Decrypting a `secrets.encrypted.json` file into a `secrets.json` file
|
|
54
|
+
|
|
55
|
+
```sh
|
|
56
|
+
npx dotsec decrypt-secrets-json
|
|
57
|
+
```
|
|
58
|
+
|
|
59
|
+
### Offload a `secrets.encrypted.json` file to SSM
|
|
60
|
+
|
|
61
|
+
```sh
|
|
62
|
+
npx dotsec offload-secrets-json-to-ssm
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
### FAQ
|
|
66
|
+
|
|
67
|
+
#### Is it safe to commit a `.sec` file alongside your code?
|
|
68
|
+
|
|
69
|
+
Yes it is. The encryption key is managed by AWS, as long as you audit which principals can encrypt and decrypt you're good.
|
|
70
|
+
|
|
71
|
+
#### Should I use this in production?
|
|
72
|
+
|
|
73
|
+
We do, however, since this package is relatively new, I don't think you should.
|