dotsec 0.3.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +43 -3
- package/dist/cli.js +92 -44494
- package/dist/cli.js.map +3 -3
- package/dist/esm/cli.js +91 -44515
- package/dist/esm/cli.js.map +3 -3
- package/package.json +2 -3
package/README.md
CHANGED
|
@@ -4,12 +4,55 @@ Secure dot env. Encrypts your .env so you can safely store it in your project.
|
|
|
4
4
|
|
|
5
5
|
## Usage
|
|
6
6
|
|
|
7
|
+
### Execute a command and use the values of a .env file in its environment
|
|
8
|
+
|
|
9
|
+
```sh
|
|
10
|
+
npx dotsec --env-file .env {command}
|
|
11
|
+
```
|
|
12
|
+
|
|
13
|
+
This command also supports injecting AWS assumed role credentials into the process environment.
|
|
14
|
+
|
|
15
|
+
You can specify the ARN of the role to assume in three ways:
|
|
16
|
+
|
|
17
|
+
- By adding the `--aws-assume-role-arn` flag
|
|
18
|
+
- By setting the `AWS_ASSUME_ROLE_ARN` environment variable
|
|
19
|
+
- By adding the `AWS_ASSUME_ROLE_ARN` environment variable to your target `.env` file
|
|
20
|
+
|
|
21
|
+
#### By adding the `--aws-assume-role-arn` flag
|
|
22
|
+
|
|
23
|
+
```sh
|
|
24
|
+
npx dotsec --env-file .env --aws-assume-role-arn arn:aws:iam::123456789012:role/special-role {command}
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
#### By setting the `AWS_ASSUME_ROLE_ARN` environment variable
|
|
28
|
+
|
|
29
|
+
```sh
|
|
30
|
+
AWS_ASSUME_ROLE_ARN=arn:aws:iam::123456789012:role/special-role npx dotsec --env-file .env {command}
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
#### By adding the `AWS_ASSUME_ROLE_ARN` environment variable to your target `.env` file
|
|
34
|
+
|
|
35
|
+
...
|
|
36
|
+
AWS_ASSUME_ROLE_ARN=arn:aws:iam::123456789012:role/special-role
|
|
37
|
+
...
|
|
38
|
+
|
|
39
|
+
```sh
|
|
40
|
+
npx dotsec --env-file .env {command}
|
|
41
|
+
```
|
|
42
|
+
|
|
43
|
+
#### Secure usage
|
|
7
44
|
|
|
8
45
|
Create a user managed AWS KMS key, add an alias. Refer to the AWS documentation for [creating keys](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) and [managing aliases](https://docs.aws.amazon.com/kms/latest/developerguide/alias-manage.html#alias-create)
|
|
9
46
|
|
|
10
47
|
> the default key alias is set to `alias/top-secret`
|
|
11
48
|
|
|
49
|
+
### Execute a command and use the decrypted values of a .sec file in its environment
|
|
12
50
|
|
|
51
|
+
```sh
|
|
52
|
+
npx dotsec {command}
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
#### Other commands
|
|
13
56
|
|
|
14
57
|
### Encrypting a `.env` file into a `.sec` file
|
|
15
58
|
|
|
@@ -33,7 +76,6 @@ npx dotsec node index.js
|
|
|
33
76
|
|
|
34
77
|
### Encrypting a `secrets.json` file into a `secrets.encrypted.json` file
|
|
35
78
|
|
|
36
|
-
|
|
37
79
|
```sh
|
|
38
80
|
npx dotsec encrypt-secrets-json
|
|
39
81
|
```
|
|
@@ -50,7 +92,6 @@ npx dotsec decrypt-secrets-json
|
|
|
50
92
|
npx dotsec offload-secrets-json-to-ssm
|
|
51
93
|
```
|
|
52
94
|
|
|
53
|
-
|
|
54
95
|
### FAQ
|
|
55
96
|
|
|
56
97
|
#### Is it safe to commit a `.sec` file alongside your code?
|
|
@@ -60,4 +101,3 @@ Yes it is. The encryption key is managed by AWS, as long as you audit which prin
|
|
|
60
101
|
#### Should I use this in production?
|
|
61
102
|
|
|
62
103
|
We do, however, since this package is relatively new, I don't think you should.
|
|
63
|
-
|