npm - envspot - Versions diffs - 0.1.0 → 0.1.1 - Mend

envspot 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +75 -14
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -1,26 +1,87 @@
-# EnvSpot CLI (`envspot`)
+# envspot
-Minimal reference for the **`login` · `link` · `run`** surface. Full command reference: **[`../docs/cli-reference.md`](../docs/cli-reference.md)**. Historical SD-02 sequence + rationale: **[`../docs/historical/SD-02-cli-sequence.md`](../docs/historical/SD-02-cli-sequence.md)**.
+Encrypted environment variables for your team, managed from the command line.
-## Trust model (matches SD-01 §8 / SD-02 §7)
+`envspot` is the command-line client for [EnvSpot](https://envspot.com). Link a
+directory to a project, pull your secrets straight into a process, and keep
+`.env` files off disk and out of git.
-- **Plaintext secrets** — only in process memory during `run`, after **`GET /api/cli/decrypt`** over TLS. Nothing is written to disk as a secret bundle.
-- **No DEK / no master key on the client** — unwrap and decrypt happen server-side.
-- **`.envspot.json`** — project id + environment label only; safe to commit unless you treat the project id as sensitive.
-- **Token** — stored with **keytar** (OS keychain); on **401** / `token_invalid`, `run` clears the stored credential and exits **4** so you re-`login`.
+This package is the CLI. EnvSpot is also a hosted platform — a web dashboard for
+projects, environments, team access, audit history, and syncing secrets to your
+deploy targets — at [envspot.com](https://envspot.com).
-## User-Agent
+## Install
-All requests send **`User-Agent: envspot-cli/<semver>`** (`cli/src/config.ts`) for server-side audits (SD-01 §5.2).
+```bash
+npm install -g envspot
+```
+Or run it without installing:
-## Resolved product choices
+```bash
+npx envspot <command>
+```
-Exit codes, retries, **403** tier responses, and operational note on auth-tag / decrypt failures: **[`../docs/historical/sd-open-questions-resolved.md`](../docs/historical/sd-open-questions-resolved.md)**.
+Requires Node.js 18 or newer.
-## Build
+## Quick start
 ```bash
-cd cli && npm ci && npm run build
+envspot init                # create + link a project, import your .env, start your dev server
+envspot login               # sign in via browser device pairing
+envspot link                # link this directory to a project + environment
+envspot run -- npm start    # run a command with your secrets injected as env vars
 ```
-Bin: **`envspot`** → **`./dist/index.js`**.
+## Commands
+| Command           | What it does                                                                            |
+| ----------------- | --------------------------------------------------------------------------------------- |
+| `init`            | Create a project from this directory, link it, import `.env`, and start your dev server |
+| `login`           | Sign in via browser device pairing, or store an API key for token login                 |
+| `logout`          | Remove the stored credential                                                            |
+| `link`            | Write `./.envspot.json` (project id + environment)                                      |
+| `run -- <cmd>`    | Run a command with the linked project's secrets injected as environment variables       |
+| `dump`            | Print the linked project's secrets as `KEY=value` to stdout (nothing written to disk)   |
+| `set <key> <val>` | Set one secret for the linked project                                                   |
+| `unset <key>`     | Delete one secret                                                                       |
+| `status`          | Show the API/app URL and your credential + link state                                   |
+| `whoami`          | Show the signed-in user, workspace, and active link or token scope                      |
+| `fly deploy`      | Stage the linked project's secrets to Fly.io and deploy                                 |
+Run `envspot help` or `envspot <command> --help` for full options.
+## Integrations
+EnvSpot syncs your secrets to your deployment targets so you set a value once and
+it lands everywhere. Supported targets: **GitHub Actions, Vercel, Render, Railway,
+and Fly.io** — connected and managed in the [dashboard](https://envspot.com).
+`fly deploy` is the one target you can push to directly from the CLI; the rest
+sync automatically once connected in the dashboard.
+## Configuration
+| Variable        | Purpose                                                      |
+| --------------- | ------------------------------------------------------------ |
+| `ENVSPOT_TOKEN` | API key for non-interactive / CI use (skips the OS keychain) |
+## How your secrets are handled
+- **Decryption happens server-side.** No master key or data-encryption key ever
+  lives on your machine.
+- **Plaintext secrets stay in memory.** `run` holds them only for the lifetime of
+  the child process; nothing is written to disk as a secret bundle.
+- **Your credential lives in the OS keychain**, not a plaintext file. On an expired
+  or revoked token, the CLI clears it and asks you to sign in again.
+- **`.envspot.json` is safe to commit** — it holds only the project id and
+  environment label, never secrets.
+## Links
+- Website: https://envspot.com
+- Issues: https://github.com/EnvSpot/envspot/issues
+## License
+MIT

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "envspot",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "CLI for envspot — encrypted environment variables for your team",
   "license": "MIT",
   "author": "EnvSpot",