varcrypt 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +89 -0
  2. package/package.json +17 -16
package/README.md ADDED
@@ -0,0 +1,89 @@
1
+ # varcrypt
2
+
3
+ CLI for [VarCrypt](https://varcrypt.vercel.app) — pull AES-256-GCM encrypted environment variables from the cloud directly into your terminal.
4
+
5
+ ## Requirements
6
+
7
+ Node.js 18 or later.
8
+
9
+ ## Installation
10
+
11
+ ```bash
12
+ npm install -g varcrypt
13
+ ```
14
+
15
+ ## Quick start
16
+
17
+ **1. Generate an API token**
18
+
19
+ Go to **VarCrypt → Settings → API Tokens** and create a new token. Copy the `vc_…` value — it's only shown once.
20
+
21
+ **2. Save the token locally**
22
+
23
+ ```bash
24
+ varcrypt login
25
+ # Paste your API token:
26
+ ```
27
+
28
+ The token is stored in `~/.varcrypt/config.json`.
29
+
30
+ **3. Pull secrets**
31
+
32
+ ```bash
33
+ varcrypt pull <project-slug> <environment>
34
+ ```
35
+
36
+ Example:
37
+
38
+ ```bash
39
+ varcrypt pull my-app production
40
+ # DATABASE_URL=postgres://...
41
+ # API_KEY=sk-...
42
+ ```
43
+
44
+ Pipe directly into a process:
45
+
46
+ ```bash
47
+ env $(varcrypt pull my-app production) node server.js
48
+ ```
49
+
50
+ Or source as shell exports:
51
+
52
+ ```bash
53
+ source <(varcrypt pull my-app production --output export)
54
+ ```
55
+
56
+ ## Commands
57
+
58
+ ### `varcrypt login`
59
+
60
+ Prompts for an API token and saves it to `~/.varcrypt/config.json`.
61
+
62
+ ### `varcrypt pull <project> <env> [options]`
63
+
64
+ Prints secrets for the given project and environment as `KEY=value` lines.
65
+
66
+ | Option | Description |
67
+ |---|---|
68
+ | `--output export` | Print as `export KEY="value"` instead of `KEY=value` |
69
+ | `--host <url>` | Override the API host (default: `http://localhost:3000`) |
70
+
71
+ The `--host` flag is useful for self-hosted deployments:
72
+
73
+ ```bash
74
+ varcrypt pull my-app staging --host https://varcrypt.example.com
75
+ ```
76
+
77
+ ## How it works
78
+
79
+ Secrets are encrypted with AES-256-GCM at rest. The CLI sends your API token in the `Authorization` header; the server decrypts and returns the plaintext values over HTTPS. Your token is scoped to a single organization — it cannot read secrets from other organizations.
80
+
81
+ ## Security
82
+
83
+ - Tokens are stored in `~/.varcrypt/config.json` with default file permissions. Protect this file like you would an SSH key.
84
+ - Always pull over HTTPS in production. The default `localhost:3000` host is intended for local development only.
85
+ - Rotate tokens in the VarCrypt dashboard if one is compromised.
86
+
87
+ ## License
88
+
89
+ MIT
package/package.json CHANGED
@@ -1,16 +1,17 @@
1
- {
2
- "name": "varcrypt",
3
- "version": "0.1.0",
4
- "description": "CLI for VarCrypt — pull encrypted secrets from the cloud",
5
- "type": "module",
6
- "bin": {
7
- "varcrypt": "./index.mjs"
8
- },
9
- "engines": {
10
- "node": ">=18"
11
- },
12
- "files": [
13
- "index.mjs"
14
- ],
15
- "license": "MIT"
16
- }
1
+ {
2
+ "name": "varcrypt",
3
+ "version": "0.1.2",
4
+ "description": "CLI for VarCrypt — pull encrypted secrets from the cloud",
5
+ "type": "module",
6
+ "bin": {
7
+ "varcrypt": "index.mjs"
8
+ },
9
+ "engines": {
10
+ "node": ">=18"
11
+ },
12
+ "files": [
13
+ "index.mjs",
14
+ "README.md"
15
+ ],
16
+ "license": "MIT"
17
+ }