eenv

A nodejs library to manage encrypted configuration files.

eenv provides a library and an utility to manage encrypted configuration files for your nodejs applications.

eenv uses two keys to encrypt (AES) a development and a production configuration file. You can share the development key with your co-workers while keeping the production key secret between you and your server (or PaaS). Both configuration files can be checked in to your VCS (e.g.: git) and distribuited along with your application's code.

Why?

• Committing cleartext access credentials and secret tokens in VCS repositories sucks;
• it's best practice to store them in the environment;
• we can't share the environment with co-workers / syadmins without using 3rd party tools that are either insecure (emails, USB memory sticks), introduce too much overhead (encrypted emails) or that are not built for this purpose (e.g. Passpack);
• we can't load ".env" files without using 3rd party non-nodejs tools (Foreman) and this is a bad thing when using tools such as Nodejitsu's Haibu.

Install

npm install eenv

Use

0. Generate one or more AES keys and put them in ~/.eenv/, the key in ~/.eenv/default.key is used by default
1. Manage your configuration files with eenv.js

  Usage: eenv.js [options]

  Options:

    -h, --help                                           output usage information
    -V, --version                                        output the version number
    --print                                              decrypt and print a configuration file
    --print-shell                                        decrypt and print a configuration file in a bash-friendly format
    -c, --config <config/development.json>               path to a configuration file (will be created if does not exist)
    -k, --keyfile <default.key>                          specify a keyfile to use (256bit AES key) - path is relative to ~/.eenv/
    -e, --env <.env>                                     foreman/bash-like .env file to import
    -s, --set <NAME1>=<value1>[, <NAME2>=<value2>, ...]  set one or more configuration item
    -r, --remove <NAME>                                  remove one configuration item

2. Load the configuration into your app (see example/). eenv automatically loads the configuration file based on the NODE_ENV variable.

var eenv = require('eenv');

eenv.loadSync();
console.log(process.config);

Examples

EXAMPLE 1 Creating a configuration file importing an existing .env and setting an additional parameter

$ eenv.js --config config/development.json --key development.key --env .env --set FOO=bar

EXAMPLE 2 Updating an item in a production configuration file with

$ eenv.js --config config/production.json --key production-myproject.key --set DATABASE_URL=https://my-new-db:5984/prod1/

API

Synchronous

eenv.loadSync([options])

Loads a configuration file into process.config.

Options is an object with the following properties:

• production: path to the production configuration (defaults to 'config/production.json')
• development: path to the development configuration (defaults to 'config/development.json')
• keyfile: path to the key file to use to decrypt the env (defaults to process.env.HOME + '/.eenv/default.key')

This method will throw an Error if something bad occurs (bad key, env or key file not found, ...).

ToDo

• Cleanup
• Tests
• Async (?)

License

Copyright (c) 2013, PlasticPanda All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.