Releases: BronzonTech-Cloud/bun-secure-env
Releases · BronzonTech-Cloud/bun-secure-env
Release list
Initial Release
A production-grade encrypted environment loader for the Bun runtime. Stop committing plaintext secrets — encrypt your .env files with AES-256-GCM and load them with full Zod type-safety on startup.
Features
- AES-256-GCM Encryption — Authenticated encryption with unique 12-byte IVs per run. Any tampering with the vault file is detected and rejected before decryption.
- Zod Schema Validation — Define your environment shape with Zod. Missing or invalid fields throw a typed
SchemaErrorat startup, not at runtime. - Environment Profiles — Supports
BUN_ENV-based overlays (e.g..env.production.vaultoverrides.env.vault), making multi-environment setups seamless. - Zero Memory Footprint — Raw key bytes are immediately zero-filled after being imported into the WebCrypto engine, preventing key material from persisting in heap memory.
- Native Bun API — No Node.js shims. Built on
Bun.file,Bun.write, andcrypto.subtle.
Install
bun add bun-secure-envQuick Start
import { createEnv, z } from "bun-secure-env";
export const env = await createEnv({
schema: {
PORT: z.coerce.number().default(3000),
DATABASE_URL: z.string().url(),
DEBUG: z.preprocess((v) => v === "true", z.boolean().default(false)),
},
});Set VAULT_KEY in your environment and run encryptEnv() once to generate your .env.vault file. Commit the vault, never the plaintext.
Full Changelog
Initial release no previous versions.