Use git-crypt https://github.com/AGWA/git-crypt
No more maintained. Use other tools.
simple dotenv encrypt tool inspired by yaml_vault
Default cipher is aes-256-cbc. Default sign digest is SHA256.
For MacOS:
git clone https://github.com/acro5piano/dotenv-vault ~/.dotenv-vault
ln -sfnv ~/.dotenv-vault/bin/dotenv-vault /usr/local/bin/dotenv-vault
For Linux:
git clone https://github.com/acro5piano/dotenv-vault ~/.dotenv-vault
sudo ln -sfnv ~/.dotenv-vault/bin/dotenv-vault /usr/bin/dotenv-vault
dotenv-vault requires the following:
- Bash >= 2
- Openssl >= 2
- Perl >= 5
Almost all machine does not need any additional installation process.
Input file (.env):
NODE_ENV=development
API_KEY=123456789
Command:
$ dotenv-vault -e API_KEY -k foobarbaz encrypt .env
where -e specify the key you encrypt.
Output:
NODE_ENV=development
API_KEY=U2FsdGVkX186T6zdupR27pXHO0Hdnz9rqZfVdgqBEqk=
Input file (.env.encrypted):
NODE_ENV=development
API_KEY=U2FsdGVkX186T6zdupR27pXHO0Hdnz9rqZfVdgqBEqk=
Command:
$ dotenv-vault -e API_KEY -k foobarbaz decrypt .env
Output:
NODE_ENV=development
API_KEY=123456789
dotenv-vault create command is convenient to create new entry:
$ bin/dotenv-vault -k foobarbaz create 'SOME_KEY=123456'
# => SOME_KEY=U2FsdGVkX18tEclKImEV30HSG0b7IOu3dyO3MpceCd4=
You can paste or redirect to register new entry like this:
$ bin/dotenv-vault -k foobarbaz create 'SOME_KEY=123456' >> .env
-kspecify password-especify the key to encrypt or decrypt. You can use Regular Expression like-e 'A_KEY|ANOTHER_KEY|SECRET_.*'
- If
-koption present, use it as password. - If
DOTENV_PASSWORDenvironment variable present, use it as password. - If
.dotenv-passwordfile present, use the content of the file as password. - Else, dotenv-vault ask you at runtime.
Note you must not include the .dotenv-password file to any repo.
cd ~/.dotenv-vault
git pull origin master
After checking out the repo, run make to run all tests.
- Add
.dotenv-passwordto save the password - Add auth methods
- AWS KMS
- GCP KMS