From ef4893532314b84bdfaf7b4e85d9604ca997beda Mon Sep 17 00:00:00 2001 From: Scott Motte Date: Tue, 30 May 2023 09:10:52 -0700 Subject: [PATCH] Update CHANGELOG and README --- CHANGELOG.md | 9 +++++++-- README.md | 6 +++--- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8b20aada..2d537030 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,16 +4,21 @@ All notable changes to this project will be documented in this file. See [standa ## [Unreleased](https://github.com/motdotla/dotenv/compare/v16.1.0...master) +## [16.1.0](https://github.com/motdotla/dotenv/compare/v16.0.3...v16.1.0) (2023-05-30) + ### Added - Add `populate` convenience method [#733](https://github.com/motdotla/dotenv/pull/733) -- Remove "cannot resolve 'fs'" error on tools like Replit [#693](https://github.com/motdotla/dotenv/pull/693) - Accept URL as path option [#720](https://github.com/motdotla/dotenv/pull/720) - Add dotenv to `npm fund` command - Spanish language README [#698](https://github.com/motdotla/dotenv/pull/698) - Add `.env.vault` support. 🎉 ([#730](https://github.com/motdotla/dotenv/pull/730)) -ℹ️ `.env.vault` extends the `.env` file format standard with a localized encrypted vault file. Package it securely with your production code deploys. It's cloud agnostic so that you can deploy your secrets anywhere – without [risky third-party integrations](https://techcrunch.com/2023/01/05/circleci-breach/). +ℹ️ `.env.vault` extends the `.env` file format standard with a localized encrypted vault file. Package it securely with your production code deploys. It's cloud agnostic so that you can deploy your secrets anywhere – without [risky third-party integrations](https://techcrunch.com/2023/01/05/circleci-breach/). [read more](https://github.com/motdotla/dotenv#-deploying) + +### Changed + +- Fixed "cannot resolve 'fs'" error on tools like Replit [#693](https://github.com/motdotla/dotenv/pull/693) ## [16.0.3](https://github.com/motdotla/dotenv/compare/v16.0.2...v16.0.3) (2022-09-29) diff --git a/README.md b/README.md index 1922af3e..3348581c 100644 --- a/README.md +++ b/README.md @@ -190,7 +190,7 @@ You need to manage your secrets across different environments and apply them as ## 🚀 Deploying -**Note: Currently RC Candidate [dotenv@16.1.0-rc2](https://www.npmjs.com/package/dotenv/v/16.1.0-rc2)** +*Note: Requires dotenv >= 16.1.0* Encrypt your `.env.vault` file. @@ -213,7 +213,7 @@ heroku config:set DOTENV_KEY=dotenv://:key_1234…@dotenv.org/vault/.env.vault?e That's it! On deploy, your `.env.vault` file will be decrypted and its secrets injected as environment variables – just in time. -ℹ️ **A note from Mot**: Until recently, we did not have an opinion on how and where to store your secrets in production. We now strongly recommend generating a `.env.vault` file. It's the best way to prevent your secrets from being scattered across multiple servers and cloud providers – protecting you from breaches like the [CircleCI breach](https://techcrunch.com/2023/01/05/circleci-breach/). Also it unlocks interoperability WITHOUT native third-party integrations. Third-party integrations are [increasingly risky](https://coderpad.io/blog/development/heroku-github-breach/) to our industry. They may be the 'du jour' of today, but we imagine a better future. +*ℹ️ A note from [Mot](https://github.com/motdotla): Until recently, we did not have an opinion on how and where to store your secrets in production. We now strongly recommend generating a `.env.vault` file. It's the best way to prevent your secrets from being scattered across multiple servers and cloud providers – protecting you from breaches like the [CircleCI breach](https://techcrunch.com/2023/01/05/circleci-breach/). Also it unlocks interoperability WITHOUT native third-party integrations. Third-party integrations are [increasingly risky](https://coderpad.io/blog/development/heroku-github-breach/) to our industry. They may be the 'du jour' of today, but we imagine a better future.* Learn more at dotenv-vault: Deploying @@ -231,7 +231,7 @@ Regenerate your `.env.vault` file. $ npx dotenv-vault build ``` -ℹ️ **🔐 Vault Managed vs 💻 Locally Managed**: The above example, for brevity's sake, used the 🔐 Vault Managed solution to manage your `.env.vault` file. You can instead use the 💻 Locally Managed solution. [Read more here](https://github.com/dotenv-org/dotenv-vault#how-do-i-use--locally-managed-dotenv-vault). Our vision is that other platforms and orchestration tools adopt the `.env.vault` standard as they did the `.env` standard. We don't expect to be the only ones providing tooling to manage and generate `.env.vault` files. +*ℹ️ 🔐 Vault Managed vs 💻 Locally Managed: The above example, for brevity's sake, used the 🔐 Vault Managed solution to manage your `.env.vault` file. You can instead use the 💻 Locally Managed solution. [Read more here](https://github.com/dotenv-org/dotenv-vault#how-do-i-use--locally-managed-dotenv-vault). Our vision is that other platforms and orchestration tools adopt the `.env.vault` standard as they did the `.env` standard. We don't expect to be the only ones providing tooling to manage and generate `.env.vault` files.* Learn more at dotenv-vault: Manage Multiple Environments