You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is there an existing issue that is already proposing this?
I have searched the existing issues
Is your feature request related to a problem? Please describe it
Since this library already uses Dotenv and Dotenv-expand, it would be great to take the Dotenvx wagon.
It includes all the goodness from the 2 mentioned above (in fact, Dotenvx imports them), and enables .env files encryption/decryption.
Describe the solution you'd like
No change to the experience or interface of the ConfigModule, simply replace the dotenv library by dotenvx to enable the detection of key files (.env.keys) or variables (DOTENV_PRIVATE_KEY or DOTENV_PRIVATE_KEY_<STAGE>).
For those interested in using it, the first step would be to encrypt variables.
This tool is already provided by dotenvx and I don't see a reason to create a wrapper around it (maybe via the NestJS CLI to keep users in the NestJS bubble?).
Encrypting a whole file is as simple as:
dotenvx encrypt
# or
dotenvx encrypt -f .env.ci
More advanced examples can be found in Dotenvx docs.
What is the motivation / use case for changing the behavior?
Using encrypted .env files enables them to be shared safely, which is helpful for development or CI configuration.
Sorry for the self-promotion. I even published an article that shows (amongst other things) how to manage env vars for local and CI environments.
Maintaining secrets in CI providers is fun once but quickly gets boring. I find it more effective to manage all those variables from the codebase.
The remaining complexity is how to share the private keys to decrypt files, and this remains an exercise for the users :)
Of course, we can offer suggestions on how to share these keys safely.
GitHub Actions secrets, Gitlab variables.... for CI environment variables
Vault such as 1Password for local development variables
PGP encryption + email for the nerds
The text was updated successfully, but these errors were encountered:
Is there an existing issue that is already proposing this?
Is your feature request related to a problem? Please describe it
Since this library already uses Dotenv and Dotenv-expand, it would be great to take the Dotenvx wagon.
It includes all the goodness from the 2 mentioned above (in fact, Dotenvx imports them), and enables
.envfiles encryption/decryption.Describe the solution you'd like
No change to the experience or interface of the
ConfigModule, simply replace thedotenvlibrary bydotenvxto enable the detection of key files (.env.keys) or variables (DOTENV_PRIVATE_KEYorDOTENV_PRIVATE_KEY_<STAGE>).Teachability, documentation, adoption, migration strategy
For those interested in using it, the first step would be to encrypt variables.
This tool is already provided by
dotenvxand I don't see a reason to create a wrapper around it (maybe via the NestJS CLI to keep users in the NestJS bubble?).Encrypting a whole file is as simple as:
dotenvx encrypt # or dotenvx encrypt -f .env.ciMore advanced examples can be found in Dotenvx docs.
What is the motivation / use case for changing the behavior?
Using encrypted
.envfiles enables them to be shared safely, which is helpful for development or CI configuration.Sorry for the self-promotion. I even published an article that shows (amongst other things) how to manage env vars for local and CI environments.
Maintaining secrets in CI providers is fun once but quickly gets boring. I find it more effective to manage all those variables from the codebase.
The remaining complexity is how to share the private keys to decrypt files, and this remains an exercise for the users :)
Of course, we can offer suggestions on how to share these keys safely.
The text was updated successfully, but these errors were encountered: