UNPKG

cqr-env

Version:

Have multiple env files that can be encrypted and included in version control

github.com/bernardoadc/cqr-env

bernardoadc/cqr-env

123 lines (101 loc) 5.64 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
const test = require('ava') const fs = require('fs') const { spawnSync } = require('child_process') const pkg = require('../index') test.before(function (t) { // set key in environment variable process.env.cqr_key = '1234' }) test.serial('encrypt new sensible env file', function (t) { const file = 'tests/C/password.env.js' // create new file fs.writeFileSync(file + '.exposed', 'module.exports = "secret password!"') // encrypt file via CLI const s = spawn('node', ['./cli.js', '-e', 'tests/C/password.env.js.exposed', '-v', 'cqr_key']) t.false(fs.existsSync(file + '.exposed')) t.true(fs.existsSync(file + '.encrypted')) // t.is(Buffer.from(fs.readFileSync(file + '.encrypted')).toString(), '3d831f9789c7741974f54cc4e73cea2aaa7ab7cd98ce8f708d3f6dbaca4d9358d025be6542f0602c771b59e9e41685d9MrK9z4b9MxZ1ubgtJRLN5JJzQowl5rvYKoeOTtG3UowcR2jjAHxFG4hzbWXBdrOKf2Mn9CemZ4KxU6QPwzDIYBRXtkKT7+b2stPDnh0daDHXVB93AR4BPxIfdELODrCPeau6/CT74GpvyWmJjjZlN2HHoLYg8y6o9A2UkgVc984sJ8zCTouSOLakpGzGuol97Nhq3BIXc6tJazOZFgarpw==') }) test.serial('decrypt env file', function (t) { const file = 'tests/C/password.env.js' // decrypt file via CLI const s = spawn('node', ['./cli.js', '-d', 'tests/C/password.env.js.encrypted', '-v', 'cqr_key']) t.false(fs.existsSync(file + '.encrypted')) t.true(fs.existsSync(file + '.exposed')) t.is(Buffer.from(fs.readFileSync(file + '.exposed')).toString(), 'module.exports = "secret password!"') fs.unlinkSync(file + '.exposed') }) test.serial.skip('encrypt multiple new sensible env file', function (t) { const file = 'tests/C/password.env.js' // create new file fs.writeFileSync(file + '.exposed', 'module.exports = "secret password!"') // encrypt file via CLI spawnSync('node', ['./cli.js', '-e', file + '.exposed', 'cqr_key']) t.false(fs.existsSync(file + '.exposed')) t.true(fs.existsSync(file + '.encrypted')) // t.is(Buffer.from(fs.readFileSync(file + '.encrypted')).toString(), '3d831f9789c7741974f54cc4e73cea2aaa7ab7cd98ce8f708d3f6dbaca4d9358d025be6542f0602c771b59e9e41685d9MrK9z4b9MxZ1ubgtJRLN5JJzQowl5rvYKoeOTtG3UowcR2jjAHxFG4hzbWXBdrOKf2Mn9CemZ4KxU6QPwzDIYBRXtkKT7+b2stPDnh0daDHXVB93AR4BPxIfdELODrCPeau6/CT74GpvyWmJjjZlN2HHoLYg8y6o9A2UkgVc984sJ8zCTouSOLakpGzGuol97Nhq3BIXc6tJazOZFgarpw==') }) test.serial.skip('decrypt multiple env file', function (t) { const file = 'tests/C/password.env.js' // decrypt file via CLI spawnSync('node', ['./cli.js', '-d', file + '.encrypted', 'cqr_key']) t.false(fs.existsSync(file + '.encrypted')) t.true(fs.existsSync(file + '.exposed')) t.is(Buffer.from(fs.readFileSync(file + '.exposed')).toString(), 'module.exports = "secret password!"') fs.unlinkSync(file + '.exposed') }) test('use secret env file', function (t) { const env = pkg('tests/D/production.env.js.encrypted', { envvar: 'cqr_key' }) t.deepEqual(env, { production: { host: 'example.com', pw: 'abcde' }}) }) test('use secret env file, options as string', function (t) { const env = pkg('tests/D/production.env.js.encrypted', 'cqr_key') t.deepEqual(env, { production: { host: 'example.com', pw: 'abcde' }}) }) test.serial.cb('encrypt new sensible env file with pwfile', function (t) { // create new file fs.writeFileSync('tests/C/password.env.js.exposed', 'module.exports = "secret password!"') // encrypt file via CLI const s = spawn('node', ['./cli.js', '-e', 'tests/C/password.env.js.exposed', '-f', 'tests/F/pw']) s.on('close', function (code) { t.false(fs.existsSync('tests/C/password.env.js.exposed')) t.true(fs.existsSync('tests/C/password.env.js.encrypted')) // t.is(Buffer.from(fs.readFileSync('tests/C/password.env.js.encrypted')).toString(), '3d831f9789c7741974f54cc4e73cea2aaa7ab7cd98ce8f708d3f6dbaca4d9358d025be6542f0602c771b59e9e41685d9MrK9z4b9MxZ1ubgtJRLN5JJzQowl5rvYKoeOTtG3UowcR2jjAHxFG4hzbWXBdrOKf2Mn9CemZ4KxU6QPwzDIYBRXtkKT7+b2stPDnh0daDHXVB93AR4BPxIfdELODrCPeau6/CT74GpvyWmJjjZlN2HHoLYg8y6o9A2UkgVc984sJ8zCTouSOLakpGzGuol97Nhq3BIXc6tJazOZFgarpw==') t.end() }) }) test.serial.cb('decrypt env file with pwfile', function (t) { // decrypt file via CLI const s = spawn('node', ['./cli.js', '-d', 'tests/C/password.env.js.encrypted', '-f', 'tests/F/pw']) s.on('close', function (code) { t.false(fs.existsSync('tests/C/password.env.js.encrypted')) t.true(fs.existsSync('tests/C/password.env.js.exposed')) t.is(Buffer.from(fs.readFileSync('tests/C/password.env.js.exposed')).toString(), 'module.exports = "secret password!"') fs.unlinkSync('tests/C/password.env.js.exposed') t.end() }) }) test('use secret env file with pwfile', function (t) { const pkg = require('../index') const env = pkg('tests/D/development.env.js.encrypted', { pwfile: 'tests/F/pw' }) t.deepEqual(env, { development: { host: 'localhost' }}) }) test.serial('encrypt inside env file', function (t) { const file = 'tests/G/production.env.json' try { fs.unlinkSync(file) } catch (e) {} try { fs.unlinkSync(file + '.exposed') } catch (e) {} // create new file fs.writeFileSync(file + '.exposed', '{\n "host": "example.com",\n "pw": "abcde"\n}') // encrypt file via CLI spawnSync('node', ['./cli.js', '-e', file + '.exposed', 'pw', 'cqr_key']) t.false(fs.existsSync(file + '.exposed')) t.true(fs.existsSync(file)) t.not(JSON.parse(Buffer.from(fs.readFileSync(file)).toString()).pw, 'abcde') }) test.serial('decrypt inside env file', function (t) { // decrypt file via API const file = 'tests/G/production.env.json' const env = pkg(file, false) t.deepEqual(env, module.exports = { host: 'example.com', pw: 'abcde' }) fs.unlinkSync(file + '.exposed') })