UNPKG

zyx-env

Version:

Implements routines to work with encrypted environment variable files

github.com/miketerry-org/zyx-env

miketerry-org/zyx-env

55 lines (46 loc) 1.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
// loadEncruyptKey.js "use strict"; const path = require("path"); const fs = require("fs"); const system = require("zyx-schema"); /** * Load the encryption key into process.env.ENCRYPT_KEY. * * In non-production, always try to read from file and load into process.env. * In production, use process.env.ENCRYPT_KEY if it exists; * otherwise, attempt to read it from file. * * @param {string} [filename="_secret.key"] - Path or name of file containing the key. * @returns {string} The encryption key. */ function loadEncryptKey(filename = "_secret.key") { let key; // Resolve the file path const resolvedPath = path.isAbsolute(filename) ? filename : path.resolve(process.cwd(), filename); if (!system.isProduction) { // Always load from file in non-production if (fs.existsSync(resolvedPath)) { key = fs.readFileSync(resolvedPath, "utf-8").trim(); process.env.ENCRYPT_KEY = key; } } else { // Production: prefer env var, fallback to file if not set if (process.env.ENCRYPT_KEY) { key = process.env.ENCRYPT_KEY; } else if (fs.existsSync(resolvedPath)) { key = fs.readFileSync(resolvedPath, "utf-8").trim(); process.env.ENCRYPT_KEY = key; } } // Validate the encryption key key = process.env.ENCRYPT_KEY; if (!key || key.length !== 64) { throw new Error( `Encryption key is undefined or invalid. Expected a 64-character string.` ); } return key; } module.exports = loadEncryptKey;