Encriva for Developers

Env-Sync

Encrypted environment variables synchronization tool with database support.

Installation

Install the Env-Sync package with your preferred package manager:

npm install @encriva/env-sync

Quick Start

# Synchronize environment variables when starting your application
env-sync npm start

# Using custom secret key and database URL
env-sync --secret=secret_key --adapter-url=mongodb://localhost:27017 npm run dev

Features

🔒

Encryption and Security

Securely encrypts sensitive environment variables using AES-256

📦

Database Support

Stores and synchronizes environment variables in MongoDB database

🔄

Easy Integration

Automatically updates the .env file when starting your application

🔑

Key Management

Encryption key can be stored in configuration file or environment variable

Usage Guide

CLI Tool

Env-Sync provides a command line interface (CLI):

# Basic usage
env-sync [options] <command> [arguments]

# Options
--secret=KEY           # Encryption key
--adapter-url=URL      # MongoDB connection URL

# Example
env-sync --secret=secret_key npm start

Configuration Methods

# Configuration with environment variables
ENVSYNC_SECRET_KEY=secret_key
ENVSYNC_ADAPTER_URL=mongodb://localhost:27017

Programmatic Usage

import { Storage } from '@encriva/env-sync';

// Create storage object
const storage = new Storage('secret_key', 'mongodb://localhost:27017');

// Add value
await storage.set('API_KEY', 'abcdef123456');

// Read value
const apiKey = await storage.get('API_KEY');
console.log(apiKey); // 'abcdef123456'

// Get all values
const allValues = await storage.getAll();

// Delete value
await storage.delete('OLD_VARIABLE');

Technical Details

Encryption Mechanism

Encryption key is processed with SHA-256 (creates a 32-byte key)

A random Initialization Vector (IV) is created for each value

IV and encrypted value are stored together

During decryption, the same key and IV are used to obtain the original value

Database Schema

Data stored in MongoDB has the following structure:

{
  "key": "API_KEY",           // Environment variable name
  "value": "iv:encrypted"     // Encrypted value
}

Operation Logic

When the CLI tool is run, it fetches encrypted values from the database

Values are made readable through decryption

The existing .env file is read and merged with values from the database

The updated .env file is saved

The requested command (npm start, bun run dev, etc.) is executed

Security Measures

🔐

Secret Key

Keep your encryption key secure, as all values can be decrypted with it

🔄

Git Security

Add your .env file and configuration files containing secret keys to your .gitignore file

🚀

Production

Use a different secret key in production environment

Troubleshooting

The CLI output provides detailed information when you encounter issues. Most common errors:

  • Cannot connect to the database
  • Incorrect encryption key usage
  • .env file write permissions
Edit on GitHub

useAuthClient

This hook provides advanced authentication management for Better Auth. It allows you to manage your authentication and send emails to users.

On this page