search

nestjs / config

Configuration module for Nest framework (node.js) 🍓
https://nestjs.com
MIT License
515 stars 91 forks source link

support for loading dotenv vault #1697

Closed BluestockLabs closed 1 month ago

BluestockLabs commented 5 months ago

Is there an existing issue that is already proposing this?

Is your feature request related to a problem? Please describe it

I recently made the switch from using just dotenv to using dotenv-vault. Most things stay the same except it allows you to sync dotenv files securely and provides central management for it.

I was just about to deploy an app when I noticed it wasn't reading the env files after I had provided the DOTENV_KEY. I did a little digging around and it doesn't seem like this config module from nest supports that.

Describe the solution you'd like

I'd like support for loading environment variables from encrypted .env.vault files after providing the DOTENV_KEY.

Teachability, documentation, adoption, migration strategy

No response

What is the motivation / use case for changing the behavior?

Though dotenv-vault is relatively new compared to dotenv, I believe adoption is growing and sooner or later Nestjs users will request for support for this feature (I'm actually a bit surprised that no one as asked about this yet)

BluestockLabs commented 5 months ago

Sorry, I was logged in to a client's account. @drvnprgrmr is the actual author of this issue.

drvnprgrmr commented 5 months ago

Yeah. Mistake on my part.

micalevisk commented 3 months ago

can you please share the exact steps (or a repository) that reproduces this potential limitation of @nestjs/config? I want to make sure that this is not a misconfiguration on the consumer side. I just tested the npx dotenv-vault@latest pull feature, which is working fine because it just downloads the .env that will be read by @nestjs/config later

drvnprgrmr commented 3 months ago

@micalevisk yes all those work. The issue is that @nestjs/config doesn't automatically decrypt the dotenv vault based on the environment variable: DOTENV_KEY.

I believe that's the whole point of the vault. That way you don't have to always update your environment variables on whatever server you're using. Just commit the vault and push and your environment is reflected.

kamilmysliwiec commented 3 months ago

The issue is that @nestjs/config doesn't automatically decrypt the dotenv vault based on the environment variable: DOTENV_KEY.

Does dotenv alone automatically decrypt the dotenv vault?

micalevisk commented 3 months ago

yes, like this: https://github.com/dotenv-org/examples/blob/master/usage/dotenv-vault-custom-target/index.js

image

note that you can have an env. var called DOTENV_KEY instead of supplying it to dotenv.config()

not sure how we could support it on @nestjs/config tho. I guess configService.get("HELLO") should return "Universe", in that example. And this is not working.

drvnprgrmr commented 3 months ago

@kamilmysliwiec Yes it does.

image
kamilmysliwiec commented 1 month ago

It sounds like dotenv-vault is going to be deprecated in favor of dotenvx anyway

image

https://github.com/dotenvx/dotenvx?tab=readme-ov-file#what-happened-to-the-envvault-file

drvnprgrmr commented 1 month ago

It sounds like dotenv-vault is going to be deprecated in favor of dotenvx anyway

image

https://github.com/dotenvx/dotenvx?tab=readme-ov-file#what-happened-to-the-envvault-file

Okay thanks for that. I didn't know.