samrahimi
commented
1 day ago Definitely agreed re: syncing from keystore -> process.env, feature will be included in the upcoming release (v0.3.0)
Honestly this project was just supposed to be a utility that I used in some of my own projects, and I published the first version to npm just so i could easily include it via npm install... so I was surprised when i saw that my little 93 line JS library has over 300 npm installs (200 in the past week).
I guess that makes me an open source package maintainer? LMAO
K so my thoughts:
1) there needs to be an option to set environment variables on the fly, because some libraries etc expect a certain environment variable (vs passing one in). maybe, keyMixer.sync("SOME_API_KEY") could be implemented, and be the equivalent of (process.env.SOME_API_KEY = keyMixer.get("SOME_API_KEY"))... call it automatically when the keystore initializes, and then it can be called manually to rotate the key according to your needs
2) what if you add a CLI tool that generates a secure master key and encrypts keystore.json... then you can check in keystore.json to github (unlike a .env) and the only "secret" you need to manage is KEY_MIXER_KEY (which can be an environment variable)... it would be totally secure, eliminating the need to make example keystores etc, but a pain in the ass not being able to work with the keystore.json file directly. so i dunno... right now the simplicity is really cool because it just feels like a more elegant replacement for .env