End-to-end encrypted environments

Related tags

Learning resource envkey
Overview

Welcome to the EnvKey v2 monorepo! All EnvKey's open source code lives here.

End-to-end encrypted environments

  • Fixes configuration sprawl and sloppy secrets management.

  • Prevents breaches and outages.

  • Saves countless engineer-hours.

EnvKey UI

EnvKey CLI

Easy integration

> ~/.bash_profile # Auto-load the latest environment in any EnvKey-enabled directory."> 
$ envkey-source -e 'your-program'
# That's it! Your program's environment variables are in sync.

$ envkey-source -e 'your-program' -w
# Your program automatically restarts when there's a change.

$ envkey-source -e 'your-program' -r './reload-env.sh'
# Run custom reload logic when there's a change.

$ eval "$(envkey-source)"
# Set environment variables in the current shell.

$ echo $'\n\neval "$(envkey-source --hook bash)"\n' >> ~/.bash_profile
# Auto-load the latest environment in any EnvKey-enabled directory.

Check out the integration quickstart.

Why EnvKey?

  • Open source, cross-platform, language-agnostic, end-to-end encrypted with NaCl.

  • Set environment variables + manage apps, environments, branches, servers, people, devices, and access control all in one place.

  • User-friendly UI + developer-friendly CLI.

  • Easy integration wherever you need it.

  • Cloud + self-hosting options.

  • Version control, audit logs, re-usable blocks, branches, environment inheritance, customizable environments, local development environments, change hooks, device-based auth, OS keyring integration, and more.

Install

You can download the latest versions of the EnvKey UI and CLI for your platform by going to EnvKey's homepage and clicking the big Download button at the top of the page. Install it when it's finished downloading.

The first time you open the app, EnvKey's CLI and the envkey-source integration tool will also be installed for you. Both can also be installed individually on a server.

You can also go to releases in this repo and find the latest release of envkey-desktop for your platform. Here's a quick overview on verifying releases with minisign.

Docs

Check out the docs, including a brief getting started overview.

Coming from v1?

Check out the v1 migration overview

Security

Read our security overview.

Status

See the current status of our services here.

Bugs

Please post an issue if you encounter a bug, even a small one. We'll do our best to fix it as soon as possible.

Discussion and Community

Jump in and ask a question, leave some feedback, ask for new features, or help out another EnvKey user.

Support

Email us: [email protected]

Business plans include priority support.

License

All the code in this repo is free and open source under the MIT License.

EnvKey's Cloud and Enterprise Self-Hosted products include commercially licensed server-side extensions for battle-ready infrastructure and advanced user management.

Contributing

Contributions to EnvKey are welcome, though we can't guarantee that we'll be able to accept or review every contribution.

Before submitting a pull request, we suggest starting a discussion to get feedback and buy-in from the core team and community. This will greatly improve the chances that your PR will be reviewed and accepted.

Development

Here's an overview on setting up a dev environment to work on EnvKey.

Comments
  • Error

    Error "DB migrations were unsuccessful"

    When i run env as development it doesn't get DB migration error, but when i run production it crashes: "DB migrations were unsuccessful.","alert":true,"err":{"name":"TypeError","message":"require.context is not a function","stack":"TypeError: require.context is not a function\n at Object.runMigrationsIfNeeded (/opt/envkey/public/app/api/runtimes/express/src/migrate.ts:39:40)"}}

    opened by vonhuttri1990 10
  • App won't start with in absence of internet connectivity. Even if cache is enabled.

    App won't start with in absence of internet connectivity. Even if cache is enabled.

    OS: MacOS Monterey 12.4 Envkey Version: ENVKEY_SOURCE_VERSION = "2.0.22"

    print("EK Should cache? " + os.environ.get("ENVKEY_SHOULD_CACHE"))
import envkey
secrets = envkey.fetch_env(cache_enabled=True)
print("..Done!")

    With WiFi on, this works ok. With WiFi off, it hangs after the first print.

    A few issues with this:

    1. Notice how my import envkey is unnaturally after the first print. I had to move it down, otherwise the import envkey hangs on network. This completely invalidates the presence of cache_enabled=True as fetch_env function argument.

    2. Envkey should detect no network interface is up, and immediately fallback to loading from ~/.envkey/cache/xxxxx file (which in turn, is correctly updated according to filesystem timestamps).

    3. Even if the network was up, but dropping packets, a configurable timeout should be applied before falling back to cache.

    opened by sscarduzio 6
  • cannot load from home directory using envkey/envkeygo/v2

    cannot load from home directory using envkey/envkeygo/v2

    guys, when I am using envkey/envkeygo/v2, I cannot load the ENVKEY from the home directory env file, even though it is stated that it will look into the home directory https://github.com/envkey/envkeygo/blob/647a3a294c40bea14988a6bf1849829197baf38d/loader/loader.go#L22

    it is set to "envFileOverride" https://github.com/envkey/envkeygo/blob/647a3a294c40bea14988a6bf1849829197baf38d/loader/loader.go#L25

    These conditions will never be met

    https://github.com/envkey/envkey/blob/923147cdbc8b71696f4d48f2984daae4a74cef0d/public/sdks/envkey-source/env/env.go#L79

    or I am wrong in reading the code?

    I am sorry for the broken English

    opened by tegaralaga 5
  • [v2] ENVKEY's Invalidating After Unknown Period of Time

    [v2] ENVKEY's Invalidating After Unknown Period of Time

    We recently swapped to ENVKEY v2 and now our heroku apps are crashing after their daily restarts with Invalid ENVKEY errors. The environment variables and ENVKEY's have not changed, and have not been revoked. We resolved by individually regenerating the ENVKEYs and replacing them, which lead to a successful rebuild.

    What is going on? Why are our ENVKEYs suddenly going invalid?

    opened by hdwatts 5
  • Production Trusted IPs does not allow enough IPs

    Production Trusted IPs does not allow enough IPs

    Hiya,

    We have a use case for more than the 20 or so IPs that Production Trusted IPs currently supports on our org.

    This worked fine in Envkey1. Envkey2 seems to limit it for some reason. Is this a technical limitation or a UI one?

    Also, can this be changed back to a freetext field please? It is laborious to enter them one at a time and it's easy to fat-finger a deletion and not know which one you've deleted, and then you have to hunt for it... just a pain all around :)

    opened by dbsanfte 4
  • envkey-python: Provide API for specifying cache dir

    envkey-python: Provide API for specifying cache dir

    At the moment, I can toggle the use of cache:

    import envkey

all_conf = envkey.fetch_env(cache_enabled=True)

    But AFAIU, the cache files are all held under ~/.envkey/cache/. However, my unix user is launching 4 processes at boot. All of which make use of Envkey in different ways (each have their own Envkey app, some share it). I would prefer to keep the cache files under their own directory, near each app's code, i.e. ~/app-1/.envkey/cache.

    enhancement 
    opened by sscarduzio 4
  • Adding variables to block doesn't show up in UI

    Adding variables to block doesn't show up in UI

    Version: 2.2.3 OS: Windows 10, 10.0.19044 Build 19044

    Repro:

    • create a new block
    • add variable to block
    • commit the changes with a message
    • variables don't show up immediately in UI, looks as if block is empty
    • the added variables only show up if envkey is reloaded with Ctrl+R

    May or may not be related, but I have a new 4th environment on top of dev, staging and prod that's linked to all blocks.

    opened by emandakh 3
  • Variables frequently not loading on Mac App

    Variables frequently not loading on Mac App

    Hi, I am using envkey for my Mac, and frequently, I open the app and the variables do not load for some of my applications. I tried doing a Force Reload and closing/reopening envkey but no luck. Then I wait a few hours, and come back to it, and it works! Could you help me by suggesting what might be wrong? The CLI client works fine in fetching the vars always, but not the GUI.

    opened by flarco 3
  • $HOME is not defined

    $HOME is not defined

    Using "envkey": "^2.0.8" in my typescript app and getting the error $HOME is not defined when running it in locally. I am on an m1 mac. When I run printenv I see the HOME variable is set. I can also run console.log(process.env.HOME) from my app and see the correct file path.

    package.json script "dev": "NODE_ENV=development nodemon --exec ts-node src/index.ts"

    src/index.ts content

    console.log(process.env.HOME)
import "envkey"
export {}

    output

    /Users/myDir
2022/06/20 21:13:15 $HOME is not defined
echo 'error: $HOME is not defined'; false

2022/06/20 21:13:15 $HOME is not defined

    Any thoughts on what could be causing this?

    opened by timclark97 3
  • Nodejs install brings packages for all environments - 66MB size

    Nodejs install brings packages for all environments - 66MB size

    When envkey is installed, it brings packages for all environments. Ideally it should bring the binary for given OS on which it's installed. Currently envkey package is biggest size in node_modules folder becasue of this Screenshot 2022-05-14 at 3 06 19 PM .

    opened by adityapatadia 3
  • Misleading error wording when trying to envkey-source unauthorised ENVKEY

    Misleading error wording when trying to envkey-source unauthorised ENVKEY

    When you try to envkey-source an ENVKEY on unauthorised machine on which you don't have a corresponding ~/.envkey/apps/[APP_ID].env file in place, the error message says EnvKey CLI isn't installed or isn't in PATH even when that's not the case instead of clearly explaining the root cause.

    opened by zbig-t 3
  • Docs say envkey-source v2 is installed as 'envkey-source-v2' if envkey1-source is installed, but it isn't

    Docs say envkey-source v2 is installed as 'envkey-source-v2' if envkey1-source is installed, but it isn't

    Docs say:

    Note that if you're coming from EnvKey v1 and already have envkey-source v1 installed locally when you install EnvKey v2 and start the EnvKey UI, envkey-source will be installed as envkey-source-v2 instead of envkey-source in order to avoid overwriting the v1 binary and breaking any of your v1-based workflows. You can also use the es alias.

    https://docs-v2.envkey.com/docs/install#download-and-install-the-envkey-ui-and-cli

    But if you actually try this, envkey-source v2 just overwrites the envkey v1 binary, and the exact break you describe happens:

    https://github.com/envkey/envkey/blob/9dd607552e9d2635a1d6f4c040a0da48d173adc5/public/sdks/envkey-source/install.sh#L110

    opened by dbsanfte 1
  • envkey-ruby incorrectly handles error

    envkey-ruby incorrectly handles error

    I'm trying to use envkey-ruby in CI and getting the following error:

    JSON::ParserError: 859: unexpected token at 'echo 'error: ENVKEY missing
'; false
'

    Looking at the source, it seems to be expecting the output of the echo, not a string including echo in it.

    opened by bmulholland 2
  • Environment variable not removed from Rails (with Spring preloader) when renamed in EnvKey

    Environment variable not removed from Rails (with Spring preloader) when renamed in EnvKey

    Hello, I just noticed a minor issue during development, but it could cause confusion when using an env var as a feature flag, etc.

    Steps to reproduce:

    • Create an new variable in EnvKey under the dev environment, e.g. ENVKEY_WORKING=yes
    • Stop Spring if running (spring stop)
    • Start the Rails console
    • Check the var: puts ENV['ENVKEY_WORKING'] # => yes
    • Rename the variable in Envkey to ENVKEY_RUNNING
    • Restart the Rails console (with Spring)
    • Check the new var: puts ENV['ENVKEY_RUNNING'] # => yes
    • Check the old var: puts ENV['ENVKEY_WORKING'] # => yes

    I would expect that the old ENVKEY_WORKING var would be removed. I can see how that would be tricky with the Spring preloader, but maybe you could store a list of variables that were set, and then compare that against the new list when the Rails process restarts, and remove any deleted ones from ENV.

    Just a small issue but thought I should mention it! Cheers!

    opened by ndbroadbent 1
  • Properly handle exit codes and grandchild processes with envkey-source

    Properly handle exit codes and grandchild processes with envkey-source

    As described in this comment: https://news.ycombinator.com/item?id=30858713

    envkey-source needs to properly handle SIGCHLD signals on unix to avoid potential zombie processes.

    envkey-source 
    opened by danenania 9
Releases(apienterprise-v2.2.3)
Owner
EnvKey
Simple, secure configuration and secrets manager. Keeps devs and servers in sync. Lets you manage config and access levels for all apps and envs in one place.
EnvKey
GitHub
An end-to-end encrypted note taking alternative to Evernote

Notesnook An end-to-end encrypted note taking alternative to Evernote. Website | About us | Roadmap | Downloads | Twitter | Discord To celebrate the o

Streetwriters 4.9k Dec 28, 2022
Babel-plugin-amd-checker - Module format checking plugin for Babel usable in both Node.js the web browser environments.

babel-plugin-amd-checker A Babel plugin to check the format of your modules when compiling your code using Babel. This plugin allows you to abort the

Ferdinand Prantl 1 Jan 6, 2022
Test utility to mock `window.matchMedia` for JSDOM environments.

mock-match-media Test utility for mocking window.matchMedia in JSDOM environments. JSDOM doesn't provide support for window.matchMedia, which means te

Raymond Wang 2 Oct 12, 2022
Keep your sensitive information out of chat logs, emails, and more with heavily encrypted secrets.

Free encrypted secret sharing for everyone! This application is to be used to share encrypted secrets cross organizations, or as private persons. Hemm

Hemmelig 246 Dec 31, 2022
Send encrypted and decrypted messages with verifiable keys and human readable names.

zooko-msg Encrypt and decrypt messages using AES with a preshared ECDH key generated using keys associated with Handshake names. I noticed that there

Publius Federalist 31 Jul 27, 2022
Mag🔥Lit - A super fast and easy-to-use free and open source private encrypted Magnet/HTTP(s) Link Shortener

Mag ?? Lit Mag ?? Lit - A super fast and easy-to-use free and open source private encrypted Magnet/HTTP(s) Link Shortener https://maglit.ml Features ✅

null 280 Jan 8, 2023
Send encrypted messages and decrypt them without sharing keys. Built using the Handshake blockchain.

zmsg Encrypt and decrypt messages using AEAD with an ephemeral key Learn more by joining the Handshake Discord Community I noticed that there wasn't a

Publius Federalist 31 Jul 27, 2022
This CLI tool allows you to convert the encrypted Akamai 2.0 sensor data payload back to its plaintext form.

Akamai 2.0 Sensor Data Decryption Tool This CLI tool allows you to convert the encrypted Akamai 2.0 sensor data payload back to its plaintext form. Us

null 41 Jan 1, 2023
Keyauth v1 example, includes a demo and is encrypted using aes.

Keyauth Keyauth V1.0 api wrapper in nodejs that includes requests being encrypted using aes. Discord & Support Server . Keyauth Example const Keyauth

null 3 Nov 27, 2022
Vaultacks lets users store files off-chain on Gaia. Files are encrypted by default but also can be made public and shared

Vaultacks Vaultacks is built on the Stacks Chain. It lets users upload files to Gaia, a off-chain data storage system. Vaultacks currently uses the de

Anish De 5 Sep 14, 2022
A shared, encrypted cloud storage using Nostr.

nostr-storage A shared, encrypted cloud data store using Nostr. Installation This package is designed to work in both the browser and nodejs. <!-- Bro

cmd 10 Dec 21, 2022
Personal Blog - a project developed with Angular for the front-end interface and Wordpress for the back-end API served with Docker containers

PersonalBlog This project was generated with Angular CLI version 13.0.1. Front-end Interface Development server Run ng serve or ng serve --configurati

null 9 Oct 5, 2022
Pass trust from a front-end Algorand WalletConnect session, to a back-end web service

AlgoAuth Authenticate to a website using only your Algorand wallet Pass trust from a front-end Algorand WalletConnect session, to a back-end web servi

Nullable Labs 16 Dec 15, 2022
It consists of a recreation of Twitter, to put into practice both Front-end and Back-end knowledge by implementing the MERN Stack together with other technologies to add more value to the project.

Twitter-Clone_Back-end ✨ Demo. ?? About the project. ?? Descriptions. It consists of a recreation of Twitter, to put into practice knowledge of both F

Mario Quirós Luna 5 Apr 12, 2022
Access the internals of React components from Cypress end-to-end tests

cypress-react-app-actions Access the internals of React components from Cypress end-to-end tests Read Access React Components From Cypress E2E Tests a

Gleb Bahmutov 5 May 12, 2022
End-to-end typesafe APIs with tRPC.io in SvelteKit applications

✨ tRPC-SvelteKit End-to-end typesafe APIs with tRPC.io in SvelteKit applications. No code generation, run-time bloat, or build pipeline. ❤️ ???? See b

Ionut-Cristian Florescu 307 Dec 29, 2022
It consists of a recreation of Twitter, to put into practice knowledge of both Front-end and Back-end implementing the MERN Stack along with other technologies to add more value to the project.

Twitter-Clone_Front-end ✨ Demo. Login Home Profile Message Notifications Deployed in: https://twitter-clone-front-end.vercel.app/ ?? About the project

Mario Quirós Luna 5 Jun 26, 2022
SAP Community Code Challenge: This repository contains an empty OpenUI5 application and end-to-end tests written with wdi5. Take part in the challenge and develop an app that passes the tests.

SAP Community Code Challenge - UI5 The change log describes notable changes in this package. Description This repository is the starting point for the

SAP Samples 8 Oct 24, 2022
A simple application to estuding tests end-to-end in Angular with Cypress

Conhecimento sobre testes End to End (ponta a ponta) Sobre o Cypress: Testes feitos do sistema para ver como um usuário se comportaria, esses testes é

Kauã Werle 3 Jun 15, 2022