
Env encryption tool which helps you prevent attacks from NPM-malicious-packages - kunalpanchal
https://github.com/kunalpanchal/secure-env
======
kunalpanchal
Read this blog to know more about the use case:

[https://codeburst.io/how-secure-is-your-environment-file-
in-...](https://codeburst.io/how-secure-is-your-environment-file-in-node-
js-7c4d2ed0d15a)

This is a solution to this tweet

[https://twitter.com/o_cee/status/892306836199800836?s=20](https://twitter.com/o_cee/status/892306836199800836?s=20)

~~~
compressedgas
How does this prevent them from stealing the '.env.enc' file and the password
for it?

So instead of simply stealing process.env. They have to do a search for
require('secure-env') and find the secret. And then they just upload that
secret and the .env.enc file.

~~~
kunalpanchal
The file .env.enc can be renamed to anything more clever as per your
requirement. Also the password you pass in to require('secure-env') can be
obtained from printenv. You set this on your server, similar to a master
password. So it's not there in your code.

