envkey / envkey Goto Github PK

Simple, end-to-end encrypted configuration and secrets management

License: MIT License

TypeScript 93.47% Shell 0.62% HTML 0.45% JavaScript 0.39% Go 4.03% Dockerfile 0.03% Procfile 0.01% Python 0.15% Makefile 0.01% Ruby 0.70% CSS 0.02% PHP 0.12%

devops config configuration-management end-to-end-encryption environment-variables golang infrastructure nodejs python ruby

envkey's Introduction

End-to-end encryption for app secrets. Superpowers for managing config.

Protects API keys and other secrets.
Live reload for environment variables.
Fixes configuration sprawl and sloppy secrets management.
Prevents config bugs and saves countless engineer-hours.

Easy integration

Check out the integration quickstart.

The cross-platform envkey-source tool works with any language and offers the most integration options.

Integrating with envkey-source is as easy as:

$ envkey-source -- any-shell-command
# That's it! Your command runs with the latest environment variables.

Language-specific wrappers are also available for:

Why EnvKey?

Open source, cross-platform, language-agnostic, end-to-end encrypted with NaCl.
Set environment variables + manage apps, environments, branches, servers, people, devices, and access control all in one place.
User-friendly UI + developer-friendly CLI.
Easy integration wherever you need it.
Cloud + self-hosting options.
Version control, audit logs, re-usable blocks, branches, environment inheritance, customizable environments, local development environments, change hooks, device-based auth, OS keyring integration, and more.

Install

You can download the latest versions of the EnvKey UI and CLI for your platform by going to EnvKey's homepage and clicking the big Download button at the top of the page. Install it when it's finished downloading.

The first time you open the app, EnvKey's CLI and the envkey-source integration tool will also be installed for you. Both can also be installed individually on a server.

You can also go to releases in this repo and find the latest release of envkey-desktop for your platform.

Here's a quick overview on verifying releases with minisign.

Docs

Check out the docs, including a brief getting started overview.

Coming from v1?

Check out the v1 migration overview

Security

Read our security overview.

Status

See the current status of our services here.

Bugs

Please post an issue if you encounter a bug, even a small one. We'll do our best to fix it as soon as possible.

Discussion and Community

Jump in and ask a question, leave some feedback, ask for new features, or help out another EnvKey user.

Support

Email us: [email protected]

Paid plans include priority support.

License

All the code in this repo is free and open source under the MIT License.

EnvKey's Cloud and Business Self-Hosted products include commercially licensed server-side extensions for battle-ready infrastructure and advanced user management.

Contributing

Contributions to EnvKey are welcome! Please feel free to start a discussion to share your ideas, and/or open a PR.

Development

Here's an overview on setting up a dev environment to work on EnvKey.

envkey's People

Contributors

Stargazers

Watchers

envkey's Issues

Envkey community pre-compiled binary cannot run with env set

I'm trying to host envkey community but got stuck by this issue. Following the guide:

Start from pre-compiled binary: execute the envkey-api file.
With the following environment variables already set in .env:

COMMUNITY_AUTH_HASH= ...
DATABASE_CREDENTIALS_JSON={"user": "user", "password": "pass"}
DATABASE_HOST=example.database.windows.net
DATABASE_NAME=envkey
DATABASE_PORT=1433
SMTP_TRANSPORT_JSON=...

I'm using a Azure SQL server, and running the community api in my local to test it first. the DB "envkey" already created in the server. SQL server port is 1433.
here is my Dockerfile

# syntax=docker/dockerfile:1.4
FROM ubuntu:22.04
ENV TZ="Asia/Singapore"
WORKDIR /usr/src/app
COPY ./envkey-api .
EXPOSE 3000
EXPOSE 3002
ENTRYPOINT [ "./envkey-api" ]

Since I dont see the use of port 3001 so I removed it from the original dockerfile packed with community api.
Using docker run to test:
docker run -it --env-file=.env envkey:1.0.0

And here is the result

❯ docker run -it --env-file=.env envkey:1.0.0
{"msg":"envkey-api binary start","api_binary_version":"2.2.3","built_from":"b1e05d63d59152522f20f353c0f80e2dedda0c89","bundle_type":"api.community","built_at":"2022-12-20T17:06:45Z"}
NODE_ENV environment variable is required

/tmp/webpack:/Users/daneschneider/projects/envkey/v2/public/app/api/shared/src/env.ts:18
      throw new Error(msg);
            ^
Error: NODE_ENV environment variable is required
    at Object.ensureEnv (/tmp/webpack:/Users/daneschneider/projects/envkey/v2/public/app/api/shared/src/env.ts:18:13)
    at Object.call (/tmp/webpack:/src/startup.ts:8:1)
    at a (/tmp/webpack:/webpack/bootstrap:19:22)
    at Object.call (/tmp/webpack:/src/main_api_community.ts:17:1)
    at __webpack_require__ (/tmp/webpack:/webpack/bootstrap:19:22)
    at /tmp/webpack:/webpack/bootstrap:83:10
    at Object.<anonymous> (/tmp/4667234118124935090:2:968)
    at Module._compile (node:internal/modules/cjs/loader:1101:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1153:10)
    at Module.load (node:internal/modules/cjs/loader:981:32)
Fatal error
exit status 1

I've tried to set the NODE_ENV=production and got this error. Seems It cant connect to the DB but I honestly have no idea why. I tested the connection between my local and Azure SQL Server and was successfully connected to envkey DB.

{"msg":"envkey-api binary start","api_binary_version":"2.2.3","built_from":"b1e05d63d59152522f20f353c0f80e2dedda0c89","bundle_type":"api.community","built_at":"2022-12-20T17:06:45Z"}
{"ts":"2023-03-13T05:11:42.932Z","msg":"EnvKey API Community Edition is starting..."}
{"ts":"2023-03-13T05:11:42.934Z","msg":"Waiting for DB..."}
{"ts":"2023-03-13T05:11:48.684Z","msg":"DB migrations were unsuccessful.","alert":true,"err":{"fatal":true,"code":"PROTOCOL_CONNECTION_LOST","name":"Error","message":"Connection lost: The server closed the connection.","stack":"Error: Connection lost: The server closed the connection.\n    at Socket.<anonymous> (/tmp/webpack:/Users/daneschneider/projects/envkey/v2/node_modules/mysql2/lib/connection.js:91:31)\n    at Socket.emit (node:events:390:28)\n    at TCP.<anonymous> (node:net:687:12)"}}
Fatal error
exit status 1

Also, is the DISABLE_DB_MIGRATIONS=false need to be set on a new database ?

I tried to run in my azure cluster , the error is look like quite the same:

{"msg":"envkey-api binary start","api_binary_version":"2.2.3","built_from":"b1e05d63d59152522f20f353c0f80e2dedda0c89","bundle_type":"api.community","built_at":"2022-12-20T17:06:45Z"}
{"ts":"2023-03-13T05:50:30.214Z","msg":"EnvKey API Community Edition is starting..."}
{"ts":"2023-03-13T05:50:30.221Z","msg":"Waiting for DB..."}
{"ts":"2023-03-13T05:50:35.724Z","msg":"DB migrations were unsuccessful.","alert":true,"err":{"errno":-104,"code":"ECONNRESET","syscall":"read","fatal":true,"name":"Error","message":"read ECONNRESET","stack":"Error: read ECONNRESET\n    at TCP.onStreamRead (node:internal/stream_base_commons:220:20)"}}
Fatal error
exit status 1

Thank you in advance. Any help will be very appreciated 😄

"Read the Docs" link on main README.md gives a 404

n/t

Envkey install script fails if current directory has whitespaces

Just hit this on my WSL machine.

envkey/public/sdks/envkey-source/install.sh

Line 85 in 0d514da

cd $SCRIPT_DIR

Cleaning up... main: line 85: cd: too many arguments

[v2] ENVKEY's Invalidating After Unknown Period of Time

We recently swapped to ENVKEY v2 and now our heroku apps are crashing after their daily restarts with Invalid ENVKEY errors. The environment variables and ENVKEY's have not changed, and have not been revoked. We resolved by individually regenerating the ENVKEYs and replacing them, which lead to a successful rebuild.

What is going on? Why are our ENVKEYs suddenly going invalid?

Expand variables / Variables in Variables

Hey!

Awesome tool! This looks very promising. 😊

I just registered and wanted to test the first things to move our local .env to EnvKey. The CLI works great, especially with the --mem-cache parameter, top!

Unfortunately I ran into a first problem: Variables in variables. I already found this: https://docs-v2.envkey.com/docs/branches-and-local-overrides#local-environment-variables, but it does not resolve my issue.

Given the following example:

As you can see, I have a variable HOSTS_API with commerce.$ENVIRONMENT_BASE_HOSTNAME. In my local .env-new I have the "required" variable ENVIRONMENT_BASE_HOSTNAME defined.

When running envkey-source --env-file .env-new --dot-env it does not expand the variable to commerce.my-local-machine.example.com.

Is there something like a --expand-variables CLI argument which resolves variables in variables?

Variables frequently not loading on Mac App

Hi, I am using envkey for my Mac, and frequently, I open the app and the variables do not load for some of my applications.
I tried doing a Force Reload and closing/reopening envkey but no luck. Then I wait a few hours, and come back to it, and it works! Could you help me by suggesting what might be wrong? The CLI client works fine in fetching the vars always, but not the GUI.

Basic User cannot create local override

Reproduce:

Install Envkey UI and connect to self-hosted Envkey as a Basic User
Navigate to a block (not tested with an app)
Create a Local override variable
After clicking on "Commit", we run into an error dialog

See log:

{"ts":"2023-05-22T08:17:45.376Z","proc":"main","msg":"Comitting local-state to file store..."}
{"ts":"2023-05-22T08:17:45.381Z","proc":"main","msg":"local-state encrypted and committed."}
{"ts":"2023-05-22T08:18:24.797Z","proc":"main","msg":"POST /action"}
{"ts":"2023-05-22T08:18:24.798Z","proc":"main","msg":"Received","action":"envkey/client/COMMIT_ENVS"}
{"ts":"2023-05-22T08:18:24.819Z","proc":"main","msg":"Missing changesets symmetric key for pending changes","environmentId":"xxxxxxxxxxxx","pending":true,"stack":"Error: Missing changesets symmetric key for pending changes\n    at C:\\snapshot\\v2\\private\\ci_cd\\cli-builder\\build\\workspace\\webpack:\\core_process\\src\\lib\\envs\\encrypted_keys.ts:200:21\n    at Generator.next (<anonymous>)\n    at C:\\snapshot\\v2\\private\\ci_cd\\cli-builder\\build\\workspace\\envkey-core.js:185863:71\n    at new Promise (<anonymous>)\n    at __awaiter (C:\\snapshot\\v2\\private\\ci_cd\\cli-builder\\build\\workspace\\envkey-core.js:185859:12)\n    at Object.encryptedKeyParamsForEnvironments (C:\\snapshot\\v2\\private\\ci_cd\\cli-builder\\build\\workspace\\webpack:\\core_process\\src\\lib\\envs\\encrypted_keys.ts:64:6)\n    at C:\\snapshot\\v2\\private\\ci_cd\\cli-builder\\build\\workspace\\webpack:\\core_process\\src\\lib\\envs\\params.ts:98:13\n    at Generator.next (<anonymous>)\n    at C:\\snapshot\\v2\\private\\ci_cd\\cli-builder\\build\\workspace\\envkey-core.js:187614:71\n    at new Promise (<anonymous>)"}
{"ts":"2023-05-22T08:18:24.820Z","proc":"main","msg":"Core Process Unhandled Error","alert":true,"err":{"name":"Error","message":"Missing changesets symmetric key for pending changes","stack":"Error: Missing changesets symmetric key for pending changes\n    at C:\\snapshot\\v2\\private\\ci_cd\\cli-builder\\build\\workspace\\webpack:\\core_process\\src\\lib\\envs\\encrypted_keys.ts:200:21\n    at Generator.next (<anonymous>)\n    at C:\\snapshot\\v2\\private\\ci_cd\\cli-builder\\build\\workspace\\envkey-core.js:185863:71\n    at new Promise (<anonymous>)\n    at __awaiter (C:\\snapshot\\v2\\private\\ci_cd\\cli-builder\\build\\workspace\\envkey-core.js:185859:12)\n    at Object.encryptedKeyParamsForEnvironments (C:\\snapshot\\v2\\private\\ci_cd\\cli-builder\\build\\workspace\\webpack:\\core_process\\src\\lib\\envs\\encrypted_keys.ts:64:6)\n    at C:\\snapshot\\v2\\private\\ci_cd\\cli-builder\\build\\workspace\\webpack:\\core_process\\src\\lib\\envs\\params.ts:98:13\n    at Generator.next (<anonymous>)\n    at C:\\snapshot\\v2\\private\\ci_cd\\cli-builder\\build\\workspace\\envkey-core.js:187614:71\n    at new Promise (<anonymous>)"}}
{"ts":"2023-05-22T08:18:24.820Z","proc":"main","msg":"Shutting down gracefully..."}
{"ts":"2023-05-22T08:18:24.821Z","proc":"main","msg":"Persisting final state before shutdown..."}
{"ts":"2023-05-22T08:18:24.822Z","proc":"main","msg":"Comitting local-state to file store..."}

{"ts":"2023-05-22T08:17:46.350Z","proc":"main","msg":"[ui-console] core result:","data":"envkey/client/CREATE_ENTRY_ROW","ui-ts":"2023-05-22T08:17:45.377Z"}
{"ts":"2023-05-22T08:17:46.350Z","proc":"main","msg":"[ui-console] envkey/client/CREATE_ENTRY_ROW","data":"4 diffs to apply","ui-ts":"2023-05-22T08:17:45.377Z"}
{"ts":"2023-05-22T08:17:46.350Z","proc":"main","msg":"[ui-console] applied patch","data":[],"ui-ts":"2023-05-22T08:17:45.390Z"}
{"ts":"2023-05-22T08:17:46.350Z","proc":"main","msg":"[ui-console] updating core state","data":{"bytes":229469},"ui-ts":"2023-05-22T08:17:45.390Z"}
{"ts":"2023-05-22T08:17:46.350Z","proc":"main","msg":"[ui-console] got pending update and conflicts info","data":[],"ui-ts":"2023-05-22T08:17:45.399Z"}
{"ts":"2023-05-22T08:17:46.350Z","proc":"main","msg":"[ui-console] set new state","data":[],"ui-ts":"2023-05-22T08:17:45.406Z"}
{"ts":"2023-05-22T08:19:04.699Z","proc":"main","msg":"[ui-console] dispatch:","data":"envkey/client/COMMIT_ENVS","ui-ts":"2023-05-22T08:18:24.796Z"}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] RWS>","data":"message event"}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] received 4 socket message diffs","data":[],"ui-ts":"2023-05-22T08:18:24.827Z"}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] applied socket message diffs","data":[],"ui-ts":"2023-05-22T08:18:24.827Z"}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] updating core state","data":{"bytes":229582},"ui-ts":"2023-05-22T08:18:24.827Z"}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] set new state","data":[],"ui-ts":"2023-05-22T08:18:24.839Z"}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] RWS>","data":"message event"}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] received 4 socket message diffs","data":[],"ui-ts":"2023-05-22T08:18:24.849Z"}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] applied socket message diffs","data":[],"ui-ts":"2023-05-22T08:18:24.849Z"}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] set new state","data":[],"ui-ts":"2023-05-22T08:18:24.849Z"}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] RWS>","data":"message event"}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] Received unknown socket message for core proc: ","data":"{\"type\":\"closing\"}","ui-ts":"2023-05-22T08:18:24.852Z"}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] RWS>","data":"close event"}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] RWS>","data":["connect",1]}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] RWS>","data":"removeListeners"}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] RWS>","data":["next delay",2533.139208349924]}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] RWS>","data":"message event"}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] Received unknown socket message for core proc: ","data":"{\"type\":\"closing\"}","ui-ts":"2023-05-22T08:18:24.852Z"}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] RWS>","data":"close event"}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] RWS>","data":["connect",1]}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] RWS>","data":"removeListeners"}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] RWS>","data":["next delay",2533.139208349924]}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] core result:","data":"envkey/client/COMMIT_ENVS","ui-ts":"2023-05-22T08:18:24.854Z"}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] reporting error to electron","data":[]}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] RWS>","data":["connect",{"url":"ws://localhost:19048"}]}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] RWS>","data":"addListeners"}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] RWS>","data":["connect",{"url":"ws://localhost:19048"}]}
{"ts":"2023-05-22T08:19:04.700Z","proc":"main","msg":"[ui-console] RWS>","data":"addListeners"}

Then, we added the Local override variable for the basic user with an admin user. When running envkey-source the variable is not loaded. But, when updating the basic user to an admin user and regenerating the app ENVKEY the Local override variable is readed.

App won't start with in absence of internet connectivity. Even if cache is enabled.

OS: MacOS Monterey 12.4
Envkey Version: ENVKEY_SOURCE_VERSION = "2.0.22"

print("EK Should cache? " + os.environ.get("ENVKEY_SHOULD_CACHE"))
import envkey
secrets = envkey.fetch_env(cache_enabled=True)
print("..Done!")

With WiFi on, this works ok.
With WiFi off, it hangs after the first print.

A few issues with this:

Notice how my import envkey is unnaturally after the first print. I had to move it down, otherwise the import envkey hangs on network. This completely invalidates the presence of cache_enabled=True as fetch_env function argument.
Envkey should detect no network interface is up, and immediately fallback to loading from ~/.envkey/cache/xxxxx file (which in turn, is correctly updated according to filesystem timestamps).
Even if the network was up, but dropping packets, a configurable timeout should be applied before falling back to cache.

Nodejs install brings packages for all environments - 66MB size

When envkey is installed, it brings packages for all environments. Ideally it should bring the binary for given OS on which it's installed. Currently envkey package is biggest size in node_modules folder becasue of this

.

Super slow update

I'm stuck one hour on this sloooow progress bar. The network speed monitor is ~0KB/s. Not sure why so slow?

Create React App - ENVKEY is missing

envkey-source-v2 is not able to source a custom ENVKEY value

In V1 of ENVKEY, this was possible:

#!/bin/bash
eval $(envkey-source <<ENVKEY_HERE>>)

echo $SOME_VAR_FROM_ENVKEY

This allowed me to pass a certain ENVKEY value in place of ENVKEY_HERE, say from a different path,
Is there a way to do that in ENVKEY V2?

I am able to

#!/bin/bash
eval $(envkey-source)

echo $SOME_VAR_FROM_ENVKEY

But this works only off of ~/.env

#!/bin/bash
eval $(envkey-source-v2  <<ENVKEY_HERE>>)

echo $SOME_VAR_FROM_ENVKEY

Results in an error as it appears not to take that argument anymore.

envkey community cannot connect to MySQL Server using SSL

I'm currently migrate my database to Azure MySQL Flexible Server. However, Azure is enforcing to use SSL so envkey failed to connect. Is there any option/way that we support enable SSL for envkey to connect to MySQL DB ?

.env being ignored

I'm running a create-react-app and have a .env file with values in it. My package.json's start script looks like:

    "start": "envkey-source -- react-scripts start",

But my .env values are ignored, in favor of the values I have set in my EnvKey. When I remove the key/value from EnvKey (in the UI), the .env file's value is used...

Documentation says that my local .env values should take precedence. Is that incorrect?

Unable to create new variables

2nd time I've experienced this issue. Previously it went away when I restarted EnvKey, but now restarting won't fix the issue and I am unable to add new variables.

I am trying to add my variable like normal, and when I click "Create Variable" nothing happens.

When I open the inspector, the console shows an error when I press Create Variable:

Uncaught TypeError: Cannot read property 'canUpdate' of undefined
    at entry_form.tsx:89
    at Array.map (<anonymous>)
    at onClick (entry_form.tsx:83)
    at Object.Fe (react-dom.production.min.js:52)
    at Ve (react-dom.production.min.js:52)
    at react-dom.production.min.js:53
    at Mr (react-dom.production.min.js:100)
    at Er (react-dom.production.min.js:101)
    at react-dom.production.min.js:113
    at Pe (react-dom.production.min.js:292)

I can't upgrade for weeks

From the UI, i can't upgrade for weeks. Application crashes.
A clean install (or so I think it is clean after deleting some folders) still brings up an upgrade message, but for cli only.
CLI upgrade crashes too.

From the logs:
{"ts":"2023-02-22T10:18:51.230Z","msg":"EnvKey CLI upgrade: unpacked to folder","folder":"C:\Users\R82BD~1.LOP\AppData\Local\Temp\envkey_1677061129.35"}
{"ts":"2023-02-22T10:18:51.231Z","msg":"first kill core process and move to inline prior to upgrade"}
{"ts":"2023-02-22T10:18:51.240Z","msg":"GET /stop"}

not sure how to kill the core process.

Error "DB migrations were unsuccessful"

When i run env as development it doesn't get DB migration error, but when i run production it crashes:
"DB migrations were unsuccessful.","alert":true,"err":{"name":"TypeError","message":"require.context is not a function","stack":"TypeError: require.context is not a function\n at Object.runMigrationsIfNeeded (/opt/envkey/public/app/api/runtimes/express/src/migrate.ts:39:40)"}}

envkey.load() does not accept arguments in V2

import envkey

envkey.load(cache_enabled=True, dot_env_enabled=True, dot_env_path=".env")

Gives me:

Traceback (most recent call last):
  File "testENV.py", line 4, in <module>
    envkey.load(cache_enabled=True, dot_env_enabled=True, dot_env_path="./.env")
TypeError: load() got an unexpected keyword argument 'dot_env_enabled'

Where as

import envkey

envkey.load()

Seems to work.

Info:

➜  ~ pip3 show envkey
Name: envkey
Version: 2.0.8
Summary: EnvKey's Python library. Protect API keys and credentials. Keep configuration in sync.
Home-page: https://github.com/envkey/envkey-python
Author: EnvKey
Author-email: [email protected]
License: MIT


➜  ~ python3 --version
Python 3.8.2

I would like to be able to do:

import envkey

envkey.load(cache_enabled=True, dot_env_enabled=True, dot_env_path="/some/custom/path/here/.env")

Which worked in V1.

Envkey 401ing in the desktop app.

Environment variable not removed from Rails (with Spring preloader) when renamed in EnvKey

Hello, I just noticed a minor issue during development, but it could cause confusion when using an env var as a feature flag, etc.

Steps to reproduce:

Create an new variable in EnvKey under the dev environment, e.g. ENVKEY_WORKING=yes
Stop Spring if running (spring stop)
Start the Rails console
Check the var: puts ENV['ENVKEY_WORKING'] # => yes
Rename the variable in Envkey to ENVKEY_RUNNING
Restart the Rails console (with Spring)
Check the new var: puts ENV['ENVKEY_RUNNING'] # => yes
Check the old var: puts ENV['ENVKEY_WORKING'] # => yes

I would expect that the old ENVKEY_WORKING var would be removed. I can see how that would be tricky with the Spring preloader, but maybe you could store a list of variables that were set, and then compare that against the new list when the Rails process restarts, and remove any deleted ones from ENV.

Just a small issue but thought I should mention it! Cheers!

.env is not read if the ENVKEY was found in ~/.envkey/apps

Local overrides in .env within my app are either not read or are not honored if the ENVKEY is found within the ~/.envkey/apps directory.

# Here we see that .env contains a local setting for FOO, and no ENVKEY
$ cat .env
FOO=abcdefg

# Run envkey-source and observe that the output does not match .env
$ envkey-source --json | jq
{
  FOO=gfedcba
}

# Move the ENVKEY into .env
$ cat ~/.envkey/apps/ID.env >> .env

# Here we see that the output now honors the local override in .env
$ envkey-source --json | jq
{
  FOO=abcdefg
}

My understanding was that envkey-source (and therefore the other SDKs, in our case the Node SDK) would still read .env if it is found and would prefer the values in .env over its own. This behavior indicates that this is only the case when .env contains the ENVKEY.

feat: envkey-rs

hello, i am writing you in support of the development of a rust sdk for envkey. in the mean time i can use the command line binary. thank you,

Installer fails to add envkey tools to PATH on Windows 11

Even after confirming the UAC prompt during installation, %USERPROFILE%\bin doesn't get added to user's PATH automatically. Verified on Windows 11

envkey-ruby incorrectly handles error

I'm trying to use envkey-ruby in CI and getting the following error:

JSON::ParserError: 859: unexpected token at 'echo 'error: ENVKEY missing
'; false
'

Looking at the source, it seems to be expecting the output of the echo, not a string including echo in it.

Docs say envkey-source v2 is installed as 'envkey-source-v2' if envkey1-source is installed, but it isn't

Docs say:

Note that if you're coming from EnvKey v1 and already have envkey-source v1 installed locally when you install EnvKey v2 and start the EnvKey UI, envkey-source will be installed as envkey-source-v2 instead of envkey-source in order to avoid overwriting the v1 binary and breaking any of your v1-based workflows. You can also use the es alias.

https://docs-v2.envkey.com/docs/install#download-and-install-the-envkey-ui-and-cli

But if you actually try this, envkey-source v2 just overwrites the envkey v1 binary, and the exact break you describe happens:

envkey/public/sdks/envkey-source/install.sh

Line 110 in 9dd6075

mv envkey-source /usr/local/bin/

Envkey v2 cannot start after deleting user

Hi Dane, I'm currently using a self-hosting Envkey v2. Recently, I deleted some user that is not belong to our organization, then the envkey client got stuck and cannot start. I tried to reload and force reload and the issue is still happen. It look like there might be something wrong with the database but I cannot manage to check
Here is the log from client

Can't order new environment at front

Version: 2.2.3
OS: Windows 10, 10.0.19044 Build 19044

Repro:

create a new 4th env, I called it local
go to manage environments menu
order the new env such that it's at the top, above "development"
this causes the env to appear at the back, after "production" instead, when it should appear before "development" env

If you put the new env in between "development" or "staging" or at the end of "production" the order seems to work fine.

Misleading error wording when trying to envkey-source unauthorised ENVKEY

When you try to envkey-source an ENVKEY on unauthorised machine on which you don't have a corresponding ~/.envkey/apps/[APP_ID].env file in place, the error message says EnvKey CLI isn't installed or isn't in PATH even when that's not the case instead of clearly explaining the root cause.

Node SDK ignores the dotEnvFile configuration parameter

In the latest version (2.3.0) of node library, the dotEnvFile confguration parameter, which is described in its docs, is ignored (as in never added to the execArgs array) and never passed to the call of the underlying envkey-source binary.
This results in the ENVKEY missing error when trying to use that option.

Hosting on a PI4 (Community edition)

Hi !

I would like to launch the community edition on a rapsberry PI 4 but unfortunaltely this is not compatible.. :(

Here are some log about build && and a simple run.

docker build -t test-env-key:latest .
Sending build context to Docker daemon  36.07MB
Step 1/7 : FROM gcr.io/distroless/cc-debian10
latest: Pulling from distroless/cc-debian10
7d441aeb75fe: Pull complete 
21d6a6c3921f: Pull complete 
032e2e3ac1d5: Pull complete 
Digest: sha256:ad23034798c17a50bb7f57330391dae444f0c02614ddc08c2b99c5d5284d4893
Status: Downloaded newer image for gcr.io/distroless/cc-debian10:latest
 ---> 5c68551a719b
Step 2/7 : WORKDIR /usr/src/app
 ---> Running in 9e0eec701442
Removing intermediate container 9e0eec701442
 ---> c419b78c348e
Step 3/7 : COPY ./envkey-api .
 ---> f1eb08d33904
Step 4/7 : EXPOSE 3000
 ---> Running in 24261f4e6ec3
Removing intermediate container 24261f4e6ec3
 ---> df0b386d1877
Step 5/7 : EXPOSE 3001
 ---> Running in 8849587e7912
Removing intermediate container 8849587e7912
 ---> 192a5baca871
Step 6/7 : EXPOSE 3002
 ---> Running in 47908409c63a
Removing intermediate container 47908409c63a
 ---> 993c7518751f
Step 7/7 : ENTRYPOINT [ "./envkey-api" ]
 ---> Running in f9ce52d7993f
Removing intermediate container f9ce52d7993f
 ---> f1b420abd183
Successfully built f1b420abd183
Successfully tagged test-env-key:latest
umbrel@umbrel:~/tmp $ docker run -it test-env-key:latest test
exec ./envkey-api: exec format error
umbrel@umbrel:~/tmp $

I'm getting exec ./envkey-api: exec format error. Of course i didn't provide any envs since the app don't start at all. On others arch than the arch of my raspberry PI 4 it's working.

I have tried to build it for : linux/arm64 without success !

Thanks in advance for your help 🙏

Var created in UI but unavailable in envkey-source

Hello!
I got a really strange issue today creating some new vars.
Everything ok in the envkey UI, change commited, available on UI from others users. When I export the full env, the new variable is available.

However, on a specific env (the Development one), when checking envkey-source, the var is not available when it is available on the others one like staging or prod.

I renamed the var to "BLA", still unavailable.
I recreated an other var with the original problematic name and values : this new one is available. The problematic BLA one still unavailable, still only on the Development env.

I modify this BLA var to a different value : it's now available!
I remodify to the hypothetic problematic value : it's available..

I use the UI feature to rollback to initial value (which is yet the same) : it's unavailable again..

I know it's for sure impossible to reproduce on your side, and probably impossible to investigate, but I thought it can be interesting to say, at least if anyone has a such issue in the future!

Output vars without quotes

I just updated to v2 and I'm trying to load my env vars in a Github Action.
To do so, one is supposed to add them to a file like this:
echo "key=value" >> $GITHUB_ENV

I tried doing it via echo "$(envkey-source --dot-env)" >> $GITHUB_ENV but unfortunaly the --dot-env format adds single quotes around the values.

Would it be possible to add another format (--env maybe?) that prints them like --dot-env but without the quotes?
This would be perfect for the Github Actions use case.

$HOME is not defined

Using "envkey": "^2.0.8" in my typescript app and getting the error $HOME is not defined when running it in locally. I am on an m1 mac. When I run printenv I see the HOME variable is set. I can also run console.log(process.env.HOME) from my app and see the correct file path.

package.json script
"dev": "NODE_ENV=development nodemon --exec ts-node src/index.ts"

src/index.ts content

console.log(process.env.HOME)
import "envkey"
export {}

output

/Users/myDir
2022/06/20 21:13:15 $HOME is not defined
echo 'error: $HOME is not defined'; false

2022/06/20 21:13:15 $HOME is not defined

Any thoughts on what could be causing this?

Deadlock on startup with invalid ENVKEY

We're trying to use envkey v2.1.2 in a node:16.19.0 container.

We are observing the following error:

fatal error: all goroutines are asleep - deadlock!	
goroutine 1 [chan send]:	
github.com/envkey/envkey/public/sdks/envkey-source/fetch.httpGetAsync({0xc0000ee0e0, 0xdb}, {0x94e8d0, 0xc0000b4000}, 0xc0000822a0, 0xc000082300, 0x0)	
/Users/daneschneider/projects/envkey/v2/public/sdks/envkey-source/fetch/fetch.go:243 +0x418	
github.com/envkey/envkey/public/sdks/envkey-source/fetch.httpGet({0xc0000ee0e0, 0xdb}, 0x0)	
/Users/daneschneider/projects/envkey/v2/public/sdks/envkey-source/fetch/fetch.go:259 +0x91	
github.com/envkey/envkey/public/sdks/envkey-source/fetch.getJsonBody({0xc0000d6190, 0xc00011b7f0}, {0xc00002a007, 0x43}, {0x0, {0x0, 0x0}, {0x86e203, 0xd}, {0x93d0cc, ...}, ...}, ...)	
/Users/daneschneider/projects/envkey/v2/public/sdks/envkey-source/fetch/fetch.go:552 +0x152	
github.com/envkey/envkey/public/sdks/envkey-source/fetch.getJson({0xc0000d6190, 0x43}, {0xc00002a007, 0x19}, {0x0, {0x0, 0x0}, {0x86e203, 0xd}, {0x93d0cc, ...}, ...}, ...)	
/Users/daneschneider/projects/envkey/v2/public/sdks/envkey-source/fetch/fetch.go:446 +0x13e	
github.com/envkey/envkey/public/sdks/envkey-source/fetch.fetchEnv({0xc00002a007, 0xc314e0}, {0x0, {0x0, 0x0}, {0x86e203, 0xd}, {0x93d0cc, 0x5}, 0x0, ...}, ...)	
/Users/daneschneider/projects/envkey/v2/public/sdks/envkey-source/fetch/fetch.go:356 +0xe5	
github.com/envkey/envkey/public/sdks/envkey-source/fetch.FetchMap({0xc00002a007, 0x62}, {0x0, {0x0, 0x0}, {0x86e203, 0xd}, {0x93d0cc, 0x5}, 0x0, ...})	
/Users/daneschneider/projects/envkey/v2/public/sdks/envkey-source/fetch/fetch.go:82 +0x312	
github.com/envkey/envkey/public/sdks/envkey-source/cmd.run(0x7a5820, {0xc0000ae660, 0xc00011bd60, 0x6}, 0x1)	
/Users/daneschneider/projects/envkey/v2/public/sdks/envkey-source/cmd/run.go:119 +0x4a5	
/opt/node_modules/envkey/loader.js:170

Completions in fish shell are not working

I have installed the fish completions using the following command:
envkey completion install --shell fish

and I get this message:

Using /Users/myusername/.config/fish/config.fish Wrote backup shell file to /Users/myusername/.config/fish/config.fish.bak Installing shell autocomplete... EnvKey CLI completion was installed. It will be available after starting a new shell.
But when I start a new shell I get the following error:

~/.config/fish/config.fish (line 59): command substitutions not allowed here _yargs_completions() ^^ from sourcing file ~/.config/fish/config.fish called during startup
I have made sure I have the latest envkey and made sure to update my version of fish, and still see this issue.

Crypto Upgrade Required

I tried to recover my org, but when I get to the screen to add my computer name and sign in, I get the error Crypto upgrade required tried on Windows and Linux.

cannot load from home directory using envkey/envkeygo/v2

guys, when I am using envkey/envkeygo/v2, I cannot load the ENVKEY from the home directory env file, even though it is stated that it will look into the home directory https://github.com/envkey/envkeygo/blob/647a3a294c40bea14988a6bf1849829197baf38d/loader/loader.go#L22

it is set to "envFileOverride"
https://github.com/envkey/envkeygo/blob/647a3a294c40bea14988a6bf1849829197baf38d/loader/loader.go#L25

These conditions will never be met

envkey/public/sdks/envkey-source/env/env.go

Line 79 in 923147c

if envkey == "" && envFileOverride == "" {

or I am wrong in reading the code?

I am sorry for the broken English

UI client upgrade error

After migrating to a V2 organization :

Upgrade your desktop UI client to V2 (here v2.4.4)
When you launch it after, the following appears :
click "Upgrade all", the following popup shows up :

Logs (I censored some ids as I did not know if it were sensitive):

will write to log file at  /home/thomas/.envkey/logs/desktop-2023-04-05.log
{"ts":"2023-04-05T09:53:24.171Z","proc":"main","msg":"logger initialized with name desktop"}
{"ts":"2023-04-05T09:53:24.422Z","proc":"main","msg":"on:ready","version":"2.4.4"}
{"ts":"2023-04-05T09:53:24.750Z","proc":"main","msg":"startCore"}
{"ts":"2023-04-05T09:53:25.075Z","proc":"main","msg":"Core process status","alive":"2.4.2"}
{"ts":"2023-04-05T09:53:25.075Z","proc":"main","msg":"Core process is already running"}
{"ts":"2023-04-05T09:53:25.076Z","proc":"main","msg":"Starting core process alive check loop..."}
{"ts":"2023-04-05T09:53:25.076Z","proc":"main","msg":"core is running","currentAppVersion":"2.4.4"}
{"ts":"2023-04-05T09:53:25.077Z","proc":"main","msg":"Fetching root-device-key from file store..."}
{"ts":"2023-04-05T09:53:25.101Z","proc":"main","msg":"Fallback store initialized.","path":"/home/thomas/.config/envkey/envkey-keystore-fallback.json"}
{"ts":"2023-04-05T09:53:25.119Z","proc":"main","msg":"Fetched root-device-key."}
{"ts":"2023-04-05T09:53:25.131Z","proc":"main","msg":"Setting User-Agent with OS keyring auth token"}
{"ts":"2023-04-05T09:53:25.139Z","proc":"main","msg":"init updates loop"}
{"ts":"2023-04-05T09:53:25.144Z","proc":"main","msg":"app update loop initialized"}
{"ts":"2023-04-05T09:53:25.146Z","proc":"main","msg":"autoUpdater:info","data":["Checking for update"]}
{"ts":"2023-04-05T09:53:25.710Z","proc":"main","msg":"","currentVersion":"2.4.2","nextVersion":"2.4.3"}
{"ts":"2023-04-05T09:53:25.716Z","proc":"main","msg":"installMissingOrOutdatedCliTools","bundledCliInstalled":true,"cliLatestInstalledRes":{"nextVersion":"2.4.3","currentVersion":"2.4.2"},"cliVersion":"2.4.2","isUpgradingCli":false,"shouldInstallCli":false,"envkeySourceLatestInstalledRes":{"nextVersion":"2.3.0","currentVersion":"2.1.1"},"shouldInstallEnvkeysource":false}
{"ts":"2023-04-05T09:53:25.716Z","proc":"main","msg":"CLI tools already installed"}
{"ts":"2023-04-05T09:53:25.728Z","proc":"main","msg":"autoUpdater:info","data":["Update for version 2.4.4 is not available (latest version: 2.4.4, downgrade is disallowed)."]}
{"ts":"2023-04-05T09:53:25.756Z","proc":"main","msg":"","currentVersion":"2.4.2","nextVersion":"2.4.3"}
{"ts":"2023-04-05T09:53:25.757Z","proc":"main","msg":"finished checking updates","hasDesktopUpgrade":false,"hasCliUpgrade":true,"hasEnvkeysourceUpgrade":true}
{"ts":"2023-04-05T09:53:27.342Z","proc":"main","msg":"[ui-console] RWS>","data":["connect",0]}
{"ts":"2023-04-05T09:53:27.342Z","proc":"main","msg":"[ui-console] RWS>","data":["next delay",0]}
{"ts":"2023-04-05T09:53:27.342Z","proc":"main","msg":"[ui-console] fetching core state","data":{"accountId":"[CENSORED]"},"ui-ts":"2023-04-05T09:53:26.303Z"}
{"ts":"2023-04-05T09:53:27.342Z","proc":"main","msg":"[ui-console] RWS>","data":["connect",{"url":"ws://localhost:19048"}]}
{"ts":"2023-04-05T09:53:27.342Z","proc":"main","msg":"[ui-console] RWS>","data":"addListeners"}
{"ts":"2023-04-05T09:53:27.342Z","proc":"main","msg":"[ui-console] RWS>","data":"open event"}
{"ts":"2023-04-05T09:53:27.342Z","proc":"main","msg":"[ui-console] fetching core state","data":{"accountId":"[CENSORED]"},"ui-ts":"2023-04-05T09:53:26.340Z"}
{"ts":"2023-04-05T09:53:27.343Z","proc":"main","msg":"[ui-console] fetched core state, applying update","data":{"accountId":"[CENSORED]"},"ui-ts":"2023-04-05T09:53:26.374Z"}
{"ts":"2023-04-05T09:53:27.343Z","proc":"main","msg":"[ui-console] updating core state","data":{"bytes":348748},"ui-ts":"2023-04-05T09:53:26.374Z"}
{"ts":"2023-04-05T09:53:27.343Z","proc":"main","msg":"[ui-console] redirecting to org:","data":"/org/[CENSORED]","ui-ts":"2023-04-05T09:53:26.413Z"}
{"ts":"2023-04-05T09:53:27.343Z","proc":"main","msg":"[ui-console] got pending update and conflicts info","data":[],"ui-ts":"2023-04-05T09:53:26.438Z"}
{"ts":"2023-04-05T09:53:27.343Z","proc":"main","msg":"[ui-console] signed_in_account_container: won't render yet","auth":true,"auth.token":true,"shouldFetchSession":false,"currentUser":{"type":"orgUser","id":"[CENSORED]","createdAt":1680679437368,"updatedAt":1680680891531,"deletedAt":0,"email":"[CENSORED]","uid":"[CENSORED]","provider":"email","firstName":"Thomas","lastName":"Dutreuilh","invitedById":"[CENSORED]","isCreator":false,"inviteAcceptedAt":1680680891531,"orgRoleId":"[CENSORED]","orgRoleUpdatedAt":1680679437368,"importId":"[CENSORED]"},"auth.orgId":"[CENSORED]","orgId":"[CENSORED]","shouldRedirectPath":false,"uiTree":false}
{"ts":"2023-04-05T09:53:27.343Z","proc":"main","msg":"[ui-console] dispatch:","data":"envkey/client/SET_UI_LAST_SELECTED_URL","ui-ts":"2023-04-05T09:53:26.440Z"}
{"ts":"2023-04-05T09:53:27.343Z","proc":"main","msg":"[ui-console] applied core state update","data":{"accountId":"[CENSORED]"},"ui-ts":"2023-04-05T09:53:26.805Z"}
{"ts":"2023-04-05T09:53:27.343Z","proc":"main","msg":"[ui-console] fetched core state, applying update","data":{"accountId":"[CENSORED]"},"ui-ts":"2023-04-05T09:53:26.961Z"}
{"ts":"2023-04-05T09:53:27.343Z","proc":"main","msg":"[ui-console] updating core state","data":{"bytes":348748},"ui-ts":"2023-04-05T09:53:26.961Z"}
{"ts":"2023-04-05T09:53:27.343Z","proc":"main","msg":"[ui-console] applied core state update","data":{"accountId":"[CENSORED]"},"ui-ts":"2023-04-05T09:53:27.027Z"}
{"ts":"2023-04-05T09:53:27.343Z","proc":"main","msg":"[ui-console] core result:","data":"envkey/client/SET_UI_LAST_SELECTED_URL","ui-ts":"2023-04-05T09:53:27.027Z"}
{"ts":"2023-04-05T09:53:27.515Z","proc":"main","msg":"client upgrade available","cli":{"nextVersion":"2.4.3","currentVersion":"2.4.2","notes":{"2.4.3":"- Fixes for v1 > v2 upgrade error handling\n- Logging improvements\n- Fix for rare crash when the OS wakes from sleep"}},"envkeysource":{"nextVersion":"2.3.0","currentVersion":"2.1.1","notes":{"2.3.0":"Automatic upgrades from EnvKey v1","2.1.3":"Fix for --force / -f flag applying overrides when it shouldn't","2.1.2":"Fix for overrides from .env file not being correctly applied"}}}
{"ts":"2023-04-05T09:53:28.523Z","proc":"main","msg":"[ui-console] Root - upgrade available","data":{"cli":{"nextVersion":"2.4.3","currentVersion":"2.4.2","notes":{"2.4.3":"- Fixes for v1 > v2 upgrade error handling\n- Logging improvements\n- Fix for rare crash when the OS wakes from sleep"}},"envkeysource":{"nextVersion":"2.3.0","currentVersion":"2.1.1","notes":{"2.3.0":"Automatic upgrades from EnvKey v1","2.1.3":"Fix for --force / -f flag applying overrides when it shouldn't","2.1.2":"Fix for overrides from .env file not being correctly applied"}}},"ui-ts":"2023-04-05T09:53:27.517Z"}
{"ts":"2023-04-05T09:53:32.430Z","proc":"main","msg":"[ui-console] RWS>","data":"accept open"}
{"ts":"2023-04-05T09:53:54.804Z","proc":"main","msg":"autoUpdater:error  ","data":["Error: Error: Please check update first\n    at l.downloadUpdate (/tmp/.mount_EnvKeyZeH9Fg/resources/app/bundle.js:3:247948)\n    at /tmp/.mount_EnvKeyZeH9Fg/resources/app/bundle.js:275:71981\n    at Generator.next (<anonymous>)\n    at /tmp/.mount_EnvKeyZeH9Fg/resources/app/bundle.js:275:68803\n    at new Promise (<anonymous>)\n    at o (/tmp/.mount_EnvKeyZeH9Fg/resources/app/bundle.js:275:68548)\n    at Object.t.downloadAndInstallUpgrade (/tmp/.mount_EnvKeyZeH9Fg/resources/app/bundle.js:275:71739)\n    at IpcMainImpl.<anonymous> (/tmp/.mount_EnvKeyZeH9Fg/resources/app/bundle.js:3:156660)\n    at IpcMainImpl.emit (events.js:315:20)\n    at IpcMainImpl.EventEmitter.emit (domain.js:467:12)"]}
{"ts":"2023-04-05T09:53:54.806Z","proc":"main","msg":"autoUpdater download failed","err":{"name":"Error","message":"Please check update first","stack":"Error: Please check update first\n    at l.downloadUpdate (/tmp/.mount_EnvKeyZeH9Fg/resources/app/bundle.js:3:247948)\n    at /tmp/.mount_EnvKeyZeH9Fg/resources/app/bundle.js:275:71981\n    at Generator.next (<anonymous>)\n    at /tmp/.mount_EnvKeyZeH9Fg/resources/app/bundle.js:275:68803\n    at new Promise (<anonymous>)\n    at o (/tmp/.mount_EnvKeyZeH9Fg/resources/app/bundle.js:275:68548)\n    at Object.t.downloadAndInstallUpgrade (/tmp/.mount_EnvKeyZeH9Fg/resources/app/bundle.js:275:71739)\n    at IpcMainImpl.<anonymous> (/tmp/.mount_EnvKeyZeH9Fg/resources/app/bundle.js:3:156660)\n    at IpcMainImpl.emit (events.js:315:20)\n    at IpcMainImpl.EventEmitter.emit (domain.js:467:12)"}}
{"ts":"2023-04-05T09:53:54.807Z","proc":"main","msg":"autoUpdater download","error":true}
{"ts":"2023-04-05T09:53:54.807Z","proc":"main","msg":"Sending upgrade-error to webContents","win":true}
{"ts":"2023-04-05T09:53:54.832Z","proc":"main","msg":"autoUpdater:info","data":["Checking for update"]}
{"ts":"2023-04-05T09:53:55.558Z","proc":"main","msg":"autoUpdater:info","data":["Update for version 2.4.4 is not available (latest version: 2.4.4, downgrade is disallowed)."]}
{"ts":"2023-04-05T09:53:55.695Z","proc":"main","msg":"","currentVersion":"2.4.2","nextVersion":"2.4.3"}
{"ts":"2023-04-05T09:53:55.695Z","proc":"main","msg":"finished checking updates","hasDesktopUpgrade":false,"hasCliUpgrade":true,"hasEnvkeysourceUpgrade":true}
{"ts":"2023-04-05T09:53:56.997Z","proc":"main","msg":"client upgrade available","cli":{"nextVersion":"2.4.3","currentVersion":"2.4.2","notes":{"2.4.3":"- Fixes for v1 > v2 upgrade error handling\n- Logging improvements\n- Fix for rare crash when the OS wakes from sleep"}},"envkeysource":{"nextVersion":"2.3.0","currentVersion":"2.1.1","notes":{"2.3.0":"Automatic upgrades from EnvKey v1","2.1.3":"Fix for --force / -f flag applying overrides when it shouldn't","2.1.2":"Fix for overrides from .env file not being correctly applied"}}}

Received an error message of "api error: Both xsel and fallback failed" at the email confirmation step.

I'm stuck at the email confirmation step. The error on the server returned is "api error: Both xsel and fallback failed".

Ruby gem tries to load envkey-source on Rails

Aloha! I'm following the README for the Ruby library for Ruby on Rails and getting the following error:

sh: /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/envkey-2.0.6/ext/envkey-source_2.0.22_darwin_arm64/envkey-source: No such file or directory

My understanding is we aren't "required" to have envkey-source installed? I also hit the same issue if I install envkey-source on my machine

Steps to Reproduce

Generate a .envkey in the Rails app root directory
Add the envkey gem to the Gemfile
Add dotenv-rails gem to the Gemfile (loads .env into ENV)
Add the ENVKEY server value to .env
Start the Rails server or Rails console using the mentioned command:

es -w --rolling -- rails s
# OR
es -w --rolling -- rails c

Stack Trace

Traceback (most recent call last):
	26: from bin/rails:4:in `<main>'
	25: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/bootsnap-1.11.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in `require'
	24: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/bootsnap-1.11.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in `require'
	23: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/railties-7.0.2.3/lib/rails/commands.rb:18:in `<main>'
	22: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/railties-7.0.2.3/lib/rails/command.rb:48:in `invoke'
	21: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/railties-7.0.2.3/lib/rails/command/base.rb:87:in `perform'
	20: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/thor-1.2.1/lib/thor.rb:392:in `dispatch'
	19: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/thor-1.2.1/lib/thor/invocation.rb:127:in `invoke_command'
	18: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/thor-1.2.1/lib/thor/command.rb:27:in `run'
	17: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/railties-7.0.2.3/lib/rails/commands/console/console_command.rb:101:in `perform'
	16: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/railties-7.0.2.3/lib/rails/command/actions.rb:14:in `require_application_and_environment!'
	15: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/railties-7.0.2.3/lib/rails/command/actions.rb:22:in `require_application!'
	14: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/bootsnap-1.11.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in `require'
	13: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/bootsnap-1.11.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in `require'
	12: from /Users/userx/Personal/walkster/config/application.rb:19:in `<main>'
	11: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/bundler-2.2.33/lib/bundler.rb:175:in `require'
	10: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/bundler-2.2.33/lib/bundler/runtime.rb:44:in `require'
	 9: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/bundler-2.2.33/lib/bundler/runtime.rb:44:in `each'
	 8: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/bundler-2.2.33/lib/bundler/runtime.rb:55:in `block in require'
	 7: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/bundler-2.2.33/lib/bundler/runtime.rb:55:in `each'
	 6: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/bundler-2.2.33/lib/bundler/runtime.rb:60:in `block (2 levels) in require'
	 5: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/bootsnap-1.11.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in `require'
	 4: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/bootsnap-1.11.1/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in `require'
	 3: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/envkey-2.0.6/lib/envkey.rb:4:in `<main>'
	 2: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/envkey-2.0.6/lib/envkey/core.rb:16:in `load_env'
	 1: from /Users/userx/.rbenv/versions/2.7.4/lib/ruby/2.7.0/json/common.rb:156:in `parse'
/Users/userx/.rbenv/versions/2.7.4/lib/ruby/2.7.0/json/common.rb:156:in `parse': 783: unexpected token at 'sh: /Users/userx/.rbenv/versions/2.7.4/lib/ruby/gems/2.7.0/gems/envkey-2.0.6/ext/envkey-source_2.0.22_darwin_arm64/envkey-source: No such file or directory (JSON::ParserError)

Properly handle exit codes and grandchild processes with envkey-source

As described in this comment: https://news.ycombinator.com/item?id=30858713

envkey-source needs to properly handle SIGCHLD signals on unix to avoid potential zombie processes.

SMTP_TRANSPORT_JSON Issue with Nodemailer and Port Configuration in Dockerized EnvKey Setup

Description:

I am experiencing an issue with the SMTP_TRANSPORT_JSON configuration and Nodemailer within a Docker container deployment of EnvKey, using the distroless image. This problem is preventing the sending of user signup verification tokens, which is a critical blocker to proceed with user onboarding.

The SMTP_TRANSPORT_JSON environment variable is set as follows:

SMTP_TRANSPORT_JSON={"host": "xxx", "port": 25, "auth": {"user": "xxx", "pass": "xxx" }}

According to this configuration, Nodemailer should use port 25 for SMTP transport. However, it appears that Nodemailer is erroneously using port 443, leading to a "connection refused" error.

I followed the deployment instructions from here for community self-hosting EnvKey in a Docker container, but this SMTP/Nodemailer issue has stymied progress.

I would appreciate any insights or potential solutions to resolve this problem. Thank you.

envkey-python: Provide API for specifying cache dir

At the moment, I can toggle the use of cache:

import envkey

all_conf = envkey.fetch_env(cache_enabled=True)

But AFAIU, the cache files are all held under ~/.envkey/cache/. However, my unix user is launching 4 processes at boot. All of which make use of Envkey in different ways (each have their own Envkey app, some share it). I would prefer to keep the cache files under their own directory, near each app's code, i.e. ~/app-1/.envkey/cache.

Production Trusted IPs does not allow enough IPs

Hiya,

We have a use case for more than the 20 or so IPs that Production Trusted IPs currently supports on our org.

This worked fine in Envkey1. Envkey2 seems to limit it for some reason. Is this a technical limitation or a UI one?

Also, can this be changed back to a freetext field please? It is laborious to enter them one at a time and it's easy to fat-finger a deletion and not know which one you've deleted, and then you have to hunt for it... just a pain all around :)

Node SDK fails when the app has a pending update

We are using the Node SDK (version 2.1.1), and I've seen several reports from developers in our org where our app suddenly fails to run with an error from envkey. They report that after opening the EnvKey app an update prompt appears and, following the update, our app resumes working correctly.

I'll try to come up with less anecdotal information once I can examine the problem in situ.

Multi-line edit mode doesn't work when opening block vars from app

Version: 2.2.3
OS: Windows 10, 10.0.19044 Build 19044

Repro:

create a block with variable and value that's very long
connect above block to an app
open the long value block var from the app
the multi-line editor will fail to show the values

The multi-line editor only fails if you open the block var from an app. If you open the block var from the block menu it works fine.

Also I have a new 4th env connected to all blocks and apps, not sure if that matters.

envkey-python v1 security leak: ENVKEY value is logged when envkey-fetch binary fails

In this block of code:

envkey/public/sdks/languages-and-frameworks/python/pkg/envkey/fetch.py

Lines 68 to 72 in 599e585

 try: 

 res = subprocess.check_output(args, env=env).decode(encoding="utf-8").rstrip() 

 except subprocess.CalledProcessError as err: 

 print("envkey-source " + err.output.decode(encoding="utf-8"), file=sys.stderr) 

 raise ValueError("ENVKEY invalid. Couldn't load vars.")

when envkey-fetch returns a non-zero status, a ValueError exception is raised inside the except block, but that ValueError exception instance is chained automatically to the original subprocess.CalledProcessError, so both exceptions will be logged if the ValueError exception kills the process (or is printed somewhere). In that case something like this will be printed out:

 Traceback (most recent call last):
  File "/env/lib/python3.7/site-packages/envkey/fetch.py", line 55, in fetch_env
    res = subprocess.check_output(args).decode(encoding="utf-8").rstrip()
  File "/opt/python3.7/lib/python3.7/subprocess.py", line 411, in check_output
    **kwargs).stdout
  File "/opt/python3.7/lib/python3.7/subprocess.py", line 512, in run
    output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['/env/lib/python3.7/site-packages/envkey/ext/envkey-fetch_1.2.9_linux_amd64/envkey-fetch', 'XXXXXXXXXXXXXXXXXXXX-YYYYYYYYYYYYYYYY', '--client-name', 'envkey-python', '--client-version', '1.3.2', '--cache']' returned non-zero exit status 1.

During handling of the above exception, another exception occurred:

(...)
  File "/usr/local/lib/python3.9/site-packages/envkey/__init__.py", line 7, in <module>
    load(is_init=True)
  File "/usr/local/lib/python3.9/site-packages/envkey/loader.py", line 26, in load
    fetch_res = fetch_env(key, cache_enabled=cache_enabled)
  File "/usr/local/lib/python3.9/site-packages/envkey/fetch.py", line 58, in fetch_env
    raise ValueError("ENVKEY invalid. Couldn't load vars.")
ValueError: ENVKEY invalid. Couldn't load vars.

As you can see, printing the first exception leaks the ENVKEY value ('XXXXXXXXXXXXXXXXXXXX-YYYYYYYYYYYYYYYY') to the log

ENVKEY not found if cwd is a subdirectory

If executing a process within a subdirectory of an app the ENVKEY will not be found.

I see the ENVKEY load order here. There is a pretty standard practice (eg Git) of scanning upwards through the directory structure for config files, stopping at the filesystem root.

The load order could look something like this:

ENVKEY environment variable is set
.env file in the current directory (or --env-file override)
.env file in a parent directory
.envkey config file in current directory + file at ~/.envkey/apps/[appId].env
.envkey config file in a parent directory + file at ~/.envkey/apps/[appId].env
~/.env
Bail

This would allow me to run EnvKey integrated commands from anywhere within my app's directory structure.

I'm not positive, but anecdotally I recall being able to do this with the Node SDK in EnvKey 1. I noticed when upgrading to EnvKey 2 that the Node SDK lost its dependence on dotenv (presumably because this is handled by envkey-source now) so that could have been dotenv's behavior.

Adding variables to block doesn't show up in UI

Version: 2.2.3
OS: Windows 10, 10.0.19044 Build 19044

Repro:

create a new block
add variable to block
commit the changes with a message
variables don't show up immediately in UI, looks as if block is empty
the added variables only show up if envkey is reloaded with Ctrl+R

May or may not be related, but I have a new 4th environment on top of dev, staging and prod that's linked to all blocks.

how to call `envkey.fetch_env` in envkey2?

How can we call envkey.fetch_env with the envkey value passed as parameter?

As documented, it should be like in v1:

import envkey
import os

config = envkey.fetch_env(os.environ['ENVKEY'], cache_enabled=True)

However I can see that it now accepts only the optional parameter cache_enabled, but not the envkey value anymore.

envkey/public/sdks/languages-and-frameworks/python/pkg/envkey/fetch.py

Line 48 in dd1e09c

def fetch_env(cache_enabled=False):

I may have missed something obvious 🤔 or is there an alternative?

thanks,

	try:
	res = subprocess.check_output(args, env=env).decode(encoding="utf-8").rstrip()
	except subprocess.CalledProcessError as err:
	print("envkey-source " + err.output.decode(encoding="utf-8"), file=sys.stderr)
	raise ValueError("ENVKEY invalid. Couldn't load vars.")

envkey / envkey Goto Github PK

envkey's Introduction

End-to-end encryption for app secrets. Superpowers for managing config.

Easy integration

Why EnvKey?

Install

Docs

Coming from v1?

Security

Status

Bugs

Discussion and Community

Support

License

Contributing

Development

envkey's People

Contributors

Stargazers

Watchers

Forkers

envkey's Issues

Steps to reproduce:

Recommend Projects

Recommend Topics

Recommend Org