Add encryption for .env file with public key

hironow · Dec 1, 2024 · 605920d · 605920d
1 parent 1d9b178
commit 605920d
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 8 deletions.
diff --git a/.env b/.env
@@ -1,3 +1,8 @@
-#!/usr/bin/env bash
+#/-------------------[DOTENV_PUBLIC_KEY]--------------------/
+#/            public-key encryption for .env files          /
+#/       [how it works](https://dotenvx.com/encryption)     /
+#/----------------------------------------------------------/
+DOTENV_PUBLIC_KEY="03a314d6400fc20312bda8f2de45527ad5131a997a3f499c6f39bc604870bcf98d"
 
-export FOO_FROM_FILE="foo_from_file"
+# .env
+HELLO="encrypted:BJZ9rOjh8obcKXpxjqCZ4Ufb2x4K6ujVl+HGBZLufm2lecJKh/0rRJkaqnMuXqCXdi126TsCONlvgX8abdrifMaEueFyU5kYXabRkEBUGTJzUzbnrRAPXnzOo9IrsmYiEDe6/ZoC"
diff --git a/.gitignore b/.gitignore
@@ -6,8 +6,13 @@ Brewfile.lock.json
 venv
 __pycache__
 
+# private
 private/
 
+# env
+.env.keys
+
+# node
 *-debug.log
 *.log
 

diff --git a/README.md b/README.md
@@ -20,10 +20,14 @@ mx uv sync
 mx make
 
 # mise env
-mise set
-
+mx dotenvx run -- mise set
 # mise env with github credentials (use gh extension)
 gh do -- mise set
+
+# set env by dotenvx (encrypted)
+mx dotenvx set HELLO World
+# set env by mise (plain, unencrypted)
+mx mise set WORLD=hello
 ```
 
 ## references
@@ -32,3 +36,4 @@ gh do -- mise set
 - [uv](https://github.com/astral-sh/uv)
 - [gh do](https://github.com/k1LoW/gh-do)
 - [localhost](https://blog.jxck.io/entries/2020-06-29/https-for-localhost.html)
+- [dotenvx](https://dotenvx.com/)
diff --git a/mise.toml b/mise.toml
@@ -1,11 +1,11 @@
 min_version = "2024.1.1"
+
 [env]
-_.file = [".env"]
-_.path = ["./target/debug", "./node_modules/.bin"]
-FOO = "bar"
-FOO_NUM = 1
+_.file = [".env"] # encrypted by dotenvx
+# below as plain dotenv
 THIS_PROJECT = "{{config_root}}-{{cwd}}"
 CERTIFICATES_DIR = "{{config_root}}/private/certificates/live/"
+WORLD = "hello"
 
 
 [tools]