config icon indicating copy to clipboard operation
config copied to clipboard
verified publisher icon nestjs

support for loading dotenv vault

Open BluestockLabs opened this issue 1 year ago • 7 comments

Is there an existing issue that is already proposing this?

  • [X] I have searched the existing issues

Is your feature request related to a problem? Please describe it

I recently made the switch from using just dotenv to using dotenv-vault. Most things stay the same except it allows you to sync dotenv files securely and provides central management for it.

I was just about to deploy an app when I noticed it wasn't reading the env files after I had provided the DOTENV_KEY. I did a little digging around and it doesn't seem like this config module from nest supports that.

Describe the solution you'd like

I'd like support for loading environment variables from encrypted .env.vault files after providing the DOTENV_KEY.

Teachability, documentation, adoption, migration strategy

No response

What is the motivation / use case for changing the behavior?

Though dotenv-vault is relatively new compared to dotenv, I believe adoption is growing and sooner or later Nestjs users will request for support for this feature (I'm actually a bit surprised that no one as asked about this yet)

BluestockLabs avatar Apr 24 '24 21:04 BluestockLabs

Sorry, I was logged in to a client's account. @drvnprgrmr is the actual author of this issue.

BluestockLabs avatar Apr 24 '24 21:04 BluestockLabs

Yeah. Mistake on my part.

drvnprgrmr avatar Apr 24 '24 21:04 drvnprgrmr

can you please share the exact steps (or a repository) that reproduces this potential limitation of @nestjs/config? I want to make sure that this is not a misconfiguration on the consumer side. I just tested the npx dotenv-vault@latest pull feature, which is working fine because it just downloads the .env that will be read by @nestjs/config later

micalevisk avatar Jun 22 '24 02:06 micalevisk

@micalevisk yes all those work. The issue is that @nestjs/config doesn't automatically decrypt the dotenv vault based on the environment variable: DOTENV_KEY.

I believe that's the whole point of the vault. That way you don't have to always update your environment variables on whatever server you're using. Just commit the vault and push and your environment is reflected.

drvnprgrmr avatar Jun 27 '24 20:06 drvnprgrmr

The issue is that @nestjs/config doesn't automatically decrypt the dotenv vault based on the environment variable: DOTENV_KEY.

Does dotenv alone automatically decrypt the dotenv vault?

kamilmysliwiec avatar Jul 01 '24 07:07 kamilmysliwiec

yes, like this: https://github.com/dotenv-org/examples/blob/master/usage/dotenv-vault-custom-target/index.js

image

  • there is no .env file locally

note that you can have an env. var called DOTENV_KEY instead of supplying it to dotenv.config()

not sure how we could support it on @nestjs/config tho. I guess configService.get("HELLO") should return "Universe", in that example. And this is not working.

micalevisk avatar Jul 01 '24 14:07 micalevisk

@kamilmysliwiec Yes it does. image

drvnprgrmr avatar Jul 01 '24 14:07 drvnprgrmr

It sounds like dotenv-vault is going to be deprecated in favor of dotenvx anyway

image

https://github.com/dotenvx/dotenvx?tab=readme-ov-file#what-happened-to-the-envvault-file

kamilmysliwiec avatar Aug 09 '24 07:08 kamilmysliwiec

It sounds like dotenv-vault is going to be deprecated in favor of dotenvx anyway

image

https://github.com/dotenvx/dotenvx?tab=readme-ov-file#what-happened-to-the-envvault-file

Okay thanks for that. I didn't know.

drvnprgrmr avatar Aug 09 '24 20:08 drvnprgrmr