Share encrypted environment files through Git
Encrypt ENV variables so they are safe to store in version control
Encrypt .env values so agents and tools can't read secrets in plain text. Native Bun dependencies
Encrypt .env secrets with AES-256-GCM. Decrypt in memory only. Cryptographic proof of every access. Claude Code Skill included.
a secure dotenv–from the creator of `dotenv`
Use ENVs securely with encryption
OpenPGP.js is a Javascript implementation of the OpenPGP protocol. This is defined in RFC 4880.
This libraries is used to securely store data in local storage
Wrapper for encrypted localStorage and sessionStorage in browser
A simple CLI tool for encrypting and decrypting .env files
[](https://travis-ci.org/auth0/node-xml-encryption)
The *client-node* module includes all of the modules you need to use the AWS Encryption SDK for JavaScript with Node.js.
[](https://travis-ci.org/auth0/node-xml-encryption)
Zero-dependency tool to encrypt .env files into secure .env.lock files using AES-256-GCM encryption
Encrypt .env secrets at rest with GPG
A Babel preset for each environment.
Offers getProxyForUrl to get the proxy URL for a URL, respecting the *_PROXY (e.g. HTTP_PROXY) and NO_PROXY environment variables.
Encrypt your Redux store.
AWS credential provider that sources credentials from known environment variables
Encrypt .env files and protect secrets from AI coding agents
Runtime agnostic JS utils
Alternative to transcrypt with simpler mental model and 0 dependencies
Run scripts that set and use environment variables across platforms
A secrets manager for .env files – from the same people that pioneered dotenv.
Encrypts and decrypts environment variables
Allows for reading and writing to the ENV in an encrypted way
Pass around AES keys then check .env.encrypted into your repo
dotenvcrypt ensures your .env files - and, by extension, any secrets within them - are encrypted, enabling storage of these files directly within Git.
Utilities to protect the application env. Use an keypair to encrypt an env Hash to a blob and populate ENV from the encryped blob.
One API to load .env, YAML, JSON, TOML, environment variables, and defaults with automatic type coercion, layered priority, AES-256-GCM encryption, schema validation, variable interpolation, sensitive value masking, and file watching.
Pure Ruby library for encrypting and decrypting .env files using AES-256-GCM
Combine the benefits of the widely used ENV vars approach with the encrypted credentials of Rails 6+. Share a single key with your team to unlock the version-control changes of all API keys.
Ravioli combines all of your app's runtime configuration into a unified, simple interface. It automatically loads and combines YAML config files, encrypted Rails credentials, and ENV vars so you can focus on writing code and not on where configuration comes from
Load secrets from Bella Baxter into your Ruby or Rails application. Uses Kiota-generated client with HMAC-SHA256 authentication and transparent end-to-end encryption via Faraday middleware. Supports Rails auto-loading via Railtie and direct ENV injection.
Sym is a ruby library (gem) that offers both the command line interface (CLI) and a set of rich Ruby APIs, which make it rather trivial to add encryption and decryption of sensitive data to your development or deployment workflow. For additional security the private key itself can be encrypted with a user-generated password. For decryption using the key the password can be input into STDIN, or be defined by an ENV variable, or an OS-X Keychain Entry. Unlike many other existing encryption tools, Sym focuses on getting out of your way by offering a streamlined interface with password caching (if MemCached is installed and running locally) in hopes to make encryption of application secrets nearly completely transparent to the developers. Sym uses symmetric 256-bit key encryption with the AES-256-CBC cipher, same cipher as used by the US Government. For password-protecting the key Sym uses AES-128-CBC cipher. The resulting data is zlib-compressed and base64-encoded. The keys are also base64 encoded for easy copying/pasting/etc. Sym accomplishes encryption transparency by combining several convenient features: 1. Sym can read the private key from multiple source types, such as pathname, an environment variable name, a keychain entry, or CLI argument. You simply pass either of these to the -k flag — one flag that works for all source types. 2. By utilizing OS-X Keychain on a Mac, Sym offers truly secure way of storing the key on a local machine, much more secure then storing it on a file system, 3. By using a local password cache (activated with -c) via an in-memory provider such as memcached, sym invocations take advantage of password cache, and only ask for a password once per a configurable time period, 4. By using SYM_ARGS environment variable, where common flags can be saved. This is activated with sym -A, 5. By reading the key from the default key source file ~/.sym.key which requires no flags at all, 6. By utilizing the --negate option to quickly encrypt a regular file, or decrypt an encrypted file with extension .enc 7. By implementing the -t (edit) mode, that opens an encrypted file in your $EDITOR, and replaces the encrypted version upon save & exit, optionally creating a backup. 8. By offering the Sym::MagicFile ruby API to easily read encrypted files into memory. Please refer the module documentation available here: https://www.rubydoc.info/gems/sym
Credentials like passwords, access tokens and other secrets are often passed to sites each by it's own ENV variable. This is both uncool, non-atomic and therefore unreliable. Use this plugin to store your credentials in encrypted YAML files which you can safely commit to your source code repository. In order to use all of them in Bridgetown, you have to set or pass exactly one ENV variable holding the key to decrypt.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.
No description provided.