💪 Strong Config
Have you ever...
.env
files after you made a change?
.env
files to GitHub?
.env
just like in a JavaScript object?
Strong Config is here to help!
.env
files
Example config before encryption
# A top-level config value which will be available to your application as `config.logger`
logger:
# A nested value which will be available as `config.logger.level`
level: DEBUG
auth:
apiClientId: non-secret-client-id
# A secret. Every key with a 'Secret' suffix will be encrypted by Strong Config (e.g. 'encryptMeSecret')
apiSecret: top-secret-api-credential
# A dynamic value that will be substituted at runtime with the value of the environment variable $SHELL
shell: ${SHELL}
Example config after encryption
logger:
# This value remains as is because it doesn't have a 'Secret' suffix
level: DEBUG
auth:
apiClientId: non-secret-client-id
# This is now encrypted and safe to commit into version control :)
apiSecret: ENC[AES256_GCM,data:aeQ+hlVIah7WyJoVR/Jbkb6GLH7ihsV0D81+U++pkiWD0zeoRL/Oe9Q3Tz6j/TNvKKVDnohIMyw3UVjELOuSY+A==,iv:nVRZWogV4B7o=,tag:KrE2jssfP4uCvqq+pc/JyQ==,type:str]
# Also still the same value which will be substituted only at runtime
shell: ${SHELL}
# The below section is auto-generated by sops and contains important metadata to
# decrypt the config at runtime. Do not manually edit or delete this section.
sops:
gcp_kms:
- resource_id: projects/my-project/locations/europe-west2/keyRings/my-project-key-ring/cryptoKeys/my-strong-config-key
created_at: '2020-01-07T10:11:12Z'
enc: AiAAmdAgj1dw1XdD2MsVpvmA4Deo867hmcX2B3NDhe9BCF2axuZ18hJJFK9oBlE1BrD70djwqi+L8T+NRNVnGUP+1//w8cJATAfJ8W/cQZFcdFTqjezC+VYv9xYI8i1bRna4xfFo/INIJtFDR38ZH1nrQg==
lastmodified: '2020-01-07T10:11:12Z'
mac: ENC[AES256_GCM,data:ABcd1EF2gh3IJKl4MNOpQr5stuvWXYz6sBCDEfGhIjK=,iv:A1AaAAAaa111a1Aa111AA/aaaAaaAAaa+aAaAaAAAaA=,tag:AAaaA1a1aaaAa/aa11AaaA==,type:str]
encrypted_suffix: Secret
version: 3.5.0
Quickstart
For the full documentation, check https://strong-config.dev. Here's a short teaser:
-
Install
@strong-config/node
and the SOPS binary.npm install @strong-config/node # or yarn add @strong-config/node
Sidenote: The Sops Binary After package installation, Strong Config automatically runs a
postinstall
script that checks for availability of the sops binary on your system. If it can't find the sops binary, it will try to download it tonode_modules/.bin/sops
which is always part of$PATH
when youyarn run
ornpm run
scripts. Alternatively, you can also install sops globally viabrew install sops
(macOS). For other systems check the official sops releases on GitHub. -
Create a config file
# By default, strong-config uses the ./config folder. # You can configure this to be a different folder via the options mkdir config # We'll use YAML here, but this could also JSON echo "myFirstConfig: strong" > config/development.yml echo "myFirstSecret: a development secret" >> config/development.yml
-
Load config in your application code
/* src/config.js */ const StrongConfig = require('@strong-config/node') // Instantiate StrongConfig, then decrypt and load config file const config = new StrongConfig().getConfig() // This will print "{ myFirstConfig: 'strong' }" to the console console.log(config) /* * OPTIONAL (but recommended) * Call `new StrongConfig()` just once in your application, then export the memoized config for other files to use. * If you call `new StrongConfig()` again from another file, it would still work, but would re-instantiate a new * StrongConfig instance and load the config file from disk again which is slower than loading it from memory. */ module.exports = config
-
Run your app
strong-config
relies on theNODE_ENV
environment variable to determine which config file to load. For example, settingNODE_ENV=development
will load./config/development.yaml
# Set the environment variable NODE_ENV=development yarn start # or `NODE_ENV=development npm start
If you used our example code from the previous step, the config should now be printed to the terminal
💪 . -
Check the Strong Config website for more documentation
Check out the full documentation on https://strong-config.dev to learn how to:
- Encrypt your config
- Validate your config against a schema
- Generate TypeScript types for your config
...and more :)