CLI Tool
envput
A secure CLI tool to encrypt and upload/download environment files to/from AWS S3 using AES-256-CBC encryption with PBKDF2 key derivation.
🛠️ Technology Stack
TypeScript Node.js AWS S3 AES-256-CBC
✨ Key Features
🔐
Secure Encryption: Uses AES-256-CBC encryption with PBKDF2 key derivation
☁️
S3 Storage: Upload and download encrypted env files to/from AWS S3
🛡️
Auto-Generated Encryption: Single encryption key generated during initialization
📋
Configuration File: Simple
.envputrc file manages AWS credentials and
environments🚀
NPX Ready: Use without installation via
npx envput🔄
Multi-Environment: Manage multiple environment files (dev, staging, prod)
🚀 Quick Start
🚨
IMPORTANT: After running
envput init,
immediately backup your .envputrc file!
If you lose it, you'll lose access to all your encrypted environment files permanently.1. Initialize Configuration
npx envput init
2. Add to .gitignore
echo ".envputrc" >> .gitignore
3. BACKUP YOUR CONFIG FILE!
# Example: Copy to secure backup location
cp .envputrc ~/secure-backups/myproject-envputrc.backup
cp .envputrc ~/secure-backups/myproject-envputrc.backup
4. Upload/Download Environments
# Upload an environment
npx envput upload
# Download an environment
npx envput download
# List configured environments
npx envput list
📦 Installation
Use without Installation (Recommended)
npx envput init
npx envput upload
npx envput download
Global Installation
npm install -g envput
envput init
envput upload
🔒 Security
⚠️
CRITICAL WARNING: BACKUP YOUR ENCRYPTION KEY!
If you lose your .envputrc file
or the encryptionKey inside it, you
will PERMANENTLY lose access to ALL your encrypted environment files in S3. There is NO
way to recover them.
Encryption: Files are encrypted using AES-256-CBC with a 256-bit key
Auto-Generated Keys: Secure encryption key is automatically generated during
envput initSalt & IV: Each encryption uses a random salt and initialization vector
Server-side Encryption: S3 objects are additionally encrypted server-side with
AES256
Configuration & Usage
Configuration File (.envputrc)
The .envputrc file contains your AWS credentials and
environment definitions:
{
"projectName": "myapp",
"encryptionKey": "generated-encryption-key-here",
"aws": {
"accessKeyId": "your-access-key-id",
"secretAccessKey": "your-secret-access-key",
"region": "us-east-1",
"bucket": "your-s3-bucket",
"bucketPath": "/"
},
"environments": [
{
"name": "development",
"file": ".env.development"
},
{
"name": "production",
"file": ".env.production"
}
]
}Available Commands
envput init
Creates a new .envputrc configuration file
interactively.
npx envput init
envput upload
Uploads an environment file to S3.
# Upload with environment selection prompt
npx envput upload
# Upload specific environment
npx envput upload production
envput download
Downloads an environment file from S3.
# Download with environment selection prompt
npx envput download
# Download specific environment
npx envput download production
envput list
Lists all configured environments.
npx envput list
AWS Setup
You need an AWS account with S3 access. Create an IAM user with the following policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "BucketAccess",
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::your-bucket-name"
},
{
"Sid": "ObjectAccess",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:HeadObject"
],
"Resource": "arn:aws:s3:::your-bucket-name/*"
}
]
}Team Development Workflow
Project Lead Setup:
# Initialize configuration
npx envput init
# Add .envputrc to .gitignore
echo ".envputrc" >> .gitignore
# Upload environments
npx envput upload development
npx envput upload production
Team Members:
# Create their own .envputrc with same AWS creds
npx envput init
# Download the environments they need
npx envput download development
About the Author: envput was created by Jay Simons as a solution for securely managing environment files across
development teams and deployment environments.