Is there away to decrypt the env.enc back into a .env plaintext?

[mendeljacks]

The use case is that developers and production servers each have copies of a private key. The env.enc is committed to the git repository, and assuming the developer knows the private key they can add or remove from the env.enc. Ideally a server such as heroku or aws would only need one env varaible which is the secret key to get the rest of the env variables.

At the moment however, it appears as though once someone locks and commits the env.enc, the other developers have no way of reading the env variables even if they know the secret key because the file can only be unencrypted programmatically and not with a cli

[kunalpanchal]

Hey @mendeljacks,
Thanks for raising this concern. As of now there is no option for in secure-env cli to decrypt env.env, and this could be done only via code. For heroku or any other service what you can do is add secretKey to heroku/aws config and in your code :

let secureEnv = require('secure-env');
global.env = secureEnv({ secret: process.env.secretKey });

Adding the dycrypt functionality to secure-env CLI seems to be a valid request though. I will keep this issue open and mark it closed when this feature is implemented. I will add this as a task for next release v1.0.0.

[kunalpanchal]

Fixed with #10