secure_dotenv

Last updated:

0 purchases

secure_dotenv Image
secure_dotenv Images
Add to Cart

Description:

secure dotenv

🚨WARNING: YOUR SECRETS ARE NOT SECURE🚨
If you are using one of the following packages, your secrets are NOT secure:

https://pub.dev/packages/flutter_dotenv
https://pub.dev/packages/dotenv

secure_dotenv #
Introducing secure_dotenv for Flutter and Dart: Enhancing Security for Your Secrets ✨🔒
secure_dotenv takes the security of your sensitive data in dotenv files to the next level. Unlike other dotenv packages that may leave your secrets vulnerable, secure_dotenv prioritizes reliability and protection. Through advanced encryption, robust key management, and efficient secret decryption, secure_dotenv ensures your secrets remain confidential and inaccessible to unauthorized users. Experience enhanced security and peace of mind with secure_dotenv for your Flutter and Dart projects. 🛡️💼
Upgrade to secure_dotenv today and bid farewell to insecure and flawed dotenv packages. Our carefully crafted solution addresses vulnerabilitiesd. With secure_dotenv, your sensitive data remains under tight control, shielded from potential leaks and prying eyes. Embrace the gold standard of dotenv security by choosing secure_dotenv for your Flutter and Dart development. 🚀✨
Platform Support



Android
iOS
MacOS
Web
Linux
Windows













Installing #
To use the secure_dotenv package, you need to add it as a dependency in your Dart project's pubspec.yaml file along with the build_runner and secure_dotenv_generator packages as dev dependencies:
dependencies:
secure_dotenv: ^0.1.0

dev_dependencies:
build_runner: ^2.4.5
secure_dotenv_generator: ^0.1.0
copied to clipboard
Then, run the following command to fetch the packages:
$ dart pub get
copied to clipboard
Usage #
To generate Dart classes from a .env file using the secure_dotenv package, follow the steps below:

Create a Dart file in your project and import the necessary dependencies:

import 'package:secure_dotenv/secure_dotenv.dart';
import 'enum.dart' as e;

part 'example.g.dart';
copied to clipboard

Define the environment class and annotate it with @DotEnvGen:

@DotEnvGen(
filename: '.env',
fieldRename: FieldRename.screamingSnake,
)
abstract class Env {
const factory Env(String encryptionKey) = _$Env;

const Env._();

// Declare your environment variables as abstract getters
String get name;

@FieldKey(defaultValue: 1)
int get version;

e.Test? get test;

@FieldKey(name: 'TEST_2', defaultValue: e.Test.b)
e.Test get test2;

String get blah => '2';
}
copied to clipboard

Generate the Dart classes by running the following command in your project's root directory:

NOTE: Encryption keys must be 128, 192, or 256 bits long. If you want to encrypt sensitive values, you can run the following command:
$ dart run build_runner build --define secure_dotenv_generator:secure_dotenv=ENCRYPTION_KEY=encryption_key --define secure_dotenv_generator:secure_dotenv=IV=your_iv
copied to clipboard
where encryption_key is the encryption key you want to use to encrypt sensitive values and your_iv is the initialization vector.
You can also ask secure_dotenv to generate these automatically and output them into a file:
$ dart run build_runner build --define secure_dotenv_generator:secure_dotenv=OUTPUT_FILE=encryption_key.json
copied to clipboard
If you don't want to encrypt sensitive values, you can run the following command instead:
$ dart run build_runner build
copied to clipboard
This command will generate the required Dart classes based on the .env file and the annotations in your code.

Use the generated class in your code:

void main() {
final env = Env('encryption_key'); // Provide the encryption key
print(env.name); // Access environment variables
print(env.version);
print(env.test);
print(env.test2);
print(env.blah);
}
copied to clipboard
Annotations #
DotEnvGen #
The @DotEnvGen annotation configures the behavior of the code generation process. It has the following parameters:

filename (optional): Specifies the name of the .env file. Default value is .env.
fieldRename (optional): Specifies the automatic field renaming behavior. Default value is FieldRename.screamingSnake.

FieldKey #
The @FieldKey annotation is used to specify additional information for individual environment variables. It has the following parameters:

name (optional): Specifies the key name for the environment variable. If not provided, the default key name is derived from the field name based on the fieldRename behavior; see FieldRename Enum for more information.
defaultValue (optional): Specifies a default value for the environment variable if it is not found in the .env file.

FieldRename Enum #
The FieldRename enum defines the automatic field renaming behavior. It has the following values:

none: Uses the field name without changes.
kebab: Encodes a field named kebabCase with a key kebab-case.
snake: Encodes a field named snakeCase with a key snake_case.
pascal: Encodes a field named pascalCase with a key PascalCase.
screamingSnake: Encodes a field named screamingSnakeCase with a key SCREAMING_SNAKE_CASE.

Generated Code #
The secure_dotenv package generates the required code based on your annotations and the provided .env file. Below is an example of the generated code:
// GENERATED CODE - DO NOT MODIFY BY HAND

// ignore_for_file: type=lint

part of 'example.dart';

// **************************************************************************
// SecureDotEnvAnnotationGenerator
// **************************************************************************

class _$Env extends Env {
const _$Env(this._encryptionKey) : super._();

final String _encryptionKey;
static final Uint8List _encryptedValues = Uint8List.fromList([81, 83,...]);
@override
String get name => _get('name');

@override
int get version => _get('version');

@override
e.Test? get test => _get(
'test',
fromString: e.Test.values.byName,
);

@override
e.Test get test2 => _get(
'TEST_2',
fromString: e.Test.values.byName,
);

@override
String get blah => _get('blah');

// Code for decrypting the values and retrieving the environment variables
T _get<T>(
String key, {
T Function(String)? fromString,
}) {
...
}
}
copied to clipboard
Enum Support #
The secure_dotenv package also supports decoding enum values from the encrypted .env file. Here is an example of an enum and how it can be decoded:
enum Test {
a,
b,
}
copied to clipboard
Make sure to import the enum file in your code:
import 'enum.dart' as e;
copied to clipboard
Then, you can define a getter in your environment class as follows:
e.Test get test2;
copied to clipboard
This setup will ensure that the encrypted value is correctly decrypted and converted to the enum type.
Limitations #

The secure_dotenv package relies on the build_runner tool to generate the required code. Therefore, you need to run dart run build_runner build whenever changes are made to the environment class or the .env file.
It is important to keep the encryption key secure and never commit it to version control or expose it in any way.
The package currently supports encryption using the Advanced Encryption Standard (AES) algorithm in Cipher Block Chaining (CBC) mode. Other encryption algorithms and modes may be supported in the future.
Because we started using pointycastle now we only support CBC for now, but we will add support for other modes in the future. If you need another mode, please open an issue.

Conclusion #
The secure_dotenv package simplifies the process of generating Dart classes from a .env file while encrypting sensitive values. By using this package, you can ensure that your environment variables are securely stored and accessed in your Dart application.
Rotate your secrets - make sure the old ones are not valid anymore. If you have any questions or feedback, please feel free to open an issue.

Developed at Sports Visio, Inc #

Maintainers

Tomás Sasovsky
Nazareno Cavazzon
Tomás Tisocco
Jorge Rincon

License:

For personal and professional use. You cannot resell or redistribute these repositories in their original state.

Customer Reviews

There are no reviews.