This library contains EnvKey's core cross-platform fetching, decryption, verification, web of trust, redundancy, and caching logic. It accepts an ENVKEY generated by the EnvKey App and returns decrypted configuration for a specific app environment as json.
It is used by EnvKey's various Client Libraries, including envkey-source for bash, envkey-ruby for Ruby and Rails, envkey-python for Python, envkey-node for Node.js, and envkeygo for Go.
If you want to build an EnvKey library in a language that isn't yet officially supported, build some other type of integration, or simply play around with EnvKey on the command line, envkey-fetch is the library for you. If you just want to integrate EnvKey with your project, check out one of the aforementioned higher level libraries.
In EnvKey v2, this library has been folded into envkey-source. Equivalent functionality can be accomplished using envkey-source --json. Using v2 requires an EnvKey v2 organization (it won't work with ENVKEYs generated in a v1 org).
Here's a guide on migrating from v1 to v2.
envkey-fetch compiles into a simple static binary with no dependencies, which makes installation a simple matter of fetching the right binary for your platform and putting it in your PATH. An install.sh script is available to simplify this, as well as a homebrew tap..
Install via bash:
curl -s https://raw.githubusercontent.com/envkey/envkey-fetch/master/install.sh | bashInstall manually:
Find the release for your platform and architecture, and stick the appropriate binary somewhere in your PATH (or wherever you like really).
Install from source:
With Go installed, clone the project into your GOPATH. cd into the directory and run go get and go build.
Cross-compile from source:
To compile cross-platform binaries, make sure Go is installed, then install goreleaser - follow instructions in the docs to do so.
Then to cross-compile, run:
goreleaser
Binaries for each platform will be output to the dist folder.
envkey-fetch YOUR-ENVKEY [flags]This will either write your the app environment's configuration associated with your ENVKEY as json to stdout or write an error message beginning with error: to stdout.
{"TEST":"it","TEST_2":"works!"}error: ENVKEY invalid
--cache cache encrypted config as a local backup (default is false)
--cache-dir string cache directory (default is $HOME/.envkey/cache)
--client-name string calling client library name (default is none)
--client-version string calling client library version (default is none)
-h, --help help for envkey-fetch
--retries uint8 number of times to retry requests on failure (default 3)
--retryBackoff float retry backoff factor: {retryBackoff} * (2 ^ {retries - 1}) (default 1)
--timeout float timeout in seconds for http requests (default 10)
--verbose print verbose output (default is false)
-v, --version prints the version
On a stripped down OS like Alpine Linux, you may get an x509: certificate signed by unknown authority error when envkey-fetch attempts to load your config. envkey-fetch tries to handle this by including its own set of trusted CAs via gocertifi, but if you're getting this error anyway, you can fix it by ensuring that the ca-certificates dependency is installed. On Alpine you'll want to run:
apk add --no-cache ca-certificates
For more on EnvKey in general:
Read the docs.
Read the integration quickstart.
Read the security and cryptography overview.
Post an issue or email us: [email protected].