envkey-fetch

This library contains EnvKey's core cross-platform fetching, decryption, verification, web of trust, redundancy, and caching logic. It accepts an ENVKEY generated by the EnvKey App and returns decrypted configuration for a specific app environment as json.

It is used by EnvKey's various Client Libraries, including envkey-source for bash, envkey-ruby for Ruby and Rails, envkey-python for Python, envkey-node for Node.js, and envkeygo for Go.

If you want to build an EnvKey library in a language that isn't yet officially supported, build some other type of integration, or simply play around with EnvKey on the command line, envkey-fetch is the library for you. If you just want to integrate EnvKey with your project, check out one of the aforementioned higher level libraries.

v2

In EnvKey v2, this library has been folded into envkey-source. Equivalent functionality can be accomplished using envkey-source --json. Using v2 requires an EnvKey v2 organization (it won't work with ENVKEYs generated in a v1 org).

Here's a guide on migrating from v1 to v2.

Installation

envkey-fetch compiles into a simple static binary with no dependencies, which makes installation a simple matter of fetching the right binary for your platform and putting it in your PATH. An install.sh script is available to simplify this, as well as a homebrew tap..

Install via bash:

curl -s https://raw.githubusercontent.com/envkey/envkey-fetch/master/install.sh | bash

Install manually:

Find the release for your platform and architecture, and stick the appropriate binary somewhere in your PATH (or wherever you like really).

Install from source:

With Go installed, clone the project into your GOPATH. cd into the directory and run go get and go build.

Cross-compile from source:

To compile cross-platform binaries, make sure Go is installed, then install goreleaser - follow instructions in the docs to do so.

Then to cross-compile, run:

goreleaser

Binaries for each platform will be output to the dist folder.

Usage

envkey-fetch YOUR-ENVKEY [flags]

This will either write your the app environment's configuration associated with your ENVKEY as json to stdout or write an error message beginning with error: to stdout.

Example json output

{"TEST":"it","TEST_2":"works!"}

Example error output

error: ENVKEY invalid

Flags

    --cache                   cache encrypted config as a local backup (default is false)
    --cache-dir string        cache directory (default is $HOME/.envkey/cache)
    --client-name string      calling client library name (default is none)
    --client-version string   calling client library version (default is none)
-h, --help                    help for envkey-fetch
    --retries uint8           number of times to retry requests on failure (default 3)
    --retryBackoff float      retry backoff factor: {retryBackoff} * (2 ^ {retries - 1}) (default 1)
    --timeout float           timeout in seconds for http requests (default 10)
    --verbose                 print verbose output (default is false)
-v, --version                 prints the version

x509 error / ca-certificates

On a stripped down OS like Alpine Linux, you may get an x509: certificate signed by unknown authority error when envkey-fetch attempts to load your config. envkey-fetch tries to handle this by including its own set of trusted CAs via gocertifi, but if you're getting this error anyway, you can fix it by ensuring that the ca-certificates dependency is installed. On Alpine you'll want to run:

apk add --no-cache ca-certificates

Further Reading

For more on EnvKey in general:

Read the docs.

Read the integration quickstart.

Read the security and cryptography overview.

Need help? Have questions, feedback, or ideas?

Post an issue or email us: support@envkey.com.