Python-dotenvx

Added

* Added `.env.vault deprecated` warning when using `DOTENV_KEY`. Provide instructions to convert to encrypted `.env` files. ([224](https://github.com/dotenvx/dotenvx/pull/224))

Added

* Added `vault convert` command to list convert instructions for converting `.env.vault` to encrypted .env files ([222](https://github.com/dotenvx/dotenvx/pull/222))

sh
To convert your .env.vault file to encrypted .env file(s):

1. Run [dotenvx vault decrypt]
2. Run [ls -a .env*]

Lastly, convert each .env(.environment) file:

3. Run [dotenvx convert -f .env.production]

For example:

$ dotenvx convert -f .env
$ dotenvx convert -f .env.ci
$ dotenvx convert -f .env.production

Afterward:

Update production with your new DOTENV_PRIVATE_KEY_PRODUCTION located in .env.keys

Learn more at [https://dotenvx.com/docs/quickstart#add-encryption]


Changed

* Rename `encryptme` to `convert` ([222](https://github.com/dotenvx/dotenvx/pull/222))

Added

* Support encryption replacemnt of multiline values ([220](https://github.com/dotenvx/dotenvx/pull/220))

Added

* Added `dotenvx encryptme` command to convert an entire `.env` file to an encrypted `.env` file. ([213](https://github.com/dotenvx/dotenvx/pull/213))

Changed

* Made `precommit` smart enough to check if a `.env*` file is encrypted or not. If fully encrypted, then allow `precommit` check to pass ([211](https://github.com/dotenvx/dotenvx/pull/211))

Removed

* Do not warn of missing files for conventions (too noisy) ([216](https://github.com/dotenvx/dotenvx/pull/216))

Added

* Add `--convention` flag to `get`

Removed

* Removed help messages like 'in production' and 'in ci'. Too specific and could lead to confusion.

Changed

* ⚠️ DEPRECATION NOTICE: the following commands are being moved. Please, update any code and muscle memory you have related to these:
* `dotenvx encrypt` => `dotenvx vault encrypt`
* `dotenvx decrypt` => `dotenvx vault decrypt`
* `dotenvx status` => `dotenvx vault status`
* ⚠️ DEPRECATION NOTICE: the beta `hub` commands are being completely deprecated (they will be fully removed in upcoming 1.0.0 release). We will provide .env.keys tooling at a later time (replacing hub) but in the context of the new `--encrypt` flag functionality below

Added

* Add encryption to your `.env` files with a single command. Pass the `--encrypt` flag. 🎉

sh
$ dotenvx set HELLO World --encrypt
set HELLO with encryption (.env)



> A `DOTENV_PUBLIC_KEY` (encryption key) and a `DOTENV_PRIVATE_KEY` (decryption key) is generated using the same public-key cryptography as [Bitcoin](https://en.bitcoin.it/wiki/Secp256k1).

Further notes:

* `DOTENV_PUBLIC_KEY` lives in the `.env` file. You can safely share this with whomever you wish.
* `DOTENV_PRIVATE_KEY` lives in your `.env.keys` file. Share this only with those you trust to decrypt your secrets.
* If using encrypted `.env` files like this it is safe to commmit them to source code. This makes reviewing PRs that contain secrets much easier.
* Tell your contributors to contribute a secret using the command `dotenvx set HELLO world --encrypt`.
* Set your `DOTENV_PRIVATE_KEY` on your server to decrypt these values using `dotenvx run -- yourcommand`
* You can repeat all this per environment by modifying your set command to `dotenvx set HELLO production -f .env.production --encrypt` (for example)
* In time we will add better tooling for sharing the private keys living in `.env.keys`, but until then safely share with team members you trust.
* This mechanism should be particularly useful for open source projects that want to permit secrets contributions without handing out the decryption keys. Now anyone can contribute a secret and only you can decrypt it to see what was changed.
* This solution is brand new, but I intend it to be the future for `.env` files. It has many benefits over `.env.vault` files. We will be sunsetting the `.env.vault` mechanism but its tooling will stay around in `dotenvx` for at least 1 year to come - under `dotenvx vault` parent command.
* Be patient as we update our documentation to prioritize this improved encryption format for `.env` files.