dotenvage 0.6.0

Dotenv with age encryption: encrypt/decrypt secrets in .env files
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213

//! Integration tests for the dump-to-writer functionality.

use std::fs;

use dotenvage::SecretManager;
use dotenvage::loader::EnvLoader;
use serial_test::serial;
use tempfile::TempDir;

#[test]
fn test_dump_to_writer_basic() {
    let temp_dir = TempDir::new().unwrap();
    let temp_path = temp_dir.path();

    // Create test .env files
    fs::write(temp_path.join(".env"), "VAR1=value1\nVAR2=value2").unwrap();
    fs::write(temp_path.join(".env.local"), "VAR3=value3\nVAR1=overridden").unwrap();

    let manager = SecretManager::generate().unwrap();
    let loader = EnvLoader::with_manager(manager);

    let mut buffer = Vec::new();
    loader
        .dump_to_writer_from_dir(temp_path, &mut buffer)
        .unwrap();
    let output = String::from_utf8(buffer).unwrap();

    // VAR1 should be overridden by .env.local
    assert!(output.contains("VAR1=overridden"));
    assert!(output.contains("VAR2=value2"));
    assert!(output.contains("VAR3=value3"));

    // Variables should be sorted
    let lines: Vec<&str> = output.lines().collect();
    assert_eq!(lines[0], "VAR1=overridden");
    assert_eq!(lines[1], "VAR2=value2");
    assert_eq!(lines[2], "VAR3=value3");
}

#[test]
fn test_dump_to_writer_filters_age_keys() {
    let temp_dir = TempDir::new().unwrap();
    let temp_path = temp_dir.path();

    // Create test .env file with AGE keys
    fs::write(
        temp_path.join(".env"),
        "VAR1=value1\nDOTENVAGE_AGE_KEY=secret_key\nAGE_KEY=another_key\nVAR2=value2\nEKG_AGE_KEY=ekg_key\nAGE_KEY_NAME=mykey\nPROJECT_AGE_KEY_NAME=project_key",
    )
    .unwrap();

    let manager = SecretManager::generate().unwrap();
    let loader = EnvLoader::with_manager(manager);

    let mut buffer = Vec::new();
    loader
        .dump_to_writer_from_dir(temp_path, &mut buffer)
        .unwrap();
    let output = String::from_utf8(buffer).unwrap();

    // Regular variables should be present
    assert!(
        output.contains("VAR1=value1"),
        "Output should contain VAR1=value1"
    );
    assert!(
        output.contains("VAR2=value2"),
        "Output should contain VAR2=value2"
    );

    // AGE key variables should be filtered out
    assert!(
        !output.contains("DOTENVAGE_AGE_KEY"),
        "Should not contain DOTENVAGE_AGE_KEY"
    );
    assert!(!output.contains("AGE_KEY="), "Should not contain AGE_KEY=");
    assert!(
        !output.contains("EKG_AGE_KEY"),
        "Should not contain EKG_AGE_KEY"
    );
    assert!(
        !output.contains("AGE_KEY_NAME"),
        "Should not contain AGE_KEY_NAME"
    );
    assert!(
        !output.contains("PROJECT_AGE_KEY_NAME"),
        "Should not contain PROJECT_AGE_KEY_NAME"
    );
}

#[test]
fn test_dump_to_writer_handles_encrypted_values() {
    let temp_dir = TempDir::new().unwrap();
    let temp_path = temp_dir.path();

    let manager = SecretManager::generate().unwrap();
    let encrypted = manager.encrypt_value("secret_value").unwrap();

    // Create test .env file with encrypted value
    fs::write(
        temp_path.join(".env"),
        format!("VAR1=plain\nVAR2={}", encrypted),
    )
    .unwrap();

    let loader = EnvLoader::with_manager(manager);

    let mut buffer = Vec::new();
    loader
        .dump_to_writer_from_dir(temp_path, &mut buffer)
        .unwrap();
    let output = String::from_utf8(buffer).unwrap();

    // Should contain decrypted value, not encrypted
    assert!(output.contains("VAR1=plain"));
    assert!(output.contains("VAR2=secret_value"));
    assert!(!output.contains("age:"));
}

#[test]
fn test_dump_to_writer_quotes_special_values() {
    let temp_dir = TempDir::new().unwrap();
    let temp_path = temp_dir.path();

    // Create test .env file with values that need quoting
    fs::write(
        temp_path.join(".env"),
        "VAR1=simple\nVAR2=has spaces\nVAR3=has\"quotes\nVAR4=\nVAR5=has=equals",
    )
    .unwrap();

    let manager = SecretManager::generate().unwrap();
    let loader = EnvLoader::with_manager(manager);

    let mut buffer = Vec::new();
    loader
        .dump_to_writer_from_dir(temp_path, &mut buffer)
        .unwrap();
    let output = String::from_utf8(buffer).unwrap();

    // Simple value should not be quoted
    assert!(output.contains("VAR1=simple"));

    // Values with special characters should be quoted
    assert!(output.contains("VAR2=\"has spaces\""));
    assert!(output.contains("VAR3=\"has\\\"quotes\""));
    assert!(output.contains("VAR4=\"\""));
    assert!(output.contains("VAR5=\"has=equals\""));
}

#[test]
#[serial]
fn test_dump_to_writer_with_dynamic_discovery() {
    // Test that dump_to_writer uses dynamic dimension discovery
    // This ensures variables from files loaded via discovered dimensions are
    // included

    // Clear dimension env vars to ensure clean test state
    for var in [
        "DOTENVAGE_ENV",
        "EKG_ENV",
        "VERCEL_ENV",
        "NODE_ENV",
        "DOTENVAGE_VARIANT",
        "EKG_VARIANT",
        "VARIANT",
    ] {
        unsafe {
            std::env::remove_var(var);
        }
    }

    let temp_dir = TempDir::new().unwrap();
    let temp_path = temp_dir.path();

    let manager = SecretManager::generate().unwrap();

    // .env sets EKG_VARIANT=oxigraph (dimension discovery)
    fs::write(
        temp_path.join(".env"),
        "BASE_VAR=base\nEKG_VARIANT=oxigraph\n",
    )
    .unwrap();

    // .env.local is loaded (ENV defaults to local)
    fs::write(temp_path.join(".env.local"), "LOCAL_VAR=local\n").unwrap();

    // .env.local.oxigraph should be loaded via dynamic discovery
    fs::write(
        temp_path.join(".env.local.oxigraph"),
        "OXIGRAPH_VAR=oxigraph_value\n",
    )
    .unwrap();

    let loader = EnvLoader::with_manager(manager);

    let mut buffer = Vec::new();
    loader
        .dump_to_writer_from_dir(temp_path, &mut buffer)
        .unwrap();
    let output = String::from_utf8(buffer).unwrap();

    // Verify that OXIGRAPH_VAR is included (from dynamically discovered file)
    assert!(
        output.contains("OXIGRAPH_VAR=oxigraph_value"),
        "dump_to_writer should use dynamic discovery to include variables \
         from .env.local.oxigraph (loaded because EKG_VARIANT=oxigraph in .env). \
         Output was: {}",
        output
    );
    assert!(output.contains("BASE_VAR=base"));
    assert!(output.contains("LOCAL_VAR=local"));
}