nuxt-env
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
Chinesenuxt-env
nuxt-env
Set up SOPS + age encryption for environment variables in a Nuxt project.
为Nuxt项目中的环境变量配置SOPS + age加密方案。
When to Use
适用场景
- Setting up encrypted environment variable management for a project
- Adding SOPS + age encryption workflow
- User mentions ,
env:pull,env:push,env:encryptenv:decrypt - Onboarding a project to the encrypted env bundle workflow
- 为项目配置加密的环境变量管理方案
- 添加SOPS + age加密工作流
- 用户提及、
env:pull、env:push、env:encrypt时env:decrypt - 为项目接入加密环境变量包工作流的新手上路场景
Pre-flight: System Dependencies
前置检查:系统依赖
Check and install system dependencies in order:
按顺序检查并安装系统依赖:
1. sops + age
1. sops + age
bash
which sops && which age-keygenIf either is missing:
bash
brew install sops agebash
which sops && which age-keygen如果两者有缺失:
bash
brew install sops age2. npm dependencies
2. npm依赖
Check if is in the target project's . If missing:
chalkdevDependenciesbash
bun add -d chalk检查目标项目的中是否包含,如果缺失:
devDependencieschalkbash
bun add -d chalk3. Age keypair
3. Age密钥对
Check if the age key file exists:
bash
test -f ~/.config/sops/age/keys.txtIf missing, generate one:
bash
mkdir -p ~/.config/sops/age
age-keygen -o ~/.config/sops/age/keys.txtDisplay the public key to the user (they will need it for ):
.sops.yamlbash
age-keygen -y ~/.config/sops/age/keys.txtTell the user to save this public key -- it goes into and must be shared with teammates.
.sops.yaml检查age密钥文件是否存在:
bash
test -f ~/.config/sops/age/keys.txt如果缺失则生成:
bash
mkdir -p ~/.config/sops/age
age-keygen -o ~/.config/sops/age/keys.txt向用户展示公钥(用户需要将其添加到中):
.sops.yamlbash
age-keygen -y ~/.config/sops/age/keys.txt告知用户保存此公钥——它需要写入,且必须共享给团队成员。
.sops.yamlSetup Steps
配置步骤
Run these steps in the target project root.
在目标项目根目录执行以下步骤:
1. Create directories
1. 创建目录
bash
mkdir -p secrets .tmpbash
mkdir -p secrets .tmp2. Add .gitignore entries
2. 添加.gitignore条目
Append to the project root if not already present:
.gitignore.tmp/Ensure has proper git tracking -- encrypted files ARE tracked, plain JSON is NOT. Add with:
secrets/secrets/.gitignoreundefined如果项目根目录的中不存在以下内容则追加:
.gitignore.tmp/确保目录有正确的git追踪规则——加密文件会被追踪,纯JSON文件不会被追踪。在中添加以下内容:
secrets/secrets/.gitignoreundefinedIgnore decrypted plain JSON bundles
Ignore decrypted plain JSON bundles
*.json
*.json
But track encrypted sops files
But track encrypted sops files
!*.sops.json
!.gitignore
!.gitkeep
Create `secrets/.gitkeep` if the directory is empty.!*.sops.json
!.gitignore
!.gitkeep
如果目录为空,创建`secrets/.gitkeep`。3. Create .sops.yaml
.sops.yaml3. 创建.sops.yaml
.sops.yamlSkip if already exists. Otherwise create at project root:
.sops.yamlyaml
undefined如果已存在则跳过,否则在项目根目录创建:
.sops.yamlyaml
undefinedReplace the placeholder recipients below with real age public keys (age1...)
Replace the placeholder recipients below with real age public keys (age1...)
for your developer team and CI before encrypting secrets.
for your developer team and CI before encrypting secrets.
creation_rules:
- path_regex: ^(.+[\/])?secrets[\/].*.sops.json$
age: >-
AGE_PUBLIC_KEY_HERE
Prompt the user to replace `AGE_PUBLIC_KEY_HERE` with the public key displayed in pre-flight step 3. If the public key was just generated, offer to substitute it automatically.creation_rules:
- path_regex: ^(.+[\/])?secrets[\/].*.sops.json$
age: >-
AGE_PUBLIC_KEY_HERE
提示用户将`AGE_PUBLIC_KEY_HERE`替换为前置检查第3步中展示的公钥。如果公钥是刚生成的,可提供自动替换功能。4. Copy scripts
4. 复制脚本
Copy these files from this skill's directory to the target project's directory:
scripts/scripts/| Source (skill) | Target (project) |
|---|---|
| |
| |
| |
Create if it doesn't exist. Skip any file that already exists in the target -- warn the user instead.
scripts/libs/将本skill的目录下的这些文件复制到目标项目的目录:
scripts/scripts/| 来源(skill) | 目标(项目) |
|---|---|
| |
| |
| |
如果不存在则创建。目标位置已存在的文件请跳过,并向用户发出警告。
scripts/libs/5. Add package.json scripts
5. 添加package.json脚本
Read the target project's . Add the following scripts, skipping any that already exist:
package.jsonjson
{
"env:export": "bun scripts/env-variables.ts --export-json --out .tmp/env-bundle.json",
"env:apply": "bun scripts/env-variables.ts --import-json --in .tmp/env-bundle.json",
"env:apply:dry": "bun scripts/env-variables.ts --import-json --in .tmp/env-bundle.json --dry-run",
"env:decrypt": "bun scripts/sops-bundle.ts decrypt",
"env:encrypt": "bun scripts/sops-bundle.ts encrypt",
"env:pull": "bun run env:decrypt && bun run env:apply",
"env:push": "bun run env:export && bun run env:encrypt"
}读取目标项目的,添加以下脚本,已存在的脚本请跳过:
package.jsonjson
{
"env:export": "bun scripts/env-variables.ts --export-json --out .tmp/env-bundle.json",
"env:apply": "bun scripts/env-variables.ts --import-json --in .tmp/env-bundle.json",
"env:apply:dry": "bun scripts/env-variables.ts --import-json --in .tmp/env-bundle.json --dry-run",
"env:decrypt": "bun scripts/sops-bundle.ts decrypt",
"env:encrypt": "bun scripts/sops-bundle.ts encrypt",
"env:pull": "bun run env:decrypt && bun run env:apply",
"env:push": "bun run env:export && bun run env:encrypt"
}Post-setup Verification
配置后验证
After all steps, verify:
- -- both installed
which sops && which age-keygen - -- all scripts exist
ls scripts/sops-bundle.ts scripts/env-variables.ts scripts/libs/load-env.ts - has all
package.jsonscriptsenv:* - exists with correct structure
.sops.yaml - exists with correct rules
secrets/.gitignore - is in
.tmp/.gitignore
Print a summary of what was created/skipped.
所有步骤完成后,验证以下内容:
- -- 两者均已安装
which sops && which age-keygen - -- 所有脚本均存在
ls scripts/sops-bundle.ts scripts/env-variables.ts scripts/libs/load-env.ts - 包含所有
package.json脚本env:* - 存在且结构正确
.sops.yaml - 存在且规则正确
secrets/.gitignore - 已加入
.tmp/.gitignore
打印已创建/跳过内容的汇总信息。
Usage After Setup
配置完成后使用说明
| Command | What it does |
|---|---|
| Export .env files to JSON bundle, then SOPS-encrypt |
| SOPS-decrypt the bundle, then write .env files |
| Encrypt |
| Decrypt |
| Export .env files to |
| Write |
| 命令 | 功能 |
|---|---|
| 导出.env文件为JSON包,然后通过SOPS加密 |
| SOPS解密包,然后写入.env文件 |
| 加密 |
| 解密 |
| 导出.env文件到 |
| 将 |