| 2098 | return DotenvModule._configVault(options); |
| 2099 | } |
| 2100 | function decrypt(encrypted, keyStr) { |
| 2101 | const key = Buffer.from(keyStr.slice(-64), "hex"); |
| 2102 | let ciphertext = Buffer.from(encrypted, "base64"); |
| 2103 | const nonce = ciphertext.subarray(0, 12); |
| 2104 | const authTag = ciphertext.subarray(-16); |
| 2105 | ciphertext = ciphertext.subarray(12, -16); |
| 2106 | try { |
| 2107 | const aesgcm = crypto3.createDecipheriv("aes-256-gcm", key, nonce); |
| 2108 | aesgcm.setAuthTag(authTag); |
| 2109 | return `${aesgcm.update(ciphertext)}${aesgcm.final()}`; |
| 2110 | } catch (error) { |
| 2111 | const isRange = error instanceof RangeError; |
| 2112 | const invalidKeyLength = error.message === "Invalid key length"; |
| 2113 | const decryptionFailed = error.message === "Unsupported state or unable to authenticate data"; |
| 2114 | if (isRange || invalidKeyLength) { |
| 2115 | const err = new Error("INVALID_DOTENV_KEY: It must be 64 characters long (or more)"); |
| 2116 | err.code = "INVALID_DOTENV_KEY"; |
| 2117 | throw err; |
| 2118 | } else if (decryptionFailed) { |
| 2119 | const err = new Error("DECRYPTION_FAILED: Please check your DOTENV_KEY"); |
| 2120 | err.code = "DECRYPTION_FAILED"; |
| 2121 | throw err; |
| 2122 | } else { |
| 2123 | throw error; |
| 2124 | } |
| 2125 | } |
| 2126 | } |
| 2127 | function populate(processEnv, parsed, options = {}) { |
| 2128 | const debug5 = Boolean(options && options.debug); |
| 2129 | const override = Boolean(options && options.override); |