Console

·

3 min read

How Upstash is powering EnvShare

Andreas Thomas

Software Engineer @Upstash

Features
How it works
Data
Wrapping up

envshare.dev is an open source project allowing developers to share environment variables securely with anyone. You can upload your .env file or type in your environment variables and they will be encrypted before being stored in a database. You can then share the link with anyone and they will be able to decrypt the environment variables.

EnvShare is free to use and open source. You can find the code on GitHub.

Features

  • Sharable Links: Share your environment variables securely by sending a link
  • End-to-End Encryption: AES encryption is used to encrypt your data before storing it
  • Limit number of reads: Limit the number of times a link can be read and encrypted
  • Auto Expire: Automatically expire links and delete data after a certain time

How it works

Every time you want to share your environment variables, a new random encryption key is generated in the browser. Your sensitive data is encrypted using AES and then stored in Redis.

Afterwards, a unique document id is combined with the encryption key to form a shareable link, that you can use to access and decrypt your data.

EnvShare

Data

EnvShare uses Redis to store the encrypted environment variables. Redis is great because it can be used as a fast key-value store, but also offers more complex data structures like lists, sets, and hashes. It also automatically removes expired keys, which is perfect for our use case.

The data is stored in a Redis hash with the following structure:

{
  "remainingReads": 20, // Optional, the number of times the link can be read
  "encrypted": "...", // The encrypted environment variables
  "iv": "...", // The initialization vector for AES-CBC
}

Using a hash allows us to store some metadata along with the encrypted data and also to atomically decrement the remaining reads with HINCRBY. Redis is incredibly flexible and allows for fast iteration and implementation of new ideas. For example in the future we might want to add something like an access log. A sorted set would be a great fit for this.

The only problem is that Redis is usually only available over TCP, which does not work in our edge-functions. Luckily, Upstash offers a Redis API that can be used to access Redis over HTTP. This is exactly what we need for EnvShare. Upstash offers a free Redis database with 10,000 requests per day. This is more than enough for us, and if you want to host EnvShare yourself, you can get a free account here. Check out the selfhosting guide here

Setting up Redis in our edge-functions is easy. We just need to create a database and install @upstash/redis.

In our edge-function we can then store the data:

/api/share.ts
import { Redis } from "@upstash/redis";

const redis = new Redis({
  url: "..." // UPSTASH_REDIS_REST_URL
  token: "..." // UPSTASH_REDIS_REST_TOKEN
});


await redis.hset(key, {
  remainingReads: 20,
  encrypted: "...",
  iv: "...",
});

Wrapping up

Thanks for reading! EnvShare is a fun project that I built to show how easy it is to get started with Next.js and Upstash Redis. I hope you like it and find it useful. If you have any questions or feedback, feel free to reach out to me on Twitter.

Relevant links:



© 2023 Upstash, Inc. Based in California.

* Redis is a trademark of Redis Ltd. Any rights therein are reserved to Redis Ltd. Any use by Upstash is for referential purposes only and does not indicate any sponsorship, endorsement or affiliation between Redis and Upstash.

** Cloudflare, the Cloudflare logo, and Cloudflare Workers are trademarks and/or registered trademarks of Cloudflare, Inc. in the United States and other jurisdictions.