secure_env_manager 1.0.0 copy "secure_env_manager: ^1.0.0" to clipboard
secure_env_manager: ^1.0.0 copied to clipboard

Published 14 hours ago โ€ข verified publishergodfreylebo.dev
SDKFlutter
PlatformAndroidiOSLinuxmacOSWindows
โ†’

Metadata

A secure environment variable manager for Flutter/Dart with code generation, encryption support, and type-safe configuration access.

More...

๐Ÿ” Secure Env Manager #

pub package License: MIT CI

Type-safe environment variable management with code generation, encryption support, and runtime access

Manage your app's environment variables securely with automatic code generation, encryption for secrets, and type-safe access. Perfect for Flutter and Dart applications that need to handle sensitive configuration data.

โœจ What Makes This Package Special? #

This isn't just another environment variable loader. We've built a complete solution that combines:

  • ๐Ÿ“ YAML Schema Definition: Define all environment variables in a single, version-controlled schema file
  • ๐Ÿ”ง Code Generation: Automatically generate strongly-typed Dart classes using build_runner
  • ๐Ÿ”’ Encryption Support: Encrypt sensitive values (API keys, tokens) with AES encryption
  • โœ… Type Safety: Compile-time validation and type-safe access to all variables
  • ๐ŸŒ Environment Extensions: Override values per environment (dev, staging, prod)
  • โšก Runtime Access: Simple API to access config values with automatic decryption
  • ๐Ÿ› ๏ธ CLI Tools: Command-line utilities for encryption, validation, and code generation

Perfect for production apps that need secure handling of API keys, database credentials, feature flags, and other sensitive configuration.

๐Ÿš€ Quick Start #

Installation #

Add secure_env_manager to your pubspec.yaml:

dependencies:
  secure_env_manager: ^1.0.0

dev_dependencies:
  build_runner: ^2.4.8

Then run:

flutter pub get

1. Define Your Schema #

Create an env_schema.yaml file in your project root:

fields:
  - name: API_URL
    type: String
    required: true
    description: "Base URL for the API"

  - name: API_KEY
    type: String
    required: true
    encrypted: true
    description: "API key (encrypted)"

  - name: FEATURE_FLAG
    type: bool
    required: false
    defaultValue: false
    description: "Enable new feature"

  - name: MAX_RETRIES
    type: int
    required: false
    defaultValue: 3
    description: "Maximum retry attempts"

extensions:
  dev:
    API_URL: "https://api-dev.example.com"
    FEATURE_FLAG: true
  prod:
    API_URL: "https://api.example.com"
    FEATURE_FLAG: false

2. Generate Code #

Run the code generator:

flutter pub run build_runner build

This generates a strongly-typed EnvConfig class in lib/env_config.g.dart.

3. Use in Your App #

import 'package:secure_env_manager/secure_env_manager.dart';
import 'env_config.g.dart'; // Generated file

void main() {
  // Set master key for decryption (get from secure storage in production)
  EnvConfig.setMasterKey('your-master-key');
  
  // Access variables with type safety
  final apiUrl = EnvConfig.instance.apiUrl; // String
  final apiKey = EnvConfig.instance.apiKey; // String (decrypted)
  final featureFlag = EnvConfig.instance.featureFlag; // bool
  final maxRetries = EnvConfig.instance.maxRetries; // int
}

๐Ÿ“š Features in Detail #

Schema Definition #

Define all your environment variables in a YAML schema:

fields:
  - name: DATABASE_URL
    type: String
    required: true
    pattern: "^https?://.*"  # Optional regex validation
    includeInEnv: true       # Include in generated .env file

  - name: SECRET_TOKEN
    type: String
    encrypted: true          # Encrypt this value
    required: true

Supported Types:

  • String - Text values
  • int - Integer numbers
  • bool - Boolean values
  • double - Floating-point numbers

Encryption #

Encrypt sensitive values using the CLI:

# Encrypt a value
dart run secure_env_manager encrypt "my-secret-key" "master-key"

# The output can be used in your .env file

Or programmatically:

import 'package:secure_env_manager/secure_env_manager.dart';

final encrypted = EncryptionService.encrypt('my-secret', 'master-key');
final decrypted = EncryptionService.decrypt(encrypted, 'master-key');

Environment Extensions #

Override values per environment:

extensions:
  dev:
    API_URL: "http://localhost:3000"
    DEBUG_MODE: true
  staging:
    API_URL: "https://staging-api.example.com"
  prod:
    API_URL: "https://api.example.com"
    DEBUG_MODE: false

Code Generation #

The generated EnvConfig class provides:

  • Type-safe getters for each field
  • Automatic validation of required fields
  • Runtime decryption of encrypted values
  • Default value support for optional fields
// Generated code example
class EnvConfig {
  String get apiUrl {
    final value = Platform.environment['API_URL'];
    if (value == null) {
      throw StateError('Required environment variable API_URL is not set');
    }
    return value;
  }
  
  String get apiKey {
    final value = Platform.environment['API_KEY'];
    if (value == null) {
      throw StateError('Required environment variable API_KEY is not set');
    }
    if (_masterKey == null) {
      throw StateError('Master key not set');
    }
    return EncryptionService.decrypt(value, _masterKey!);
  }
}

๐Ÿ› ๏ธ CLI Commands #

The package includes a CLI tool for common operations:

# Validate schema
dart run secure_env_manager validate

# Generate config (or use build_runner)
dart run secure_env_manager generate

# Encrypt a value
dart run secure_env_manager encrypt "value" "master-key"

# Decrypt a value
dart run secure_env_manager decrypt "encrypted-value" "master-key"

๐Ÿ’ก Real-World Examples #

Storing API Credentials #

// 1. Define in schema
// - name: API_KEY
//   type: String
//   encrypted: true
//   required: true

// 2. Encrypt the value
// dart run secure_env_manager encrypt "actual-api-key" "master-key"

// 3. Add to .env file
// API_KEY=<encrypted-value>

// 4. Use in app
void main() {
  EnvConfig.setMasterKey('master-key-from-secure-storage');
  final apiKey = EnvConfig.instance.apiKey; // Automatically decrypted
}

Feature Flags #

fields:
  - name: ENABLE_NEW_UI
    type: bool
    defaultValue: false
  - name: MAX_CACHE_SIZE
    type: int
    defaultValue: 100

if (EnvConfig.instance.enableNewUi) {
  // Show new UI
}

final cacheSize = EnvConfig.instance.maxCacheSize;

Database Configuration #

fields:
  - name: DB_HOST
    type: String
    required: true
  - name: DB_PORT
    type: int
    defaultValue: 5432
  - name: DB_PASSWORD
    type: String
    encrypted: true
    required: true

โš ๏ธ Security Considerations #

Master Key Management #

โš ๏ธ Important: The master key should never be committed to version control.

Best Practices:

  1. Store master key in secure storage (Keychain, Keystore, or environment variable)
  2. Use different keys for different environments
  3. Rotate keys periodically
  4. Never log or expose encrypted values
// Good: Get from secure storage
import 'package:flutter_secure_storage/flutter_secure_storage.dart';

final storage = FlutterSecureStorage();
final masterKey = await storage.read(key: 'env_master_key');
EnvConfig.setMasterKey(masterKey!);

// Bad: Hardcoded key
EnvConfig.setMasterKey('hardcoded-key-123'); // โŒ

Encrypted Values in Binary #

โš ๏ธ Warning: Encrypted values stored in your app's binary can potentially be extracted by reverse engineering. For maximum security:

  • Use server-side configuration for highly sensitive secrets
  • Consider using a secrets management service (AWS Secrets Manager, HashiCorp Vault)
  • Use this package for development and less-sensitive production configs

๐Ÿงช Testing #

Run tests with:

flutter test

The package includes comprehensive tests for:

  • Schema parsing and validation
  • Encryption/decryption
  • Code generation
  • Runtime access API

๐Ÿ› Troubleshooting #

"Required environment variable is not set" #

Ensure the variable is set in your environment or .env file:

export API_URL="https://api.example.com"

"Master key not set" #

Call EnvConfig.setMasterKey() before accessing encrypted values:

EnvConfig.setMasterKey('your-master-key');

Code generation fails #

  1. Ensure env_schema.yaml exists in project root
  2. Check schema syntax is valid YAML
  3. Run dart run secure_env_manager validate to check schema

Decryption fails #

  • Verify the master key matches the one used for encryption
  • Ensure the encrypted value wasn't corrupted
  • Check that the value is actually encrypted (use EncryptionService.isEncrypted())

๐Ÿ“ฑ Platform Support #

Platform Support
Android โœ… Full support
iOS โœ… Full support
Web โœ… Full support
macOS โœ… Full support
Windows โœ… Full support
Linux โœ… Full support

๐Ÿ‘จโ€๐Ÿ’ป Author #

Godfrey Lebo - Fullstack Developer & Technical PM

With 9+ years of industry experience, I specialize in building AI-powered applications, scalable mobile solutions, and secure backend systems. I've led teams delivering marketplaces, fintech platforms, and AI applications serving thousands of users.

๐Ÿค Contributing #

We welcome contributions! Whether you're fixing bugs, adding features, or improving documentation, your help makes this package better for everyone.

Ways to contribute:

  • ๐Ÿ› Report bugs
  • ๐Ÿ’ก Suggest new features
  • ๐Ÿ“ Improve documentation
  • ๐Ÿ”ง Submit pull requests

๐Ÿ“„ License #

This project is licensed under the MIT License - see the LICENSE file for details.

๐Ÿ“š Additional Resources #

๐Ÿ™ Acknowledgments #

  • Flutter team for the amazing framework
  • Build runner and code generation tools
  • Community contributors and users

Made with โค๏ธ by Godfrey Lebo

If this package helps secure your app's configuration, consider giving it a โญ on GitHub!

โ† Metadata

1
likes
140
points
--
downloads

Publisher

verified publishergodfreylebo.dev

Weekly Downloads

Metadata

A secure environment variable manager for Flutter/Dart with code generation, encryption support, and type-safe configuration access.

Repository (GitHub)
View/report issues

Documentation

Documentation
API reference

License

MIT (license)

Dependencies

build, encrypt, flutter, meta, path, yaml

More

Packages that depend on secure_env_manager

Back