@@ -315,13 +315,22 @@ export const envDeleteCommand = new Command<EnvCommandContext>()
315315 ) ;
316316 } ) ;
317317
318+ const PUBLIC_REGEX = / ^ P U B L I C _ | ^ N E X T _ P U B L I C _ / ;
319+
320+ const COMMON_SECRET_PATTERN =
321+ / ^ (? ! .* (?: ^ | _ ) ( P U B L I C | N E X T _ P U B L I C | E X P O S E D ) (?: _ | $ ) ) .* ( K E Y | S E C R E T | T O K E N | P A S S W O R D | P R I V A T E | C R E D E N T I A L S | A U T H ) (? ! [ A - Z a - z ] ) / i;
322+
323+ function isSecretKey ( key : string ) : boolean {
324+ return COMMON_SECRET_PATTERN . test ( key ) ;
325+ }
326+
318327export const envLoadCommand = new Command < EnvCommandContext > ( )
319328 . description (
320329 "Load environmental variables from a .env file into the application" ,
321330 )
322331 . option (
323- "--secrets <keys...:string>" ,
324- "Which keys in the .env file to treat as secrets" ,
332+ "--non- secrets <keys...:string>" ,
333+ "Which keys in the .env file to treat as non- secrets" ,
325334 )
326335 . arguments ( "<file:string>" )
327336 . action ( async ( options , file ) => {
@@ -358,22 +367,38 @@ export const envLoadCommand = new Command<EnvCommandContext>()
358367 const addEnvVars = [ ] ;
359368 let updateEnvVars = [ ] ;
360369
370+ const hasPublicPrefix = Object . keys ( variables ) . some ( ( key ) =>
371+ PUBLIC_REGEX . test ( key )
372+ ) ;
373+
361374 for ( const [ key , value ] of Object . entries ( variables ) ) {
362375 const existing = existingEnvVars . find ( ( envVar ) => envVar . key === key ) ;
376+ let is_secret = existing ?. is_secret || false ;
377+
378+ if ( ! options . nonSecrets ?. includes ( key ) ) {
379+ if ( hasPublicPrefix ) {
380+ is_secret = ! PUBLIC_REGEX . test ( key ) ;
381+ } else {
382+ is_secret = isSecretKey ( key ) ;
383+ }
384+ } else {
385+ is_secret = false ;
386+ }
387+
363388 if ( existing ) {
364389 updateEnvVars . push ( {
365390 id : existing . id ,
366391 key,
367392 value,
368- is_secret : options . secrets ?. includes ( key ) ?? existing . is_secret ,
393+ is_secret,
369394 context_ids : existing . context_ids ,
370395 } ) ;
371396 } else {
372397 addEnvVars . push ( {
373398 app_id : fullApp . id ,
374399 key,
375400 value,
376- is_secret : options . secrets ?. includes ( key ) ?? false ,
401+ is_secret,
377402 context_ids : null ,
378403 } ) ;
379404 }
0 commit comments