Skip to main content

Function Signature

async function secretStrings(
  key: string,
  fallback?: string[]
): Promise<string[]>

Parameters

key
string
required
The environment variable name that points to the secret file path
fallback
string[]
Optional default array to return if the secret is not found

Returns

Promise<string[]> - An array of strings parsed from the secret file

How It Works

This function reads secrets from the filesystem, following Docker secrets conventions:
  1. Checks if the environment variable key contains a file path
  2. If no path is set, defaults to /run/secrets/{key}
  3. Reads the file contents and splits by comma
  4. Trims whitespace from each value and filters out empty strings
  5. Throws an error if the secret is missing (unless a fallback is provided)

Example

import { secretStrings } from "@nore/load-env"

// Reads from file path in $ALLOWED_ORIGINS or /run/secrets/ALLOWED_ORIGINS
// File contents: "https://example.com, https://app.example.com, https://admin.example.com"
export const ALLOWED_ORIGINS = await secretStrings("ALLOWED_ORIGINS")
// Result: ["https://example.com", "https://app.example.com", "https://admin.example.com"]

// With fallback
export const TAGS = await secretStrings("TAGS", ["default"])

Secret File Format

The secret file should contain comma-separated values: 
value1, value2, value3
Or: 
value1,value2,value3
Whitespace around values is automatically trimmed.

Error Handling

Throws an error if:
  • The secret file doesn’t exist (when no fallback provided)
  • The file is empty (when no fallback provided)
When a fallback is provided, returns the fallback value instead of throwing if the file doesn’t exist.

Build docs developers (and LLMs) love

Get started for freeTalk to us