Bug: _parseVault() doesn’t respect processEnv option.

[jaswrks]

If I call _parseVault() with processEnv option, it makes no difference because internally _parseVault() makes another call to configDotenv(), and it only passes that helper the path option, not processEnv. Therefore, it always writes to process.env, even if you tell it not to.

Problematic line:

dotenv/lib/main.js

Line 54 in cf4c569

const result = DotenvModule.configDotenv({ path: vaultPath })

[jaswrks]

Also, it would be wonderful if dotenv-vault exported a parse() method of its own. The underscore prefixes suggest these were meant only for internal use, and yet there’s no other way to parse, because dotenv-vault doesn’t expose that method, only config().

[jaswrks]

Oh, I see. That's configuring the environment variables inside the vault itself. Well, it still seems less than ideal to leak those out whenever processEnv is passed through to explicitly state not to pollute process.env.

[motdotla]

They are encrypted so it's not a leak per se, but I think the spirit of what you are saying is right @jaswrks. Feels dirty.

Will take a look at filtering those out.