@inngest/middleware-encryption
Advanced tools
This package provides an encryption middleware for Inngest, enabling secure handling of sensitive data. It encrypts data being sent to and from Inngest, ensuring plaintext data never leaves your server.
npm install @inngest/middleware-encryption
[!NOTE] Requires TypeScript SDK v3+
Upgrading from v0.x.x of this package? See MIGRATION.md.
To use the encryption middleware, import and initialize it with your encryption key(s). You can optionally provide a custom encryption service.
By default, the following will be encrypted:
data.encryptedimport { encryptionMiddleware } from "@inngest/middleware-encryption";
// Initialize the middleware
const mw = encryptionMiddleware({
key: "your-encryption-key",
});
// Use the middleware with Inngest
const inngest = new Inngest({
id: "my-app",
middleware: [mw],
});
Provide an Array<string> when providing your key to support rotating encryption keys.
The first key is always used to encrypt, but decryption will be attempted with all keys.
To create a custom encryption service, you need to implement the abstract
EncryptionService class provided by the package. Your custom service must
implement an identifier and two core methods: encrypt and decrypt.
export namespace EncryptionService {
export interface PartialEncryptedValue {
data: string;
[key: string]: unknown;
}
}
export abstract class EncryptionService {
public abstract identifier: string;
public abstract encrypt(
value: unknown
): MaybePromise<EncryptionService.PartialEncryptedValue>;
public abstract decrypt(value: string): MaybePromise<unknown>;
}
[!TIP] Notice that the return values of these functions can be synchronous or return promises. In the latter case, encryption/decryption will happen in parallel for every relevant step and event. In practice, this also allows you to mimic dataloader-like behaviour by collecting all encryption/decryption requests during one tick and choosing how to process them all at once.
This could be useful for a service which stores state in a remote store like S3, for example.
For example, here's how you might define, instantiate, and use a custom encryption service:
import { EncryptionService } from "@inngest/middleware-encryption";
class CustomEncryptionService implements EncryptionService {
public identifier = "my-custom-strategy";
constructor(/* custom parameters */) {
// Initialization code here
}
encrypt(
value: unknown
): MaybePromise<EncryptionService.PartialEncryptedValue> {
// Implement your custom encryption logic here
// Example: return CustomEncryptLib.encrypt(JSON.stringify(value), this.customKey);
}
decrypt(value: string): MaybePromise<unknown> {
// Implement your custom decryption logic here
// Example: return JSON.parse(CustomEncryptLib.decrypt(value, this.customKey));
}
}
You can then pass it to the encryptionMiddleware function like so:
const customService = new CustomEncryptionService(/* custom parameters */);
const mw = encryptionMiddleware({
encryptionService: customService,
});
// Use the middleware with Inngest
const inngest = new Inngest({
id: "my-app",
middleware: [mw],
});
In v3 of the TypeScript SDK, middleware is run in sequence and not as the usual
encapsulating layer. For example, middleware of [foo, bar] would run hooks in
the order:
foo.transformInput
bar.transformInput
foo.transformOutput
bar.transformOutput
This is problematic for middleware that affects payloads such as encryption, as we'd want it to be the first and last hooks to run instead of always the first for every stage.
While this will change and be fixed in v4 of the TypeScript SDK, if you're using v3 alongside other middleware that also affects the payload, we provide two separate middleware that you can use to wrap the other middleware.
import { manualEncryptionMiddleware } from "@inngest/middleware-encryption/manual";
const {
decryptionMiddleware,
encryptionMiddleware,
} = manualEncryptionMiddleware({
key: "your-encryption-key",
});
const inngest = new Inngest({
id: "my-app",
middleware: [
decryptionMiddleware,
someOtherMwAffectingPayloads,
encryptionMiddleware,
],
});
FAQs
E2E encryption middleware for Inngest.
The npm package @inngest/middleware-encryption receives a total of 0 weekly downloads. As such, @inngest/middleware-encryption popularity was classified as not popular.
We found that @inngest/middleware-encryption demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
Research
Security News
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
Security News
Company News
Socket is joining TC54 to help develop standards for software supply chain security, contributing to the evolution of SBOMs, CycloneDX, and Package URL specifications.