@seek/kms-config

Decrypt KMS encrypted values in config files

1.0.0
latest
Source
npm

Version published: 8 years ago

Maintainers: 35

Created: 8 years ago

Source

config ⇒ `Promise`

Decrypt KMS encrypted values in config files. This tool is optimised for use in node 4.3.2 AWS Lambda functions but should work in any modern node runtime.

Install

npm install --save @seek/kms-config

Usage

The user that is running the lambda will need kms:Decrypt permission to the master key used for generating the ciphertext. Warning* To reduce KMS overhead you should just call this once and cache the result if possible.

myConfig.json

{
    "foo" : "bar",
    "kms" { //All the values in this object are expected to be KMS ciphertext 
        "secretToHappiness" : "base64_encoded_ciphertext"
    }
}

handler.js

const myConfig = require('./myConfig')
const config  = require('@seek/kms-config')(myConfig)

config.then(resolved => {
    console.log(resolved.foo) // "bar"
    console.log(resolved.kms.secretToHappiness) // "eat more chocolate"
}).catch(err => {
    console.log(err, "Oh dear perhaps you are missing KMS permissions")
})
...

Returns: Promise - A promise to the loaded config which will be resolved with all kms values decrypted.

Param	Type	Description
config	`Object`	A config object which may contain a child `kms` object who's values are KMS ciphertext

FAQs

What is @seek/kms-config?

Is @seek/kms-config well maintained?

Package last updated on 15 Jan 2017

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

@seek/kms-config

Install

Usage

myConfig.json

handler.js

Related posts

Inside the Business of Ransomware: Insights from Reddit AMA with Ransomware Negotiators

PyPI on Ultralytics Supply Chain Attack: Poor CI/CD Practices to Blame, No Security Flaws in PyPI Exploited