@tsmx/secure-config
Advanced tools
Handling multi-environment JSON configurations with encrypted secrets. Minimalistic, zero deps.
Handling multi-environment configurations with encrypted secrets.
Benefits:
The cipher used is AES-256-CBC.
Configuration file with encrypted values:
{
"database": {
"host": "127.0.0.1",
"user": "ENCRYPTED|9edcd5a6bc5ed6868e6c3340019f5d3a|bc1857aab6981b903fab75ccb5c5244b",
"pass": "ENCRYPTED|45aa7c597b470d24c4552ff9b7a5b919|30c26f4fb8e63f2986b1a605028b5dd8"
}
}
Your code:
const conf = require('@tsmx/secure-config');
function MyFunc() {
let dbHost = conf.database.host;
let dbUser = conf.database.user;
let dbPass = conf.database.pass;
//...
}
});
The key for decrypting the encrypted values is derived from an environment varibale named CONFIG_ENCRYPTION_KEY. You can set this variable
whatever way is most suitable, e.g.
export CONFIG_ENCRYPTION_KEY=0123456789qwertzuiopasdfghjklyxc
...
"env": {
"CONFIG_ENCRYPTION_KEY": "0123456789qwertzuiopasdfghjklyxc"
},
...
env_variables:
CONFIG_ENCRYPTION_KEY: "0123456789qwertzuiopasdfghjklyxc"
The key length must be 32 bytes!
Simply use crypto functions from NodeJS with the follwing snippet to create the encrypted entries or use the very basic secure-config-tool for that.
const crypto = require('crypto');
const algorithm = 'aes-256-cbc';
const iv = crypto.randomBytes(16);
var key = Buffer.from('YOUR_KEY_HERE');
function encrypt(text) {
let cipher = crypto.createCipheriv(algorithm, key, iv);
let encrypted = cipher.update(text);
encrypted = Buffer.concat([encrypted, cipher.final()]);
return 'ENCRYPTED|' + iv.toString('hex') + '|' + encrypted.toString('hex');
}
The generated encrypted entry always has the form: ENCRYPTED | Cipher Initialization Vector | Encrypted Data. The prefix ENCRYPTED is used to identify configuration values that must be decrypted.
You can have multiple configuration files for different environments or stages. They are distinguished by the environment variable NODE_ENV. The basic configuration file name is config.json if this variable is not present. If it is present, a configuration file with the name config-[NODE_ENV].json
is used. An exception will be thrown if no configuration file is found.
All configuration files must be located in a conf/ directory of the current running app, meaning a direct subdirectory of the current working directory (CWD/conf/).
Example structure:
NODE_ENV: not setconf/config.jsonNODE_ENV: productionconf/config-production.jsonNODE_ENV: testconf/config-test.jsonconf/
├── config.json
├── config-production.json
└── config-test.json
npm install
npm test
FAQs
Easy and secure configuration management. JSON based encrypted secrets, optional HMAC validation.
The npm package @tsmx/secure-config receives a total of 589 weekly downloads. As such, @tsmx/secure-config popularity was classified as not popular.
We found that @tsmx/secure-config demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.