Security News
Crates.io Implements Trusted Publishing Support
Crates.io adds Trusted Publishing support, enabling secure GitHub Actions-based crate releases without long-lived API tokens.
By Sarah Gooding - Jul 16, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
node-cipher
Advanced tools
node-cipher
Encrypt or decrypt sensitive files to allow use in public source control. Node-cipher has a much more defined command line interface, as well as a public API for use directly within Node JS apps. Find on NPM
Example
Let's say we have a file called config.json which has some sensitive data in it, like private keys and shit. What happens if we need to transfer these configs between team members, but don't want the data within the file to be public within source control? We could send out a mass email with the new config file every time someone makes a change, or we can encrypt the file and add its encrypted counterpart to source control which can later be decrypted on each developer's machine.
Here's our hypothetical config.json file.
{
"SECRET": "s3cr3tc0de"
}
We want to remove this file from source control, so that the raw version of the file is not viewable. Instead we want to use the encrypted version of the file. Just add config.json to your .gitignore.
echo config.json >> .gitignore
We can create shorthand npm scripts to encrypt and decrypt this file for ease of use. In our package.json, we add:
{
...
"scripts": {
"encrypt": "nodecipher encrypt -i config.json -o config.json.cast5",
"decrypt": "nodecipher decrypt -i config.json.cast5 -o config.json"
}
}
When run, the encrypt script will encrypt the config.json file into config.json.cast5 which we can then check into source control. The decrypt script will reverse this process. Let's encrypt the file:
npm run encrypt
Before the file is encrypted, we will first be asked to supply an encryption key that will be used to encrypt the file. This is the only secret item you must share between your team:
? Enter an encryption key: ***********
If the key is correct, the file will be successfully encrypted, and other team members can pull down your changes and decrypt the new config file using npm run decrypt.
Install
npm install -g node-cipher
Usage
Usage: nodecipher <command> {options}
Commands:
encrypt Encrypt a given input file.
decrypt Decrypt a given input file.
list List all available cipher options.
Options:
--input, -i The input filename relative to the current working directory. (Required)
--output, -o The output filename relative to the current working directory. (Required)
--password, -p The key that you will use to encrypt or decrypt your file. If this is not
supplied directly, you will instead be prompted within your command line.
If you are decrypting a file, the encryption key must be the same as the
one specified during encryption. (Optional)
--algorithm, -a The cipher algorithm that you will use to encrypt or decrypt your file. If
you are decrypting a file, the encryption method must be the same as the
one specified during encryption. (Optional; Default: cast5-cbc)
-help, -h Show the help menu.
Algorithms
By default, the encryption algorithm is set to cast5-cbc, you can instead specify an encryption algorithm by using the -a flag. Use nodecipher list to see a list of available cipher algorithms.
Node JS API
Encryption schema:
var encrypt = require('node-cipher').encrypt;
// Returns a Promise.
encrypt(options[, callback]);
Decryption schema:
var decrypt = require('node-cipher').decrypt;
// Returns a Promise.
decrypt(options[, callback]);
List all available cipher algorithms:
var nodecipher = require('node-cipher');
// Returns an array.
nodecipher.list();
Encrypt/Decrypt Options
| Name | Type | Description | Optional |
|---|---|---|---|
input | string | The path to the input file relative to the current working directory. | No |
output | string | The path to the output file relative to the current working directory. | No |
password | string | The encryption password. | No |
algorithm | string | The encryption algorithm. Default: cast5-cbc | Yes |
Example Usage
-
Encrypt
config.jsonintoconfig.json.cast5using the keyboscoand the default cipher algorithm (cast5).$ nodecipher encrypt -i config.json -o config.json.cast5 -p bosco -
Decrypt
config.json.cast5back intoconfig.jsonusing the keyboscoand the default cipher algorithm (cast5).$ nodecipher decrypt -i config.json.cast5 -o config.json -p bosco -
Encrypt
classified.jsintoclassified.encrypted.jsusing theaes-128-cbccipher algorithm and the password prompt.$ nodecipher encrypt -i classified.js -o classified.encrypted.js -a aes-128-cbc ? Enter an encryption key: ******** -
Decrypt the
.env.cast5file on Heroku before running the application using theCONFIG_KEYenvironment variable.// Procfile web: nodecipher decrypt -i .env.cast5 -o .env -p $CONFIG_KEY; npm start;
Authors
License
MIT
FAQs
Securely encrypt sensitive files for use in public source control.
We found that node-cipher demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 01 Sep 2015
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Tracking Protestware Spread: 28 npm Packages Affected by Payload Targeting Russian-Language Users
Undocumented protestware found in 28 npm packages disrupts UI for Russian-language users visiting Russian and Belarusian domains.
By Olivia Brown - Jul 15, 2025
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
By Kirill Boychenko - Jul 14, 2025