node-credentials
Advanced tools
Encrypted json for manage all credentials, similar to rails encrypted secrets
Manage your secrets with single entrypted file. Inspired in Rails encrypted secrets management
npm install node-credentials --save
# credentials.yaml
username: user
password': myPassword
NODE_MASTER_KEY=$MASTER_KEY npx node-credentials encrypt --path credentials.yaml
Only encrypted object values.
username: sGPi7jVJFORTBSOOKx5nMw==--eYed5TIh3D+9rjN/usOB0w==
password: +C4M+xFxOQXTyvPJ7QSJuQ==--eYed5TIh3D+9rjN/usOB0w==
NODE_MASTER_KEY=$MASTER_KEY npx node-credentials decrypt --path credentials.yaml
Create a credentials.json or credentials.yaml file
Example:
publicKey: publicValue # no-encrypt
myApiKey: apiKey
myApiSecret: apiSecret
or
{
"publicKey": "publicValue",
"myApiKey": "apiKey",
"myApiSecret": "apiSecret"
}
npx node-credentials init
OR use your own key
NODE_MASTER_KEY=$MASTER_KEY npx node-credentials init
Your credentials file it's encrypted, and generate credentials key file
Save the key value, and ignore this file in your version control.
echo credentials.yaml.key >> .gitignore
const { credentials } = require('node-credentials');
const apiKey = credentials.apiKey;
You can set a environment varible NODE_MASTER_KEY for decrypt secrets.
NODE_MASTER_KEY=my-credential-key server.js
The edit command allow to edit the file in a text editor; decrypting before open the file and encrypting after close the file.
EDITOR=nano npx node-credentials edit
Return the value of credentials based on process.env.NODE_CREDENTIALS_ENV or process.env.NODE_ENV Example:
default: &default
user: myuser
development:
<<: *default
key: password_development
production:
<<: *default
key: password_production
const vault = require('node-credentials');
vault.credentials;
// { development: { key: "password_development" }, production: { key: "password_production" } }
vault.credentialsEnv;
// { key: "password_development" }
us:
development:
key: development password for US country
NODE_CREDENTIALS_ENV=us.development node main.js
const vault = require('node-credentials');
vault.credentialsEnv;
// { key: "development password for US country" }
Some credentials it's not recomend set in credentials file, like production database password.
credentials file accept template variables for process env object
production:
database:
password: <%= process.env.DATABASE_PASSWORD %>
Allow set custom environment variable to encrypt/decrypt secrets
Example using NPM_TOKEN
export NODE_MASTER_KEY_NAME=NPM_TOKEN
NPM_TOKEN=$NPM_TOKEN npx node-credentials init
NODE_MASTER_KEY=$MASTER_KEY npx node-credentials encrypt --path .env
NODE_MASTER_KEY=$MASTER_KEY npx node-credentials decrypt --path .env
NODE_MASTER_KEY=$MASTER_KEY npx node-credentials encrypt --path myfile.txt
NODE_MASTER_KEY=$MASTER_KEY npx node-credentials decrypt --path myfile.txt
Command List
help help
init encrypt your credentials file and create a credentials key file
encrypt encrypt credentials file
decrypt decrypt credentials file
edit decrypt/encrypt in text editor
Options
-p, --path Path for credentials file
FAQs
Encrypted json for manage all credentials, similar to rails encrypted secrets
The npm package node-credentials receives a total of 250 weekly downloads. As such, node-credentials popularity was classified as not popular.
We found that node-credentials demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Open source is under attack because of how much value it creates. It has been the foundation of every major software innovation for the last three decades. This is not the time to walk away from it.
Security News
Socket CEO Feross Aboukhadijeh breaks down how North Korea hijacked Axios and what it means for the future of software supply chain security.
Security News
OpenSSF has issued a high-severity advisory warning open source developers of an active Slack-based campaign using impersonation to deliver malware.