sequelize-vault

Sequelize Vault: A Sequelize plugin for easily integrating Hashicorp Vault.

Installation

$ npm install sequelize-vault

Usage

This package transparently encrypts and decrypts columns in _encrypted format using Hashicorp Vault.

Node.js:

const Sequelize = require('sequelize')
const SequelizeVault = require('sequelize-vault')

const s = new Sequelize({
  username: 'root',
  password: '',
  dialect: 'sqlite',
  database: 'test',
})
const User = s.define('user', {
  ssn_encrypted: Sequelize.STRING,
  ssn: Sequelize.VIRTUAL,
})

SequelizeVault.Vault.app = 'fooapp'
SequelizeVault.Vault.address = 'http://master-vault'
SequelizeVault.default(User)

const u = await User.create({ ssn: '123-45-6789' })
console.log(u.ssn_encrypted)
// vault:v0:EE3EV8P5hyo9h...

TypeScript:

import {Sequelize, Table, Column, Model} from 'sequelize-typescript'
import SequelizeVault, {Vault} from 'sequelize-vault'

const s = new Sequelize({
  username: 'root',
  password: '',
  dialect: 'sqlite',
  database: 'test',
})

@Table
class User extends Model<User> {
  @Column
  ssn_encrypted: string

  @Column(DataType.VIRTUAL)
  ssn: string
}

s.addModels([User])

Vault.app = 'fooapp'
Vault.address = 'http://master-vault'
SequlizeVault(User)
const u = await User.create({ ssn: '123-45-6789' })
console.log(u.ssn_encrypted)
// vault:v0:EE3EV8P5hyo9h...

Options

Key	Value
enabled	true or false(default)
app	my-app
token	abcd1234
address	https://vault.example.com
suffix	_encrypted
convergented	true or false(default)
context	Vault.app(default)
path	v1/transit
timeout	3 * 60 * 1000
ua	sequelize-vault/1.0.0 (+https://github....

Contribution

• Fork (https://github.com/linyows/sequelize-vault/fork)
• Create a feature branch
• Commit your changes
• Rebase your local changes against the master branch
• Run test suite with the npm ci command and confirm that it passes
• Create a new Pull Request

Author

linyows