strapi-keys
Advanced tools
$ npm run strapi-keys -- --refresh
This is a great and convenient way to generate random base64 cryptographic keys.
This approach is generally secure, as the Node.js cryptographic module is designed to provide secure encryption capabilities.
It uses the crypto module of Node.js, which in turn can depend on specific implementations of the operating system, reliable for generating randomness.
openssl rand -base64 32 uses an operating system random number generator, which is often highly reliable at generating randomness.
npm i strapi-keys
⏳Generating a default .env file complete with variables, in the absence of .env or .env.example files
npm run strapi-keys -- --generate
############################
## BEFORE
############################
API_TOKEN_SALT=
ADMIN_JWT_SECRET=
TRANSFER_TOKEN_SALT=
JWT_SECRET=
APP_KEYS=
############################
## AFTER
############################
APP_KEYS=KHeNRq3Oj1/9wcjYvgFv+b6+Pw==,WMe01U/lJ5uPqQSdpvTESZLFDA==,+jiQgyUIWjGlyebkCZnRxKAD5A==,W/5ZcNElldr8MmyyTSqevgYqJg==
API_TOKEN_SALT=28LCPMgoHb/g3Dc5oIYwGo54WGDSknbQzuDZjPmmhA==
ADMIN_JWT_SECRET=7dLaf0Aaw0mGUTrSPQSnj/tK9VdMSxPxhUxfIb36SA==
TRANSFER_TOKEN_SALT=PgmIoztGd+V39JhTttjZ918T5znZpsuzfaEh5AemCA==
JWT_SECRET=mH1Jnu9dGc+jShpKJPI399h4cVV0TyAjhos+6sUaeA==
npm run strapi-keys -- --help
Usage: npm run strapi-keys -- [options]
Options:
--help : List all available commands (default option)--refresh : Forcefully overwrite all keys--generate : Generate keys where missing--clear : Clear values of keys--dryrun : Print involved variables based on the launched command npm run strapi-keys -- --dryrun --refresh
--print : Print newly generated variables to the console--status : Print the status of keys: check the correct encoding of the key--rand : Print a single crypto key in base64Options with values:
--exclude= : Exclude certain keys from the changes operationsnpm run strapi-keys -- --refresh --exclude=JWT_SECRET
--only= : Include only certain keys in changes operationsSeparate multiple values with a comma (
,)
npm run strapi-keys -- --status
After installation, the "strapi-keys" command is automatically added to the "scripts" field in the Strapi package.json file:
{
"scripts": {
"strapi-keys": "strapi-keys"
}
}
or run the command directly:
node node_modules/strapi-keys
./config/cron-tasks.js
module.exports = {
refreshKeysEnv: {
task: ({ strapi }) => {
const keysExec = require('strapi-keys/core/exec');
keysExec('--refresh --exclude=JWT_SECRET')
},
options: {
rule: "0 0 1 */2 * *",
},
},
};
./config/server.js
const cronTask = require("./cron-tasks")
module.exports = ({ env }) => ({
cron: {
enabled: env.bool('CRON_ENABLED', false),
tasks: cronTask,
}
});
Set the variable in the .env file
CRON_ENABLED=true
This functionality is supported and documented in:
Run npm install strapi-keys for:
🎳Good work!🚀
FAQs
Automatic management of keys in .env file
The npm package strapi-keys receives a total of 27 weekly downloads. As such, strapi-keys popularity was classified as not popular.
We found that strapi-keys demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The EU Cyber Resilience Act is prompting compliance requests that open source maintainers may not be obligated or equipped to handle.
Security News
Crates.io adds Trusted Publishing support, enabling secure GitHub Actions-based crate releases without long-lived API tokens.
Research
/Security News
Undocumented protestware found in 28 npm packages disrupts UI for Russian-language users visiting Russian and Belarusian domains.