ts-configurable
Advanced tools
Comparing version 2.0.0 to 2.0.1
# CHANGELOG | ||
## 2.0.1 | ||
- Fix a bug where non-ciphertext string values where set to null with setNullOnDecryptionFailure=true | ||
## 2.0.0 | ||
@@ -4,0 +7,0 @@ - Breaking changes: options object for decryption changed: from `decryptionSecrets` to `decryption`: `secrets`, `setNullOnDecryptionFailure` |
@@ -15,3 +15,3 @@ /// <reference types="node" /> | ||
*/ | ||
export declare function decrypt(keyOrSecret: Buffer | string, ciphertext: string): string; | ||
export declare function decrypt(keyOrSecret: Buffer | string, ciphertext: string): string | null; | ||
export declare function attemptDecryption(keys: Buffer[], ciphertext: any): any; |
@@ -37,3 +37,3 @@ "use strict"; | ||
!encryptedStr) { | ||
throw Error(); | ||
return null; | ||
} | ||
@@ -120,3 +120,7 @@ const iv = Buffer.from(ivStr, 'hex'); | ||
const key = typeof keyOrSecret === 'string' ? keyFromSecret(keyOrSecret) : keyOrSecret; | ||
const { iv, encrypted } = deserializeCipher(ciphertext); | ||
const res = deserializeCipher(ciphertext); | ||
if (!res) { | ||
throw Error('Invalid ciphertext!'); | ||
} | ||
const { iv, encrypted } = res; | ||
// Decrypt value | ||
@@ -135,2 +139,6 @@ const decipher = crypto_1.createDecipheriv(cipherAlgorithm, key, iv); | ||
} | ||
// Only attempt decryption is string is a valid ciphertext | ||
if (!deserializeCipher(ciphertext)) { | ||
return ciphertext; | ||
} | ||
// Attempt decryption with all of the provided keys | ||
@@ -137,0 +145,0 @@ for (const key of keys) { |
{ | ||
"name": "ts-configurable", | ||
"version": "2.0.0", | ||
"version": "2.0.1", | ||
"license": "MIT", | ||
@@ -5,0 +5,0 @@ "author": "Benjamin Assadsolimani (derbenoo)", |
@@ -292,3 +292,3 @@ # TS-Configurable | ||
It is possible to provide encrypted configuration values. This is useful for secrets that should not be checked into source control but should be available as soon as the application is in possession of a single (or multiple) decryption secrets instead of having to provide each secret configuration value via environment variables. The decryption secrets are provided via the `decryptionSecrets` option. The following decryption secret types can be specified: | ||
It is possible to provide encrypted configuration values. This is useful for secrets that should not be checked into source control but should be available as soon as the application is in possession of a single (or multiple) decryption secrets instead of having to provide each secret configuration value via environment variables. The decryption secrets are provided via the `decryption` option. The following decryption secret types can be specified: | ||
* `raw`: the secret is directly provided as a string | ||
@@ -295,0 +295,0 @@ * `env`: the secret is read from the environment variable with the specified name (via: `environmentVariable`) |
Sorry, the diff of this file is not supported yet
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
72234
532
3