node-credentials icon indicating copy to clipboard operation
node-credentials copied to clipboard

Published 20 hours ago verified publisher icon MiguelSavignano

Metadata

npm package node-credentias

Node encrypted secrets

Manage your secrets with single entrypted file. Inspired in Rails encrypted secrets management

Install

npm install node-credentials --save

Usage

Encrypt and decrypt json|yaml|.env files

# credentials.yaml
username: user
password': myPassword
  • Encrypt
NODE_MASTER_KEY=$MASTER_KEY npx node-credentials encrypt --path credentials.yaml

Only encrypted object values.

username: sGPi7jVJFORTBSOOKx5nMw==--eYed5TIh3D+9rjN/usOB0w==
password: +C4M+xFxOQXTyvPJ7QSJuQ==--eYed5TIh3D+9rjN/usOB0w==
  • Decrypt
NODE_MASTER_KEY=$MASTER_KEY npx node-credentials decrypt --path credentials.yaml

Setup for NodeJs projects

Create a credentials.json or credentials.yaml file

Example:

publicKey: publicValue # no-encrypt
myApiKey: apiKey
myApiSecret: apiSecret

or

{
  "publicKey": "publicValue",
  "myApiKey": "apiKey",
  "myApiSecret": "apiSecret"
}

npx node-credentials init

OR use your own key

NODE_MASTER_KEY=$MASTER_KEY npx node-credentials init

Your credentials file it's encrypted, and generate credentials key file

Save the key value, and ignore this file in your version control.

echo credentials.yaml.key >> .gitignore

Read credentials in runtime

const { credentials } = require('node-credentials');

const apiKey = credentials.apiKey;

Use in production

You can set a environment varible NODE_MASTER_KEY for decrypt secrets.

NODE_MASTER_KEY=my-credential-key server.js

Edit credentials

The edit command allow to edit the file in a text editor; decrypting before open the file and encrypting after close the file.

EDITOR=nano npx node-credentials edit

credentialsEnv

Return the value of credentials based on process.env.NODE_CREDENTIALS_ENV or process.env.NODE_ENV Example:

default: &default
  user: myuser
development:
  <<: *default
  key: password_development
production:
  <<: *default
  key: password_production
  • By default use development key
const vault = require('node-credentials');

vault.credentials;
// { development: { key: "password_development" }, production: { key: "password_production" } }
vault.credentialsEnv;
// { key: "password_development" }
  • Set custom environment
us:
  development:
    key: development password for US country

NODE_CREDENTIALS_ENV=us.development node main.js

const vault = require('node-credentials');
vault.credentialsEnv;
// { key: "development password for US country" }

Environment variable in credentials file

Some credentials it's not recomend set in credentials file, like production database password.

credentials file accept template variables for process env object

production:
  database:
    password: <%= process.env.DATABASE_PASSWORD %>

Custom master key environment variable

Allow set custom environment variable to encrypt/decrypt secrets

Example using NPM_TOKEN

export NODE_MASTER_KEY_NAME=NPM_TOKEN
NPM_TOKEN=$NPM_TOKEN npx node-credentials init

Encrypt or decrypt any file

NODE_MASTER_KEY=$MASTER_KEY npx node-credentials encrypt --path .env
NODE_MASTER_KEY=$MASTER_KEY npx node-credentials decrypt --path .env

NODE_MASTER_KEY=$MASTER_KEY npx node-credentials encrypt --path myfile.txt
NODE_MASTER_KEY=$MASTER_KEY npx node-credentials decrypt --path myfile.txt

CLI API

Command List

  help      help
  init      encrypt your credentials file and create a credentials key file
  encrypt   encrypt credentials file
  decrypt   decrypt credentials file
  edit      decrypt/encrypt in text editor

Options

  -p, --path   Path for credentials file

Metadata

16
Stars
5
Forks
Watchers

Owner

verified publisher icon MiguelSavignano

Metadata

npm package node-credentias

Back