npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@amitdeshmukh/gcp-crypto

v1.6.0

Published

A Node.js module for symmetric text encryption and decryption using Google Cloud KMS and Secret Manager

Downloads

50

Readme

GCPCrypto Module

The GCPCrypto module provides a set of methods to interact with Google Cloud's Key Management Service (KMS) and Secret Manager. It is designed to create, encrypt, store, and decrypt cryptographic keys using Google Cloud's services.

How it Works

The GCPCrypto class is instantiated with a Google Cloud project ID, location ID, and a key ring. It uses these to interact with Google Cloud's KMS and Secret Manager.

The class provides the following methods:

  • createCryptoKey(keyId, protectionLevel): This method creates a new CryptoKey within the specified KeyRing in Google Cloud KMS. The key ID and protection level (e.g., SOFTWARE or HSM) are required parameters.

  • encryptAndStoreSecretKey(keyId, aesKey, overwrite): This method encrypts the supplied AES-256 symmetric key using Cloud KMS, and stores the encrypted key in Google Secret Manager. The keyId and aesKey are required parameters. The overwrite parameter is optional and defaults to false. If overwrite is true and the secret already exists, it will be deleted before the new secret is stored.

  • decryptSecretKey(keyId): This method retrieves the encrypted key from Google Secret Manager and decrypts it using Cloud KMS. The keyId is a required parameter.

  • decryptAllKeys(): This method retrieves all secrets from Google Secret Manager and decrypts them using Cloud KMS. It returns an object with the decrypted keys.

Authentication

The module uses Application Default Credentials (ADC) to authenticate with Google Cloud services. ADC is a strategy that allows the module to find and use appropriate credentials based on its environment. This could be credentials set in an environment variable, credentials provided by the Google Cloud SDK, credentials provided by the Google Cloud Metadata server, etc.

Please ensure that the environment where this module is used is configured with appropriate credentials that have necessary permissions to interact with Google Cloud KMS and Secret Manager. More information on ADC can be found here.

Installation

npm install @amitdeshmukh/gcp-crypto
# or
yarn add @amitdeshmukh/gcp-crypto

Usage

Once installed, you can import and use the module like this:

import GCPCrypto from 'gcp-crypto';

// Initialize the module with your project ID, GCP keyring location ID, and keyring name
const gcpCrypto = new GCPCrypto('your-project-id', 'your-location-id', 'your-key-ring');

// Create a CryptoKey in your KeyRing with protectionLevel
await gcpCrypto.createCryptoKey(keyId, 'SOFTWARE');

// Generate a random AES-256-GCM symmetric encryption/decryption key
import Cryptr from 'cryptr';
let cryptr = new Cryptr('myTotalySecretKey');
const aesKey = cryptr.encrypt(Math.random().toString(36).substring(2, 15));

// Encrypt the AES key with GCP KMS and store it in Secret Manager
const encryptedKey = await gcpCrypto.encryptAndStoreSecretKey(keyId, aesKey, true);
console.log('Encrypted key:', encryptedKey.toString('base64'));

// Use the key to encrypt something
const plainText = 'Hello World!';
cryptr = new Cryptr(aesKey);
const encryptedText = cryptr.encrypt(plainText);
console.log('Encrypted text:', encryptedText);

// Retrieve the key from Secret Manager and decrypt it using GCP KMS
const decryptedKey = await gcpCrypto.decryptSecretKey(keyId);
console.log('Decrypted AESkey:', decryptedKey);

// Use the key to decrypt encrypted text
cryptr = new Cryptr(decryptedKey);
const decryptedText = cryptr.decrypt(encryptedText);
console.log('Decrypted text:', decryptedText);

You can decrypt all keys in the Secret Manager at once. Here's an example of using the decryptAllKeys method:

// Assuming gcpCrypto is already initialized as shown previously
// Decrypt all keys in the key ring
let result = await gcpCrypto.decryptAllKeys();
console.log('All keys:', result);

Encrypt plaintext and decrypt ciphertext

// Encrypt plaintext using GCP KMS
const ciphertext = await gcpCrypto.encryptPlaintext(keyId, 'Your plaintext here');
console.log('Encrypted ciphertext:', ciphertext);

// Decrypt ciphertext using GCP KMS
const plaintext = await gcpCrypto.decryptCiphertext(keyId, ciphertext);
console.log('Decrypted plaintext:', plaintext);