npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@tsmx/secure-config-tool

v2.2.1

Published

Command-line tool for @tsmx/secure-config.

Downloads

112

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tsmxtsmx

Keywords

secure-configconfigurationconfiguration managementconfigsecureencryptioncryptocredentialssecretkey injectionmulti-environmentJSONNODE_ENVAES

Readme

@tsmx/secure-config-tool

License: MIT npm (scoped) node-current (scoped) Build Status Coverage Status

Supporting command-line tool for @tsmx/secure-config.

Features:

  • create secure configurations with encrypted secrets and a HMAC out of existing JSON files
  • update HMAC values of existing secure configuration files after they have changed
  • test existing secure configuration JSON files (HMAC validation & decryption)
  • generate keys
  • encrypt single secrets for copy & paste into existing configurations
  • decrypt single secrets for testing purposes

To get more information please also check out the secure-config documentation.

Basic usage

Usage GIF

Installation

[tsmx@localhost ]$ npm i -g @tsmx/secure-config-tool

For better convenience the installation as a global package is recommended. Though local installation and use is also possible.

Arguments

create

Read an existing JSON configuration file and encrypt the values according to specified key-patterns. Also adds a HMAC property to the JSON configuration for enabling validation against illegal tampering.

The result is printed to stdout. Use > to save it in a new file.

The key used to create the secure configuration has to be set as environment variable CONFIG_ENCRYPTION_KEY. See genkey option on how to create and export a secure key.

[tsmx@localhost ]$ secure-config-tool create config.json > config-production.json

-p, --patterns

A comma-separated list of patterns for the keys of the configuration file that should be encrypted. Pattern matching is done for every key of the provided JSON input with a case-insensitive RegEx validation. If the match succeeds, the value of the key is encrypted.

[tsmx@localhost ]$ secure-config-tool create -p "Username,Password" config.json > config-production.json

In the example stated above every key is tested case-insensitive against the two regex expressions /Username/ and /Password/.

If no patterns are explicitly specified by using this option, the standard patterns are used: 'user', 'pass', 'token'.

-ne, --no-encrpytion

Do not encrypt any value of the input file. Helpful if you want to use only the HMAC feature withput any encryption.

-nh, --no-hmac

Do not create and add the configurations HMAC to the output. Helpful if you only want to use encryption without HMAC.

-hp, --hmac-prop

Specify a property name to store the generated HMAC value in. Defaults to __hmac if the option is not present. Doesn't have any effect if -nh is specified at the same time.

update-hmac

Updates the HMAC of an existing secure configuration file after it has been changed (properties added/deleted/changed...).

The result is printed to stdout. Use > to save it in a new file or the --overwrite option.

The key used to update the HMAC has to be set as environment variable CONFIG_ENCRYPTION_KEY. Make sure to use the right key which was used to create the already existing secure-config file.

[tsmx@localhost ]$ secure-config-tool update-hmac -o config-production.json

-o, --overwrite

Overwrite the original configuration file with the updated HMAC instead of writing to stdout.

-hp, --hmac-prop

Use this option to specify the property name of the HMAC value to be updated if it is deviating from the default __hmac.

test

Test decryption and HMAC validation of an existing secure-configuration file. The key to test against has to be set as environment variable CONFIG_ENCRYPTION_KEY.

[tsmx@localhost ]$ export CONFIG_ENCRYPTION_KEY=9af7...
[tsmx@localhost ]$ secure-config-tool test config-production.json 
Decryption: PASSED
HMAC:       PASSED

-hp, --hmac-prop

Specify the property name og the HMAC value to validate against. Defaults to __hmac if the option is not present. Doesn't have any effect if -sh is specified at the same time.

-sh, --skip-hmac

Skip the HMAC validation test.

-v, --verbose

Print out the the raw input data and the decrypted data.

genkey

Generate a cryptographic 32 byte key to be used for AES encryption/decryption as well as HMAC validation of your configuration.

[tsmx@localhost ]$ secure-config-tool genkey
9af7d400be4705147dc724db25bfd2513aa11d6013d7bf7bdb2bfe050593bd0f
[tsmx@localhost ]$ export CONFIG_ENCRYPTION_KEY=9af7d400be4705147dc724db25bfd2513aa11d6013d7bf7bdb2bfe050593bd0f

encrypt

Encrypt a single value string for copy & paste to a JSON configuration file.

[tsmx@localhost ]$ secure-config-tool encrypt "MySecret"
ENCRYPTED|82da1c22e867d68007d66a23b7b748b3|452a2ed1105ec5607576b820b90aa49f

decrypt

Decrypt a single value string for testing purposes.

[tsmx@localhost ]$ secure-config-tool decrypt "ENCRYPTED|82da1c22e867d68007d66a23b7b748b3|452a2ed1105ec5607576b820b90aa49f"
MySecret

Changelog

2.2.0

  • Support for encrypted properties of objects in arrays added, e.g. { configArray: [ { key: 'ENCRYPTED|...' }, { key: 'ENCRYPTED|... ' } ] }

Test

npm install
npm test