npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

crypt-aws-kms

v1.0.0

Published

Helper library for use of aws-kms service

Downloads

11

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

cbmonocbmononicolasrttnicolasrttmycsmycsjroehljroehl

Keywords

decryptencryptkmsaws

Readme

AWS KMS decrypt / encrypt cli

Build Status npm Code Style semantic-release

A helper tool to decrypt encrypt data through AWS KMS service. Decryption and Encryption can be done through a cli or in the codebase with the KMS class.

Installation

npm install

Usage

General use

The idea is to use the so called Envelope Encryption proposed by AWS KMS. In short the steps are.

  1. Create masterkey in AWS KMS
  2. Generate datakey with masterkey id and store it ENCRYPTED! locally
  3. Decrypt the datakey through KMS and encrypt files locally with decrypted datakey as key
  4. Decrypt the datakey through KMS and decrypt files locally with decrypted datakey as key

Do not store the decrypted datakey but keep it in memory only as long as you need it

Use KMS in code

const { KMS } = require('./lib');
const KeyId = '123-456-789';

const kms = new KMS(KeyId);
// uses global aws credentials
kms.encryptData('foo')
    .then(({ CiphertextBlob }) => {
        // returns a buffer
        console.log(CiphertextBlob.toString('base64'));
    }, err => console.error(err));

kms.decryptData('encryptedBase64Foo')
    .then(({ Plaintext }) => {
        // returns a buffer
        console.log(Plaintext.toString());
    }, err => console.error(err));

// you could always wrap the functions into an async functions to have an synchronous workflow
decryptAsync();

async function decryptAsync() {
  const { CiphertextBlob } = await kms.encryptData('foo');
  const { Plaintext } = await kms.decryptData(CiphertextBlob);
  console.log({ decryptedSecret: Plaintext.toString() });
}

Use CRYPT in code

const { Crypt } = require('./lib');

// you should use a decrypted KMS masterkey as key
const crypt = new Crypt('decryptedMasterKeyValue');

const encryptedFoo = crypt.encrypt('foo');
const decryptedFoo = crypt.decrypt(encryptedFoo);

Use crypt command globally

npm install -g && npm link

Use locally

./cli/crypt.js [options]

Access Help Menus

# global
crypt -h
crypt [encrypt|decrypt|get-datakey|encrypt-local|decrypt-local] -h

# local
./cli/crypt.js -h
./cli/crypt.js [encrypt|decrypt|get-datakey|encrypt-local|decrypt-local] -h

Following args are used to create the AWS.KMS instance in encrypt and decrypt:

{
    -r: 'region',
    -a: 'accessKeyId',
    -s: 'secretAccessKey',
    -t: 'sessionToken'
}

if the accessKeyId, secretAccessKey or sessionToken is omitted the globally stored aws credentials are used

encrypt

crypt encrypt -k 123-456-789 dataToEncrypt ~/fileToEncrypt

crypt -k 123-456-789 -p ~/Desktop dataToEncrypt ~/fileToEncrypt

Additional valid args.

{
    -k: 'KeyId', // required!!
    -p: 'Path' // if results should be stored in binary file - specify path
}

files have to begin with "./", "/" or "~/" the results are displayed as base64 string in console

decrypt

crypt decrypt dataToEncrypt ~/fileToEncrypt

files have to begin with "./", "/" or "~/" data strings have to be base64 encrypted

get-datakey

Generate datakey with given aws masterkey and store it in binary - encrypted file.

crypt get-datakey -k 123-456-789

crypt -k 123-456-789 -p ~/Desktop

Additional valid args.

{
    -k: 'KeyId', // required!!
    -p: 'Path' // if results should be stored in binary file - specify path
}

the results are displayed as strings in console

encrypt-local

Encrypt datakey locally with given aws datakey. It makes a call to kms, decrypts the datakey and encrypts with it the data. (AWS credentials have to be setup and masterkey active)

crypt encrypt-local dataToEncrypt ~/fileToEncrypt -d dataKey

crypt encrypt-local dataToEncrypt ~/fileToEncrypt -d dataKey -p ~/Desktop

Additional valid args.

{
    -d: 'DataKey', // path to encrypted datakey - required!!
    -p: 'Path' // if results should be stored in file - specify path
}

files have to begin with "./", "/" or "~/" the results are displayed as base64 string in console

decrypt-local

Decrypt datakey locally with given aws datakey. It makes a call to kms, decrypts the datakey and encrypts with it the data. (AWS credentials have to be setup and masterkey active)

crypt decrypt-local dataToEncrypt ~/fileToEncrypt -d dataKey

crypt decrypt-local dataToEncrypt ~/fileToEncrypt -d dataKey -p ~/Desktop

Additional valid args.

{
    -d: 'DataKey', // path to encrypted datakey - required!!
    -p: 'Path' // if results should be stored in file - specify path
}

files have to begin with "./", "/" or "~/" the results are displayed as base64 string in console

Requirements

  • This project needs node > 6.
  • Valid aws credentials have to be set up globally or passed as arguments
  • For the tests to work you need to create a kms keyId you have access and use rights to and enter it in ./config.js

License

MIT

© mycs 2015

Maintainer

jroehl

TODO

  • write tests for crypt
  • documentation

Whenever editing the repository

Should you update the readme, use npm script semantic-release to check if a new version has to be set and to publish it to npm.