npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

data-at-rest

v0.4.2

Published

Encryption utilities for data at rest

Downloads

11

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tristanlstristanls

Keywords

Readme

data-at-rest

Stability: 1 - Experimental

NPM version

Encryption utilities for data at rest.

Contributors

@tristanls

Contents

Overview

This module encodes a way to store secret data at rest given an encryption key. It is intended to guide the user by providing default algorithm selection (DataAtRest.ALGORITHM), asking for additional authenticated data, specifying appropriate initialization vector length (DataAtRest.IV_LENGTH_IN_BYTES), and using crypto.createCipheriv() instead of crypto.createCipher().

Generation and management of encryption key is beyond the scope of this module, however Envelope encryption may be of interest.

For more insight into additional authenticated data and its uses, see How to Protect the Integrity of Your Encrypted Data by Using AWS Key Management Service and EncryptionContext.

Installation

npm install data-at-rest

Tests

npm test

Usage

const DataAtRest = require("data-at-rest");

// secret key from somewhere
const key = crypto.randomBytes(32); // 256 bits (aes-256-gcm)

// data to store
const data = {
    id: "some-id",
    secretData: "some secret data",
    notSecretData: "not secret data"
};

// encryption
const additionalAuthenticatedData = {
    id: data.id,
    notSecretData: data.notSecretData
};
const cipherBundle =
            DataAtRest.encrypt(
                Buffer.from(data.secretData, "utf8"),
                DataAtRest.aad(additionalAuthenticatedData),
                key
            );
const dataStoredAtRest = {
    id: data.id,
    secretData: JSON.stringify(DataAtRest.cipherBundleToBase64(cipherBundle)),
    notSecretData: data.notSecretData
};

// decryption
const plaintext =
            DataAtRest.decrypt(
                DataAtRest.cipherBundleFromBase64(JSON.parse(dataStoredAtRest.secretData)),
                DataAtRest.aad(additionalAuthenticatedData),
                key
            );
const retrievedData = {
    id: dataStoredAtRest.id,
    secretData: plaintext.toString("utf8"),
    notSecretData: dataStoredAtRest.notSecretData
};

Documentation

DataAtRest

Public API

DataAtRest.ALGORITHM

  • aes-256-gcm

Default algorithm to use.

DataAtRest.IV_LENGTH_IN_BYTES

  • 12

Default initialization vector length in bytes.

DataAtRest.aad(obj)

  • obj: Object An object representing string-to-string map of additional authenticated data.
  • Return: Buffer Normalized additional authenticated data.

Normalizes given additional authenticated data by sorting it in order to generate the same buffer regardless of property ordering within the passed in object.

DataAtRest.cipherBundleFromBase64(cipherBundle)

  • cipherBundle: Object Cipher bundle generated by DataAtRest.cipherBundleToBase64(cipherBundle).
    • authTag: String Base64 encoded string authentication tag.
    • ciphertext: String Base64 encoded string ciphertext.
    • iv: String Base64 encoded string initialization vector.
  • Return: Object Cipher bundle with Base64 encoded strings converted to Buffers.
    • authTag: Buffer Authentication tag.
    • ciphertext: Buffer Ciphertext.
    • iv: Buffer Initialization vector.

Converts a cipher bundle with Base64 encoded string properties into a cipher bundle with Buffer properties.

DataAtRest.cipherBundleToBase64(cipherBundle)

  • cipherBundle: Object Cipher bundle generated by DataAtRest.encrypt(plaintext, aad, key).
    • authTag: Buffer Authentication tag.
    • ciphertext: Buffer Ciphertext.
    • iv: Buffer Initialization vector.
  • Return: Object Cipher bundle with Buffers converted to Base64 encoded strings.
    • authTag: String Base64 encoded string authentication tag.
    • ciphertext: String Base64 encoded string ciphertext.
    • iv: String Base64 encoded string initialization vector.

Converts a cipher bundle with Buffer properties into a cipher bundle with Base64 encoded string properties.

DataAtRest.decrypt(cipherBundle, aad, key)

  • cipherBundle: Object Cipher bundle generated by DataAtRest.encrypt(plaintext, aad, key).
    • authTag: Buffer Authentication tag.
    • ciphertext: Buffer Ciphertext.
    • iv: Buffer Initialization vector.
  • aad: Buffer Additional authenticated data generated by DataAtRest.aad(obj).
  • key: Buffer Encryption key.
  • Return: Buffer Decrypted plaintext.

Decrypts previously encrypted cipherBundle into plaintext.

DataAtRest.encrypt(plaintext, aad, key)

  • plaintext: Buffer Plaintext to encrypt.
  • aad: Buffer Additional authenticated data generated by DataAtRest.aad(obj).
  • key: Buffer Encryption key.
  • Return: Object Cipher bundle.
    • authTag: Buffer Authentication tag.
    • ciphertext: Buffer Ciphertext.
    • iv: Buffer Initialization vector.

Encrypts the plaintext using specified additional authenticated data (aad) and the encryption key.

DataAtRest.normalizeAad(obj)

  • obj: Object An object representing string-to-string map of additional authenticated data.
  • Return: Array Normalized object in form of sorted array.

Normalizes given additional authenticated data object by sorting it by key and returning an array (the order of which should be preserved by JSON.stringify implementations).

Releases

Current releases.

Policy

We follow the semantic versioning policy (semver.org) with a caveat:

Given a version number MAJOR.MINOR.PATCH, increment the:

MAJOR version when you make incompatible API changes, MINOR version when you add functionality in a backwards-compatible manner, and PATCH version when you make backwards-compatible bug fixes.

caveat: Major version zero is a special case indicating development version that may make incompatible API changes without incrementing MAJOR version.