npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

gcloud-kms-helper

v0.0.6

Published

A simple encryptor - decryptor using KMS for the GCloud functions

Downloads

15

Readme

gcloud-kms-helper

npm Build Status

A simple NPM module for managing the encryption - decryption using Google Cloud KMS.

What is it?

The gcloud-kms-helper provides a CLI tool for encrypting - decrypting your secrets.

It can be also used directly in your code.

The motivation for creating this NPM module is to be able to have a re-usable solution for dealing with secrets when using Google Cloud Functions

How does it work?

Before using the module be sure that you setup the gcloud binary on your laptop and that you are authenticated.

The module needs the following environment variable: GOOGLE_APPLICATION_CREDENTIALS.

When your environment is ready, move to your project directory and run the following command:

$> npm install --save gcloud-kms-helper

The module supports the following environment variables:

  • PROJECT_ID: your Google Cloud project ID
  • PROJECT_LOCATION: your Google Cloud project location (default: europe-west1)
  • KEY_RING_NAME: your Google Cloud KMS key ring name
  • CRYPTO_KEY_NAME: your Google Cloud KMS crypto key name

Using the CLI

The CLI tool supports two commands: encrypt and decrypt.

encrypt

Encrypt and write a message in to a file.

Usage:

$> kms-helper encrypt [options] <message to encrypt> <output file>

If you aren't using the environment variables or if you wanna override the value set in your environment you can use the following options:

  • -p, --project_id: your Google Cloud project ID
  • -l, --project_location: your Google Cloud project location (default: europe-west1)
  • -r, --key_ring_name: your Google Cloud KMS key ring name
  • -c, --crypto_key_name: your Google Cloud KMS crypto key name
decrypt

Decrypt a message in a file.

Usage:

$> kms-helper decrypt [options] <input file>

If you aren't using the environment variables or if you wanna override the value set in your environment you can use the following options:

  • -p, --project_id: your Google Cloud project ID
  • -l, --project_location: your Google Cloud project location (default: europe-west1)
  • -r, --key_ring_name: your Google Cloud KMS key ring name
  • -c, --crypto_key_name: your Google Cloud KMS crypto key name

Using the API

You can import the encrypt / decrypt methods in your script:


encrypt(message, outputFile, options)

argurments

  • message: string. Required. The message to encrypt
  • outputFile: string. Required. The path of the file where to output the encrypted message.
  • options: object. Required. The options mentionned before.

returned value

  • Promise
'use strict';

/**
 * If you are using the module in a Google Cloud Function you will need the following *ugly* hack
 */

process.env.GOOGLE_APPLICATION_CREDENTIALS = '~/path/to/my/cred';

const options = {
  project_id: process.env.PROJECT_ID || 'my-project',
  location: process.env.PROJECT_LOCATION || 'europe-west1',
  key_ring_name: process.env.KEY_RING_NAME || 'key-ring-name',
  crypto_key_name: process.env.CRYPTO_KEY_NAME || 'crypto-key-name',
};

const encrypt = require('gcloud-kms-helper').encrypt;

encrypt('my message to encrypt', './output.key', options)
  .then(() => console.log('done.'))
  .catch((err) => console.error(`Something went wrong: ${err.message}`));

decrypt(message, outputFile, options)

argurments

  • inputFile: string. Required. The path of the file where we can find the message to decrypt.
  • options: object. Required. The options mentionned before.

returned value

  • Promise
'use strict';

/**
 * If you are using the module in a Google Cloud Function you will need the following *ugly* hack
 */

process.env.GOOGLE_APPLICATION_CREDENTIALS = '~/path/to/my/cred';

const options = {
  project_id: process.env.PROJECT_ID || 'my-project',
  location: process.env.PROJECT_LOCATION || 'europe-west1',
  key_ring_name: process.env.KEY_RING_NAME || 'key-ring-name',
  crypto_key_name: process.env.CRYPTO_KEY_NAME || 'crypto-key-name',
};

const decrypt = require('gcloud-kms-helper').decrypt;

decrypt('./output.key', options)
  .then((myDecryptedValue) => console.log(`The secret is: ${myDecryptedValue}`))
  .catch((err) => console.error(`Something went wrong: ${err.message}`));

decryptFromBuffer(message, outputFile, options)

argurments

  • buff: string or buffer. Required. The buffer or the string to decrypt.
  • options: object. Required. The options mentionned before.

returned value

  • Promise
'use strict';

/**
 * If you are using the module in a Google Cloud Function you will need the following *ugly* hack
 */

process.env.GOOGLE_APPLICATION_CREDENTIALS = '~/path/to/my/cred';

const options = {
  project_id: process.env.PROJECT_ID || 'my-project',
  location: process.env.PROJECT_LOCATION || 'europe-west1',
  key_ring_name: process.env.KEY_RING_NAME || 'key-ring-name',
  crypto_key_name: process.env.CRYPTO_KEY_NAME || 'crypto-key-name',
};

const decryptFromBuffer = require('gcloud-kms-helper').decryptFromBuffer;

decryptFromBuffer(Buffer.from('bXlzZWNyZXQK', 'base64'), options)
  .then((myDecryptedValue) => console.log(`The secret is: ${myDecryptedValue}`))
  .catch((err) => console.error(`Something went wrong: ${err.message}`));

Most of the possible scenario are described in the test directory of the module.

For running the test simply run npm run test

Contributing - Complaining

If you found a bug or think that something is missing, do not hesitate to open an issue or a pull-request