npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

mongoose-vault

v0.0.9

Published

Simple encryption plugin for Mongoose, using the transit backend from Hasicorp's Vault (Encryption as a Service).

Downloads

25

Readme

Build Status

#mongoose-vault

Simple encryption plugin for Mongoose, using the transit backend from Hasicorp's Vault (Encryption as a Service) (API).

Heavily inspired by mongoose-encryption plugin

Before You Get Started

Read the Security Notes below.

Encryption is only supported on fields of type String. Please file a FeatureRequest if you wish support for more Types.

Key Name

The scope of the encryption key can be per_collection, per_document or completely static. Vault will create a new key, if the specified name does not exist.

Searches on encrypted fields

In Order to enable searches on encrypted fields, we can enable vaults convergent_encryption on the used keys. This will only work on the subset that is encrypted same key. e.g. keyName: per_collection will work keyName: per_document will not

Installation

npm install mongoose-vault

Basic

By default, all fields are encrypted except for _id, __v, and fields with indexes

var mongoose = require('mongoose');
var encrypt = require('mongoose-vault');
var nodeVault = require('node-vault');

var userSchema = new mongoose.Schema({
    name: String,
    age: Number
    // whatever else
});

userSchema.plugin(encrypt, {
  encryptedFields: ['name','age'], // A list of fields to encrypt. Default is to encrypt all fields.
  excludeFromEncryption: [],  //A list of fields to not encrypt
  decryptPostSave: true, // Whether to automatically decrypt documents in the application after saving them (faster if false)
  keyName: 'per_collection', // If you update the Model name of the schema, this should be set to its original name
  keyCreationKeyType: "aes256-gcm96", // This can be set when encryption key is expected to be created. See https://www.vaultproject.io/api/secret/transit/index.html#type-1
  keyCreationConvergentEncryption: false // Needs to be true if the key is expected to be created and findByEncryptedField should be supported. see https://www.vaultproject.io/api/secret/transit/index.html#convergent_encryption-1
 });

User = mongoose.model('User', userSchema);

// Initialize the vault
let vault = nodeVault({endpoint: process.env.VAULT_CONNECTION_STRING, token: process.env.VAULT_DEV_ROOT_TOKEN_ID})

// connect vault to the model
User.connectVault(vault)

// Create transit backend in vault
vault.mount({mount_point: 'transit',type: 'transit'})

User.create({name:"Max"})
...

Development and Testing

Setup Hashicorp Vault and Mongo

docker run --rm --cap-add=IPC_LOCK -e 'VAULT_DEV_ROOT_TOKEN_ID=insecureRootTestingToken' -p8200:8200 vault
docker run --rm -27017:27017 mongo

Security Issue Reporting / Disclaimer

None of the authors are security experts. We relied on accepted tools and practices, and tried hard to make this tool solid and well-tested, but nobody's perfect. Please look over the code carefully before using it (and note the legal disclaimer below). If you find or suspect any security-related issues, please email us and we will get right on it. For non-security-related issues, please open a Github issue or pull request. Copyright @ mongoose-encryption