npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

propencrypt

v0.3.0

Published

Encrypt and decrypt multiple properties, in multiple files, at once

Downloads

7

Readme

Propencrypt

release license build tests coverage docker npm

Encrypt and decrypt multiple properties, in multiple files, at once.

About

Propencrypt provides the following features:

  • Encrypt and decrypt multiple properties in multiples files at once using the AES-256-GCM symmetric algorithm, without requiring to encrypt the entire contents of the files, making them Git-friendly.
  • Handle multiple file formats (yaml, properties, etc.): the pattern option is used to find values to encrypt.
  • Language-agnostic: encrypt files to store them safely in a Git repository, and decrypt them back before using them as you want (e.g., to create a K8s secret).
  • Lightweight (~1 MB to download), dependency-free, easy to install and run.

It aims to (modestly) solve some limitations of these encryption tools:

  • GPG provides easy file encryption, but the output binary file is not Git-friendly (no diff available, code review is more difficult, etc.).
  • Ansible Vault encrypts variables and files. With variable encryption, files are still easily legible (plaintext and encrypted variables can be mixed in the same file), but each string must be encrypted individually making it tedious to work with many properties in multiple files. Furthermore, Ansible Vault is primarily made to work with Ansible.
  • Jasypt (through the integration for Spring Boot) provides a Maven plugin allowing encrypting multiple placeholders (DEC(...)) at once in an application.properties file, but Jasypt is meant to be used as a library in a Java application, so it is not language-agnostic.

Install

Download and extract the latest release:

# Linux (Bash)
DOWNLOAD_URL="https://github.com/GaelGirodon/propencrypt/releases/latest/download"
curl -sL "$DOWNLOAD_URL/propencrypt_linux_amd64.tar.gz" | tar xvz
# Windows (PowerShell)
$DOWNLOAD_URL = "https://github.com/GaelGirodon/propencrypt/releases/latest/download"
Invoke-WebRequest -OutFile "propencrypt.zip" "$DOWNLOAD_URL/propencrypt_windows_amd64.zip"
Expand-Archive "propencrypt.zip" -DestinationPath ./

Usage

Encrypt and decrypt properties in files:

propencrypt encrypt -k <key> -p <pattern> [-e <ext>] <files>
propencrypt decrypt -k <key>              [-e <ext>] <files>

Run propencrypt --help to show the help message and propencrypt help <command> to get more information about a given command.

Commands

encrypt

The encrypt command reads input files (a list of file names, glob patterns are supported), encrypts and encodes each property value matched by the provided pattern (the capturing group is used to find the value) and creates output files where values are replaced by their encrypted counterpart, encoded as Base64 and surrounded by ENC(<...>). The name of each output file is the concatenation of the associated input file name and the extension.

encrypt -k <key> -p <pattern> [-e <ext>] <files>

decrypt

The decrypt command reads input files (a list of file names, glob patterns are supported), decodes and decrypts each property value matched by the ENC(<...>) pattern and creates output files where values are replaced by their unbounded (ENC() is removed), decoded (from Base64) and decrypted counterpart. The name of each output file is the name of the associated input file without the extension.

decrypt -k <key> [-e <ext>] <files>

Options

| Option | Description | Default | Environment variable | | ----------------- | --------------------------------- | ------- | --------------------- | | -k, --key | 256-bit encryption key | | PROPENCRYPT_KEY | | -p, --pattern | Sensitive property pattern | | PROPENCRYPT_PATTERN | | -e, --ext | File extension to append / remove | .enc | PROPENCRYPT_EXT |

Note: options set from the command-line take precedence over the environment variables.

key

key is a 32-bytes string used as the symmetric key for properties values encryption and decryption with the AES-256-GCM algorithm.

pattern

pattern is a regular expression used to find values to encrypt in files. It must contain exactly one capturing group that matches the property value. This pattern allows finding properties with different names (e.g. (?:pass|secret|login)=(.+)), in multiples file types (e.g., prop: (.+) for YAML, prop=(.+) for INI/Properties), etc.

ext

ext is the extension of the output encrypted file. By default, input files are not modified during encryption: output files with encrypted values are created as <input-file-name><ext>. This extension is removed from the encrypted file name during decryption to get back to the input file name (original unencrypted files are overridden if they exist). This extension can be set to an empty value (--ext "") to edit files in place.

Example

Given config.yml, a configuration file where passwords need to be encrypted:

database:
  url: mysql://host/db
  username: app
  password: secret

Encrypt passwords using the encrypt command (add --ext "" to edit the file in place):

propencrypt encrypt --key <key> --pattern "password: (.+)" config.yml

A new file with encrypted passwords, config.yml.enc, is created:

database:
  url: mysql://host/db
  username: app
  password: ENC(<base64-encrypted-value>)

It can be decrypted back to config.yml using the decrypt command:

propencrypt decrypt --key <key> config.yml.enc

License

Propencrypt is licensed under the GNU General Public License.