npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

skm-lit

v4.0.0

Published

skm-lit is a library for retrieving secrets stored in Cloud Storage

Downloads

116

Readme

skm-lit

skm-lit (secret key manager) is a library for retrieving secrets stored in a Cloud Storage bucket.

Watch out: This library is Node.js only!

Installation

npm install skm-lit

Usage

Require skm-lit as early as possible:

require(`skm-lit`);

Next, define an environment variable that references your secret stored in a Google Storage bucket using skm-lit's special URL syntax. Consult the reference syntax section for details.

# inside .env
MY_SECRET:skm-lit://mybucket/my-secret

After that you can access your secret through the corresponding environment variable. In this case MY_SECRET.

Setup a Cloud Storage bucket

This section describes the steps required to create a Cloud Storage bucket manually and setting up the correct permissions.

This is not required on order to use skm-lit. If you already have a Cloud Storage bucket provisioned, you can skip this section.

  1. Install the Google Cloud SDK. If you are running from your local machine, you also need to set Default Application Credentials:

    gcloud auth application-default login

    This will open a web browser and prompt for a login to your Google account. After a successful login, the gcloud SDK has set your user account as the Default Application Credentials for your machine.

    To revoke the credentials, run gcloud auth application-default revoke.

  2. Export your project ID as an environment variable. The rest of this setup guide assumes this environment variable is set:

    export PROJECT_ID=my-gcp-project-id

    Please note, this is the project ID, not the project name or project number. You can find the project ID by running gcloud projects list or in the web UI.

  3. Enable required services on the project:

    gcloud services enable --project ${PROJECT_ID} \
      storage-api.googleapis.com \
      storage-component.googleapis.com
  4. Create a [Cloud Storage][cloud-storage] bucket for storing secrets:

    export BUCKET_ID=my-secrets

    Replace my-secrets with the name of your bucket. Bucket names must be globally unique across all of Google Cloud. You can also create a bucket using the Google Cloud Console from the web.

    gsutil mb -c standard -l europe-west3 -p ${PROJECT_ID} \
      gs://${BUCKET_ID}

    It is strongly recommended that you create a new bucket instead of using an existing one. skm-lit should be the only entity managing IAM permissions on the bucket.

  5. Set the default ACL permissions on the bucket to private:

    gsutil defacl set private gs://${BUCKET_ID}
    gsutil acl set private gs://${BUCKET_ID}

    The default permissions grant anyone with Owner/Editor access on the project access to the bucket and its objects. These commands restrict access to the bucket to project owners and access to bucket objects to only their owner. Everyone else must be granted explicit access via IAM to an object inside the bucket.

Reference Syntax

This section describes the syntax for referencing a secret entity. These references will live in environment variables and skm-lit will parse them on library startup.

Syntax

skm-lit://[BUCKET]/[SECRET]?[OPTIONS]
  • BUCKET - name of the Cloud Storage bucket where the secret is stored

  • SECRET - name of the secret in the Cloud Storage bucket

  • OPTIONS - options specified as URL query parameters

Options

  • destination - when specified as a URL query parameter, this controls how the secret is resolved:

    • tempfile - resolve the secret and write the contents to a tempfile, replacing the environment variable with the path to the tempfile

    • [PATH] - resolve the secret and write the contents to the specified file path

Examples

Read a secret:

skm-lit://my-bucket/my-secret

Read a secret into a tempfile:

skm-lit://my-bucket/path/to/my-secret?destination=tempfile

Read a secret into [project-root]/path/to/file relative to the project root:

skm-lit://my-bucket/path/to/my-secret?destination=path/to/file

Read a secret into /path/to/file absolute to the filesystem:

skm-lit://my-bucket/path/to/my-secret?destination=/path/to/file