@mikestaub/simple-secrets

Utilities for managing encrypted secrets.

Usage no npm install needed!

<script type="module">
  import mikestaubSimpleSecrets from 'https://cdn.skypack.dev/@mikestaub/simple-secrets';
</script>

README

simple-secrets

Overview

This is a small, opinionated library for managing app secrets. The developer now must only manage a single, master key to access all sensitive data for the project.

For small to medium sized projects and teams, this approach should be sufficient. For a more robust / complex solution, something like HashiCorp Vault or AWS Secrets Manager should be used.

Usage

Storing secrets

  1. create a file called 'secrets.js' and have it export an object containing sensitive data in the following format:
module.exports = {
  API_KEY: {
    staging: "123",
    production: "345"
  }
}
  1. add the 'secrets.js' file to the project's .gitignore as to not accidentally commit it
  2. add the following script to the package.json:
"scripts": {
  "encrypt": "simple-secrets encrypt",
  "decrypt": "simple-secrets decrypt",
}
  1. run
export ENCRYPTION_KEY=some-secret-string
npm run encrypt

Using secrets

  1. There must exist a file called 'secrets.js.encrypted' in the current working directory
  2. run
export ENCRYPTION_KEY=some-secret-string
npm run decrypt

It is assumed there exists a 'secrets.js.encrypted' file in the current working directory that can be or decrypted with the key specified by the 'ENCRYPTION_KEY' environment variable.

Other commands

To print the secrets to stdout, use:

simple-secrets print

To inject the secrets into process.env use:

simple-secrets export

Note

This approach assumes that the master encyption key is kept secret and safe. If it is ever made public, assume all credentials in secrets.js are compromised.