cryptex
Version:
Secure secret storage and cryptographic key retrieval for Node.js
37 lines (32 loc) • 813 B
JavaScript
/*
* Copyright (c) 2017-2019 Tom Shawver
*/
const AWS = require('aws-sdk')
const getKey = opts => {
opts = opts || {}
const region = process.env.CRYPTEX_KEYSOURCE_KMS_REGION || opts.region
if (region) {
AWS.config.update({ region })
}
const kms = new AWS.KMS()
opts.dataKey = process.env.CRYPTEX_KEYSOURCE_KMS_DATAKEY || opts.dataKey
return new Promise((resolve, reject) => {
if (!opts.dataKey) {
reject(new Error('KMS Source: "dataKey" option is required'))
} else {
let params = {
CiphertextBlob: new Buffer(opts.dataKey, 'base64')
}
kms.decrypt(params, (err, res) => {
if (err) {
reject(err)
} else {
resolve(res.Plaintext)
}
})
}
})
}
getKey.AWS = AWS
module.exports = getKey