UNPKG

lemon-core

Version:

Lemon Serverless Micro-Service Platform

github.com/lemoncloud-io/lemon-core

lemoncloud-io/lemon-core

114 lines (113 loc) 3.04 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
/// <reference types="node" /> import { CoreKmsService } from '../core-services'; import 'dotenv/config'; declare const instance: () => any; export type EncryptResult = ReturnType<typeof instance>['EncryptResult']; export type DecryptResult = ReturnType<typeof instance>['DecryptResult']; /** * check if base64 string. */ export declare const isBase64: (text: string) => boolean; /** * normal base64 to url encoded. */ export declare const fromBase64: (base64: string) => string; /** * additional options for KMS signing. */ export interface AWSKMSSignOption { /** * algorithm used to sign and verify. * (default RSASSA_PKCS1_V1_5_SHA_256) */ algorithm?: EncryptionAlgorithm; } type EncryptionAlgorithm = string; /** * class: `KeyVaultService` * - shared Key Management Service to encrypt/decrypt message. */ export declare class KeyVaultService implements CoreKmsService { /** * environ name of KMS KEY */ static ENV_KMS_KEY_ID: string; static DEF_KMS_TARGET: string; private _keyId; private _options; constructor(keyId?: string, options?: AWSKMSSignOption); /** * get name of this */ name: () => string; /** * hello */ hello: () => string; /** * get key-id to encrypt. */ keyId: () => string; instance: () => { keyClient: any; credentials: any; CryptographyClient: any; EncryptResult: any; DecryptResult: any; }; /** * get KMS instance in stock */ /** * Encrypt message * * @param {*} message */ encrypt: (message: string) => Promise<any>; /** * Decrypt message * * @param {*} encryptedSecret */ decrypt: (encryptedSecret: any) => Promise<any>; /** * make signature by message * * @param {*} message any string * @param forJwtSignature (option) flag to get JWT signature format. */ sign: (message: any, forJwtSignature?: boolean) => Promise<any>; /** * verify signature in asymetric way * - it tooks around `30ms` * * @param {*} message any string * @param {*} signature signature of Buffer or string(in base64) */ verify: (message: any, signature: any) => Promise<any>; /** * retrieve public-key for asymetric verification. * - used to verify signature with JWT library w/o making request to AWS KMS. * - in general, cache this `public-key` to verify locally. * * @param encoding (optional) encoding type */ getPublicKey: (encoding?: BufferEncoding) => Promise<any>; /** * it should be 'hello lemon' * * # Example * ```sh * # encrypt text * $ aws kms encrypt --profile <profile> --key-id <kms-key-id> --plaintext "hello lemon" --query CiphertextBlob --output text * ``` */ sample(): Promise<{ KMS_KEY_ID: string; keyId: string; message: string; encrypted: any; decrypted: any; }>; } export {};