secure-env-ts
Version:
Use ENVs securely with encryption
91 lines (90 loc) • 4.3 kB
JavaScript
;
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.encrypt = exports.decrypt = void 0;
const crypto_1 = __importDefault(require("crypto"));
const fs_1 = __importDefault(require("fs"));
const log_1 = __importStar(require("./utils/log"));
// In the code
const decrypt = (options) => {
try {
const secret = options.secret || 'mySecret';
const inputFile = options.inputFile || '.env.enc';
const decryptionAlgo = options.decryptionAlgo || 'aes256';
const ivLength = options.ivLength || 16;
if (!fs_1.default.existsSync(inputFile))
throw new Error(`${inputFile} does not exist.`);
if (!secret || typeof secret !== 'string')
throw new Error('No SecretKey provided.');
const fileBuffer = fs_1.default.readFileSync(inputFile);
const iv = fileBuffer.slice(0, ivLength);
const ciphertext = fileBuffer.slice(ivLength, fileBuffer.length);
const key = crypto_1.default.createHash('sha256').update(String(secret)).digest();
const decipher = crypto_1.default.createDecipheriv(decryptionAlgo, key, iv);
//@ts-expect-error
let decrypted = decipher.update(ciphertext, 'hex', 'utf8');
//@ts-expect-error
decrypted += decipher.final('utf8');
return decrypted;
}
catch (e) {
(0, log_1.default)(e, log_1.logTypes.ERROR);
}
};
exports.decrypt = decrypt;
// With the cli
const encrypt = (options) => {
try {
const secret = options.secret || 'mySecret';
const inputFile = options.inputFile || '.env';
const outputFilePath = options.outputFile || `${inputFile}.enc`;
const encryptionAlgo = options.encryptionAlgo || 'aes256';
const ivLength = options.ivLength || 16;
const isEdit = options.isEdit;
// presumably createCipheriv() should work for all the algo in ./openssl_list-cipher-algorithms.csv with the right key/iv length
if (!fs_1.default.existsSync(inputFile))
throw new Error(`Error: ${inputFile} does not exist.`);
if (!secret || typeof secret !== 'string')
throw new Error('No SecretKey provided.Use -s option to specify secret');
return new Promise(resolve => {
const key = crypto_1.default.createHash('sha256').update(String(secret)).digest(); // /// TODO: node v10.5.0+ should use crypto.scrypt(secret, salt, keylen[, options], callback)
const iv = crypto_1.default.randomBytes(ivLength);
const cipher = crypto_1.default.createCipheriv(encryptionAlgo, key, iv);
const output = fs_1.default.createWriteStream(outputFilePath);
output.write(iv);
fs_1.default.createReadStream(inputFile).pipe(cipher).pipe(output);
output.on('finish', () => {
if (!isEdit) {
(0, log_1.default)(`The Environment file "${inputFile}" has been encrypted to "${outputFilePath}".`, log_1.logTypes.INFO);
(0, log_1.default)(`Make sure to delete "${inputFile}" for production use.`, log_1.logTypes.WARN);
}
resolve();
});
});
}
catch (e) {
(0, log_1.default)(e, log_1.logTypes.ERROR);
}
};
exports.encrypt = encrypt;