0.6.2 • Published 19 days ago
@autotelic/envelope-encryptor v0.6.2
envelope-encryptor
Envelope encryption with configurable KMS.
Installation
npm install @autotelic/envelope-encryptor
Usage
// Using AWS KMS
import { createEnvelopeEncryptor, awsKms } from '@autotelic/envelope-encryptor'
const {
AWS_REGION,
KMS_KEY_ID,
KMS_ACCESS_KEY_ID,
KMS_SECRET_ACCESS_KEY
} = process.env
const keyService = awsKms(KMS_KEY_ID, {
region: AWS_REGION,
credentials: {
accessKeyId: KMS_ACCESS_KEY_ID,
secretAccessKey: KMS_SECRET_ACCESS_KEY
}
})
const encryptor = createEnvelopeEncryptor(keyService)
const { encrypt, decrypt } = encryptor
// encrypt; store these in the db; plaintext is encrypted at rest
const {
ciphertext,
key,
salt
} = await encrypt('plaintext')
// decrypt
const plaintext = await decrypt({
ciphertext: ciphertext.toString(),
key,
salt
})
In development and testing
Don't need to use a real KMS, so export