1.0.8 • Published 2 years ago

@brightcove/node-config v1.0.8

Weekly downloads
-
License
-
Repository
github
Last release
2 years ago

Node encrypted secrets

package-info NPM NodeJS Build Status

Manage your secrets with single entrypted file. Inspired in Rails encrypted secrets management

Install

npm install @brightcove/node-config --save

Usage

Encrypt and decrypt yaml files

# config.yaml
username: user
password': myPassword
  • Encrypt
NODE_MASTER_KEY=$MASTER_KEY npx @brightcove/node-config encrypt --path config.yaml

Only encrypted object values.

username: sGPi7jVJFORTBSOOKx5nMw==--eYed5TIh3D+9rjN/usOB0w==
password: +C4M+xFxOQXTyvPJ7QSJuQ==--eYed5TIh3D+9rjN/usOB0w==
  • Decrypt
NODE_MASTER_KEY=$MASTER_KEY npx @brightcove/node-config decrypt --path config.yaml

Setup for NodeJs projects

Create a config.yaml file

Example:

publicKey: publicValue # no-encrypt
myApiKey: apiKey
myApiSecret: apiSecret

or

{
  "publicKey": "publicValue",
  "myApiKey": "apiKey",
  "myApiSecret": "apiSecret"
}
npx @brightcove/node-config init

OR use your own key

NODE_MASTER_KEY=$MASTER_KEY npx @brightcove/node-config init

Your config file it's encrypted, and generate config key file

Save the key value, and ignore this file in your version control.

echo config.yaml.key >> .gitignore

Read config in runtime

const { config } = require('@brightcove/node-config');

const apiKey = config.apiKey;

Use in production

You can set a environment varible NODE_MASTER_KEY for decrypt secrets.

NODE_MASTER_KEY=my-credential-key server.js

Edit config

The edit command allow to edit the file in a text editor; decrypting before open the file and encrypting after close the file.

EDITOR=nano npx @brightcove/node-config edit

env

Return the value of config based on process.env.NODE_CREDENTIALS_ENV or process.env.NODE_ENV Example:

default: &default
  user: myuser
development:
  <<: *default
  key: password_development
production:
  <<: *default
  key: password_production
  • By default use development key
const vault = require('@brightcove/node-config');

vault.config;
// { development: { key: "password_development" }, production: { key: "password_production" } }
vault.env;
// { key: "password_development" }
  • Set custom environment
us:
  development:
    key: development password for US country
NODE_CREDENTIALS_ENV=us.development node main.js
const vault = require('@brightcove/node-config');
vault.env;
// { key: "development password for US country" }

Environment variable in config file

Some config it's not recomend set in config file, like production database password.

config file accept template variables for process env object

production:
  database:
    password: <%= process.env.DATABASE_PASSWORD %>

CLI API

Command List

  help      help
  init      encrypt your config file and create a config key file
  encrypt   encrypt config file
  decrypt   decrypt config file
  edit      decrypt/encrypt in text editor

Options

  -p, --path   Path for config file
secretsencryptedenv
ejsyamllodashcommand-line-argscommand-line-usage
1.0.8

2 years ago

1.0.7

2 years ago

1.0.6

2 years ago

1.0.5

3 years ago

1.0.4

3 years ago

1.0.3

3 years ago

1.0.2

3 years ago