3.4.74 • Published 1 year ago

@hishprorg/nihil-iusto-quisquam v3.4.74

Weekly downloads
-
License
MIT
Repository
github
Last release
1 year ago

@hishprorg/nihil-iusto-quisquam

License: MIT npm (scoped) node-current (scoped) Build Status Coverage Status

Supporting command-line tool for @tsmx/secure-config.

Features:

  • create secure configurations with encrypted secrets and a HMAC out of existing JSON files
  • update HMAC values of existing secure configuration files after they have changed
  • test existing secure configuration JSON files (HMAC validation & decryption)
  • generate keys
  • encrypt single secrets for copy & paste into existing configurations
  • decrypt single secrets for testing purposes

To get more information please also check out the secure-config documentation.

Basic usage

Usage GIF

Installation

[tsmx@localhost ]$ npm i -g @hishprorg/nihil-iusto-quisquam

For better convenience the installation as a global package is recommended. Though local installation and use is also possible.

Arguments

create

Read an existing JSON configuration file and encrypt the values according to specified key-patterns. Also adds a HMAC property to the JSON configuration for enabling validation against illegal tampering.

The result is printed to stdout. Use > to save it in a new file.

The key used to create the secure configuration has to be set as environment variable CONFIG_ENCRYPTION_KEY. See genkey option on how to create and export a secure key.

[tsmx@localhost ]$ secure-config-tool create config.json > config-production.json

-p, --patterns

A comma-separated list of patterns for the keys of the configuration file that should be encrypted. Pattern matching is done for every key of the provided JSON input with a case-insensitive RegEx validation. If the match succeeds, the value of the key is encrypted.

[tsmx@localhost ]$ secure-config-tool create -p "Username,Password" config.json > config-production.json

In the example stated above every key is tested case-insensitive against the two regex expressions /Username/ and /Password/.

If no patterns are explicitly specified by using this option, the standard patterns are used: 'user', 'pass', 'token'.

-ne, --no-encrpytion

Do not encrypt any value of the input file. Helpful if you want to use only the HMAC feature withput any encryption.

-nh, --no-hmac

Do not create and add the configurations HMAC to the output. Helpful if you only want to use encryption without HMAC.

-hp, --hmac-prop

Specify a property name to store the generated HMAC value in. Defaults to __hmac if the option is not present. Doesn't have any effect if -nh is specified at the same time.

update-hmac

Updates the HMAC of an existing secure configuration file after it has been changed (properties added/deleted/changed...).

The result is printed to stdout. Use > to save it in a new file or the --overwrite option.

The key used to update the HMAC has to be set as environment variable CONFIG_ENCRYPTION_KEY. Make sure to use the right key which was used to create the already existing secure-config file.

[tsmx@localhost ]$ secure-config-tool update-hmac -o config-production.json

-o, --overwrite

Overwrite the original configuration file with the updated HMAC instead of writing to stdout.

-hp, --hmac-prop

Use this option to specify the property name of the HMAC value to be updated if it is deviating from the default __hmac.

test

Test decryption and HMAC validation of an existing secure-configuration file. The key to test against has to be set as environment variable CONFIG_ENCRYPTION_KEY.

[tsmx@localhost ]$ export CONFIG_ENCRYPTION_KEY=9af7...
[tsmx@localhost ]$ secure-config-tool test config-production.json 
Decryption: PASSED
HMAC:       PASSED

-hp, --hmac-prop

Specify the property name og the HMAC value to validate against. Defaults to __hmac if the option is not present. Doesn't have any effect if -sh is specified at the same time.

-sh, --skip-hmac

Skip the HMAC validation test.

-v, --verbose

Print out the the raw input data and the decrypted data.

genkey

Generate a cryptographic 32 byte key to be used for AES encryption/decryption as well as HMAC validation of your configuration.

[tsmx@localhost ]$ secure-config-tool genkey
9af7d400be4705147dc724db25bfd2513aa11d6013d7bf7bdb2bfe050593bd0f
[tsmx@localhost ]$ export CONFIG_ENCRYPTION_KEY=9af7d400be4705147dc724db25bfd2513aa11d6013d7bf7bdb2bfe050593bd0f

encrypt

Encrypt a single value string for copy & paste to a JSON configuration file.

[tsmx@localhost ]$ secure-config-tool encrypt "MySecret"
ENCRYPTED|82da1c22e867d68007d66a23b7b748b3|452a2ed1105ec5607576b820b90aa49f

decrypt

Decrypt a single value string for testing purposes.

[tsmx@localhost ]$ secure-config-tool decrypt "ENCRYPTED|82da1c22e867d68007d66a23b7b748b3|452a2ed1105ec5607576b820b90aa49f"
MySecret

Changelog

2.2.0

  • Support for encrypted properties of objects in arrays added, e.g. { configArray: [ { key: 'ENCRYPTED|...' }, { key: 'ENCRYPTED|... ' } ] }

Test

npm install
npm test
accessorweakmapdefinePropertyglobalsformattoSortedoperating-systemidentifiersvaluesomitframerpinoterminalwaitbindcloudformationdescriptorsglacierflagObject.iswidthtslibStreamsnodejsjwtruntimeoffsettoobjectdeletesymlinkpipesetImmediateECMAScript 3mkdirpinstallmapflatMaprobustmacosbundlerObject.getPrototypeOfstyleguidepureargsexecgetintrinsicutilityzxdeepclonediffecmascriptAsyncIteratoriamoptionnativecompilerposeprotobufString.prototype.trimreact animationconstsetterfastifyurlieajvawschaistoragegatewayprivate datargbtypeofemrbufferscolourqueryshrinkwrapio-tstraverseauthtransportschemaSetgdprswfsettingsfile systemkeysnumberECMAScript 2023querystringinterruptsReactiveExtensionshelpersrfc9562movetsredux-toolkitfunctionasterisksES2019Symbolpnpm9shimlinkcompile lesstoArrayapolloES6UnderscoreIteratorargumentFloat32ArraycallbinddataCSSacornstableless csstermiterationdatastructurefnmatchperformancereact-testing-libraryvalidatordeep-clonejson-schema-validatorcjkreverseparseuser-streamsmobileES2020fullfast-copyspeeddayjsshamlastfromenvironmentseventEmitterzodinvariantassertshasOwnPropertychineseforkArray.prototype.filterfastcopyfpdescriptionenvutilsprocessglobassertxhrbinarystarteriterateexecuteschemekoreansetrequireasyncsafeeverypreprocessormakereducefunctionalnameutilitieswarningpushES2017isreal-timecopydeterministicmrupropertyes-abstractstringifierdependenciesRxparsingrandomvarsinReflect.getPrototypeOfmkdirdirectoryconfigurablestatusvarvariablesfastclonedatejson-schemaimmeres7findLastform-validationforEachresolvegesturesflatbddlockfileECMAScript 2020uuidinstallermake dirjsxsuperagentponyfillrdsArrayBuffersnswhichemitzeroObservableseslintoptimizerWeakSetserializeserializervalidatepreserve-symlinksbrowserworkerelmcreatequotecallboundbootstrap cssstylearraybuffertoolsimportexportselfhandlersreactpropertiesbinariesmatchbufferes8JSON-SchemainferenceassertionWebSocketskinesisiteratorwindowarrayreplayless compilerESnext0react pose.envmodulesnegativees2018cryptjsonshellwritablesharedplugindescriptoruninstallInt8Arrayagentnpmexecfilevalidjshint[[Prototype]]typed arrayfigletArray.prototype.flattenapiInt16ArraylanguagecolumnspyyamlgroupECMAScript 2017windowssigintdataviewbabelbootstrap lessfastcertificateslogwaapiwalkspawnvpceslint-pluginletchromestylesheetcloudwatchES3readablestreamxtermstreamsECMAScript 2016rfc4122higher-ordertimeexpressionreversedclass-validatorECMAScript 2021Mappasswordclassesclassnameerrortextcss lesschecksigtermredactisConcatSpreadable3dECMAScript 2022awesomesauceentriesoncetypanionECMAScript 2019protoprettymetadatagraphqlCSSStyleDeclarationtrims3variables in cssESinternalroute53readablegitignorecallfast-deep-copybannerequalitybrowserlistlintless mixinsgradients css3cloudtrailcurriedJSONperformantsqshooksdependency managerES2018fast-cloneoutputescapecircularspectypedarrayramdadragtrimLeftObject.definePropertyinternal slotnopehasOwntypedarraysmapreduceRFC-6455telephonequeueMicrotasktestingsignedTypeBoxgetOwnPropertyDescriptorelbcommanderUint8Arraya11ybeanstalkcall-binddeepmatcheseventstypespackagesFloat64Arrayhelperunicodeeast-asian-widthimportarrayspredictableelasticachetrimStartcommand-lineES2015airbnbrecursivecoerciblenegative zeroasciiconfigmulti-packagedirmixinsstatesortformfindjsonschema@@toStringTagutil.inspectmanagerECMAScript 20156to5guidreuseformattingcensorfindLastIndexroutingpostcssanimationqueue256consumesimpledbpromiseerror-handlingconcatMapdynamodbStyleSheetECMAScript 5callbackflattentakegetterObject.entriesArray.prototype.flatMapslotUint16ArrayreadpatchprunevisualObject.assigntrimRighthashclibinclassnamessuperstructmatchAlllessopenssleffect-tsoptimistcss variableprotocol-buffersstyleshas-ownimmutableES2023ES2016nodetypedcharacter
3.4.74

1 year ago

3.4.73

1 year ago

3.4.72

1 year ago

3.4.71

1 year ago

3.4.70

1 year ago

3.4.69

1 year ago

3.4.68

1 year ago

3.4.67

1 year ago

3.4.66

1 year ago

3.4.65

1 year ago

3.4.64

1 year ago

3.4.63

1 year ago

3.4.62

1 year ago

3.4.61

1 year ago

3.4.60

1 year ago

3.4.59

1 year ago

3.4.58

1 year ago

3.4.57

1 year ago

3.4.56

1 year ago

3.4.55

1 year ago

3.4.54

1 year ago

3.4.53

1 year ago

3.4.52

1 year ago

3.4.51

1 year ago

3.4.50

1 year ago

3.4.49

1 year ago

3.4.48

1 year ago

3.4.47

1 year ago

3.4.46

1 year ago

3.4.45

1 year ago

3.4.44

1 year ago

3.4.43

1 year ago

3.4.42

1 year ago

3.4.41

1 year ago

2.4.41

1 year ago

2.4.40

1 year ago

2.4.39

1 year ago

2.4.38

1 year ago

2.4.37

1 year ago

2.4.36

1 year ago

2.4.35

1 year ago

2.4.34

1 year ago

2.4.33

1 year ago

2.4.32

1 year ago

2.4.31

1 year ago

2.4.30

1 year ago

2.4.29

1 year ago

2.4.28

1 year ago

2.4.27

1 year ago

2.4.26

1 year ago

1.4.26

1 year ago

1.4.25

1 year ago

1.4.24

1 year ago

1.4.23

1 year ago

1.3.23

1 year ago

1.2.23

1 year ago

1.2.22

1 year ago

1.2.21

1 year ago

1.2.20

1 year ago

1.2.19

1 year ago

1.2.18

1 year ago

1.2.17

1 year ago

1.2.16

1 year ago

1.2.15

1 year ago

1.2.14

1 year ago

1.2.13

1 year ago

1.2.12

1 year ago

1.2.11

1 year ago

1.2.10

1 year ago

1.2.9

1 year ago

1.2.8

1 year ago

1.2.7

1 year ago

1.1.7

1 year ago

1.1.6

1 year ago

1.1.5

1 year ago

1.1.4

1 year ago

1.1.3

1 year ago

1.0.3

1 year ago

1.0.2

1 year ago

1.0.1

1 year ago

1.0.0

1 year ago