@magloft/kms v3.0.4

@magloft/kms

Zero-Setup encrypted configuration library via Google Cloud KMS / Google Cloud Storage.

Features

• Configure projects in a secure, central place.
• Manage different configurations and environments.
• Keep your codebase and repositories clean of any sensitive data.

Requirements

1. Install gcloud sdk
2. Login via gcloud auth login
3. Set your google cloud project using gcloud config set project PROJECT_ID

Installation

1. npm -g install @magloft/kms or yarn global add @magloft/kms
2. kms init

CLI Usage

kms [command]

Commands:
  kms init         initialize kms
  kms edit [key]   edit key and publish to kms
  kms store [key]  store key to kms
  kms fetch [key]  fetch key from kms

Options:
  -e         Set environment  [string] (development, staging, production)
  --help     Show help        [boolean]
  --version  Show version     [boolean]

Node Usage

const { config } = require('@magloft/kms')

config('credentials/mysql').then((result) => {
  console.log(result)
  // { host: '127.0.0.1', port: '3306', username: 'root', password: 'root' }
})

Environments

By default, the development environment will be used. Credentials are stored locally at ~/.kms/development/path/to/key.json.

Any environment other than development will load and retrieve configuration from Google Cloud Storage and encrypt/decrypt via Google Cloud KMS.

To change the environment, you can: 1. Pass the environment via CLI argument -e production. 2. Set the KMS_ENV=production environment variable

Configuration

The KMS_PARAMS environment variable allows you to specift the project, storage bucket and keyring settings:

KMS_PARAMS=magloft-private:kms:kms

The colon-seperated string contains Bucket Name, Key Ring ID and Crypto Key ID.