Strapi-keys NPM

$ npm run strapi-keys -- --refresh

key-v2

This is a great and convenient way to generate random base64 cryptographic keys.

This approach is generally secure, as the Node.js cryptographic module is designed to provide secure encryption capabilities.

It uses the crypto module of Node.js, which in turn can depend on specific implementations of the operating system, reliable for generating randomness.

openssl rand -base64 32 uses an operating system random number generator, which is often highly reliable at generating randomness.

Strapi openssl

Install with npm:

npm i strapi-keys

Start to generate keys:

⏳Generating a default .env file complete with variables, in the absence of .env or .env.example files

npm run strapi-keys -- --generate

############################
## BEFORE 
############################
API_TOKEN_SALT=
ADMIN_JWT_SECRET=
TRANSFER_TOKEN_SALT=
JWT_SECRET=
APP_KEYS=

############################
## AFTER
############################
APP_KEYS=KHeNRq3Oj1/9wcjYvgFv+b6+Pw==,WMe01U/lJ5uPqQSdpvTESZLFDA==,+jiQgyUIWjGlyebkCZnRxKAD5A==,W/5ZcNElldr8MmyyTSqevgYqJg==
API_TOKEN_SALT=28LCPMgoHb/g3Dc5oIYwGo54WGDSknbQzuDZjPmmhA==
ADMIN_JWT_SECRET=7dLaf0Aaw0mGUTrSPQSnj/tK9VdMSxPxhUxfIb36SA==
TRANSFER_TOKEN_SALT=PgmIoztGd+V39JhTttjZ918T5znZpsuzfaEh5AemCA==
JWT_SECRET=mH1Jnu9dGc+jShpKJPI399h4cVV0TyAjhos+6sUaeA==

List command options:

npm run strapi-keys -- --help

Usage: npm run strapi-keys -- options

Options:

--help : List all available commands (default option)
--refresh : Forcefully overwrite all keys
--generate : Generate keys where missing
--clear : Clear values of keys
--dryrun : Print involved variables based on the launched command
example:
```
 npm run strapi-keys -- --dryrun --refresh
```
--print : Print newly generated variables to the console
--status : Print the status of keys: check the correct encoding of the key
--rand : Print a single crypto key in base64

Options with values:

--exclude= : Exclude certain keys from the changes operations
example:
```
npm run strapi-keys -- --refresh --exclude=JWT_SECRET
```
--only= : Include only certain keys in changes operations
Separate multiple values with a comma (,)

--status

npm run strapi-keys -- --status

Settings (automatic)

After installation, the "strapi-keys" command is automatically added to the "scripts" field in the Strapi package.json file:

{
  "scripts": {
    "strapi-keys": "strapi-keys"
  }
}

or run the command directly:

node node_modules/strapi-keys

Comand scheduled

./config/cron-tasks.js

module.exports = {

  refreshKeysEnv: {
    task: ({ strapi }) => {
      const keysExec = require('strapi-keys/core/exec');
      keysExec('--refresh --exclude=JWT_SECRET')
    },
    options: {
      rule: "0 0 1 */2 * *",
    },
  },

};

./config/server.js

const cronTask = require("./cron-tasks")

module.exports = ({ env }) => ({
  cron: {
    enabled: env.bool('CRON_ENABLED', false),
    tasks: cronTask,
  }
});

Set the variable in the .env file