npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@bytehide/secrets

v2.0.14

Published

The official ByteHide Secrets Manager SDK for Node.js/TypeScript, enabling secure retrieval and management of environment-based secrets, rotation, and auditing. Eliminate hardcoded credentials and keep your secrets out of code.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

jespanagjespanagvytehidevytehidekikebytehidekikebytehide

Keywords

bytehidesecretssecret managersecuritykey vaultenvironment-based secretstypescriptnodejssdk

Readme

ByteHide Secrets Manager for JavaScript/TypeScript ⚡

@bytehide/secrets - Manage secrets in JS, TS or Node code with a plug-and-play secrets manager with enterprise-features.

Automatically manage and retrieve secrets in your JavaScript/TypeScript projects—no more leaking .env files or hardcoded credentials! ByteHide Secrets is the official secrets manager SDK for Node.js/TS, seamlessly integrated with the ByteHide platform. It supports environment-based secrets, caching, optional in-memory encryption, and more.

npm version npm downloads License Official Documentation

Tip: If you need to detect hardcoded secrets or scan your code for credentials, check out @bytehide/secrets-scanner, our free secrets scanner.

Key Features

  • Easy Initialization: Automatically detect your ByteHide token & environment from environment variables or manually initialize in code.
  • Enterprise security: Enterprise encryption, privacy-first solution with RBAC and top-security integrations.
  • Environment-Aware: Different secrets for dev, staging, and production—no separate .env for each environment.
  • Sync & Async APIs: get, set with Promises, or getSync, setSync for synchronous usage.
  • Caching: Time-to-live (TTL)–based in-memory cache, configurable and easily cleared.
  • Optional Encryption: Store secrets in memory with a simple XOR-based fallback encryption.
  • One-Liner Setup: No complex multi-stage config required.

Installation

npm install @bytehide/secrets
# or
yarn add @bytehide/secrets

1. Obtain a Free Token

  1. Create a free account at cloud.bytehide.com/register.
  2. Set up a Secrets project and grab your Project Token.
  3. Keep this token private—never commit it to Git.

Environment Variables

You can store your ByteHide credentials in:

  1. Environment Variables on your server (AWS, Railway, etc.).
  2. A local .env file (for Node.js projects).
  3. During your build process (for browser-based or serverless apps).

Required:

  • BYTEHIDE_SECRETS_TOKEN
  • BYTEHIDE_SECRETS_ENVIRONMENT (if missing, default: production)

Browser Projects (e.g., Vite or Webpack)

If you’re building for the browser, you need to inject environment variables at build time.

Webpack Example

// webpack.config.js
const webpack = require('webpack');

module.exports = {
  // ...
  plugins: [
    new webpack.DefinePlugin({
      'window.env': JSON.stringify({
        BYTEHIDE_SECRETS_ENVIRONMENT: 'production',
        BYTEHIDE_SECRETS_TOKEN: 'your-project-token'
      })
    })
  ]
};

Vite Example

// vite.config.js
import { defineConfig } from 'vite';

export default defineConfig({
  define: {
    'window.env': {
      BYTEHIDE_SECRETS_ENVIRONMENT: 'production',
      BYTEHIDE_SECRETS_TOKEN: 'your-project-token'
    }
  }
});

In your code, SecretsManager can read these values from window.env or an equivalent approach.

Node.js Projects

  1. Create a .env file in your project root:
    BYTEHIDE_SECRETS_ENVIRONMENT=production
BYTEHIDE_SECRETS_TOKEN=your-project-token
  2. Now process.env.BYTEHIDE_SECRETS_TOKEN and process.env.BYTEHIDE_SECRETS_ENVIRONMENT will be available to SecretsManager.

Usage Examples

Retrieving a Secret (Async)

import { SecretsManager } from "@bytehide/secrets";

async function main() {
  // If environment variables are set, it auto-initializes
  const apiKey = await SecretsManager.get("API_KEY");
  console.log("API key:", apiKey);
}

main();

Retrieving a Secret (Sync)

import { SecretsManager } from "@bytehide/secrets";

const pass = SecretsManager.getSync("DB_PASS");
console.log("Database password:", pass);

Setting a Secret (Async)

await SecretsManager.set("NEW_SECRET", "myValue");

Setting a Secret (Sync)

SecretsManager.setSync("ANOTHER_SECRET", "anotherValue");

Example: Simulating a Database Connection

import { SecretsManager } from "@bytehide/secrets";

async function connectToDatabase() {
  const dbUser = await SecretsManager.get("DB_USER");
  const dbPass = await SecretsManager.get("DB_PASS");
  // e.g., connect(dbUser, dbPass)
  console.log("Connecting with", dbUser, dbPass);
}

connectToDatabase();

API Overview

class SecretsManager {
  static initialize(): void;
  static unsecureInitialize(token: string, environment: string): void;

  static configureCache(enabled: boolean, ttlMs?: number): void;
  static clearCache(): void;

  static get(key: string): Promise<string>;
  static getSync(key: string): string;
  static set(key: string, value: string): Promise<boolean>;
  static setSync(key: string, value: string): boolean;
}

Unsecure Initialization

SecretsManager.unsecureInitialize("my-token", "dev");
// Warns: do not use in production

If environment variables are not set, you can directly provide token and environment. This logs a warning about being unsecure—avoid in production.

Caching

By default, caching is enabled with a 5-minute TTL. Configure as follows:

SecretsManager.configureCache(true, 10 * 60 * 1000); // 10 minutes
SecretsManager.clearCache();

Additional Notes

  • Production Token: Always store your production token in environment variables. Avoid committing tokens to Git.

Why Choose ByteHide Secrets?

  • Official Integration with the ByteHide platform: secrets scan, environment-based secrets, rotation, alerts and auditing all in one.
  • Node & Browser support: adapt for serverless, front-end, or backend.
  • Minimal Setup: No complicated config—just set two variables (BYTEHIDE_SECRETS_TOKEN, BYTEHIDE_SECRETS_ENVIRONMENT) or call unsecureInitialize(...).
  • Scalable: Works seamlessly in small Node scripts or large multi-environment deployments.
  • Multi-platform support for JavaScript, Typescript, Dotnet (.NET) and more.

Get Started Today

  1. Install: npm install @bytehide/secrets
  2. Obtain a Token: from cloud.bytehide.com/register.
  3. Set environment variables or call unsecureInitialize(...).
  4. Use SecretsManager.get(...) or SecretsManager.set(...) to manage secrets.

Need to detect secrets in your code? Try @bytehide/secrets-scanner for free scanning and automatic fixes.

For detailed documentation, check our official docs or contact [email protected]. Good luck and stay secure!