@hugo-fixit/post-encrypt
v0.2.0
Published
Post-build AES-256-GCM encryption tool for the FixIt Hugo theme
Maintainers
Readme
@hugo-fixit/post-encrypt
Post-build AES-256-GCM encryption tool for the FixIt Hugo theme.
It is designed for HTML generated by FixIt content encryption templates and should be run after your site has already been built.
Usage
After building your Hugo site, run the encryption tool from your site root:
npx @hugo-fixit/post-encryptYou can also install it globally and run the CLI directly:
npm install -g @hugo-fixit/post-encrypt
post-encryptTypical build flow:
hugo build
npx @hugo-fixit/post-encrypt
npx @hugo-fixit/post-encrypt --verifyOptions
| Option | Description | Default |
| --------------- | -------------------------------------------------- | -------- |
| --input <dir> | Input directory containing HTML files | public |
| --dry-run | Show which files would be modified without writing | false |
| --verify | Verify all encryption templates are encrypted | false |
| -h, --help | Show CLI usage help | |
Examples
# Show CLI help
npx @hugo-fixit/post-encrypt --help
# Encrypt content in the default public/ directory
npx @hugo-fixit/post-encrypt
# Encrypt content in a custom directory
npx @hugo-fixit/post-encrypt --input dist
# Verify encryption without modifying files
npx @hugo-fixit/post-encrypt --verify
# Dry run to see which files would be changed
npx @hugo-fixit/post-encrypt --dry-runHow It Works
- Scans all
.htmlfiles in the input directory - Finds
<template data-password="...">elements (encryption placeholders) - Encrypts the plaintext content using AES-256-GCM with PBKDF2 key derivation
- Replaces the
data-passwordhash with a PBKDF2-protected version - Writes the encrypted payload back to the template element
Security
- Algorithm: AES-256-GCM (authenticated encryption)
- Key derivation: PBKDF2 with 100,000 iterations and random 16-byte salt
- Password verification: PBKDF2-protected hash (not raw SHA-256)
- Payload format:
base64(salt).base64(iv).base64(ciphertext+tag)
License
MIT
