🔐 Varnetix Secret Manager

🚫 PROPRIETARY SOFTWARE - UNAUTHORIZED USE PROHIBITED 🚫

This is proprietary software owned by Varnetix SDK Team. All rights reserved. Unauthorized use, reproduction, or distribution is strictly forbidden.

⚠️ INTERNAL TESTING ONLY - DO NOT USE ⚠️

This package is currently in beta testing phase for authorized personnel only. Please do not use this package as it may contain bugs and breaking changes.

⚠️ DISCLAIMER: The developer and Varnetix SDK team are NOT LIABLE for any data loss, corruption, security breaches, system damage, or any other damages caused by using this software. Use is strictly forbidden without written permission!

For questions or issues, please contact the Varnetix SDK team.

A secure, authenticated Secret Manager API for the Varnetix SDK that provides comprehensive secret storage, retrieval, and management capabilities with built-in encryption and access control.

🚨 IMPORTANT LEGAL DISCLAIMER

BY INSTALLING OR USING THIS PACKAGE, YOU AGREE THAT:

• 🚫 NO WARRANTIES: This software is provided "AS-IS" without any guarantees
• 🚫 NO LIABILITY: Developer not responsible for data loss, corruption, or damages
• 🚫 USE AT OWN RISK: You assume all risks including system failures
• 🚫 NOT FOR PRODUCTION: This package may contain critical bugs
• 🚫 SECURITY RISKS: Potential vulnerabilities that could compromise data

If you do not agree to these terms, DO NOT install or use this package.

🚧 Beta Testing Notice

This package is currently under active development and testing. Features may change without notice.

• ✅ Published for testing and integration purposes
• ❌ Not ready for production use
• 🔄 Breaking changes may occur in future versions
• 📧 Report issues to the development team

✨ Features

• 🔑 API Key Authentication - Secure API key-based authentication for all operations
• 🔒 Encryption Support - Built-in AES-256-CBC encryption for sensitive data
• 👥 Access Control - Role-based permissions (read, write, admin)
• 📦 Secret Management - Store, retrieve, update, and delete secrets
• 🔍 Secret Discovery - List and check existence of secrets
• 🛡️ Security Validation - Access validation and permission management

🚀 Quick Start

Installation

Note: This is a private package within the Varnetix SDK organization.

# Install the scoped package
npm install @varnetix/secret-manager

# If you have access to the private repository, 
# make sure you're authenticated with npm
npm login

Framework-Specific Optimized Imports

React/Next.js (Hooks only - smaller bundle):

import { useSecretManager } from '@varnetix/secret-manager/hooks';

Vue.js (Composition API only):

import { useSecretManagerVue } from '@varnetix/secret-manager/hooks';

Full API (All frameworks):

import { VarnetixSecretManager } from '@varnetix/secret-manager';

Package Size:

• Full package: ~50KB
• Hooks only: ~15KB
• Core features only: ~35KB

For development setup:

# Clone the repository
git clone https://github.com/abraham1003/varnetix-sdk.git
cd varnetix-sdk/secret-manager
npm install

Build the Project

npm run build

Run the Demo

npm run dev

📦 What's Included

When you install @varnetix/secret-manager, you get only the compiled, optimized files:

• ✅ Compiled JavaScript (CommonJS + ES Modules)
• ✅ TypeScript definitions (.d.ts files)
• ✅ Browser-optimized bundle
• ✅ Tree-shakeable module exports
• ❌ Source TypeScript files
• ❌ Development dependencies
• ❌ Build configuration files
• ❌ Demo and test files

Final package size: ~200KB (includes all builds and types)

📖 API Reference

Core Methods

1. Store Secret

storeSecret(key: string, value: string, apiKey: string): Promise<StoreSecretResponse>

Stores a secret with authentication.

Parameters:

• key: Unique identifier for the secret
• value: The secret value to store
• apiKey: API key for authentication

Response:

{
  success: boolean;
  message: string;
  secretId?: string;
}

2. Retrieve Secret

getSecret(key: string, apiKey: string): Promise<GetSecretResponse>

Retrieves a stored secret by its key.

Parameters:

• key: Unique identifier for the secret
• apiKey: API key for authentication

Response:

{
  value?: string;
  error?: string;
}

3. Update Secret

updateSecret(key: string, newValue: string, apiKey: string): Promise<StoreSecretResponse>

Updates an existing secret with a new value.

4. Delete Secret

deleteSecret(key: string, apiKey: string): Promise<StoreSecretResponse>

Deletes a secret by its key.

5. List Secrets

listSecrets(apiKey: string): Promise<ListSecretsResponse>

Retrieves a list of all stored secret keys.

Response:

{
  keys?: string[];
  error?: string;
}

6. Check Secret Existence

doesSecretExist(key: string, apiKey: string): Promise<SecretExistsResponse>

Checks if a secret exists by its key.

Response:

{
  exists: boolean;
  error?: string;
}

Encryption Methods

7. Encrypt Secret

encryptSecret(value: string, encryptionKey: string, apiKey: string): Promise<EncryptionResponse>

Encrypts a secret value using AES-256-CBC encryption.

8. Decrypt Secret

decryptSecret(encryptedValue: string, encryptionKey: string, apiKey: string): Promise<DecryptionResponse>

Decrypts a previously encrypted secret value.

Security Methods

9. Validate Access

validateAccess(key: string, token: string, apiKey: string): Promise<ValidationResponse>

Validates if a user has permission to access a specific secret.

10. Set Access Permissions

setAccessPermissions(key: string, userId: string, permission: PermissionType, apiKey: string): Promise<PermissionResponse>

Sets read/write/admin permissions for specific users on a secret.

🔧 Usage Examples

Basic Usage

import { VarnetixSecretManager } from '@varnetix/secret-manager';

const secretManager = new VarnetixSecretManager();
const adminApiKey = secretManager.getAdminApiKey();

// Store a secret
const storeResult = await secretManager.storeSecret(
  'db-password', 
  'mySecretPassword123', 
  adminApiKey
);

// Retrieve a secret
const getResult = await secretManager.getSecret('db-password', adminApiKey);

// List all secrets
const listResult = await secretManager.listSecrets(adminApiKey);

Encryption Example

// Encrypt sensitive data
const encryptResult = await secretManager.encryptSecret(
  'sensitive-data', 
  'encryption-key-123', 
  adminApiKey
);

// Decrypt the data
if (encryptResult.encryptedValue) {
  const decryptResult = await secretManager.decryptSecret(
    encryptResult.encryptedValue,
    'encryption-key-123',
    adminApiKey
  );
}

Permission Management

// Set read permission for a user
await secretManager.setAccessPermissions(
  'db-password',
  'user123',
  'read',
  adminApiKey
);

// Generate API key for a user
const newKeyResult = await secretManager.generateApiKey(
  'user123',
  ['read', 'write'],
  adminApiKey
);

🔐 Security Features

API Key Authentication

Every request requires a valid API key. The system includes:

• Admin API Key: Full access to all operations
• User API Keys: Configurable permissions per key
• Key Generation: Secure random key generation

Encryption

• Algorithm: AES-256-CBC encryption
• Key Management: Secure key derivation using SHA-256
• Data Protection: Values are hashed before storage

Access Control

• Role-based Permissions: Read, Write, Admin levels
• User Management: Per-user permission assignment
• Access Validation: Request-level permission checking

🏗️ Project Structure

secret-manager/
├── src/
│   ├── types/
│   │   └── index.ts          # TypeScript type definitions
│   ├── services/
│   │   └── secretService.ts  # Main secret management service
│   ├── utils/
│   │   └── encryption.ts     # Encryption utilities
│   └── index.ts              # Main entry point and exports
├── package.json              # Project dependencies
├── tsconfig.json            # TypeScript configuration
└── README.md                # This file

🛠️ Development

Available Scripts

• npm run build - Build the TypeScript project
• npm run dev - Run the demo in development mode
• npm start - Run the compiled JavaScript
• npm test - Run tests (when implemented)
• npm run lint - Lint the code
• npm run format - Format the code with Prettier

Dependencies

Runtime Dependencies:

• crypto - Built-in Node.js crypto module
• uuid - UUID generation

Development Dependencies:

• typescript - TypeScript compiler
• ts-node - TypeScript execution
• @types/node - Node.js type definitions
• @types/uuid - UUID type definitions

🔍 API Response Examples

Successful Secret Storage

{
  "success": true,
  "message": "Secret stored successfully",
  "secretId": "550e8400-e29b-41d4-a716-446655440000"
}

Secret Retrieval

{
  "value": "hashed-secret-value"
}

Error Response

{
  "success": false,
  "message": "Invalid API key"
}

Secret List

{
  "keys": ["db-password", "api-key", "smtp-credentials"]
}

🚨 Security Considerations

1. API Key Storage: Store API keys securely, never in code
2. Encryption Keys: Use strong, unique encryption keys
3. Network Security: Use HTTPS in production
4. Key Rotation: Regularly rotate API keys and encryption keys
5. Audit Logging: Implement comprehensive audit logging
6. Rate Limiting: Implement rate limiting for API requests

🤝 Contributing

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests for new functionality
5. Submit a pull request

📄 License

This project is licensed under the MIT License - see the package.json file for details.

🆘 Support

For issues and questions:

1. Check the documentation above
2. Review the demo code in src/index.ts
3. Create an issue in the repository

Built with ❤️ for the Varnetix SDK

🚀 Quick Framework Guide

Next.js

// API Route
import { VarnetixSecretManager } from '@varnetix/secret-manager';

// Client Component
import { useSecretManager } from '@varnetix/secret-manager/hooks';

React

import { useSecretManager } from '@varnetix/secret-manager/hooks';

Vue 3

import { useSecretManagerVue } from '@varnetix/secret-manager/hooks';

Angular

import { VarnetixSecretManager } from '@varnetix/secret-manager';

📖 For detailed framework examples, see FRAMEWORK_OPTIMIZATION.md