npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

keystash

v1.0.8

Published

Store secrets in S3 using KMS envelope encryption.

Downloads

16

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

brianlerouxbrianleroux

Keywords

awss3kmssecretsenvenvironmentvariablesencryptioncryptoenvelope

Readme

🔑💌 keystash

Save secrets in AWS S3 with KMS envelope encryption

  • Save key/value pairs in an S3 Bucket with KMS envelope encryption
  • Additional serverside encryption with S3
  • Automatic S3 versioning for durability
  • Generate random key data
  • Use as a module
  • Bundles a simple CLI

Perfect for:

  • Centralized key management with minimalist command line interface
  • Environment variables in modules and npm scripts
  • Lightweight and secure personal key value store

demo

prereq

  • AWS account credentials setup .aws/credentials
  • AWS_PROFILE and AWS_REGION environment variables

✨ Tip export default AWS_PROFILE and AWS_REGION env vars your in .bashrc or .bash_profile and override as neccessary on the command line or in package.json to make working with different stashes easy

install

npm i -g keystash

command line interface

keystash <bucket name> [options]

exmaples

Setup an S3 bucket:

  • keystash my-bucket --create create an S3 bucket for storing secrets

Read secrets:

  • keystash my-bucket read encrypted secrets from S3 bucket
  • keystash my-bucket BIG_SEKRET to read a value to stdout

Write secrets:

  • keystash my-bucket BIG_SEKRET xxx-xxx save a secret BIG_SEKRET with value xxx-xxx
  • keystash my-bucket --rand BIG_SEKRET to generate (really!) random key data
  • keystash my-bucket --delete BIG_SEKRET remove BIG_SEKRET
  • keystash my-bucket --reset remove all secrets from latest version

Working with versions:

  • keystash my-bucket --versions list all versions
  • keystash my-bucket --versions some-version-id get secrets for a given version
  • keystash my-bucket --versions some-version-id some-key get the key for the given version
  • keystash my-bucket --nuke remove all versions

Run keystash --help to see short switches.

module install and usage

Use this module in npm scripts.

npm i keystash --save
// package.json
{
  "start": "DB_URL=${keystash some-bucket DB_URL} node index"
}

Or a bash script:

AWS_PROFILE=xxx
AWS_REGION=xxx
NODE_ENV=testing
DB_URL=`keystash cred-bucket DB_URL`

node index

Or in module code itself:

var keystash = require('keystash')

keystash.read({ns: 's3-bucket-name'}, console.log)

See tests for more examples!

api

var keystash = require('keystash')
  • keystash.create({ns}, err=>) create a keystash S3 bucket
  • keystash.delete({ns, key}, (err, result)=>) remove a key
  • keystash.env({ns}, err=>) add secrets to process.env
  • keystash.nuke({ns}, err=>) remove all versions
  • keystash.rand({key}, (err, result)=>) generate a random key
  • keystash.read({ns}, (err, result)=>) get all secrets
  • keystash.read({ns, version}, (err, result)=>) get all secrets for given version
  • keystash.reset({ns}, (err, result)=>) remove all secrets from the current version
  • keystash.versions({ns}, (err, result)=>) get all versions
  • keystash.write({ns, key, value}, (err, result)=>) save a secret

acknowledgements

This module is inspired by credstash. This module differs in that its JavaScript instead of Python and uses S3 to persist secrets instead of Dynamo. Read more about credstash here.

Also thx to Matt Weagle for encouraging KMS envelope encryption and Ben Kehoe for suggesting to use the S3 Object Metadata property to store the KMS cipher.