npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

node-credstasher

v1.0.3

Published

A TypeScript implementation of credstash for storing and retrieving secrets using AWS KMS and DynamoDB.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

rewdyrewdy

Keywords

credstashawskmsdynamodbsecretsencryptiontypescriptcli

Readme

node-credstasher

A TypeScript implementation of the python credstash for storing and retrieving secrets using AWS KMS and DynamoDB.

This code is based on the now defunct node-credstash library, but has been updated to TypeScript with up-to-date dependencies.

Setup

Before using credstasher, you need to:

  1. Set up AWS credentials (AWS CLI, environment variables, or IAM roles)
  2. Create a KMS key or use an existing one
  3. Optionally create a DynamoDB table (the library can create it for you, but it's better if you set up before)

CLI Usage

Install or not

You can install globally using the node package manager of your choice:

npm install -g node-credstasher

# or

pnpm add -g node-credstasher

# or

bun add -g node-credstasher

After it is installed, you should be able to run the following to show the docs:

credstasher --help

Yuu can also run using npx, pnpx, etc. downloading it to run on the fly. This is kind of nice.

npx node-credstasher@latest --help

# or

pnpx node-credstasher@latest --help

# or

bunx node-credstasher@latest --help

Commands

Setup the DynamoDB table

⚠️ I don't recommend using this. Set up your table in a more managed way, probably. But, you can do it this way if you like.

credstasher setup

Store a secret

credstasher put my-password "supersecret123"

Retrieve a secret

credstasher get my-password

List all secrets

credstasher list

Delete a secret

credstasher delete mypassword

CLI Options

Global options:

  • -r, --region <region>: AWS region (default: us-east-1)
  • -t, --table <table>: DynamoDB table name (default: credential-store)
  • -k, --kms-key-id <keyId>: KMS key ID or alias (default: alias/credstash)
  • -p, --profile <profile>: AWS profile (default: default)
  • -d, --dynamodb-endpoint <endpoint>: Custom endpoint URL for DynamoDB
  • -e, --kms-endpoint <endpoint>: Custom KMS endpoint URL

Command-specific options:

  • put:
    • -v, --key-version <version>: Specific version number
    • -c, --context <context>: Encryption context as JSON string
    • -a, --autoversion: Automatically increment version
  • get:
    • -v, --key-version <version>: Specific version number
    • -c, --context <context>: Encryption context as JSON string
    • -n, --noline: Don't append newline to output
  • delete:
    • -v, --key-version <version>: Specific version number
    • -a, --all: Delete all versions

Library Usage

Install

Install with your favorite package manager:

npm install node-credstasher

# or

pnpm add node-credstasher

# or

bun add node-credstasher

Example

import { CredstashClient } from 'node-credstasher';

const client = new CredstashClient({
  region: 'us-east-1',
  table: 'my-secrets',
  kmsKeyId: 'alias/my-key'
});

// Store a secret
await client.putSecret('database-password', 'my-secret-password');

// Retrieve a secret
const password = await client.getSecret('database-password');

// List all secrets
const secrets = await client.listSecrets();

// Delete a secret
await client.deleteSecret('database-password');

Configuration

The CredstashClient accepts the following configuration options:

  • region: AWS region (defaults to AWS_REGION env var or 'us-east-1')
  • kmsRegion: AWS region for KMS, defaults to region value.
  • table: DynamoDB table name (defaults to CREDSTASH_TABLE env var or 'credential-store')
  • kmsKeyId: KMS key ID or alias (defaults to CREDSTASH_KMS_KEY_ID env var or 'alias/credstash')
  • profile: AWS profile (defaults to AWS_PROFILE env var or 'default')
  • dynamodbEndpoint: Custom endpoint URL for dynamodb
  • kmsEndpoint: Custom endpoint URL for KMS

Environment Variables

  • AWS_REGION: Default AWS region
  • KMS_REGION: Default AWS region for KMS
  • CREDSTASH_TABLE: Default DynamoDB table name
  • CREDSTASH_KMS_KEY_ID: Default KMS key ID
  • AWS_PROFILE: Default AWS profile
  • DYNAMODB_ENDPOINT: Custom endpoint URL for dynamodb
  • KMS_ENDPOINT: Custom endpoint URL for KMS

Development

Build

bun run build

Format and Lint

bun run format
bun run lint

Check

bun run check

Tests

See LOCAL_TESTING.md.

Security Features

  • Uses AWS KMS for key encryption/decryption
  • Stores encrypted data in DynamoDB
  • Supports encryption context for additional security
  • Uses AES-256-GCM for symmetric encryption
  • Includes HMAC verification for data integrity
  • Supports versioning of secrets

License

MIT

This project was created using bun init in bun v1.2.7. Bun is a fast all-in-one JavaScript runtime.