npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

simple_json_file_encryptor

v1.1.2

Published

Used for encrpyting and restoring a file using aes-256-cbc

Downloads

257

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

dlzhangdlzhang

Keywords

jsonencrypt

Readme

How to install

> npm i simple_json_file_encryptor

What it solves

Background: This tool is useful to you if your DB configs are in plain text as below: config.js

// This config should not be uploaded to any code repo
const mysqlDBConfig = {
  host: '192.168.1.1',
  user: 'root',
  password: '1234567',
  database: 'my_database',
}

This tool is what you need to make your sensitive data secrue

How to use it

Now, let's use this tool to secur your sensitive data.

Step 1. Separate sensitive data from config

Create a json file named 'sensitive-data.json' and put all sensitive data into it. Put it into a secret folder (Sure, you can call it any name and put it anywhere you want)

sensitive-data.json:

{
  "db": {
    "user": "root",
    "password": "1234567",
  }
}

folder structure:

project-root/
  |-src
    |-secret                      
      |- sensitive-data.json      <---- DANGER to be exposed          
    |-config.js                   <---- OK to be exposed
  |-package.json
  |-

and your config.js will be like

import * as fs from 'fs';
const fileraw = fs.readSync('./secret/sensitive-data.json');
const sensitiveData = JSON.parse(fileraw);

const mysqlDBConfig = {
  host: '192.168.1.1',
  user: sensitiveData.db.user,             
  password: sensitiveData.db.password,
  database: 'my_database',
}

Now, you are safe to upload the config file to code repo since all sensitive data were moved out.

But the sensitive data is still in plain text and NOT SAFE to be traced in code repo. Let's secure it with this new tool.

Step 2. Hash sensitive data

Open a termial under your project folder and run:

> npx simple_json_file_encryptor --path ./secret/sensitive-data.json --key MY_SECRET_KEY

(Above command will generate a new file named 'sensitive-data.json.crpt' in the same folder)

folder structure will be as below:

project-root/
  |-src
    |-secret
      |- sensitive-data.json          <--- DANGER to be exposed
      |- sensitive-data.json.crpt     <--- SAFE to be exposed
    |-config.js
  |-package.json
  |-

If you open the file 'sensitive-data.json.crpt', you can only see an unreadable string:

3efqfdgtet19dnhaidu4nldnliwbeadf...

It is generated by hashing the json file content using key specified (in this case is 'MY_SECRET_KEY')

Step 3. Restore sensitive data from hashed string

Back to your config file, and let's use fileEncryptor to restore sensitvie data from that unreadable hased string:

config.js:

import { fileEncryptor } from 'simple_json_file_encryptor';
const key = 'MY_SECRET_KEY';  // in real case, this value should be passed by ENV or ARGS
const sensitiveData = fileEncryptor.decryptFile(__dirname+'/secret/sensitive-data.json.crpt', key);
console.log('Successfully read sensitive data from encrypted file.');    // error will be thrown if failed

const mysqlDBConfig = {
  host: '192.168.1.1',
  user: sensitiveData.db.user,
  password: sensitiveData.db.password,
  database: 'my_database',
}

Your project should work as before with one extra output line saying: 'Successfully read sensitive data from encrypted file.' when first time config.js is imported.

Now, you can submit config.js and sensitive-data.json.crpt to your code repo and ignore file sensitive-data.json. Only the secret key needs to be kept out of public now.