npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

vinz

v0.0.6

Published

Enables secure storage of credentials right in your repo using AWS KMS.

Downloads

10

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

bjacobelbjacobel

Keywords

KMSsecretscredentialsencryptedLambda

Readme

#Vinz

Build Status Coverage Status npm

keymaster

I am the Keymaster!

-- Vinz Clortho, Ghostbusters (1984)

###Motivation Vinz is the keymaster of your AWS Lambda applications. Storing secrets (keys and configuration) in Lambda is difficult out of the box because Lambda has no persistent file system and no notion of environment variables. Vinz aims to make the secret storage and usage process easy for Lambda functions - by storing your secrets encrypted and versioned right alongside your application in its deployment bundle, and providing a simple API for secret decryption and access.

###Simple Usage

  • Encrypt a secret using the Vinz bash CLI:

    $> vinz --encrypt TwitterConsumerKey
vinz: Enter the secret to encrypt as 'TwitterSecretKey'. (typing hidden):
secrets/TwitterConsumerKey encrypted and saved.

  • Decrypt a secret from node:

    import Vinz from 'vinz';
vinz = new Vinz();
vinz.get('TwitterSecretKey').then((TwitterSecretKey) => {
    console.log(TwitterSecretKey);
});

###Detailed Usage

1. Set up KMS with a root key

In the AWS console, open up "Identity and Access Management" and click on "Encryption Keys," then click on "Create Key" to set up the root Vinz key.

You must name the key with alias "vinz".

Create a key

Skip step 2 - the only role that should be able to administer the Vinz key is your root account role.

In step 3, you may already have an execution role set up for the Lambda you plan to use Vinz with - if so, grant that role access to use Vinz's key. Otherwise, skip this step. You can change this all later.

Step 3

Click "Finish," then when you see the success message you're ready to start using Vinz.

2. Install Vinz

This one's easy: just npm install --save vinz.

3. Encrypt your first secret

When it installed itself, Vinz created a CLI for you. Check out its helptext:

$> node_modules/.bin/vinz --help

  Usage: vinz [options]

  Options:

    -h, --help                                 output usage information
    -V, --version                              output the version number
    -p, --profile <profile>                    Specify a ~/.aws/credentials profile to use
    -a, --access-key-id <accessKeyId>          Override AWS access key found in env or in ~/.aws
    -s, --secret-access-key <secretAccessKey>  Override AWS secret key found in env or in ~/.aws
    -r, --region <region>                      Override AWS region found in env or in ~/.aws
    -e, --encrypt <secretName>                 Store an encrypted secret in ./secrets/secretName

--encrypt is the star here - it's the interface you'll use for storing your secrets. First, though, Vinz needs to know about your AWS account.

To pass your AWS credentials and configuration to Vinz, you have three options:

  1. Set your AWS credentials in an ~/.aws/credentials file, and your supplementary config information (i.e., region) in an ~/.aws/config file. See the Configuring the AWS Command Line Interface documentation for more.
  2. Setting your AWS config with environment variables. To use this method, set the following environment variables:
    • AWS_ACCESS_KEY_ID
    • AWS_SECRET_ACCESS_KEY
    • AWS_DEFAULT_REGION
  3. Pass your configuration in on the command line. This generally isn't recommended, as secrets set on the command line can linger in your ~/.bash_history, so only use the --access-key-id, --secret-access-key and --region options for Vinz if you have good reason.

Note that Vinz doesn't currently support mixing and matching these options - i.e., you can't set your credentials in ~/.aws/credentials and your region on the command line.

Once you've got your credentials ready to go, you can encrypt your first secret. Pass the --encrypt option to Vinz with the name you'd like your secret to be available in your application as. For example:

node_modules/.bin/vinz --encrypt TwitterConsumerKey

Vinz will now ask you to enter the value you'd like to encrypt. Typing will be hidden.

vinz: Enter the secret to encrypt as 'TwitterConsumerKey'. (typing hidden):

Type your secret, press enter, and Vinz will encrypt your secret using AWS KMS and save it at ./secrets/TwitterConsumerKey. Commit your encrypted secret file to Git and/or include it in your Lambda deployment bundle, and you're ready to start using it in a Node application.

4. Use your secrets in Node

While you're developing an application that uses Vinz on your local machine, the Vinz JS client will need your credentials to access AWS, However, in production code (running on AWS Lambda) you don't have to do any configuration for this yourself, as Lambdas are created with AWS credentials preset in the environment. For this reason, it's recommended to use AWS credential environment variables while developing locally, as this way you can share the same code between development and production.

AWS_ACCESS_KEY_ID=AKAAAAAAAAAAAA AWS_SECRET_ACCESS_KEY=1AAAA+AAAA/AAAAA AWS_DEFAULT_REGION=us-east-1 node app.js

To use Vinz in a Lambda application, import it like so:

import Vinz from 'vinz';

If you're not using Babel for ES6 modules, use the CJS syntax:

const Vinz = require('vinz');

The following steps are the same regardless of your environment: instantiate a Vinz object. Note that while Lambda environments already know your AWS access and secret keys, they don't know your region, so you must pass one in.

const vinz = new Vinz('us-east-1');

Now, try getting a secret out of Vinz. vinz.get is the interfaces you'll use; it can be used for retrieving one or many secrets. vinz.get returns a Promise, and is demonstrated in examples below.

vinz.get('TwitterConsumerKey').then((TwitterConsumerKey) => {
  console.log(TwitterConsumerKey);
});

vinz.get('TwitterConsumerKey', 'TwitterSecretKey').then((secrets) => {
  const [TwitterConsumerKey, TwitterSecretKey] = secrets;
  console.log(TwitterConsumerKey, TwitterSecretKey)
});

That's all there is to using Vinz.

###Contributing Vinz welcomes pull requests! Please provide appropriate test coverage for new features and mention @bjacobel on your PR.

###License MIT