Skip to main content
Home
Browse packagesDocsSign in

@gnome/secrets@0.2.0
Built and signed on GitHub Actions

latest
gnomejs/sdk

The secrets module provides a secret generator, a secret masker, a Vault interface, and two vault implementations: json and memory.

This package works with Cloudflare Workers, Node.js, Deno, Bun, Browsers
This package works with Cloudflare Workers
This package works with Node.js
This package works with Deno
This package works with Bun
This package works with Browsers
JSR Score
100%
Published
a year ago (0.2.0)

Overview

The secrets module provides a secret generator, a secret masker, a Vault interface, and two vault implementations: json and memory.

The secret generator uses a cryptographic random number generator (csrng) defaults to NIST requirements e.g length > 8, 1 upper, 1 lower, 1 digit, and 1 special character.

The Vault interface exists to switch implementations in your application e.g. KeePass, Azure Key Vault, AWS KMS, Hashicorp Vault, etc.

The JsonVault uses AesGcm and expects you to provide the key and file path.

The secret masker works by adding secrets and variants to the masker and then it will replace the secret with '*********' which is useful to protect secrets from logs or CI/CD standard output.

Basic Usage

import { DefaultSecretGenerator, JsonVault, secretMasker } from "@gnome/secrets";
import { assertEquals as equals } from "@std/assert"

// secret generator / password generator
const generator = new DefaultSecretGenerator();
generator.addDefaults();

console.log(generator.generate());
console.log(generator.generate(30));

// secret masker
const masker = secretMasker;
masker.add("super secret");
masker.add("another secret");
masker.addGenerator((secret: string) => {
    return secret.toUpperCase();
});

equals(masker.mask("super secret"), "*******");
equals(masker.mask("SUPER SECRET"), "*******");
equals(masker.mask("another secret"), "*******");
equals(masker.mask("ANOTHER SECRET"), "*******");

const key = await crypto.subtle.generateKey(
    {
        name: "AES-GCM",
        length: 256,
    },
    true,
    ["encrypt", "decrypt"],
);

const vault = new JsonVault(key, "vault1.json");

const secret1 = await vault.createSecret("secret1", "test1");
console.log(secret1);

const names = await vault.listSecretNames();
console.log(names);

const secret2Get = await vault.getSecret("secret1");
console.log(secret2Get);
await vault.setSecretValue("secret1", "updated1");

const value = await vault.getSecretValue("secret1");
console.log(value);

MIT License

Built and signed on
GitHub Actions
View transparency log

New Ticket: Report package

Please provide a reason for reporting this package. We will review your report and take appropriate action.

Please review the JSR usage policy before submitting a report.

Add Package

deno add jsr:@gnome/secrets

Import symbol

import * as secrets from "@gnome/secrets";
or

Import directly with a jsr specifier

import * as secrets from "jsr:@gnome/secrets";

Add Package

pnpm i jsr:@gnome/secrets
or (using pnpm 10.8 or older)
pnpm dlx jsr add @gnome/secrets

Import symbol

import * as secrets from "@gnome/secrets";

Add Package

yarn add jsr:@gnome/secrets
or (using Yarn 4.8 or older)
yarn dlx jsr add @gnome/secrets

Import symbol

import * as secrets from "@gnome/secrets";

Add Package

vlt install jsr:@gnome/secrets

Import symbol

import * as secrets from "@gnome/secrets";

Add Package

npx jsr add @gnome/secrets

Import symbol

import * as secrets from "@gnome/secrets";

Add Package

bunx jsr add @gnome/secrets

Import symbol

import * as secrets from "@gnome/secrets";