An ES (JavaScript & TypeScript) module to provide an easier and simplified method for encrypt GitHub secrets, based on the NPM package libsodium.js
.
Remote | JSR | NPM | |
---|---|---|---|
Bun >= v1.1.0 | ❌ | ❓ | ✔️ |
Cloudflare Workers | ❌ | ❓ | ✔️ |
Deno >= v1.42.0 | ✔️ | ✔️ | ✔️ |
NodeJS >= v16.13.0 | ❌ | ❓ | ✔️ |
Note
- It is possible to use this module in other methods/ways which not listed in here, however those methods/ways are not officially supported, and should beware maybe cause security issues.
- Remote - GitHub Raw:
https://raw.githubusercontent.com/hugoalh/github-sodium-es/{Tag}/mod.ts
- JSR:
[jsr:]@hugoalh/github-sodium[@{Tag}]
- NPM:
[npm:]@hugoalh/github-sodium[@{Tag}]
Note
-
For usage of remote resources, it is recommended to import the entire module with the main path
mod.ts
, however it is also able to import part of the module with sub path if available, but do not import if:- it's path has an underscore prefix (e.g.:
_foo.ts
,_util/bar.ts
), or - it is a benchmark or test file (e.g.:
foo.bench.ts
,foo.test.ts
), or - it's symbol has an underscore prefix (e.g.:
_bar
,_foo
).
These elements are not considered part of the public API, thus no stability is guaranteed for them.
- it's path has an underscore prefix (e.g.:
-
For usage of JSR or NPM resources, it is recommended to import the entire module with the main entrypoint, however it is also able to import part of the module with sub entrypoint if available, please visit the file
jsr.jsonc
propertyexports
for available sub entrypoints. -
It is recommended to use this module with tag for immutability.
This module does not require any runtime permission.
-
class GitHubSodiumSealer { constructor(publicKey: string, keyID?: string); encrypt(value: string): string; encryptToRequestBody(value: string): GitHubRESTSetPublicKeyRequestBody; getKeyID(): string | undefined; get keyID(): string | undefined; static createFromJSON(input: JSONObject): GitHubSodiumSealer; static async createFromResponse(input: Response): Promise<GitHubSodiumSealer>; }
-
interface GitHubRESTSetPublicKeyRequestBody { encrypted_value: string; key_id: string; }
Note
- For the full or prettier documentation, can visit via:
-
new GitHubSodiumSealer("2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvv1234").encrypt("plain-text-secret");