Skip to content

Commit

Permalink
Merge pull request #10 from fryl0ch/master
Browse files Browse the repository at this point in the history
fixes for #3 and #4
  • Loading branch information
kunalpanchal authored Oct 11, 2019
2 parents b5f3b3c + bd31f9d commit ec1df6c
Show file tree
Hide file tree
Showing 4 changed files with 34 additions and 10 deletions.
12 changes: 10 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,8 @@ $ secure-env --option <VALUE> <file-path-which-is-to-be-encrypted>
| ------ | ------ | ------ |
| --secret <secretKey> | Specify the secret Key which would be later used to decrypt the file. | `mySecret` |
| --out <file-path> | The encrypted file path that would be created. | `env.enc` |
| --algo <algoName> | The encryption algorithm that is to be used to encrypt the env file. | `aes192` |
| --algo <algoName> | The encryption algorithm that is to be used to encrypt the env file. | `aes256` |
| --decrypt | prints the decrypted text to stdout


### Decryption
Expand All @@ -97,7 +98,7 @@ require('secure-env')({path:'/custom/path/to/your/env/vars'});

#### Decryption Algorithm

Default: `aes192`
Default: `aes256`

You may specify the encryption algorithm for your file containing environment variables
using this option.
Expand Down Expand Up @@ -147,6 +148,13 @@ Source-env uses these open source projects to work properly:

* [Minimist][minimist] - Argument parser without all the fanciful decoration.

## Contributors

<a href="https://github.com/kunalpanchal/secure-env/graphs/contributors">
<img src="https://contributors-img.firebaseapp.com/image?repo=kunalpanchal/secure-env" />
</a>


## Acknowledgements

Source-env is inspired from and also uses code references from these open source projects:
Expand Down
7 changes: 6 additions & 1 deletion lib/cli.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,19 @@
* --secret <secretKey> | -s <secretKey>
* --out <file-path> | -o <file-path>
* --algo <algoName> | -a <algoName>
* --algo <algoName> | -a <algoName>
* --decrypt | -d
*/

const argv = require('minimist')(process.argv.slice(2))
const log = require('./utils/log')
const outputFile = argv.outputFile || argv.o
const inputFile = argv._[0]
const secret = argv.secret || argv.s
const encryptionAlgo = argv.algo || argv.a

const cryptography = require('./cryptography')

cryptography.encrypt({ secret, inputFile, outputFile, encryptionAlgo })

if (argv.decrypt || argv.d) log(cryptography.decrypt({secret, outputFile, encryptionAlgo}),'info')
else cryptography.encrypt({ secret, inputFile, outputFile, encryptionAlgo });
21 changes: 16 additions & 5 deletions lib/cryptography.js
Original file line number Diff line number Diff line change
Expand Up @@ -8,19 +8,25 @@ const log = require('./utils/log')
* --secret <secretKey> | -s <secretKey>
* --out <file-path> | -o <file-path>
* --algo <algoName> | -a <algoName>
* --decrypt | -d
*/

module.exports.decrypt = (options) => {
try {
const secret = options.secret || 'mySecret'
const inputFile = options.file || '.env.enc'
const decryptionAlgo = options.decryptionAlgo || 'aes192'
const decryptionAlgo = options.decryptionAlgo || 'aes256'
const ivLength = options.ivLength || 16

if (!fs.existsSync(inputFile)) throw `${inputFile} does not exist.`
if (!secret || typeof (secret) !== 'string') throw 'No SecretKey provided.'

const decipher = crypto.createDecipher(decryptionAlgo, secret)
let decrypted = decipher.update(fs.readFileSync(inputFile), 'hex', 'utf8')
const fileBuffer = fs.readFileSync(inputFile)
const iv = fileBuffer.slice(0, ivLength)
const ciphertext = fileBuffer.slice(ivLength, fileBuffer.length)
const key = crypto.createHash('sha256').update(String(secret)).digest()
const decipher = crypto.createDecipheriv(decryptionAlgo, key, iv)
let decrypted = decipher.update(ciphertext, 'hex', 'utf8')
decrypted += decipher.final('utf8')
return decrypted
} catch (e) {
Expand All @@ -33,13 +39,18 @@ module.exports.encrypt = (options) => {
const secret = options.secret || 'mySecret'
const inputFile = options.inputFile || '.env'
const outputFilePath = options.outputFile || `${inputFile}.enc`
const encryptionAlgo = options.encryptionAlgo || 'aes192'
const encryptionAlgo = options.encryptionAlgo || 'aes256'
const ivLength = options.ivLength || 16
// presumably createCipheriv() should work for all the algo in ./openssl_list-cipher-algorithms.csv with the right key/iv length

if (!fs.existsSync(inputFile)) throw `Error: ${inputFile} does not exist.`
if (!secret || typeof (secret) !== 'string') throw 'No SecretKey provided.Use -s option to specify secret'

const cipher = crypto.createCipher(encryptionAlgo, secret)
const key = crypto.createHash('sha256').update(String(secret)).digest() // node v10.5.0+ should use crypto.scrypt(secret, salt, keylen[, options], callback)
const iv = crypto.randomBytes(ivLength)
const cipher = crypto.createCipheriv(encryptionAlgo, key, iv)
const output = fs.createWriteStream(outputFilePath)
output.write(iv)
fs.createReadStream(inputFile).pipe(cipher).pipe(output)

output.on('finish', () => {
Expand Down
4 changes: 2 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "secure-env",
"version": "1.1.0",
"version": "1.2.0",
"description": "Use ENVs securely with encryption",
"main": "dist/es5/lib/index.js",
"preferGlobal": true,
Expand Down Expand Up @@ -37,4 +37,4 @@
"dependencies": {
"minimist": "^1.2.0"
}
}
}

0 comments on commit ec1df6c

Please sign in to comment.