@magloft/kms
Zero-Setup encrypted configuration library via Google Cloud KMS / Google Cloud Storage.
Features
- Configure projects in a secure, central place.
- Manage different configurations and environments.
- Keep your codebase and repositories clean of any sensitive data.
Requirements
- Install
gcloud
sdk - Login via
gcloud auth login
- Set your google cloud project using
gcloud config set project PROJECT_ID
Installation
-
npm -g install @magloft/kms
oryarn global add @magloft/kms
kms init
CLI Usage
kms [command]
Commands:
kms init initialize kms
kms edit [key] edit key and publish to kms
kms store [key] store key to kms
kms fetch [key] fetch key from kms
Options:
-e Set environment [string] (development, staging, production)
--help Show help [boolean]
--version Show version [boolean]
Node Usage
const { config } = require('@magloft/kms')
config('credentials/mysql').then((result) => {
console.log(result)
// { host: '127.0.0.1', port: '3306', username: 'root', password: 'root' }
})
Environments
By default, the development
environment will be used. Credentials are stored locally at ~/.kms/development/path/to/key.json
.
Any environment other than development
will load and retrieve configuration from Google Cloud Storage and encrypt/decrypt via Google Cloud KMS.
To change the environment, you can:
- Pass the environment via CLI argument
-e production
. - Set the
KMS_ENV=production
environment variable
Configuration
The KMS_PARAMS
environment variable allows you to specift the project, storage bucket and keyring settings:
KMS_PARAMS=magloft-private:kms:kms
The colon-seperated string contains Bucket Name
, Key Ring ID
and Crypto Key ID
.