Locker is an embedded secrets-management store specifically made for binaries that are bundled as single-executable CLI apps.
npm i locker
// or
yarn add locker
import Locker from 'locker';
// set a master key
Locker.config.master = 'THIS WILL BE AUTOGENERATED IF IT IS NOT AVAILABLE';
// for an instance with cluster support
const locker = new Locker();
// or through a network
const locker = new Locker('127.0.0.1:7200');
// or unix socket
const locker = new Locker('/tmp/locker');
// storing plain strings
locker.write('/test/string', 'plain-text');
// storing with a ttl of 15 minutes
locker.write('/test/string', 'plain-text', { ttl: 500 });
// reading
locker.read('/test/string');
// set expiry in 50 seconds or extend ttl without decrypting
locker.expire('/test/string', { ttl: 50 });
// delete a key
locker.delete('/test/string');
// storing a binary
locker.write('/test/keypair', Buffer.from(source));
// storing a key pair
locker.write('/test/keypair', { private: '', public: '', passphrase: '' });
// storing a pgp key
locker.write('/test/keypair', { private: '', public: '', pgp: true });
// listen to events
locker.on('write', (namespace) => console.log('wrote a secret on namespace: ' + namespace));
// rotate key
locker.rotate();
If the secret value is a key pair, try to infer the key information.
Will create a new signing key and will use that for the next signing execution.
Listen to the following events thrown by the library. This is used mainly for auditing and logging.
Events:
- write
- read
- extend
- delete
- rotate
You can run the test suite by running the command below.
yarn test
Make sure that you run this before you send a PR.
Locker is licensed as open-source under the MIT License. See License.