@verii/db-kms 1.0.0-pre.1752076816 → 1.0.0-pre.1754289942

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verii/db-kms",
-  "version": "1.0.0-pre.1752076816",
+  "version": "1.0.0-pre.1754289942",
   "description": "KMS plugin that uses a db",
   "main": "index.js",
   "license": "Apache-2.0",
@@ -14,19 +14,19 @@
   },
   "dependencies": {
     "@spencejs/spence-mongo-repos": "~0.10.2",
-    "@verii/crypto": "1.0.0-pre.1752076816",
-    "@verii/jwt": "1.0.0-pre.1752076816",
-    "@verii/spencer-mongo-extensions": "1.0.0-pre.1752076816",
+    "@verii/crypto": "1.0.0-pre.1754289942",
+    "@verii/jwt": "1.0.0-pre.1754289942",
+    "@verii/spencer-mongo-extensions": "1.0.0-pre.1754289942",
     "fastify-plugin": "^5.0.0",
     "lodash": "~4.17.21",
-    "mongodb": "6.16.0"
+    "mongodb": "6.17.0"
   },
   "devDependencies": {
     "@spencejs/spence-config": "0.10.2",
     "@typescript-eslint/eslint-plugin": "6.21.0",
     "@typescript-eslint/parser": "6.21.0",
-    "@verii/test-regexes": "1.0.0-pre.1752076816",
-    "@verii/tests-helpers": "1.0.0-pre.1752076816",
+    "@verii/test-regexes": "1.0.0-pre.1754289942",
+    "@verii/tests-helpers": "1.0.0-pre.1754289942",
     "eslint": "8.57.1",
     "eslint-config-airbnb-base": "14.2.1",
     "eslint-config-prettier": "8.10.0",
@@ -36,9 +36,9 @@
     "eslint-plugin-prefer-arrow-functions": "3.6.2",
     "eslint-plugin-prettier": "4.2.1",
     "eslint-watch": "7.0.0",
-    "fastify": "5.3.3",
+    "fastify": "5.4.0",
     "jest": "29.7.0",
-    "mongodb": "6.16.0",
+    "mongodb": "6.17.0",
     "prettier": "2.8.8",
     "typescript": "5.8.3"
   },
@@ -47,5 +47,5 @@
       "lib"
     ]
   },
-  "gitHead": "5885ce94149cc0102b2bc9cde18834293174bfaf"
+  "gitHead": "772b121fb3eb2ee0077a1b5c9eec3281215e9e9f"
 }

package/src/db-kms.js

@@ -21,8 +21,8 @@
  * @import { Context, Id, KMS, KeySpec, KmsKey, KmsSecret, ImportableKey, ImportableSecret } from "../../types/types"
  */
 
-const { generateJWAKeyPair } = require('@verii/crypto');
-const { jwtSign, jwtVerify } = require('@verii/jwt');
+const { generateJWAKeyPair, encrypt, decrypt } = require('@verii/crypto');
+const { jwtSign, jwtVerify, hexFromJwk } = require('@verii/jwt');
 const { isEmpty, omit } = require('lodash/fp');
 const kmsRepo = require('./repo');
 const { defaultRepoOptions } = require('./default-repo-options');
@@ -165,6 +165,34 @@ const initDbKms = (fastify, kmsOptions = {}) => {
       );
     };
 
+    /**
+     * encrypt text using a secret
+     * @param {Record<string, unknown>} plainText the text to encrypt
+     * @param {Id} keyId the key id to encrypt with
+     * @returns {string} the encrypted text
+     */
+    const encryptString = async (plainText, keyId) => {
+      const key = await loadKey(keyId);
+      const hex = hexFromJwk(
+        key[repoOptions.secretProp] ?? key[repoOptions.keyProp]
+      );
+      return encrypt(plainText, hex);
+    };
+
+    /**
+     * Decrypt text using a secret
+     * @param {string} encrypted the encrypted text to decrypt
+     * @param {Id} keyId the key id to decrypt with
+     * @returns {string} the decrypted text
+     */
+    const decryptString = async (encrypted, keyId) => {
+      const key = await loadKey(keyId);
+      const hex = hexFromJwk(
+        key[repoOptions.secretProp] ?? key[repoOptions.keyProp]
+      );
+      return decrypt(encrypted, hex);
+    };
+
     return {
       createKey,
       importKey,
@@ -172,6 +200,8 @@ const initDbKms = (fastify, kmsOptions = {}) => {
       exportKeyOrSecret,
       signJwt,
       verifyJwt,
+      encryptString,
+      decryptString,
     };
   };
 };