key-rotation-manager 1.0.7 → 1.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +58 -17
- package/dist/index.cjs +299 -107
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +78 -77
- package/dist/index.d.ts +78 -77
- package/dist/index.js +297 -100
- package/dist/index.js.map +1 -1
- package/package.json +8 -2
package/README.md
CHANGED
|
@@ -85,15 +85,15 @@ On initialization:
|
|
|
85
85
|
|
|
86
86
|
```typescript
|
|
87
87
|
{
|
|
88
|
-
path: ['keys'],
|
|
89
|
-
file: ['
|
|
88
|
+
path: ['keys', '{{type}}'], // FROM 1.0.8 allow using variable: {{...}}
|
|
89
|
+
file: ['v', '{{version}}'],
|
|
90
90
|
fileSplitor: '_',
|
|
91
91
|
fileExt: 'json',
|
|
92
92
|
gitIgnore: true, // add resolved path to .gitignore
|
|
93
93
|
|
|
94
94
|
crypto: {
|
|
95
95
|
algorithm: 'aes-256-gcm',
|
|
96
|
-
kdf: '
|
|
96
|
+
kdf: 'pbkdf2',
|
|
97
97
|
hashAlgorithm: 'sha256',
|
|
98
98
|
keyLength: 32,
|
|
99
99
|
ivLength: 16,
|
|
@@ -113,7 +113,8 @@ With default settings, keys are stored as:
|
|
|
113
113
|
|
|
114
114
|
```
|
|
115
115
|
keys/
|
|
116
|
-
└──
|
|
116
|
+
└── {{type}}/
|
|
117
|
+
└── v_{{version}}.json
|
|
117
118
|
```
|
|
118
119
|
|
|
119
120
|
---
|
|
@@ -148,10 +149,8 @@ Merge mode stores multiple key versions in a single file.
|
|
|
148
149
|
```typescript
|
|
149
150
|
const { key } = await keyManager.newKey({
|
|
150
151
|
type: 'service',
|
|
151
|
-
duration: 30,
|
|
152
|
-
unit: 'seconds',
|
|
153
|
-
rotate: true,
|
|
154
152
|
merge: true, // Merge into 1 file {{path}}/{filename}
|
|
153
|
+
...options,
|
|
155
154
|
});
|
|
156
155
|
```
|
|
157
156
|
|
|
@@ -163,8 +162,8 @@ const { key } = await keyManager.newKey({
|
|
|
163
162
|
import { create } from 'key-rotation-manager';
|
|
164
163
|
|
|
165
164
|
const keyManager = create({
|
|
166
|
-
path: ['keys', '
|
|
167
|
-
file: '{{
|
|
165
|
+
path: ['keys', '{{type}}'],
|
|
166
|
+
file: ['{{version}}', '{{custom_variables}}'],
|
|
168
167
|
fileExt: 'txt',
|
|
169
168
|
...options,
|
|
170
169
|
});
|
|
@@ -173,10 +172,16 @@ const keyManager = create({
|
|
|
173
172
|
Resulting structure:
|
|
174
173
|
|
|
175
174
|
```
|
|
176
|
-
keys
|
|
175
|
+
path: ['keys', '{{type}}']
|
|
176
|
+
file: ['{{version}}', '{{custom_variables}}']
|
|
177
|
+
fileExt: "txt"
|
|
178
|
+
type: "service"
|
|
179
|
+
variables: { custom_variables: "example" }
|
|
180
|
+
|
|
181
|
+
getKey({ type }, variables) -> keys/service/17000000000_example.txt
|
|
177
182
|
|
|
178
183
|
>> .gitignore
|
|
179
|
-
keys
|
|
184
|
+
keys/*/*_*.txt
|
|
180
185
|
```
|
|
181
186
|
|
|
182
187
|
---
|
|
@@ -201,7 +206,7 @@ The returned value becomes `key.path`.
|
|
|
201
206
|
|
|
202
207
|
```typescript
|
|
203
208
|
const result = await keyManager.getKey({
|
|
204
|
-
path: '
|
|
209
|
+
path: 'path (full path return from km.newKey)',
|
|
205
210
|
version: 'rotate',
|
|
206
211
|
onRotate: {
|
|
207
212
|
duration: 30,
|
|
@@ -209,7 +214,42 @@ const result = await keyManager.getKey({
|
|
|
209
214
|
rotate: true,
|
|
210
215
|
merge: true,
|
|
211
216
|
},
|
|
212
|
-
});
|
|
217
|
+
}, eventHandlers);
|
|
218
|
+
```
|
|
219
|
+
|
|
220
|
+
```typescript
|
|
221
|
+
// from 1.0.8 getKey allow user use events
|
|
222
|
+
|
|
223
|
+
type TGetKeyEvents = {
|
|
224
|
+
/**
|
|
225
|
+
* This will fire when key is rotatable but expired and missing options to rotate
|
|
226
|
+
*/
|
|
227
|
+
onMissingRotateOption: (key: TKeyGenerated, options: TGetKeyOptions) => void | Promise<void>;
|
|
228
|
+
/**
|
|
229
|
+
* This will fire when key is invalid includes validate types, from date, to date, etc...
|
|
230
|
+
*/
|
|
231
|
+
onKeyInvalid: (
|
|
232
|
+
key: TKeyGenerated,
|
|
233
|
+
message: string,
|
|
234
|
+
errorOn?: keyof TKeyGenerated
|
|
235
|
+
) => void | Promise<void>;
|
|
236
|
+
/**
|
|
237
|
+
* This will fire when key is renewed
|
|
238
|
+
*/
|
|
239
|
+
onKeyRenewed: (getKey: TGetKey, options: TGetKeyOptions['onRotate']) => void | Promise<void>;
|
|
240
|
+
/**
|
|
241
|
+
* This will fire when key file is not found or version is not found in file
|
|
242
|
+
* @description
|
|
243
|
+
* IMPORTANT: every file invalid should return `{}` as key data and this will caused this event to be fired
|
|
244
|
+
* - Invalid file (file not found or not valid json)
|
|
245
|
+
* - Version not found in file
|
|
246
|
+
* - From date in future
|
|
247
|
+
* - Properties in key data is not valid types
|
|
248
|
+
* - hashedBytes is less than 0
|
|
249
|
+
*/
|
|
250
|
+
onKeyNotFound: (path: string, version: string | number) => void | Promise<void>;
|
|
251
|
+
onExpired: (path: string, key: TKeyGenerated) => void | Promise<void>;
|
|
252
|
+
};
|
|
213
253
|
```
|
|
214
254
|
|
|
215
255
|
Returned structure:
|
|
@@ -222,21 +262,21 @@ Returned structure:
|
|
|
222
262
|
```
|
|
223
263
|
|
|
224
264
|
- `ready` → usable key
|
|
225
|
-
- `expired` → expired key
|
|
265
|
+
- `expired` → expired key
|
|
226
266
|
|
|
227
267
|
### Rotate Key (Invalid – Missing Options)
|
|
228
268
|
|
|
229
269
|
```typescript
|
|
230
270
|
await keyManager.getKey({
|
|
231
|
-
path: '
|
|
271
|
+
path: 'path (full path return from km.newKey)',
|
|
232
272
|
version: 'rotate-invalid',
|
|
233
273
|
});
|
|
234
274
|
```
|
|
235
275
|
|
|
236
|
-
|
|
276
|
+
Return:
|
|
237
277
|
|
|
238
278
|
```
|
|
239
|
-
|
|
279
|
+
{ expired: null, ready: null }
|
|
240
280
|
```
|
|
241
281
|
|
|
242
282
|
### Non-Rotating Key
|
|
@@ -261,6 +301,7 @@ keyManager.useGetKey(async () => {
|
|
|
261
301
|
to: '2099-12-29T01:23:57.882Z',
|
|
262
302
|
key: '...',
|
|
263
303
|
hashed: '...',
|
|
304
|
+
hashedBytes: 16,
|
|
264
305
|
type: 'service',
|
|
265
306
|
version: 'version',
|
|
266
307
|
rotate: true,
|