react-native-secreton 2.2.1 → 2.3.1

package/README.md

@@ -1,9 +1,12 @@
 # react-native-secreton
-Config secret variables for React Native apps
+A library for managing **secret environment variables** in React Native apps. 
+Supports integration with **Consul** and **Vault** to securely retrieve configurations.
 
 ## Installation
-```sh
+```bash
 npm install react-native-secreton
+# or
+yarn add react-native-secreton
 ```
 
 ## Generate secret key
@@ -15,7 +18,7 @@ openssl rand -hex 32
 ## Setup
 Link the library:
 ```
-$ react-native link react-native-config
+$ react-native link react-native-secreton
 ```
 
 - Manual Link (Android) 
@@ -39,6 +42,30 @@ $ react-native link react-native-config
 + pod 'react-native-secreton', :path => '../node_modules/react-native-secreton'
 ```
 
+## Usage Examples
+
+### Using Consul
+```bash
+export ENV_SECRET_KEY=secret-key-32-bytes
+export FETCH_ENV=consul
+export CONSUL_ADDR=http://consul.mycompany.com:8500
+export CONSUL_PATH=mobile/myapp
+export CONSUL_TOKEN=abcd1234
+
+rn-secreton-cli .env
+```
+
+### Using Vault
+```bash
+export ENV_SECRET_KEY=secret-key-32-bytes
+export FETCH_ENV=vault
+export VAULT_ADDR=http://vault.mycompany.com:8200
+export VAULT_PATH=secret/data/mobile/myapp
+export VAULT_TOKEN=abcd1234
+
+rn-secreton-cli .env
+```
+
 ## Native Usage
 
 ### Android
@@ -63,8 +90,6 @@ Then in Xcode build settings:
 2. Use on native iOS (Objective‑C/Swift)
 ```objective‑c
 let apiKey = ProcessInfo.processInfo.environment["GEO_APK_API_KEY"]
-
-or
-
+# or
 let apiKey = Bundle.main.object(forInfoDictionaryKey: "GEO_APK_API_KEY") as? String
 ```

package/android/build.gradle

@@ -18,9 +18,10 @@ buildscript {
 
 apply plugin: "com.android.library"
 apply plugin: "kotlin-android"
-
 apply plugin: "com.facebook.react"
 
+apply from: "secreton.gradle"
+
 def getExtOrIntegerDefault(name) {
   return rootProject.ext.has(name) ? rootProject.ext.get(name) : (project.properties["Secreton_" + name]).toInteger()
 }
@@ -33,6 +34,7 @@ android {
   defaultConfig {
     minSdkVersion getExtOrIntegerDefault("minSdkVersion")
     targetSdkVersion getExtOrIntegerDefault("targetSdkVersion")
+    buildConfigField "String", "ENV_SECRET_KEY", "\"${getSecretKeyFromEnv(project)}\""
   }
 
   buildFeatures {

package/android/secreton.gradle

@@ -38,18 +38,30 @@ ext.loadEnvFile = { File file ->
     return map
 }
 
+ext.getEnvFile = { appProject ->
+    def androidDir = appProject.rootProject.projectDir
+    def workspaceRoot = findWorkspaceRoot(androidDir)
+
+    def envFileName = appProject.findProperty("ENVFILE") ?: System.getenv("ENVFILE") ?: ".env"
+    def envFile = new File(workspaceRoot, envFileName)
+
+    return envFile
+}
+
+ext.getSecretKeyFromEnv = { appProject ->
+    def envFile = getEnvFile(appProject)
+    def envMap = loadEnvFile(envFile)
+    
+    return envMap["ENV_SECRET_KEY"] ?: ""
+}
+
 ext.ensureLocalEnv = { appProject ->
     if (appProject.ext.has("localEnv")) return
 
     appProject.ext.localEnv = [:]
     appProject.ext.env = [:]
-
-    def androidDir = appProject.rootProject.projectDir
-    def workspaceRoot = findWorkspaceRoot(androidDir)
-    def rootDir = workspaceRoot
-
-    def envFileName = appProject.findProperty("ENVFILE") ?: System.getenv("ENVFILE") ?: ".env"
-    def envFile = new File(rootDir, envFileName)
+    
+    def envFile = getEnvFile(appProject)
 
     if (envFile.exists()) {
         appProject.ext.localEnv.putAll(loadEnvFile(envFile))
@@ -72,23 +84,21 @@ ext.decryptValue = { String encrypted, String secretKey ->
     proc.waitFor()
 
     if (proc.exitValue() != 0) {
-        throw new RuntimeException(proc.err.text)
+        throw new RuntimeException("❌ OpenSSL decrypt failed: ${proc.err.text}")
+    }
+
+    def output = proc.in.text.trim()
+    if (!output) {
+        throw new RuntimeException("❌ Decryption returned empty value")
     }
 
-    return proc.in.text.trim()
+    return output
 }
 
 ext.loadAndDecryptEnv = { appProject ->
     ensureLocalEnv(appProject)
-
-    def androidDir = appProject.rootProject.projectDir
-    def rootDir = findWorkspaceRoot(androidDir)
-
-    def envFileName =
-        appProject.findProperty("ENVFILE")
-        ?: System.getenv("ENVFILE")
-        ?: ".env"
-    def envFile = new File(rootDir, envFileName)
+    
+    def envFile = getEnvFile(appProject)
     if (!envFile.exists()) return
 
     def secretKey = getSecretKey(appProject)
@@ -97,8 +107,11 @@ ext.loadAndDecryptEnv = { appProject ->
     def envMap = loadEnvFile(envFile)
     envMap.each { k, v ->
         def value = v
-        if (v instanceof String && v.startsWith("enc:")) {
-            value = decryptValue(v.substring(4), secretKey)
+        if (v instanceof String && v.startsWith("Secreton:")) {
+            value = decryptValue(v.substring(9), secretKey)
+        }
+        if (value == null) {
+            throw new RuntimeException("❌ Failed to resolve env ${k}")
         }
         appProject.ext.env[k] = value
     }

package/android/src/main/java/com/secreton/SecretonModule.kt

@@ -2,22 +2,96 @@ package com.secreton
 
 import com.facebook.react.bridge.ReactApplicationContext
 import com.facebook.react.module.annotations.ReactModule
+import android.util.Base64
+import java.security.SecureRandom
+import javax.crypto.Cipher
+import javax.crypto.SecretKeyFactory
+import javax.crypto.spec.IvParameterSpec
+import javax.crypto.spec.PBEKeySpec
+import javax.crypto.spec.SecretKeySpec
 
 @ReactModule(name = SecretonModule.NAME)
-class SecretonModule(reactContext: ReactApplicationContext) :
-  NativeSecretonSpec(reactContext) {
+class SecretonModule(
+  reactContext: ReactApplicationContext
+) : NativeSecretonSpec(reactContext) {
 
-  override fun getName(): String {
-    return NAME
+  companion object {
+    const val NAME = "Secreton"
+    private const val PREFIX = "$NAME:"
+    private const val ITERATIONS = 100_000
   }
 
-  // Example method
-  // See https://reactnative.dev/docs/native-modules-android
-  override fun multiply(a: Double, b: Double): Double {
-    return a * b
+  override fun getName() = NAME
+
+  override fun encrypt(value: String): String {
+    val encrypted = encryptOpenSSL(value, getSecretKey())
+    return PREFIX + encrypted
   }
 
-  companion object {
-    const val NAME = "Secreton"
+  override fun decrypt(value: String): String {
+    if (!value.startsWith(PREFIX)) return value
+    return decryptOpenSSL(value.removePrefix(PREFIX), getSecretKey())
+  }
+
+  private fun getSecretKey(): String {
+    return BuildConfig.ENV_SECRET_KEY
+  }
+
+  private fun encryptOpenSSL(value: String, key: String): String {
+    val salt = ByteArray(8)
+    SecureRandom().nextBytes(salt)
+
+    val factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256")
+    val spec = PBEKeySpec(
+      key.toCharArray(),
+      salt,
+      ITERATIONS,
+      (32 + 16) * 8 // key + iv in bits
+    )
+
+    val keyIv = factory.generateSecret(spec).encoded
+    val aesKey = SecretKeySpec(keyIv.copyOfRange(0, 32), "AES")
+    val iv = IvParameterSpec(keyIv.copyOfRange(32, 48))
+
+    val cipher = Cipher.getInstance("AES/CBC/PKCS7Padding")
+    cipher.init(Cipher.ENCRYPT_MODE, aesKey, iv)
+
+    val encrypted = cipher.doFinal(value.toByteArray(Charsets.UTF_8))
+
+    val output = ByteArray(16 + encrypted.size)
+    System.arraycopy("Salted__".toByteArray(), 0, output, 0, 8)
+    System.arraycopy(salt, 0, output, 8, 8)
+    System.arraycopy(encrypted, 0, output, 16, encrypted.size)
+
+    return Base64.encodeToString(output, Base64.NO_WRAP)
+  }
+
+  private fun decryptOpenSSL(encrypted: String, key: String): String {
+    val decoded = Base64.decode(encrypted, Base64.NO_WRAP)
+
+    val magic = String(decoded.copyOfRange(0, 8))
+    if (magic != "Salted__") {
+      throw IllegalArgumentException("Invalid OpenSSL salt header")
+    }
+
+    val salt = decoded.copyOfRange(8, 16)
+    val cipherText = decoded.copyOfRange(16, decoded.size)
+
+    val factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256")
+    val spec = PBEKeySpec(
+      key.toCharArray(),
+      salt,
+      ITERATIONS,
+      (32 + 16) * 8
+    )
+
+    val keyIv = factory.generateSecret(spec).encoded
+    val aesKey = SecretKeySpec(keyIv.copyOfRange(0, 32), "AES")
+    val iv = IvParameterSpec(keyIv.copyOfRange(32, 48))
+
+    val cipher = Cipher.getInstance("AES/CBC/PKCS7Padding")
+    cipher.init(Cipher.DECRYPT_MODE, aesKey, iv)
+
+    return String(cipher.doFinal(cipherText), Charsets.UTF_8)
   }
 }

package/android/src/main/java/com/secreton/SecretonPackage.kt

@@ -25,7 +25,7 @@ class SecretonPackage : BaseReactPackage() {
         false,  // canOverrideExistingModule
         false,  // needsEagerInit
         false,  // isCxxModule
-        true // isTurboModule
+        true    // isTurboModule
       )
       moduleInfos
     }

package/dist/NodeSecreton.js

@@ -5,6 +5,10 @@ export function encrypt(value, key) {
     const cmd = `printf "%s" "${value}" | openssl enc -aes-256-cbc -a -A -salt -pbkdf2 -iter 100000 -pass pass:${key}`;
     return execSync(cmd).toString().trim();
 }
+export function decrypt(encrypted, key) {
+    const cmd = `printf "%s" "${encrypted}" | openssl enc -aes-256-cbc -a -A -d -salt -pbkdf2 -iter 100000 -pass pass:${key}`;
+    return execSync(cmd).toString().trim();
+}
 export function readExistingEnv(envFile) {
     if (!fs.existsSync(envFile))
         return new Set();
@@ -60,7 +64,7 @@ export async function generateEnv(options) {
     }
     const newLines = entries
         .filter(({ key }) => !existingKeys.has(key))
-        .map(({ key, value }) => `${key}=enc:${encrypt(value, secretKey)}`);
+        .map(({ key, value }) => `${key}=Secreton:${encrypt(value, secretKey)}`);
     if (newLines.length === 0) {
         console.log('ℹ️ [Node] Secreton no new env keys to add');
         return;

package/ios/Secreton.mm

@@ -1,21 +1,100 @@
 #import "Secreton.h"
 
+#import <CommonCrypto/CommonCrypto.h>
+
 @implementation Secreton
-- (NSNumber *)multiply:(double)a b:(double)b {
-    NSNumber *result = @(a * b);
 
-    return result;
+static NSString * const kPrefix = @"Secreton:";
+
++ (NSString *)moduleName
+{
+  return @"Secreton";
 }
 
-- (std::shared_ptr<facebook::react::TurboModule>)getTurboModule:
-    (const facebook::react::ObjCTurboModule::InitParams &)params
+#pragma mark - TurboModule methods
+
+- (NSString *)encrypt:(NSString *)value
 {
-    return std::make_shared<facebook::react::NativeSecretonSpecJSI>(params);
+  NSString *key = [[NSBundle mainBundle] objectForInfoDictionaryKey:@"ENV_SECRET_KEY"];
+  if (!key || key.length == 0) {
+    return nil;
+  }
+
+  NSString *encrypted = [self aes:kCCEncrypt value:value key:key];
+  return [kPrefix stringByAppendingString:encrypted];
 }
 
-+ (NSString *)moduleName
+- (NSString *)decrypt:(NSString *)value
 {
-  return @"Secreton";
+  if (![value hasPrefix:kPrefix]) {
+    return value;
+  }
+  
+  NSString *key = [[NSBundle mainBundle] objectForInfoDictionaryKey:@"ENV_SECRET_KEY"];
+  if (!key || key.length == 0) {
+    return nil;
+  }
+
+  NSString *raw = [value substringFromIndex:kPrefix.length];
+  return [self aes:kCCDecrypt value:raw key:key];
+}
+
+#pragma mark - AES core
+
+- (NSString *)aes:(CCOperation)operation
+            value:(NSString *)value
+              key:(NSString *)key
+{
+  NSData *data = nil;
+
+  if (operation == kCCEncrypt) {
+    data = [value dataUsingEncoding:NSUTF8StringEncoding];
+  } else {
+    data = [[NSData alloc] initWithBase64EncodedString:value options:0];
+    if (!data) return nil;
+  }
+
+  // Key 32 byte (AES-256)
+  NSMutableData *keyData = [NSMutableData dataWithLength:kCCKeySizeAES256];
+  NSData *rawKey = [key dataUsingEncoding:NSUTF8StringEncoding];
+  memcpy(keyData.mutableBytes, rawKey.bytes, MIN(rawKey.length, kCCKeySizeAES256));
+
+  size_t outLength = 0;
+  NSMutableData *outData = [NSMutableData dataWithLength:data.length + kCCBlockSizeAES128];
+
+  CCCryptorStatus status = CCCrypt(
+    operation,
+    kCCAlgorithmAES,
+    kCCOptionPKCS7Padding,
+    keyData.bytes,
+    kCCKeySizeAES256,
+    NULL, // IV zero
+    data.bytes,
+    data.length,
+    outData.mutableBytes,
+    outData.length,
+    &outLength
+  );
+
+  if (status != kCCSuccess) {
+    return nil;
+  }
+
+  outData.length = outLength;
+
+  if (operation == kCCEncrypt) {
+    return [outData base64EncodedStringWithOptions:0];
+  }
+
+  return [[NSString alloc] initWithData:outData encoding:NSUTF8StringEncoding];
+}
+
+#pragma mark - TurboModule binding
+
+- (std::shared_ptr<facebook::react::TurboModule>)getTurboModule:
+    (const facebook::react::ObjCTurboModule::InitParams &)params
+{
+    return std::make_shared<facebook::react::NativeSecretonSpecJSI>(params);
 }
 
 @end

package/lib/module/NativeSecreton.js.map

@@ -1 +1 @@
-{"version":3,"names":["TurboModuleRegistry","getEnforcing"],"sourceRoot":"../../src","sources":["NativeSecreton.ts"],"mappings":";;AAAA,SAASA,mBAAmB,QAA0B,cAAc;AAMpE,eAAeA,mBAAmB,CAACC,YAAY,CAAO,UAAU,CAAC","ignoreList":[]}
+{"version":3,"names":["TurboModuleRegistry","getEnforcing"],"sourceRoot":"../../src","sources":["NativeSecreton.ts"],"mappings":";;AAAA,SAASA,mBAAmB,QAA0B,cAAc;AAOpE,eAAeA,mBAAmB,CAACC,YAAY,CAAO,UAAU,CAAC","ignoreList":[]}

package/lib/module/NodeSecreton.js

@@ -7,6 +7,10 @@ export function encrypt(value, key) {
   const cmd = `printf "%s" "${value}" | openssl enc -aes-256-cbc -a -A -salt -pbkdf2 -iter 100000 -pass pass:${key}`;
   return execSync(cmd).toString().trim();
 }
+export function decrypt(encrypted, key) {
+  const cmd = `printf "%s" "${encrypted}" | openssl enc -aes-256-cbc -a -A -d -salt -pbkdf2 -iter 100000 -pass pass:${key}`;
+  return execSync(cmd).toString().trim();
+}
 export function readExistingEnv(envFile) {
   if (!fs.existsSync(envFile)) return new Set();
   const content = fs.readFileSync(envFile, 'utf8');
@@ -67,7 +71,7 @@ export async function generateEnv(options) {
   }) => !existingKeys.has(key)).map(({
     key,
     value
-  }) => `${key}=enc:${encrypt(value, secretKey)}`);
+  }) => `${key}=Secreton:${encrypt(value, secretKey)}`);
   if (newLines.length === 0) {
     console.log('ℹ️ [Node] Secreton no new env keys to add');
     return;

package/lib/module/NodeSecreton.js.map

@@ -1 +1 @@
-{"version":3,"names":["path","fs","execSync","encrypt","value","key","cmd","toString","trim","readExistingEnv","envFile","existsSync","Set","content","readFileSync","split","map","line","filter","Boolean","startsWith","length","fetchConsul","addr","token","headers","res","fetch","ok","Error","data","json","item","Value","Key","replace","Buffer","from","fetchVault","Object","entries","String","generateEnv","options","secretKey","fetchEnv","fileName","basename","existingKeys","vault","consul","newLines","has","console","log","appendFileSync","join"],"sourceRoot":"../../src","sources":["NodeSecreton.ts"],"mappings":";;AAAA,OAAOA,IAAI,MAAM,WAAW;AAC5B,OAAOC,EAAE,MAAM,SAAS;AACxB,SAASC,QAAQ,QAAQ,oBAAoB;AAgC7C,OAAO,SAASC,OAAOA,CAACC,KAAa,EAAEC,GAAW,EAAE;EAClD,MAAMC,GAAG,GAAG,gBAAgBF,KAAK,4EAA4EC,GAAG,EAAE;EAClH,OAAOH,QAAQ,CAACI,GAAG,CAAC,CAACC,QAAQ,CAAC,CAAC,CAACC,IAAI,CAAC,CAAC;AACxC;AAEA,OAAO,SAASC,eAAeA,CAACC,OAAe,EAAe;EAC5D,IAAI,CAACT,EAAE,CAACU,UAAU,CAACD,OAAO,CAAC,EAAE,OAAO,IAAIE,GAAG,CAAC,CAAC;EAE7C,MAAMC,OAAO,GAAGZ,EAAE,CAACa,YAAY,CAACJ,OAAO,EAAE,MAAM,CAAC;EAEhD,OAAO,IAAIE,GAAG,CACZC,OAAO,CACJE,KAAK,CAAC,IAAI,CAAC,CACXC,GAAG,CAAEC,IAAI,IAAKA,IAAI,CAACT,IAAI,CAAC,CAAC,CAAC,CAC1BU,MAAM,CAAED,IAAI,IAAqBE,OAAO,CAACF,IAAI,CAAC,CAAC,CAC/CC,MAAM,CAAED,IAAI,IAAK,CAACA,IAAI,CAACG,UAAU,CAAC,GAAG,CAAC,CAAC,CACvCJ,GAAG,CAAEC,IAAI,IAAKA,IAAI,CAACF,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CACjCG,MAAM,CAAEb,GAAG,IAAoB,OAAOA,GAAG,KAAK,QAAQ,IAAIA,GAAG,CAACgB,MAAM,GAAG,CAAC,CAC7E,CAAC;AACH;AAEA,eAAeC,WAAWA,CAAC;EACzBC,IAAI;EACJvB,IAAI;EACJwB;AACY,CAAC,EAAuB;EACpC,MAAMC,OAA+B,GAAG,CAAC,CAAC;EAC1C,IAAID,KAAK,EAAEC,OAAO,CAAC,gBAAgB,CAAC,GAAGD,KAAK;EAE5C,MAAME,GAAG,GAAG,MAAMC,KAAK,CAAC,GAAGJ,IAAI,UAAUvB,IAAI,eAAe,EAAE;IAAEyB;EAAQ,CAAC,CAAC;EAC1E,IAAI,CAACC,GAAG,CAACE,EAAE,EAAE,MAAM,IAAIC,KAAK,CAAC,qBAAqB,CAAC;EAEnD,MAAMC,IAAgB,GAAG,MAAMJ,GAAG,CAACK,IAAI,CAAC,CAAC;EACzC,OAAOD,IAAI,CACRZ,MAAM,CAAEc,IAAS,IAAK,OAAOA,IAAI,CAACC,KAAK,KAAK,QAAQ,CAAC,CACrDjB,GAAG,CAAEgB,IAAS,KAAM;IACnB3B,GAAG,EAAE2B,IAAI,CAACE,GAAG,CAACC,OAAO,CAAC,GAAGnC,IAAI,GAAG,EAAE,EAAE,CAAC;IACrCI,KAAK,EAAEgC,MAAM,CAACC,IAAI,CAACL,IAAI,CAACC,KAAK,EAAE,QAAQ,CAAC,CAAC1B,QAAQ,CAAC,MAAM;EAC1D,CAAC,CAAC,CAAC;AACP;AAEA,eAAe+B,UAAUA,CAAC;EACxBf,IAAI;EACJvB,IAAI;EACJwB;AACW,CAAC,EAAuB;EACnC,MAAME,GAAG,GAAG,MAAMC,KAAK,CAAC,GAAGJ,IAAI,OAAOvB,IAAI,EAAE,EAAE;IAC5CyB,OAAO,EAAE;MAAE,eAAe,EAAED;IAAM;EACpC,CAAC,CAAC;EAEF,IAAI,CAACE,GAAG,CAACE,EAAE,EAAE,MAAM,IAAIC,KAAK,CAAC,oBAAoB,CAAC;EAElD,MAAME,IAAI,GAAG,MAAML,GAAG,CAACK,IAAI,CAAC,CAAC;EAC7B,OAAOQ,MAAM,CAACC,OAAO,CAACT,IAAI,CAACD,IAAI,CAACA,IAAI,CAAC,CAACd,GAAG,CAAC,CAAC,CAACX,GAAG,EAAED,KAAK,CAAC,MAAM;IAC3DC,GAAG;IACHD,KAAK,EAAEqC,MAAM,CAACrC,KAAK;EACrB,CAAC,CAAC,CAAC;AACL;AAEA,OAAO,eAAesC,WAAWA,CAACC,OAA2B,EAAE;EAC7D,MAAM;IACJjC,OAAO;IACPkC,SAAS;IACTC,QAAQ,GAAG;EACb,CAAC,GAAGF,OAAO;EAEX,MAAMG,QAAQ,GAAG9C,IAAI,CAAC+C,QAAQ,CAACrC,OAAO,CAAC;EACvC,MAAMsC,YAAY,GAAGvC,eAAe,CAACC,OAAO,CAAC;EAE7C,IAAI8B,OAAmB,GAAG,EAAE;EAE5B,IAAIK,QAAQ,KAAK,OAAO,IAAIF,OAAO,CAACM,KAAK,EAAE;IACzCT,OAAO,GAAG,MAAMF,UAAU,CAACK,OAAO,CAACM,KAAK,CAAC;EAC3C,CAAC,MAAM,IAAIN,OAAO,CAACO,MAAM,EAAE;IACzBV,OAAO,GAAG,MAAMlB,WAAW,CAACqB,OAAO,CAACO,MAAM,CAAC;EAC7C,CAAC,MAAM;IACL,MAAM,IAAIrB,KAAK,CAAC,2BAA2B,CAAC;EAC9C;EAEA,MAAMsB,QAAQ,GAAGX,OAAO,CACrBtB,MAAM,CAAC,CAAC;IAAEb;EAAI,CAAC,KAAK,CAAC2C,YAAY,CAACI,GAAG,CAAC/C,GAAG,CAAC,CAAC,CAC3CW,GAAG,CAAC,CAAC;IAAEX,GAAG;IAAED;EAAM,CAAC,KAAK,GAAGC,GAAG,QAAQF,OAAO,CAACC,KAAK,EAAEwC,SAAS,CAAC,EAAE,CAAC;EAErE,IAAIO,QAAQ,CAAC9B,MAAM,KAAK,CAAC,EAAE;IACzBgC,OAAO,CAACC,GAAG,CAAC,2CAA2C,CAAC;IACxD;EACF;EAEArD,EAAE,CAACsD,cAAc,CAAC7C,OAAO,EAAE,CAACT,EAAE,CAACU,UAAU,CAACD,OAAO,CAAC,GAAG,IAAI,GAAG,EAAE,IAAIyC,QAAQ,CAACK,IAAI,CAAC,IAAI,CAAC,CAAC;EAEtFH,OAAO,CAACC,GAAG,CAAC,sCAAsCR,QAAQ,EAAE,CAAC;AAC/D","ignoreList":[]}
+{"version":3,"names":["path","fs","execSync","encrypt","value","key","cmd","toString","trim","decrypt","encrypted","readExistingEnv","envFile","existsSync","Set","content","readFileSync","split","map","line","filter","Boolean","startsWith","length","fetchConsul","addr","token","headers","res","fetch","ok","Error","data","json","item","Value","Key","replace","Buffer","from","fetchVault","Object","entries","String","generateEnv","options","secretKey","fetchEnv","fileName","basename","existingKeys","vault","consul","newLines","has","console","log","appendFileSync","join"],"sourceRoot":"../../src","sources":["NodeSecreton.ts"],"mappings":";;AAAA,OAAOA,IAAI,MAAM,WAAW;AAC5B,OAAOC,EAAE,MAAM,SAAS;AACxB,SAASC,QAAQ,QAAQ,oBAAoB;AAgC7C,OAAO,SAASC,OAAOA,CAACC,KAAa,EAAEC,GAAW,EAAE;EAClD,MAAMC,GAAG,GAAG,gBAAgBF,KAAK,4EAA4EC,GAAG,EAAE;EAClH,OAAOH,QAAQ,CAACI,GAAG,CAAC,CAACC,QAAQ,CAAC,CAAC,CAACC,IAAI,CAAC,CAAC;AACxC;AAEA,OAAO,SAASC,OAAOA,CAACC,SAAiB,EAAEL,GAAW,EAAE;EACtD,MAAMC,GAAG,GAAG,gBAAgBI,SAAS,+EAA+EL,GAAG,EAAE;EACzH,OAAOH,QAAQ,CAACI,GAAG,CAAC,CAACC,QAAQ,CAAC,CAAC,CAACC,IAAI,CAAC,CAAC;AACxC;AAEA,OAAO,SAASG,eAAeA,CAACC,OAAe,EAAe;EAC5D,IAAI,CAACX,EAAE,CAACY,UAAU,CAACD,OAAO,CAAC,EAAE,OAAO,IAAIE,GAAG,CAAC,CAAC;EAE7C,MAAMC,OAAO,GAAGd,EAAE,CAACe,YAAY,CAACJ,OAAO,EAAE,MAAM,CAAC;EAEhD,OAAO,IAAIE,GAAG,CACZC,OAAO,CACJE,KAAK,CAAC,IAAI,CAAC,CACXC,GAAG,CAAEC,IAAI,IAAKA,IAAI,CAACX,IAAI,CAAC,CAAC,CAAC,CAC1BY,MAAM,CAAED,IAAI,IAAqBE,OAAO,CAACF,IAAI,CAAC,CAAC,CAC/CC,MAAM,CAAED,IAAI,IAAK,CAACA,IAAI,CAACG,UAAU,CAAC,GAAG,CAAC,CAAC,CACvCJ,GAAG,CAAEC,IAAI,IAAKA,IAAI,CAACF,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CACjCG,MAAM,CAAEf,GAAG,IAAoB,OAAOA,GAAG,KAAK,QAAQ,IAAIA,GAAG,CAACkB,MAAM,GAAG,CAAC,CAC7E,CAAC;AACH;AAEA,eAAeC,WAAWA,CAAC;EACzBC,IAAI;EACJzB,IAAI;EACJ0B;AACY,CAAC,EAAuB;EACpC,MAAMC,OAA+B,GAAG,CAAC,CAAC;EAC1C,IAAID,KAAK,EAAEC,OAAO,CAAC,gBAAgB,CAAC,GAAGD,KAAK;EAE5C,MAAME,GAAG,GAAG,MAAMC,KAAK,CAAC,GAAGJ,IAAI,UAAUzB,IAAI,eAAe,EAAE;IAAE2B;EAAQ,CAAC,CAAC;EAC1E,IAAI,CAACC,GAAG,CAACE,EAAE,EAAE,MAAM,IAAIC,KAAK,CAAC,qBAAqB,CAAC;EAEnD,MAAMC,IAAgB,GAAG,MAAMJ,GAAG,CAACK,IAAI,CAAC,CAAC;EACzC,OAAOD,IAAI,CACRZ,MAAM,CAAEc,IAAS,IAAK,OAAOA,IAAI,CAACC,KAAK,KAAK,QAAQ,CAAC,CACrDjB,GAAG,CAAEgB,IAAS,KAAM;IACnB7B,GAAG,EAAE6B,IAAI,CAACE,GAAG,CAACC,OAAO,CAAC,GAAGrC,IAAI,GAAG,EAAE,EAAE,CAAC;IACrCI,KAAK,EAAEkC,MAAM,CAACC,IAAI,CAACL,IAAI,CAACC,KAAK,EAAE,QAAQ,CAAC,CAAC5B,QAAQ,CAAC,MAAM;EAC1D,CAAC,CAAC,CAAC;AACP;AAEA,eAAeiC,UAAUA,CAAC;EACxBf,IAAI;EACJzB,IAAI;EACJ0B;AACW,CAAC,EAAuB;EACnC,MAAME,GAAG,GAAG,MAAMC,KAAK,CAAC,GAAGJ,IAAI,OAAOzB,IAAI,EAAE,EAAE;IAC5C2B,OAAO,EAAE;MAAE,eAAe,EAAED;IAAM;EACpC,CAAC,CAAC;EAEF,IAAI,CAACE,GAAG,CAACE,EAAE,EAAE,MAAM,IAAIC,KAAK,CAAC,oBAAoB,CAAC;EAElD,MAAME,IAAI,GAAG,MAAML,GAAG,CAACK,IAAI,CAAC,CAAC;EAC7B,OAAOQ,MAAM,CAACC,OAAO,CAACT,IAAI,CAACD,IAAI,CAACA,IAAI,CAAC,CAACd,GAAG,CAAC,CAAC,CAACb,GAAG,EAAED,KAAK,CAAC,MAAM;IAC3DC,GAAG;IACHD,KAAK,EAAEuC,MAAM,CAACvC,KAAK;EACrB,CAAC,CAAC,CAAC;AACL;AAEA,OAAO,eAAewC,WAAWA,CAACC,OAA2B,EAAE;EAC7D,MAAM;IACJjC,OAAO;IACPkC,SAAS;IACTC,QAAQ,GAAG;EACb,CAAC,GAAGF,OAAO;EAEX,MAAMG,QAAQ,GAAGhD,IAAI,CAACiD,QAAQ,CAACrC,OAAO,CAAC;EACvC,MAAMsC,YAAY,GAAGvC,eAAe,CAACC,OAAO,CAAC;EAE7C,IAAI8B,OAAmB,GAAG,EAAE;EAE5B,IAAIK,QAAQ,KAAK,OAAO,IAAIF,OAAO,CAACM,KAAK,EAAE;IACzCT,OAAO,GAAG,MAAMF,UAAU,CAACK,OAAO,CAACM,KAAK,CAAC;EAC3C,CAAC,MAAM,IAAIN,OAAO,CAACO,MAAM,EAAE;IACzBV,OAAO,GAAG,MAAMlB,WAAW,CAACqB,OAAO,CAACO,MAAM,CAAC;EAC7C,CAAC,MAAM;IACL,MAAM,IAAIrB,KAAK,CAAC,2BAA2B,CAAC;EAC9C;EAEA,MAAMsB,QAAQ,GAAGX,OAAO,CACrBtB,MAAM,CAAC,CAAC;IAAEf;EAAI,CAAC,KAAK,CAAC6C,YAAY,CAACI,GAAG,CAACjD,GAAG,CAAC,CAAC,CAC3Ca,GAAG,CAAC,CAAC;IAAEb,GAAG;IAAED;EAAM,CAAC,KAAK,GAAGC,GAAG,aAAaF,OAAO,CAACC,KAAK,EAAE0C,SAAS,CAAC,EAAE,CAAC;EAE1E,IAAIO,QAAQ,CAAC9B,MAAM,KAAK,CAAC,EAAE;IACzBgC,OAAO,CAACC,GAAG,CAAC,2CAA2C,CAAC;IACxD;EACF;EAEAvD,EAAE,CAACwD,cAAc,CAAC7C,OAAO,EAAE,CAACX,EAAE,CAACY,UAAU,CAACD,OAAO,CAAC,GAAG,IAAI,GAAG,EAAE,IAAIyC,QAAQ,CAACK,IAAI,CAAC,IAAI,CAAC,CAAC;EAEtFH,OAAO,CAACC,GAAG,CAAC,sCAAsCR,QAAQ,EAAE,CAAC;AAC/D","ignoreList":[]}

package/lib/module/index.js

@@ -1,7 +1,10 @@
 "use strict";
 
 import Secreton from "./NativeSecreton.js";
-export function multiply(a, b) {
-  return Secreton.multiply(a, b);
+export function encrypt(value) {
+  return Secreton.encrypt(value);
+}
+export function decrypt(encrypted) {
+  return Secreton.decrypt(encrypted);
 }
 //# sourceMappingURL=index.js.map

package/lib/module/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["Secreton","multiply","a","b"],"sourceRoot":"../../src","sources":["index.tsx"],"mappings":";;AAAA,OAAOA,QAAQ,MAAM,qBAAkB;AAEvC,OAAO,SAASC,QAAQA,CAACC,CAAS,EAAEC,CAAS,EAAU;EACrD,OAAOH,QAAQ,CAACC,QAAQ,CAACC,CAAC,EAAEC,CAAC,CAAC;AAChC","ignoreList":[]}
+{"version":3,"names":["Secreton","encrypt","value","decrypt","encrypted"],"sourceRoot":"../../src","sources":["index.tsx"],"mappings":";;AAAA,OAAOA,QAAQ,MAAM,qBAAkB;AAEvC,OAAO,SAASC,OAAOA,CAACC,KAAa,EAAU;EAC7C,OAAOF,QAAQ,CAACC,OAAO,CAACC,KAAK,CAAC;AAChC;AAEA,OAAO,SAASC,OAAOA,CAACC,SAAiB,EAAU;EACjD,OAAOJ,QAAQ,CAACG,OAAO,CAACC,SAAS,CAAC;AACpC","ignoreList":[]}

package/lib/typescript/src/NativeSecreton.d.ts

@@ -1,6 +1,7 @@
 import { type TurboModule } from 'react-native';
 export interface Spec extends TurboModule {
-    multiply(a: number, b: number): number;
+    encrypt(value: string): string;
+    decrypt(encrypted: string): string;
 }
 declare const _default: Spec;
 export default _default;

package/lib/typescript/src/NativeSecreton.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"NativeSecreton.d.ts","sourceRoot":"","sources":["../../../src/NativeSecreton.ts"],"names":[],"mappings":"AAAA,OAAO,EAAuB,KAAK,WAAW,EAAE,MAAM,cAAc,CAAC;AAErE,MAAM,WAAW,IAAK,SAAQ,WAAW;IACvC,QAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;CACxC;;AAED,wBAAkE"}
+{"version":3,"file":"NativeSecreton.d.ts","sourceRoot":"","sources":["../../../src/NativeSecreton.ts"],"names":[],"mappings":"AAAA,OAAO,EAAuB,KAAK,WAAW,EAAE,MAAM,cAAc,CAAC;AAErE,MAAM,WAAW,IAAK,SAAQ,WAAW;IACvC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC;IAC/B,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;CACpC;;AAED,wBAAkE"}

package/lib/typescript/src/NodeSecreton.d.ts

@@ -24,6 +24,7 @@ export interface GenerateEnvOptions {
     fetchEnv?: 'consul' | 'vault';
 }
 export declare function encrypt(value: string, key: string): string;
+export declare function decrypt(encrypted: string, key: string): string;
 export declare function readExistingEnv(envFile: string): Set<string>;
 export declare function generateEnv(options: GenerateEnvOptions): Promise<void>;
 //# sourceMappingURL=NodeSecreton.d.ts.map

package/lib/typescript/src/NodeSecreton.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"NodeSecreton.d.ts","sourceRoot":"","sources":["../../../src/NodeSecreton.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,QAAQ;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,QAAQ,GAAG;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB,CAAC;AAEF,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,KAAK,CAAC,EAAE,WAAW,CAAC;IACpB,QAAQ,CAAC,EAAE,QAAQ,GAAG,OAAO,CAAC;CAC/B;AAED,wBAAgB,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,UAGjD;AAED,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,CAc5D;AAwCD,wBAAsB,WAAW,CAAC,OAAO,EAAE,kBAAkB,iBAgC5D"}
+{"version":3,"file":"NodeSecreton.d.ts","sourceRoot":"","sources":["../../../src/NodeSecreton.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,QAAQ;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,QAAQ,GAAG;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB,CAAC;AAEF,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,KAAK,CAAC,EAAE,WAAW,CAAC;IACpB,QAAQ,CAAC,EAAE,QAAQ,GAAG,OAAO,CAAC;CAC/B;AAED,wBAAgB,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,UAGjD;AAED,wBAAgB,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,UAGrD;AAED,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,CAc5D;AAwCD,wBAAsB,WAAW,CAAC,OAAO,EAAE,kBAAkB,iBAgC5D"}

package/lib/typescript/src/index.d.ts

@@ -1,2 +1,3 @@
-export declare function multiply(a: number, b: number): number;
+export declare function encrypt(value: string): string;
+export declare function decrypt(encrypted: string): string;
 //# sourceMappingURL=index.d.ts.map

package/lib/typescript/src/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.tsx"],"names":[],"mappings":"AAEA,wBAAgB,QAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAErD"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.tsx"],"names":[],"mappings":"AAEA,wBAAgB,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE7C;AAED,wBAAgB,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAEjD"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "react-native-secreton",
-  "version": "2.2.1",
+  "version": "2.3.1",
   "description": "Config secret variables for React Native apps",
   "keywords": [
     "react-native",
@@ -48,7 +48,8 @@
     "nitrogen": "nitrogen",
     "typecheck": "tsc",
     "lint": "eslint \"src/**/*.{js,ts,tsx}\"",
-    "test": "jest",
+    "test": "jest -c jest.config.cjs",
+    "test:coverage": "jest -c jest.config.cjs --coverage --coverageDirectory=.coverage",
     "release": "release-it --only-version"
   },
   "bin": {
@@ -76,6 +77,7 @@
     "@react-native/eslint-config": "0.83.0",
     "@release-it/conventional-changelog": "^10.0.1",
     "@types/jest": "^29.5.14",
+    "@types/node": "^25.0.5",
     "@types/react": "^19.2.0",
     "commitlint": "^19.8.1",
     "del-cli": "^6.0.0",
@@ -90,6 +92,7 @@
     "react-native": "0.83.0",
     "react-native-builder-bob": "^0.40.17",
     "release-it": "^19.0.4",
+    "ts-jest": "^29.4.6",
     "turbo": "^2.5.6",
     "typescript": "^5.9.2"
   },

package/react-native-secreton.podspec

@@ -23,5 +23,7 @@ Pod::Spec.new do |s|
     :execution_position => :before_compile
   }
 
+  s.frameworks = 'Foundation', 'Security'
+
   install_modules_dependencies(s)
 end

package/src/NativeSecreton.ts

@@ -1,7 +1,8 @@
 import { TurboModuleRegistry, type TurboModule } from 'react-native';
 
 export interface Spec extends TurboModule {
-  multiply(a: number, b: number): number;
+  encrypt(value: string): string;
+  decrypt(encrypted: string): string;
 }
 
 export default TurboModuleRegistry.getEnforcing<Spec>('Secreton');

package/src/NodeSecreton.ts

@@ -37,6 +37,11 @@ export function encrypt(value: string, key: string) {
   return execSync(cmd).toString().trim();
 }
 
+export function decrypt(encrypted: string, key: string) {
+  const cmd = `printf "%s" "${encrypted}" | openssl enc -aes-256-cbc -a -A -d -salt -pbkdf2 -iter 100000 -pass pass:${key}`;
+  return execSync(cmd).toString().trim();
+}
+
 export function readExistingEnv(envFile: string): Set<string> {
   if (!fs.existsSync(envFile)) return new Set();
 
@@ -113,7 +118,7 @@ export async function generateEnv(options: GenerateEnvOptions) {
 
   const newLines = entries
     .filter(({ key }) => !existingKeys.has(key))
-    .map(({ key, value }) => `${key}=enc:${encrypt(value, secretKey)}`);
+    .map(({ key, value }) => `${key}=Secreton:${encrypt(value, secretKey)}`);
 
   if (newLines.length === 0) {
     console.log('ℹ️ [Node] Secreton no new env keys to add');

package/src/index.tsx

@@ -1,5 +1,9 @@
 import Secreton from './NativeSecreton';
 
-export function multiply(a: number, b: number): number {
-  return Secreton.multiply(a, b);
+export function encrypt(value: string): string {
+  return Secreton.encrypt(value);
+}
+
+export function decrypt(encrypted: string): string {
+  return Secreton.decrypt(encrypted);
 }