tecto 1.0.0 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -6
- package/dist/index.d.ts +4 -4
- package/package.json +4 -1
package/README.md
CHANGED
|
@@ -35,7 +35,7 @@ const key = generateSecureKey();
|
|
|
35
35
|
|
|
36
36
|
// 2. Set up the key store
|
|
37
37
|
const store = new MemoryKeyStore();
|
|
38
|
-
store.addKey("my-key-
|
|
38
|
+
store.addKey("my-key-2026", key);
|
|
39
39
|
|
|
40
40
|
// 3. Create a coder
|
|
41
41
|
const coder = new TectoCoder(store);
|
|
@@ -47,7 +47,7 @@ const token = coder.encrypt(
|
|
|
47
47
|
);
|
|
48
48
|
|
|
49
49
|
console.log(token);
|
|
50
|
-
// → tecto.v1.my-key-
|
|
50
|
+
// → tecto.v1.my-key-2026.base64url_nonce.base64url_ciphertext
|
|
51
51
|
|
|
52
52
|
// 5. Decrypt it
|
|
53
53
|
const payload = coder.decrypt(token);
|
|
@@ -181,12 +181,12 @@ const payload = coder.decrypt<MyType>(token);
|
|
|
181
181
|
## Key Rotation
|
|
182
182
|
|
|
183
183
|
```ts
|
|
184
|
-
store.addKey("key-
|
|
184
|
+
store.addKey("key-2026-01", key1);
|
|
185
185
|
// ... time passes ...
|
|
186
|
-
store.rotate("key-
|
|
186
|
+
store.rotate("key-2026-06", key2);
|
|
187
187
|
|
|
188
|
-
// New tokens use key-
|
|
189
|
-
store.removeKey("key-
|
|
188
|
+
// New tokens use key-2026-06, old tokens still decrypt via key-2026-01
|
|
189
|
+
store.removeKey("key-2026-01"); // after all old tokens expire
|
|
190
190
|
```
|
|
191
191
|
|
|
192
192
|
## Testing
|
package/dist/index.d.ts
CHANGED
|
@@ -83,7 +83,7 @@ interface KeyStoreAdapter {
|
|
|
83
83
|
/**
|
|
84
84
|
* Adds a key to the store. If this is the first key, it becomes the current key.
|
|
85
85
|
*
|
|
86
|
-
* @param id - A unique identifier for the key (e.g., `"key-
|
|
86
|
+
* @param id - A unique identifier for the key (e.g., `"key-2026-01"`).
|
|
87
87
|
* @param secret - A 32-byte `Uint8Array` key. Must pass entropy validation.
|
|
88
88
|
* @throws {KeyError} If `secret` is not exactly 32 bytes or has insufficient entropy.
|
|
89
89
|
*/
|
|
@@ -295,8 +295,8 @@ declare class TokenNotActiveError extends TectoError {
|
|
|
295
295
|
* @example
|
|
296
296
|
* ```ts
|
|
297
297
|
* const store = new MemoryKeyStore();
|
|
298
|
-
* store.addKey("key-
|
|
299
|
-
* const key = store.getKey("key-
|
|
298
|
+
* store.addKey("key-2026-01", generateSecureKey());
|
|
299
|
+
* const key = store.getKey("key-2026-01");
|
|
300
300
|
* ```
|
|
301
301
|
*/
|
|
302
302
|
declare class MemoryKeyStore implements KeyStoreAdapter {
|
|
@@ -305,7 +305,7 @@ declare class MemoryKeyStore implements KeyStoreAdapter {
|
|
|
305
305
|
/**
|
|
306
306
|
* Adds a key to the store. If this is the first key, it becomes the current key.
|
|
307
307
|
*
|
|
308
|
-
* @param id - A unique identifier for the key (e.g., `"key-
|
|
308
|
+
* @param id - A unique identifier for the key (e.g., `"key-2026-01"`).
|
|
309
309
|
* @param secret - A 32-byte `Uint8Array` key. Validated for entropy.
|
|
310
310
|
* @throws {KeyError} If `secret` is not exactly 32 bytes or has insufficient entropy.
|
|
311
311
|
*
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "tecto",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.2",
|
|
4
4
|
"description": "Transport Encrypted Compact Token Object — an opaque, XChaCha20-Poly1305 encrypted token protocol",
|
|
5
5
|
"type": "commonjs",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -26,6 +26,9 @@
|
|
|
26
26
|
"tsup": "8.4.0",
|
|
27
27
|
"typescript": "5.9.3"
|
|
28
28
|
},
|
|
29
|
+
"repository": {
|
|
30
|
+
"url": "https://github.com/Zastinian/tecto"
|
|
31
|
+
},
|
|
29
32
|
"keywords": [
|
|
30
33
|
"tecto",
|
|
31
34
|
"token",
|