@aegisjsproject/secret-store

Proxy-based wrapper for encrypting and decrypting data over any storage object

---

• Code of Conduct
• Contributing

Installation

npm

npm install @aegisjsproject/secret-store

<script type="importmap">

<script type="importmap">
{
  "imports": {
    "@aegisjsproject/secret-store": "https://unpkg.com/@aegisjsproject/secret-store/secret-store.min.js",
    "@shgysk8zer0/aes-gcm": "https://unpkg.com/@shgysk8zer0/aes-gcm/aes-gcm.min.js"
  }
}
</script>

API

useSecretStore(key, targetObject, handler)

Creates an encrypted proxy around an object where values are automatically encrypted on set and decrypted on get.

Parameters:

• key - CryptoKey with decrypt usage (encrypt usage required for setter)
• targetObject - Object to wrap (defaults to process.env)
• handler - ProxyHandler (defaults to Reflect)

Returns: [proxy, setter] - Frozen array containing the proxy and async setter function

Throws: TypeError if key lacks decrypt usage

openSecretStoreFile(key, path, config)

Node.js only. Loads and wraps a JSON file as an encrypted store.

Parameters:

• key - CryptoKey
• path - File path string
• config.encoding - File encoding (default: "utf8")
• config.handler - ProxyHandler (default: Reflect)
• config.signal - AbortSignal for cancellation

Returns: Promise resolving to [proxy, setter]

Usage

import { useSecretStore, openSecretStoreFile } from '@aegisjsproject/secret-store';

// Generate key
const key = await crypto.subtle.generateKey(
  { name: 'AES-GCM', length: 256 },
  false,
  ['encrypt', 'decrypt']
);

// Create store
const [store, set] = useSecretStore(key, {});

// Values are encrypted when set, decrypted when accessed
await set('password', 'secret123');
const password = await store.password; // 'secret123'

// Load from file (Node.js)
const [fileStore] = await openSecretStoreFile(key, './secrets.json');