99[ ![ package size] ( https://deno.bundlejs.com/?q=%40latehours/secret&badge=detailed&badge-style=flat&label=size )] ( https://bundlejs.com/?q=%40latehours/secret )
1010
1111** ` secret ` ** is a simple utility library for handling sensitive data in any
12- typescript app. no more accidentally leaking tokens or emails into logs!
12+ typescript app. no more leaking tokens or emails into logs by accident.
1313
1414is has ** zero dependencies** and has fairly exhaustive test coverage.
1515
1616### motivation
1717
18- the main purpose is to prevent accidental leaking of secrets into logs,
19- stdout, JSON.stringify calls, writes to files and so on by the developer.
20- ` secret ` makes revealing the secret value explicit .
18+ ` secret ` makes revealing the secret value explicit and intentional. it
19+ prevents accidental leaking of secrets into logs, stdout, JSON.stringify
20+ calls, writes to files and so on by the developer .
2121
2222keep in mind that the secret is still stored in memory unencrypted and can be
2323read by a debugger or by inspecting the memory of the process. this is not a
24- security library. continue to use encryption for sensitive data at rest .
24+ security library. continue to use encryption for sensitive data.
2525
26- behind the scenes the secret is stored in the secret object as a bytes array so
27- it's not plaintext. but keep in mind that this is more security by obscurity
28- than anything else.
26+ behind the scenes the secret is stored in javascript object as a bytes array,
27+ not plaintext. this is more security by obscurity than anything else.
2928
3029## usage
3130
@@ -52,19 +51,54 @@ console.log(hidden); // logs [REDACTED]
5251const = Secret .expose (hidden );
5352```
5453
55- when wrapping a value into a secret in ` io-ts ` or ` zod ` schema make sure to
56- clean up any intermediate secrets such as the unparsed input.
54+ #### considerations
55+
56+ when wrapping a value into a secret such as in ` io-ts ` or ` zod ` schema make
57+ sure to clean up any intermediate secrets such as the unparsed input.
5758
5859sending a secret over the network is not possible as the secret is not
5960serializable by design. use encryption for that or better yet, don't handle the
6061secret at all.
6162
63+ ### usage as a ` Secret ` ` class `
64+
65+ sometimes it can be more convenient to wrap the secret into a class and pass it
66+ around in your app. this way one doesn't need to litter codebase with
67+ ` @latehours/secret ` imports.
68+
69+ example code:
70+
71+ ``` typescript
72+ import { fromString , expose } from " @latehours/secret"
73+ import type { Secret as SecretInternal } from " @latehours/secret"
74+
75+ class Secret {
76+ secret: SecretInternal
77+
78+ constructor (value : string ) {
79+ this .secret = fromString (value )
80+ }
81+
82+ expose() {
83+ return expose (this .secret )
84+ }
85+
86+ toString() {
87+ return this .secret .toString ()
88+ }
89+ }
90+
91+ export function createSecret(value : string ) {
92+ return new Secret (value )
93+ }
94+ ```
95+
6296### ` io-ts ` codec
6397
6498provided for convenience. check out tests for exported ` io-ts ` ` decoder ` and
65- ` encoder ` usage.
99+ ` encoder ` for usage.
66100
67- you need to have ` io-ts ` installed in your project.
101+ you need to have ` fp-ts ` and ` io-ts ` installed in your project.
68102
69103``` typescript
70104import { SecretCodec } from " @latehours/secret/io-ts"
0 commit comments