=============
$ npm i --save nodecredstash
let Credstash = require('nodecredstash');
let credstash = new Credstash();
credstash.putSecret({name: 'Death Star vulnerability', secret: 'Exhaust vent', version: 1, context: {rebel: 'true'}})
.then(() => credstash.getSecret({name: 'Death Star vulnerability', version: 1, context: {rebel: 'true'}})
.then(secret => console.log(secret));Options that are specific to the DynamoDB configuration.
Options that are specific to the KMS configuration.
The DynamoDB table where credentials are stored
default: credential-store
The name of the KMS key created for credstash.
default: alias/credstash
Context for encrypting and decrypting secrets with KMS.
The name of the secret that will be stored in DynamoDB
Can be a string or number. If it is a number, then nodecredstash will pad it with 0s so it can be sorted.
An optional callback function when you don't want to use promises;
credstash.getSecret({
name: 'Death Star plans',
context: {rebelShip: 'true'}
}, (err, res) => {
if (err) {
throw new Error('The Death Star plans are not in the main computer.');
}
...
})Create the table in DynamoDB using the table option
Encode a secret and place it in DynamoDB.
credstash.putSecret({
name: 'Death Star Vulnerability',
secret: 'Exhaust vent',
context: { rebel: 'true'}
});DynamoDB will now contain a record for this entry that looks like:
{
"name": "Death Star Vulnerability", //
"key": "...", // The value sent to KMS to retrieve the decryption key
"version": "0000000000000000001", // The version string, should be sorteable
"hmac": "...", // An HMAC validation value
"contents": "..." // The AES 128 encrypted value
}Returns the first sorted result for the given name key.
Returns the next incremented version version for the given name key.
Retrieve a decrypted secret from DynamoDB.
credstash.getSecret({name: 'Death Star Vulnerability', context: {rebelDroid: 'true'}})
.then(secrets => console.log(JSON.stringify(secrets, null, 2)));{
"Death Star Vulnerability": "Exhaust vent"
}Retrieve all decrypted secrets from DynamoDB.
The startsWith option will filter the response
credstash.getAllSecrets({context: {rebel: 'true'}})
.then(secrets => console.log(JSON.stringify(secrets, null, 2)));{
"Death Star vulnerability": "Exhaust vent"
}Retrieve all or the last N(limit) versions of a secret.
credstash.getAllSecrets({name: 'Death Star vulnerability', limit: 2, context: {rebel: 'true'}})
.then(secrets => console.log(JSON.stringify(secrets, null, 2)));[ { "version": "0000000000000000006", "secret": "Exhaust vent" },
{ "version": "0000000000000000005", "secret": "Destroy vent" } ]Retrieve all stored secrets and their highest version
credstash.listSecrets()
.then(list => console.log(JSON.stringify(list, null, 2)));[
{
"name": "Death Star",
"version": "0000000000000000001"
},
{
"name": "Death Star vulnerability",
"version": "0000000000000000001"
}
]Delete the desired secret by version from DynamoDB
credstash.deleteSecret({name: 'Death Star', version: 1})
// 'Deleting Death Star -- version 0000000000000000001'
.then(() => credstash.list())
.then(list => console.log(JSON.stringify(list, null, 2));[
{
"name": "Death Star vulnerability",
"version": "0000000000000000001"
}
]Deletes all of the versions of name
credstash.deleteSecrets({name: 'Death Star vulnerability'})
// 'Deleting Death Star vulnerability -- version 0000000000000000001'
.then(() => credstash.listSecrets())
.then(list => console.log(JSON.stringify(list, null, 2));[]