├── .travis.yml ├── config.json ├── decrypt.js ├── encrypt.js ├── .gitignore ├── test.sh ├── package.json ├── index.js └── README.md /.travis.yml: -------------------------------------------------------------------------------- 1 | language: node_js 2 | node_js: 3 | - "0.11" 4 | - "0.10" 5 | -------------------------------------------------------------------------------- /config.json: -------------------------------------------------------------------------------- 1 | {"greatestCyndiLauperSongEver": "http://www.youtube.com/watch?v=yW8qxUitG-Q"} 2 | -------------------------------------------------------------------------------- /decrypt.js: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env node 2 | 3 | require("./")(require("crypto").createDecipher) 4 | -------------------------------------------------------------------------------- /encrypt.js: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env node 2 | 3 | require("./")(require("crypto").createCipher) 4 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | lib-cov 2 | *.seed 3 | *.log 4 | *.csv 5 | *.dat 6 | *.out 7 | *.pid 8 | *.gz 9 | 10 | pids 11 | logs 12 | results 13 | 14 | npm-debug.log 15 | node_modules 16 | config.copy.json 17 | config.json.cast5 18 | -------------------------------------------------------------------------------- /test.sh: -------------------------------------------------------------------------------- 1 | # link locally so that `npm run` works correctly 2 | npm link ../config-leaf 3 | 4 | # encrypt using the password `cynd1Lauper` 5 | echo "cynd1Lauper" | npm run encrypt 6 | 7 | # decrypt using the password `cynd1Lauper` 8 | echo "cynd1Lauper" | npm run decrypt 9 | 10 | # diff the two files, and exit with its length 11 | comm -3 config.json config.copy.json | wc -c | exit 12 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "config-leaf", 3 | "version": "0.3.0", 4 | "description": "Hide your sensitive node.js bits in plain sight.", 5 | "main": "index.js", 6 | "repository": { 7 | "type": "git", 8 | "url": "https://github.com/jed/config-leaf.git" 9 | }, 10 | "author": "Jed Schmidt ", 11 | "license": "MIT", 12 | "readmeFilename": "README.md", 13 | "gitHead": "e906d66eb6132cd515d9d77fdae699bdb644e58b", 14 | "bugs": { 15 | "url": "https://github.com/jed/config-leaf/issues" 16 | }, 17 | "scripts": { 18 | "test": "sh test.sh", 19 | "encrypt": "encrypt config.json config.json.cast5", 20 | "decrypt": "decrypt config.json.cast5 config.copy.json" 21 | }, 22 | "bin": { 23 | "encrypt": "./encrypt.js", 24 | "decrypt": "./decrypt.js" 25 | }, 26 | "engines": { 27 | "node": ">=0.10.0" 28 | }, 29 | "dependencies": { 30 | "prompt": "^1.0.0" 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /index.js: -------------------------------------------------------------------------------- 1 | var crypto = require("crypto"); 2 | var fs = require("fs"); 3 | var prompt = require("prompt"); 4 | var path = require("path"); 5 | 6 | module.exports = function(fn) { 7 | var from = path.join(process.cwd(), process.argv[2]); 8 | var to = path.join(process.cwd(), process.argv[3]); 9 | 10 | prompt.start(); 11 | 12 | prompt.get([ 13 | { 14 | description: "Enter the config password (" + path.basename(to) + "):\n", 15 | name: "password", 16 | type: "string", 17 | hidden: true, 18 | replace: "*", 19 | required: true 20 | } 21 | ], function (err, result) { 22 | if (err) { 23 | console.log(err); 24 | } else { 25 | from = fs.createReadStream(from); 26 | to = fs.createWriteStream(to); 27 | fn = fn("cast5-cbc", result.password); 28 | 29 | from.pipe(fn).pipe(to); 30 | from.on("end", function () { 31 | console.log("done"); 32 | prompt.stop(); 33 | }); 34 | } 35 | }); 36 | }; 37 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | config-leaf 2 | =========== 3 | 4 | 5 | 6 | config-leaf helps you hide your sensitive node.js bits in plain sight. It is based on [John Resig](https://github.com/jeresig)'s post, [Keeping Passwords in Source Control](http://ejohn.org/blog/keeping-passwords-in-source-control/). 7 | 8 | The idea is that the configuration of deployed apps can be managed in version control for transparency and ease of rollback. But, since configuration often contains sensitive information like passwords, it shouldn't be kept in plaintext. This is where config-leaf comes in, by letting you encrypt your config in development, check it in, and then decrypt it in production or other dev environments. 9 | 10 | Installation and configuration 11 | ------------------------------ 12 | 13 | Let's say that we have a node.js project with some sensitive configuration information, kept in a file called `config.json`. 14 | 15 | First, install this library as a dependency of the project: 16 | 17 | npm install config-leaf --save 18 | 19 | Then, make sure that you add this file to `.gitignore` (or appropriate ignore file depending on your version control system) to make sure it never gets checked in: 20 | 21 | echo config.json >> .gitignore 22 | 23 | Finally, edit your `package.json` to add the `encrypt` and `decrypt` scripts, such as in the following: 24 | 25 | ```json 26 | { 27 | "name": "my-project", 28 | "version": "0.0.1", 29 | "scripts": { 30 | ... 31 | "encrypt": "encrypt config.json config.json.cast5", 32 | "decrypt": "decrypt config.json.cast5 config.json" 33 | } 34 | } 35 | ``` 36 | 37 | Here, the `encrypt` script will encrypt the `config.json` file as `config.json.cast5`, and the `decrypt` script will decrypt the `config.json.cast5` file as `config.json`. In both cases, the name of the encrypted file can be chosen arbitrarily. 38 | 39 | Usage 40 | ----- 41 | 42 | Once config-leaf is installed and configured, run the `encrypt` command every time you update your configuration, and enter the password when prompted. 43 | 44 | npm run encrypt 45 | 46 | This saves the encrypted file according to the name you set in your `package.json`. 47 | 48 | After checking the file in, use the `decrypt` command in production or other dev environments, and enter the password when prompted. 49 | 50 | npm run decrypt 51 | 52 | Again, this saves the decrypted file according to the name you set in your `package.json`. 53 | 54 | TODO 55 | ---- 56 | 57 | - Compare timestamps to make sure decrypted file is up to date. 58 | 59 | LICENSE 60 | ------- 61 | 62 | (The MIT License) 63 | 64 | Copyright (c) 2013 Jed Schmidt <where@jed.is> 65 | 66 | Permission is hereby granted, free of charge, to any person obtaining 67 | a copy of this software and associated documentation files (the 68 | 'Software'), to deal in the Software without restriction, including 69 | without limitation the rights to use, copy, modify, merge, publish, 70 | distribute, sublicense, and/or sell copies of the Software, and to 71 | permit persons to whom the Software is furnished to do so, subject to 72 | the following conditions: 73 | 74 | The above copyright notice and this permission notice shall be 75 | included in all copies or substantial portions of the Software. 76 | 77 | THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, 78 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 79 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 80 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 81 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 82 | TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 83 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 84 | --------------------------------------------------------------------------------