Encrypt and decrypt JSON files with a secret key.
Uses libsodium's secret box (via sodium-native). Encrypted files are base64 with the nonce embedded, so a single file is all you need to decrypt.
npm install secret-json
The module is focused on reading. Pass it the contents of an encrypted file and your key and it returns the decrypted JSON.
const secretJSON = require('secret-json')
const fs = require('fs')
const key = process.env.SECRET_JSON_KEY // 32 byte key as hex or a buffer
const json = secretJSON(fs.readFileSync('./db.secret'), key)
console.log(json) // { user: 'admin', pass: 'hunter2' }
json = secretJSON(fileAsStringOrBuffer, key)Decrypt a file and return the JSON. key is a 32 byte buffer or a hex string.
Throws if the key is wrong or the file is corrupt. Also available as secretJSON.decrypt.
file = secretJSON.encrypt(json, key)Encrypt a JSON value and return the file as a base64 string.
key = secretJSON.keygen()Generate a new random 32 byte key as a buffer.
npm install -g secret-json
Generate a key and keep it somewhere safe
export SECRET_JSON_KEY=$(secret-json keygen)
Encrypt / decrypt a JSON file
secret-json encrypt config.json # writes config.json.secret
secret-json decrypt config.json.secret
Or generate an encrypted file straight from key=value pairs with --entry, -e.
It prints to stdout, so redirect it or pass --out, -o
secret-json generate -e user=admin -e pass=hunter2 > db.secret
secret-json generate -e user=admin -e pass=hunter2 -o db.secret
Every command takes --key, -k to pass a key inline instead of using $SECRET_JSON_KEY.
Run secret-json --help for more.
Apache-2.0