JSPM

@defra/hapi-secure-context

0.4.0
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 2934
  • Score
    100M100P100Q122530F
  • License OGL-UK-3.0

A hapi plugin loading extra CA certs

Package Exports

  • @defra/hapi-secure-context
  • @defra/hapi-secure-context/src/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@defra/hapi-secure-context) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

Hapi SecureContext

A plugin to load custom CA certs into node's tls.secureContext.

Installing

npm install @defra/hapi-secure-context

Usage

The plugin will load custom certificates from environment variable. This is controlled via the plugin's options during registration.

Register the plugin

This should be done when creating the server.

import { secureContext } from '@defra/hapi-secure-context'

await server.register({
  plugin: secureContext.plugin,
  options: {}
})

By default, the plugin will attempt to load certificates from any environment variable starting with TRUSTSTORE_.

Options

The plugin suports the following options:

  • keys
  • prefix

Keys

Setting keys restricts the plugin to only load certificates from environment variables in the list. The environment variables must contain a base64 encoded certificate.

await server.register({
  plugin: secureContext.plugin,
  options: { keys: ['CERT_1', 'CERT_2'] }
})

Prefix

Setting prefix overrides the default prefix.

await server.register({
  plugin: secureContext.plugin,
  options: { prefix: 'MY_CUSTOM_PREFIX_' }
})

In the above example it will attempt to load any environment variable that begins with MY_CUSTOM_PREFIX_.

Usage

After registering, any certificate will be added to the default secureContext. Libraries that use the default node tls.secureContext will pick up these certs automatically.

The plugin will decorate the server object with an instance of secureContext, e.g. server.secureContext.

If you want to load the custom certificates manually, the plugin also decorates the server object with a customCACerts field. This contains an