JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 31
  • Score
    100M100P100Q53349F
  • License MIT

Encrypting and decrypting JSON objects using AWS Key Management Service (KMS) customer master keys

Package Exports

  • kms-json

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (kms-json) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

kms-json

npm version CircleCI Coverage Status

Node.JS module for encrypting and decrypting JSON objects using AWS Key Management Service (KMS) customer master keys.

A CLI wrapper is also available.

Usage

  • Install the package: npm install kms-json

  • Require and instantiate kms-json:

    const KmsJson = require('kms-json');
const kmsJson = new KmsJson({
  awsKmsSettings: {
    accessKeyId: 'AKIAIOSFODNN7EXAMPLE',
    secretAccessKey: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
    region: 'us-east-1'
  },
  keyId: 'arn:aws:kms:us-east-1:123456:key/a7c08fe1-b767-4883-8c94-85726'
});

Supported options:

Name Type Description
awsKmsSettings Object Settings object passed into the AWS.KMS constructor as defined in AWS Javascript SDK. Can be used to specify credentials, region, API version, etc. Default: {}
keyId string Cutomer master key's Amazon Resource Name (ARN) or unique key id (See AWS Javascript SDK, KeyId). Required
encoding string Character encoding to represent the encrypted string. Default: 'base64' See Node.JS Buffer API
  • Encrypt a JSON object:
const encrypted = yield kmsJson.encrypt({
  fullName: 'John Connor',
  userId: 123,
  isActive: true
});
console.log(encrypted);
// outputs a string like "AQECAHgNzJL58IXknWSXEuLX+0y9U4qC...rilpa8RMxzFV1"
// depending on the key, payload size, and encoding
  • Decrypt an encrypted JSON object:
const decrypted = yield kmsJson.decrypt(encrypted);
console.log(decrypted);
// outputs { fullName: 'John Connor', userId: 123, isActive: true }

CLI

node cli -h

[json-object] | node cli  -r [region] -k [access-key-id] -s [secret-access-key]
-m ["decrypt" OR "encrypt"] -y [kms-key-id] -c [encoding]

Options:
  -m, --mode               Mode       [required] [choices: "encrypt", "decrypt"]
  -r, --region             AWS Region                                 [required]
  -k, --access-key-id      AWS Access Key Id                          [required]
  -s, --secret-access-key  AWS Secret Access Key                      [required]
  -y, --kms-key-id         AWS KMS key id                             [required]
  -c, --encoding           Encoding of ciphertext                     [required]
  -h, --help               Show help                                   [boolean]

More examples at http://github.com/AlexanderMS/kms-json
  • Encrypt:
$ echo '{"fullName": "John Connor", "userId": 123, "isActive": true }' | node cli -r "us-east-1" -y "arn:aws:kms:us-east-1:123456:key/a7c08fe1-b767-4883-8c94-85726" -k "AKIAIOSFODNN7EXAMPLE" -s "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" -m encrypt -c "base64"
Provided JSON:
{
  "fullName": "John Connor",
  "userId": 123,
  "isActive": true
}
Specified encoding: base64
Encrypting...
AQECAHgNzJL58IXknWSXEuLX+0y9U4qCdOkGemXt5OM+6ba0aAAAAKkwgaYGCSqGSIb3DQEHBqCBmDCBlQIBADCBjwYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAzkDMa60HA8ePR8vIECARCAYssYOWcDTa6SfQRce2brSAZuDZS2TdJGksWyXvSiILLOgRKlyigZKbImXlboeYzIUDeSwivIBprmC1glq+3UrTRoPl+fZRJA4wjnBhBeVyCjEBQhmsFl1warilpa8RMxzFV1
  • Decrypt:
$ echo 'AQECAHgNzJL58IXknWSXEuLX+0y9U4qCdOkGemXt5OM+6ba0aAAAAKkwgaYGCSqGSIb3DQEHBqCBmDCBlQIBADCBjwYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAzkDMa60HA8ePR8vIECARCAYssYOWcDTa6SfQRce2brSAZuDZS2TdJGksWyXvSiILLOgRKlyigZKbImXlboeYzIUDeSwivIBprmC1glq+3UrTRoPl+fZRJA4wjnBhBeVyCjEBQhmsFl1warilpa8RMxzFV1' | node cli -r "us-east-1" -y "arn:aws:kms:us-east-1:123456:key/a7c08fe1-b767-4883-8c94-85726" -k "AKIAIOSFODNN7EXAMPLE" -s "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" -m decrypt -c "base64"
Provided ciphertext:
AQECAHgNzJL58IXknWSXEuLX+0y9U4qCdOkGemXt5OM+6ba0aAAAAKkwgaYGCSqGSIb3DQEHBqCBmDCBlQIBADCBjwYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAzkDMa60HA8ePR8vIECARCAYssYOWcDTa6SfQRce2brSAZuDZS2TdJGksWyXvSiILLOgRKlyigZKbImXlboeYzIUDeSwivIBprmC1glq+3UrTRoPl+fZRJA4wjnBhBeVyCjEBQhmsFl1warilpa8RMxzFV1
Specified encoding:  base64
Decrypting...
{"fullName": "John Connor", "userId": 123, "isActive": true }

For Windows command line (cmd.exe), do not wrap the piped input with quotes, i.e., replace '{"fullName": "John Connor"... }' with {"fullName": "John Connor"... }