Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?


Failed to load latest commit information.
Latest commit message
Commit time
November 25, 2021 13:51
December 14, 2021 14:54
January 9, 2020 10:39
May 14, 2020 13:59
December 15, 2019 13:18
December 13, 2021 10:31
November 25, 2021 13:51
December 13, 2021 10:37


NPM MIT License Continuous Integration Coverage Status

Serialized AES-GCM 256 encryption, decryption and key management in the browser & Node.js.


$ yarn add @47ng/cloak
# or
$ npm i @47ng/cloak


The package comes with a CLI tool you can use to generate and manage keys, as well as encrypting and decrypting data in the terminal:

$ cloak --help
Usage: cloak [options] [command]

  -h, --help                 output usage information

  generate                   Generate an AES-GCM key
  encrypt [options] [key]    Encrypt stdin
  decrypt                    Decrypt stdin
  revoke <keyFingerprint>    Remove a key from the environment keychain
  keychain [options] [full]  List the contents of the environment keychain

# Start by generating an empty keychain and master key:
$ cloak generate
Key:          k1.aesgcm256.DL2G9PQeZ9r65J59pph6dy9Sk4fBLEZ3CTQZsandgYE=
Fingerprint:  6f28c026

Generated new empty keychain:
export CLOAK_MASTER_KEY=k1.aesgcm256.DL2G9PQeZ9r65J59pph6dy9Sk4fBLEZ3CTQZsandgYE=
export CLOAK_KEYCHAIN=v1.aesgcm256.6f28c026.yhCUkzv5gOyHJ2M_.jrGSf2_MPVofk-kSDgnYzvEy

# Copy/paste the exports into your terminal
# (the CLI does not mutate your environment directly)
$ export CLOAK_MASTER_KEY=k1.aesgcm256.DL2G9PQeZ9r65J59pph6dy9Sk4fBLEZ3CTQZsandgYE=
$ export CLOAK_KEYCHAIN=v1.aesgcm256.6f28c026.yhCUkzv5gOyHJ2M_.jrGSf2_MPVofk-kSDgnYzvEy

# Generate a key to use for encryption
$ cloak generate
Key:          k1.aesgcm256.pHLFYdaqXut62LoFbt8KV80x_YNyZPmY0kQaPhJ0Ehc=
Fingerprint:  cd38bcc4

Updated keychain:
export CLOAK_MASTER_KEY=k1.aesgcm256.DL2G9PQeZ9r65J59pph6dy9Sk4fBLEZ3CTQZsandgYE=
export CLOAK_KEYCHAIN=v1.aesgcm256.6f28c026.jr9fqMA_RfNhIjHz.lo4IfIYfZ0zxrdSns_ibWq6YX1D5AnzN-fhUF0CKVx5dRVIo0x-Atumr9WZqpHOeEIWT5bEGFKHhxGkFdwk2vg5TZQNk5Rj_jo3hnfSLaFAYncG59dB  jUkz1JE0Plq2d-GR1AbDs6P18VzOG_JrU

To use this new key as default for encryption:
export CLOAK_CURRENT_KEY=cd38bcc4

# Encrypt sdtin
$ echo 'Hello, World !' | cloak encrypt

# Decrypt stdin
$ echo 'v1.aesgcm256.cd38bcc4.yxAp2iONy7zYOhbs.X2zmGpmGw9a7tiSnyukEW8Ac-2IIcIENW5uHxtHYyA==' | cloak decrypt
Hello, World !

Programmatic Usage

// Works in the browser or in Node.js

import { generateKey, encryptString, decryptString } from '@47ng/cloak'

const demo = async () => {
  const key = generateKey()
  const cipher = await encryptString('Hello, World', key)
  const decipher = await decryptString(cipher, key)


MIT - Made with ❤️ by François Best

Using this package at work ? Sponsor me to help with support and maintenance.