Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Keep configuration data encrypted in production. Pause server initialisation until the decryption key is received.
CoffeeScript
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
src
.gitignore
LICENSE
README.md
package.json

README.md

Secure Setup

About

Keep your server configuration data encrypted in production.

Security bugs are everywhere. Hense we must build software that stops any individal failure speading to entire systems. Should anyone gain access to your production node server, you wouldn't want them also getting your DB authorisations, AWS secrets, Twilio password etc. Maybe you think you can safely keep data in environment variables, or hidden files, but these are trivial to find for someone who has access to your source code.

In production, Secure Setup provides a simple interface for developers to decrypt and use configration data stored on the server as ciphertext. This is achieved by launching a server that waits until it receives the developer's key. On receipt, the configuration data is decrypted and passed as an object to a setup function. This initialises connections to databases and services before removing the plaintext configuration data from memory.

In 'development' mode, Secure Setup will create both plaintext and ciphertext config files (assuming they don't already exist). The setup function is then invoked with the config data as an argument, without the need to manually enter a decryption key.

Install

npm install secure-setup

Usage

setup = require 'secure-setup'
setup (err, config) ->
  return console.error err if err
  # Connect to DBs
  # Connect to AWS
  # Connect to Twilio

, options
Something went wrong with that request. Please try again.