Skip to content

wmfs/tymly-crypto-plugin

Repository files navigation

tymly-crypto-plugin

Tymly Blueprint npm (scoped) CircleCI codecov CodeFactor Dependabot badge Commitizen friendly JavaScript Style Guide license

Plugin to enable Tymly to perform encryption. Powered by JSON web tokens

tymly-crypto-plugin provides access to the Tymly crypto service, the schema for the cryptoLocker model, and the state resources:

addCryptoEntry

A state resource to grab some sensitive data from a given JSON path, and encrypt within a JWT

Whose resourceConfig requires:

  • A values array which is a list of JSON Paths to encrypt and store in tymly_cryptoLocker table

  • An expiryOffset which is the lifetime of the JWT that will hold the sensitive data

"AddCryptoEntry": {
      "Type": "Task",
      "Resource": "module:addCryptoEntry",
      "ResourceConfig": {
        "values": [
          "$.JSONPath.to.value.to.encrypt"
        ],
        "expiryOffset": "ExpiryTime"
      },
      "End": true
    }

getCryptoEntry

A state resource to grab some some encrypted data, and decrypt a JWT

Whose resourceConfig requires:

  • A source string which is a path to the in-memory OR postgres table the data to be decrypted is held in, in the form "NAMESPACE_TABLENAME"

  • A pathToDecryptionTargets array which is a list of JSONPaths

  • A values array which is a list of JSON paths

"GetCryptoEntry": {
      "Type": "Task",
      "Resource": "module:getCryptoEntry",
      "ResourceConfig": {
        "source": "NAMESPACE_TABLENAME",
        "pathToDecryptionTargets": [
          "$.JSONPath.to.decryption.targets",
          "$.JSONPath.to.decryption.targets",
          ...
        ],
        "values": [
          "$.JSONPath.to.value.to.decrypt",
          ...
        ]
      },
      "End": true
    }

and is soon to include:

deleteExpiredCryptoValues

Install

$ npm install @wmfs/tymly-crypto-plugin --save

Testing

tymly-crypto-plugin only requires an encryption string to be present to run.

$ npm run test

Environment Variables

TYMLY_AUTH_AUDIENCE=anyStringYouLike