-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
20d560e
commit 1f015f4
Showing
5 changed files
with
61 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
import { | ||
createCipheriv, | ||
createDecipheriv, | ||
pbkdf2Sync, | ||
randomBytes, | ||
} from 'crypto'; | ||
|
||
function deriveKey(password: string, salt: string): Buffer { | ||
return pbkdf2Sync(password, salt, 100000, 32, 'sha256'); | ||
} | ||
|
||
function encrypt( | ||
text: string, | ||
ENCRYPTION_SALT: string, | ||
MASTER_PASSWORD: string, | ||
): { iv: string; encryptedData: string } { | ||
const iv = randomBytes(16); | ||
const key = deriveKey(MASTER_PASSWORD, ENCRYPTION_SALT); | ||
const cipher = createCipheriv('aes-256-cbc', key, iv); | ||
let encrypted = cipher.update(text, 'utf8', 'hex'); | ||
encrypted += cipher.final('hex'); | ||
return { | ||
iv: iv.toString('hex'), | ||
encryptedData: encrypted, | ||
}; | ||
} | ||
|
||
function decrypt( | ||
iv: string, | ||
encryptedData: string, | ||
ENCRYPTION_SALT: string, | ||
MASTER_PASSWORD: string, | ||
): string { | ||
const key = deriveKey(MASTER_PASSWORD, ENCRYPTION_SALT); | ||
const decipher = createDecipheriv('aes-256-cbc', key, Buffer.from(iv, 'hex')); | ||
let decrypted = decipher.update(encryptedData, 'hex', 'utf8'); | ||
decrypted += decipher.final('utf8'); | ||
return decrypted; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
CREATE TABLE encrypted_env_vars ( | ||
id UUID PRIMARY KEY DEFAULT gen_random_uuid(), | ||
project_id UUID NOT NULL, | ||
name VARCHAR(255) NOT NULL, | ||
encrypted_value BYTEA NOT NULL, | ||
iv BYTEA NOT NULL, | ||
created_at TIMESTAMP WITH TIME ZONE DEFAULT now() NOT NULL, | ||
updated_at TIMESTAMP WITH TIME ZONE DEFAULT now() NOT NULL, | ||
FOREIGN KEY (project_id) REFERENCES projects (id) ON DELETE CASCADE | ||
); |