node package manager


Ocean Yet Storms

Open-Source Secrets as a Service Platform.

Join The Live Alpha

Ships with

  • Secrets HTTP API Server
  • Secrets Client SDK
  • Secrets Web Admin Interface
  • Vagrantfile or DockerFile for easy installation


The security of Secrets is not something to be taken lightly.

Currently, I must advise you to NOT run Ocean Yet Storms in production.

I am using this library in production, so I do have a vested interest in making oys as secure as possible. Once this project has met your ( the communities' ) defined security requirements, I will be glad to brand and label oys as "Production Ready".

Until then please feel free to open a Github Issue with any security issues or questions or send an email to


  • Protects your configurations and secrets by removing them your servers
  • Removes all your secrets from ENV, CLI, and local config variables
  • Secrets Server + Secrets Agent
  • Secrets Web Administration Interface
  • Optional HTTP push configurations to Server environments
  • Optional Express based Middleware for recieving remote configuration push


Three Installation Options

  1. Build from Source
  2. Use Vagrantfile
  3. Use Dockerfile

From Source

  git clone
  cd oys
  npm install
  npm start

Note: You'll also need a CouchDB and Redis running on standard ports!

Using Vagrant


git clone
cd oys
vagrant up
vagrant ssh
cd oys
npm start

Using Docker


Server Usage

Express.js based server. See: for additional HTTP configuration API

var oys = require('oys');
oys.server.listen({ port: 4000 }, function (err, app) {
  if (err) {
    throw err;
  console.log('listening on port ', app.server.address())

SDK Usage

  var oys = require('oys');
  var client = oys.createClient({
    apiKey: '1234-5678'
  // gets a specific secret value by key 
  oys.get('password', function (err, secret) {
    console.log(err, secret);
  // get multiple keys at once 
  oys.get(['password', 'another-password'], function (err, secrets) {
    console.log(err, secrets);
  oys.set('password', 'value', function (err, secret) {
    console.log(err, secret);
  // sets a specific secret value by key 
  // Note: not available for read-only roles ( no writing secret values from server ) 

Middleware Usage

var oys =  require('oys');
var oysMiddle = oys.middle({});
app.use('/_oys', oysMiddle);

This will expose the following routes:

GET /_oys
POST /_oys

These routes are capable of receiving push updates from an oys server or client.


see: file

What's the deal with the project name?

If you actually look at the name Ocean Yet Storms long enough, you might figure it out. If that doesn't work, try brushing up on your Robert Redford movies.