Songshu 🐿️
A usable node module for secure credential storage
Introduction 🔰
songshu
is a friendly squirrel🐿️ that can act almost as a drop in replacement for configstore
(it has minor API differences) but provides extra methods and stores data as encrypted by default. For the most part, it is an encrypted wrapper around the npm package configstore
but also contains helpful prompting functionality from inquirer
. songshu
provides the following features:
- Security hardened 🔒.
songshu
by default automatically encrypts all information it receives from the user to manage.songshu
prompts the user for a password with which to seed the encryption key. - Convenient Storage 🌰.
songshu
automatically stores🌰 answers it receives into encryptedconfigstore
. - Extra Convenient 🆒. You can provide an array of questions to
songshu
and havesongshu
only prompt the user if the answer is not already saved in storage. - User Friendly 🙂.
songshu
usesinquirer
for prompts which means that the prompts look attractive, simple, and friendly. - Compatible ✅.
songshu
plays well with others and can be used almost as a drop in replacement for the extremely popularconfigstore
(which it uses under the hood). See the section issues and differences.songshu
has been trained to mimic the behavior of config store, but not all. Not thoroughly tested, but the API exposes the same functions⚙️.
Contents 📖
- Introduction
- Contents
- Installation
- Usage
- Issues and
configstore
Differences - Extra Features
- Cryptography
- Roadmap
Installation 🏗️
yarn add songshu # or npm install songshu
Usage ⌨️
The API is nearly identical to the npm package configstore
, so you can copy their examples except with some exceptions.
const Songshu = const packageJson = const songshu = packageJsonname
configstore
Differences
Issues and This section only describes the surface API differences between the two, it does not include encryption which is defined in the section cryptography.
configstore
has three properties which insongshu
are methods:.size
,.path
, and.all
. That means you should access them like this:
let all = songshualllet path = songshulet size = songshusize
This may change, if some people would prefer it this way.
Extra Features
getSet
:songshu
'sgetSet
function is similar toconfigstore
'sset
function, except:getSet
only accepts a key, it does not accept a value.- If the key already exists in storage,
getSet
will not redefine it. - If the key does not exist in storage,
getSet
will prompt the user to enter it with inquirer.
The features below are not yet implemented in the external API
-
setPrompt
: There is a use case missing from getSet, namely that a developer may wish to prompt the user to replace the value given to a key, even if that key already exists in storage.songshu
ssetPrompt
method doesn't care if a key/value pair exists in the storage or not. It will be overwritten if it exists, it will be created if it does not exist.songshu -
The following
songshu
methods accept arrays as parameters:get
: Returns an array of values corresponding to the array of keys.getSet
: Checks every key in the array to see if it exists in storage, if it doesn't, it will prompt the user to set its value.setPrompt
: For every key in the array, it will prompt the user to set its value.
-
reKey
-
padString
Cryptography 🔒
see section Cryptography for details
Data stored with songshu
is encrypted by default. The key used for encryption is obtained by prompting the user for a password and stetching it into a full key. The prompt will occur every time the user attempts to do something for which decryption is required. soon You can save time entering your encryption key to an environment variable, this will however mean you encryption key is stored on your hardrive. Presently it only ever exists in memory.
Roadmap 🛣️
-
Basic functionality
- set( key, value )
- set( Object )
- get( key )
- has( key )
- delete( key )
- clear()
- size()
- path()
- all()
-
Songshu extensions
- getSet(key, options{})
- getSet( [ key1, key2, ... ], options{} )
- getSet( [ key1, key2, ... ], [ options1{}, options2{}, ... ])
- getSetDefault( key, options )
- getSetDefault( [key, key2, ...], options{})
- getSetDefault( [key, key2, ...], [options1{}, options2{}, ...])
- get( [ key1, key2, ... ] )
- hashTest()
- stretchPassword(password)
- setPrompt( key )
- reKey()
- exportEncryptionKey()
- exportEncryptedData()
- exportDecryptedData()
-
Three interfaces:
- Node Module
- Non-Interactive CLI with
commander
- Interactive CLI with
inquirer
-
Customize logging options
-
Support more encryption options. See cryptography roadmap for details.
Passing Options
Not yet implemented
You can pass an object to the songshu
constructor for additional configuration.
options = mask: '*' globalConfigPath: false configPath: `/configstore/.json` encryption: enabled: true alg_stretching: alg_name: 'argon2id' memory_cost: 2**18 alg_encryption: alg_name: 'aes-256-xts' alg_padding: alg_name: 'nacl'
set
, getSet
, getSetDefault
can take as arguments an object, an array of objects, a value, or an array of values
can