Plugin to enable Tymly to perform encryption. Powered by JSON web tokens
tymly-crypto-plugin provides access to the Tymly crypto service, the schema for the cryptoLocker model, and the state resources:
addCryptoEntry
A state resource to grab some sensitive data from a given JSON path, and encrypt within a JWT
Whose resourceConfig requires:
-
A
valuesarray which is a list of JSON Paths to encrypt and store intymly_cryptoLockertable -
An
expiryOffsetwhich is the lifetime of the JWT that will hold the sensitive data
"AddCryptoEntry": {
"Type": "Task",
"Resource": "module:addCryptoEntry",
"ResourceConfig": {
"values": [
"$.JSONPath.to.value.to.encrypt"
],
"expiryOffset": "ExpiryTime"
},
"End": true
}
getCryptoEntry
A state resource to grab some some encrypted data, and decrypt a JWT
Whose resourceConfig requires:
-
A
sourcestring which is a path to the in-memory OR postgres table the data to be decrypted is held in, in the form "NAMESPACE_TABLENAME" -
A
pathToDecryptionTargetsarray which is a list of JSONPaths -
A
valuesarray which is a list of JSON paths
"GetCryptoEntry": {
"Type": "Task",
"Resource": "module:getCryptoEntry",
"ResourceConfig": {
"source": "NAMESPACE_TABLENAME",
"pathToDecryptionTargets": [
"$.JSONPath.to.decryption.targets",
"$.JSONPath.to.decryption.targets",
...
],
"values": [
"$.JSONPath.to.value.to.decrypt",
...
]
},
"End": true
}
and is soon to include:
deleteExpiredCryptoValues
$ npm install @wmfs/tymly-crypto-plugin --save
tymly-crypto-plugin only requires an encryption string to be present to run.
$ npm run test
TYMLY_AUTH_AUDIENCE=anyStringYouLike