NestJS Encrytion is a NestJS 9+ module that provides plug-and-play encryption and decryption functionality to your NestJS application.
- Uses
aes-256-cbc
by default, but supports other ciphers as well. - Provides a keygen (API and CLI) for generating random and secure encryption keys.
- Thoroughly tested.
NestJS Encryption can be installed with your favorite package manager.
# NPM
npm install @hedger/nestjs-encryption
# Yarn
yarn add @hedger/nestjs-encryption
# PNPM
pnpm add @hedger/nestjs-encryption
Setting up the module inside your NestJS application is a matter of registering
the module within your AppModule
. The module is registered globally by default
and can be used anywhere in your application.
You may use either the forRoot
or forRootAsync
method to register the module in your AppModule
.
The forRoot
method is the simplest way to register the module.
import { EncryptionModule, Cipher } from "@hedger/nestjs-encryption";
@Module({
imports: [
EncryptionModule.forRoot({
key: process.env.APP_KEY,
cipher: Cipher.AES_256_CBC,
}),
],
})
export class AppModule {}
The forRootAsync
method allows you to register the module asynchronously,
optionally resolving the encryption key from a configuration service. Here's
an example that uses the ConfigService
from @nestjs/config
to resolve the
encryption key from the APP_KEY
environment variable.
import { ConfigModule, ConfigService } from "@nestjs/config";
import { EncryptionModule, Cipher } from "@hedger/nestjs-encryption";
@Module({
imports: [
ConfigModule.forRoot({
isGlobal: true,
}),
EncryptionModule.forRootAsync({
useFactory: (configService: ConfigService) => ({
key: configService.get<string>("APP_KEY"),
}),
inject: [ConfigService],
}),
],
controllers: [AppController],
providers: [AppService],
})
export class AppModule {}
Inject the EncryptionService in your service or controller.
import { EncryptionService } from "@hedger/nestjs-encryption";
@Injectable()
export class FooService {
constructor(private readonly crypto: EncryptionService) {}
someMethod() {
const encrypted = this.crypto.encrypt("some value");
const decrypted = this.crypto.decrypt(encrypted);
}
}
This package expects the encryption key to be a base64-encoded string of N random
bytes, where N is the key length of the cipher you're using. For example, the
aes-256-cbc
cipher has a key length of 32 bytes, so the encryption key must
be a base64-encoded string of 32 random bytes.
This package provides CLI utility for generating random and secure encryption keys.
# Generates a random key for the aes-256-cbc cipher (default)
npm exec nestjs-encryption-keygen
By default, the keygen generates keys for the aes-256-cbc
cipher. You may
specify a different cipher by passing the --cipher
option.
# Generates a random key for the aes-128-cbc cipher
npm exec nestjs-encryption-keygen --cipher aes-128-cbc
See the Supported ciphers section for a list of supported ciphers.
Random and secure encryption keys may also be generated programmatically by
calling the generateKey
method on the EncryptionService
class.
import { Cipher, EncryptionService } from "@hedger/nestjs-encryption";
// Pass the desired cipher as the first argument.
const key = EncryptionService.generateKey(Cipher.AES_256_CBC);
The following ciphers are supported by this package.
aes-256-cbc
(default)aes-256-gcm
aes-128-cbc
aes-128-gcm
Copyright Β© 2023, Nicolas Hedger. Released under the MIT License.