Skip to content

Latest commit

 

History

History
38 lines (29 loc) · 1.28 KB

README.md

File metadata and controls

38 lines (29 loc) · 1.28 KB

field-encryption-client

circleci

This package simplifies client-side field encryption implementation to the point where the developer only needs to worry about encryption/decrypting field data & storing the encrypted data key (DEK).

Note: This library currently only supports AWS KMS for the key-encryption-key (KEK) via AWS SDK v3.

Usage

Getting started

Usage of the library stems from the class FieldEncryptionClient.

const client = new FieldEncryptionClient(
    kekConfig, // AWS KMS configuration
);

Creation/Retrieval of DEK

Newly created DEKs are automatically encrypted with the KEK Retrieved DEKs are automatically decrypted with the KEK.

// Create a new DEK (if one doesn't already exist)
const dek = await client.createDataKey();

or

// Retrieve & decrypt (when an existing DEK already exists)
const dek = await client.getDataKey(encryptedDek); // Decrypts the DEK with the kekConfig

Encryption & Decryption

// Encryption
const encryptedAsBuffer = client.encrypt(fieldAsBuffer, dek);

// Decryption
const fieldAsBuffer = client.decrypt(encryptedAsBuffer, dek);