Merge pull request #12 from kuzzleio/2-dev

Release 2.0.0

.eslintrc

@@ -0,0 +1,16 @@
+{
+  "root": true,
+  "parser": "@typescript-eslint/parser",
+  "plugins": [
+    "@typescript-eslint"
+  ],
+  "extends": [
+    "eslint:recommended",
+    "plugin:@typescript-eslint/eslint-recommended",
+    "plugin:@typescript-eslint/recommended"
+  ],
+  "rules": {
+    "@typescript-eslint/no-explicit-any": 0,
+    "@typescript-eslint/no-var-requires": 0
+  }
+}

.gitignore

@@ -1,3 +1,4 @@
 node_modules
 coverage
-.nyc_output
+.nyc_output
+build/

.travis.yml

@@ -1,11 +1,11 @@
 sudo: required
 language: node_js
 node_js:
-  - 8
+  - 12
 install:
   - npm install
 script:
-  - npm test && cat ./coverage/lcov.info | ./node_modules/.bin/codecov
+  - npm test
 notifications:
   email: false
   slack:

README.md

@@ -12,7 +12,7 @@
 
 ## About
 
-Kuzzle Vault offers a secure storage system for secrets. It can encrypt inside a file your secrets and also decrypt in memory the encrypted file.
+Kuzzle Vault offers a secure storage system for secrets. It can encrypt your secrets in a file then easily decrypt & load them into memory.
 
 ___
 
@@ -44,137 +44,101 @@ Once encrypted, the file looks like the following:
 
 ___
 
-## Api
+## Usage
 
-[Vault.constructor](#constructor)
-[Vault.decrypt](#decrypt)
-[Vault.encrypt](#encrypt)
-[Vault.encryptKey](#encryptKey)
-[Vault.decryptKey](#decryptKey)
-
-___
+First, you need to encrypt your secrets. The easiest way to do that is to use [Kourou, the Kuzzle CLI](https://github.com/kuzzleio/kourou/#kourou-vaultadd-secrets-file-key-value).
 
-### Vault.constructor
-
-The constructor of the `Vault` class.
+```bash
+$ kourou vault:encrypt config/prod/secrets.json --vault-key <password>
 
-```js
-Vault(vaultKey [, secretsFile, encryptedSecretsFile]);
+ 🚀 Kourou - Encrypts an entire file.
+
+ [✔] Secrets were successfully encrypted into the file config/prod/secrets.enc.json
 ```
 
-**Arguments**
+Then, you can securely store your secrets inside your repository and share them with you team. 
 
-| Name | Type              | Description |
-| -------- | ----------------- | ----------- |
-| `vaultKey`  | <pre>string</pre> | The key used to encrypt and decrypt secrets   |
-| `secretsFile`  | <pre>string</pre> | Optional secrets file   |
-| `encryptedSecretsFile`  | <pre>string</pre> | Optional encrypted secrets file   |
+To load the secrets inside an application, instantiate the Vault with the same password as for the encryption and the path to the secrets file.  
 
-**Properties**
-
-| Property | Type | Description |
-| `secrets` | <pre>string</pre> | The decrypted secrets after calling [decrypt](#decrypt) |
-
-#### Usage
+Then, use the decrypt method to load the secrets into the memory.  
 
 ```js
-const vault = new Vault('my vault key', 'secrets.json', 'secrets.enc.json');
-```
+const vault = new Vault('password');
+vault.decrypt('config/prod/secrets.enc.json');
 
-___
+// secrets are now available
+vault.secrets
+```
 
-### Vault.decrypt
+You can also provide the password with the environment variable `KUZZLE_VAULT_KEY`.  
 
-Decrypt the content of the file designated by `encryptedSecretsFile` in the [constructor](#constructor) and store the decrypted content inside `secrets` of the `Vault` class.
+```js
+// process.env.KUZZLE_VAULT_KEY === 'password'
 
-<br/>
+const vault = new Vault();
+vault.decrypt('config/prod/secrets.enc.json');
 
-```js
-decrypt();
+// secrets are now available
+vault.secrets
 ```
 
+## Vault class
 
-#### Usage
-
-```js
-const vault = new Vault('my vault key', 'secrets.json', 'secrets.enc.json');
-vault.decrypt();
-console.log(vault.secrets); // Display decrypted secrets
-```
+[Vault.constructor](#constructor)
+[Vault.decrypt](#decrypt)
 
 ___
 
-### Vault.encrypt
-
-Encrypt the content of the file designated by `secretsFile` in the [constructor](#constructor) and store the encrypted content in the file designated by `encryptedSecretsFile` in the [constructor](#constructor) or `outputFile` passed as argument. If the file exists it will be rewritten only if you set the argument `replaceFileIfExist` to `true`.
+### Vault.constructor
 
-<br/>
+The constructor of the `Vault` class.
 
 ```js
-encrypt([outputFile, replaceFileIfExist]);
+Vault(vaultKey: string | undefined);
 ```
 
 **Arguments**
 
 | Name | Type              | Description |
 | -------- | ----------------- | ----------- |
-| `outputFile`  | <pre>string</pre> | Optional file used to store the encrypted secrets. If not set `encryptedSecretsFile` from the [constructor](#constructor) will be used instead |
-| `replaceFileIfExist`  | <pre>bool</pre> | Optional argument to overwrite the file if it already exists |
-
+| `vaultKey`  | <pre>String</pre> | The key used to encrypt and decrypt secrets   |
 
 #### Usage
 
 ```js
-const vault = new Vault('my vault key', 'secrets.json', 'secrets.enc.json');
-vault.encrypt('new-secrets.enc.json', true);
+const vault = new Vault('my vault key');
 ```
 
-### Vault.encryptKey
+___
 
-Encrypt the content of the file designated by `secretsFile` in the [constructor](#constructor) and store the encrypted content in the file designated by `encryptedSecretsFile` in the [constructor](#constructor) or `outputFile` passed as argument. If the file exists it will be rewritten only if you set the argument `replaceFileIfExist` to `true`.
+### Vault.decrypt
+
+Decrypts the content of the file designated by `encryptedVaultPath` and store the decrypted content inside the property `secrets` of the `Vault` class.
 
 <br/>
 
 ```js
-encrypt([outputFile, replaceFileIfExist]);
+decrypt(encryptedVaultPath: string);
 ```
 
-**Arguments**
-
-| Name | Type              | Description |
-| -------- | ----------------- | ----------- |
-| `outputFile`  | <pre>string</pre> | Optional file used to store the encrypted secrets. If not set `encryptedSecretsFile` from the [constructor](#constructor) will be used instead |
-| `replaceFileIfExist`  | <pre>bool</pre> | Optional argument to overwrite the file if it already exists |
-
 
 #### Usage
 
 ```js
-const vault = new Vault('my vault key', 'secrets.json', 'secrets.enc.json');
-vault.encrypt('new-secrets.enc.json', true);
-```
-
-### Vault.decryptKey
+const vault = new Vault('my vault key');
+vault.decrypt('path/to/secrets.enc.json');
 
-Encrypt the content of the file designated by `secretsFile` in the [constructor](#constructor) and store the encrypted content in the file designated by `encryptedSecretsFile` in the [constructor](#constructor) or `outputFile` passed as argument. If the file exists it will be rewritten only if you set the argument `replaceFileIfExist` to `true`.
-
-<br/>
-
-```js
-encrypt([outputFile, replaceFileIfExist]);
+vault.secrets // Contains decrypted secrets
 ```
 
-**Arguments**
-
-| Name | Type              | Description |
-| -------- | ----------------- | ----------- |
-| `outputFile`  | <pre>string</pre> | Optional file used to store the encrypted secrets. If not set `encryptedSecretsFile` from the [constructor](#constructor) will be used instead |
-| `replaceFileIfExist`  | <pre>bool</pre> | Optional argument to overwrite the file if it already exists |
+## [Cryptonomicon](./src/Cryptonomicon.ts) class
 
+This class contains the cryptography primitives used to encrypt and decrypt the secrets.  
 
-#### Usage
+There are 4 methods available:
+ - `decryptObject`
+ - `encryptObject`
+ - `encryptString`
+ - `decryptString`
 
-```js
-const vault = new Vault('my vault key', 'secrets.json', 'secrets.enc.json');
-vault.encrypt('new-secrets.enc.json', true);
-```
+You can use this class to build your own tools to decrypt or encrypt secrets inside your application.