gilles/system_update
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
system_update/server/crypto/secrets.ts
T
gilles feb136ffc1 feat: chiffrement AES-256-GCM des secrets + lecture env 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-04 20:58:04 +02:00

24 lines
1.1 KiB
TypeScript
Raw Permalink Blame History

// server/crypto/secrets.ts
import { createCipheriv, createDecipheriv, randomBytes } from "node:crypto";
const ALGO = "aes-256-gcm";
/** Chiffre une chaîne. Format de sortie: base64(iv).base64(tag).base64(ciphertext). */
export function encryptSecret(plaintext: string, keyHex: string): string {
const key = Buffer.from(keyHex, "hex");
const iv = randomBytes(12);
const cipher = createCipheriv(ALGO, key, iv);
const ct = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
const tag = cipher.getAuthTag();
return [iv.toString("base64"), tag.toString("base64"), ct.toString("base64")].join(".");
}
export function decryptSecret(blob: string, keyHex: string): string {
const key = Buffer.from(keyHex, "hex");
const [ivB64, tagB64, ctB64] = blob.split(".");
if (!ivB64 || !tagB64 || !ctB64) throw new Error("Blob chiffré invalide");
const decipher = createDecipheriv(ALGO, key, Buffer.from(ivB64, "base64"));
decipher.setAuthTag(Buffer.from(tagB64, "base64"));
return Buffer.concat([decipher.update(Buffer.from(ctB64, "base64")), decipher.final()]).toString("utf8");
}
Reference in New Issue View Git Blame Copy Permalink