@nest-boot/crypt
Classes
CryptModule
Defined in: packages/crypt/src/crypt.module.ts:82
Module that provides encryption and decryption services using JWE (A256GCMKW + A256GCM).
Uses HKDF to derive a 32-byte key from the secret, so secrets of any length are accepted.
Example
import { CryptModule } from '@nest-boot/crypt';
@Module({
imports: [
CryptModule.register({
secret: process.env.CRYPT_SECRET
}),
],
})
export class AppModule {}
Generate a secure secret:
node -e "console.log(require('crypto').randomBytes(32).toString('base64url'))"
Extends
ConfigurableModuleClass
Indexable
[key: string]: any
Constructors
Constructor
new CryptModule(): CryptModule;
Defined in: node_modules/.pnpm/@nestjs+common@11.1.11/node_modules/@nestjs/common/module-utils/interfaces/configurable-module-cls.interface.d.ts:12
Returns
Inherited from
ConfigurableModuleClass.constructor
Methods
register()
static register(options): DynamicModule;
Defined in: packages/crypt/src/crypt.module.ts:88
Registers the CryptModule with the given options.
Parameters
| Parameter | Type | Description |
|---|---|---|
options | CryptModuleOptions & Partial<{ }> | Configuration options including secret and isGlobal |
Returns
DynamicModule
Dynamic module configuration
Overrides
ConfigurableModuleClass.register
registerAsync()
static registerAsync(options): DynamicModule;
Defined in: packages/crypt/src/crypt.module.ts:97
Registers the CryptModule asynchronously with factory functions.
Parameters
| Parameter | Type | Description |
|---|---|---|
options | ConfigurableModuleAsyncOptions<CryptModuleOptions, "create"> & Partial<{ }> | Async configuration options |
Returns
DynamicModule
Dynamic module configuration
Overrides
ConfigurableModuleClass.registerAsync
CryptService
Defined in: packages/crypt/src/crypt.service.ts:23
Service that provides encryption and decryption functionality using JWE (JSON Web Encryption).
Uses HKDF to derive a 32-byte key from the secret, then A256GCMKW for key management and A256GCM for content encryption. Accepts secrets of any length.
Example
import { CryptService } from '@nest-boot/crypt';
// Initialize at application startup for static usage
CryptService.init(process.env.CRYPT_SECRET);
// Use static methods
const encrypted = await CryptService.encrypt(data);
const decrypted = await CryptService.decrypt(encrypted);
Constructors
Constructor
new CryptService(secret): CryptService;
Defined in: packages/crypt/src/crypt.service.ts:82
Creates an instance of CryptService.
Parameters
| Parameter | Type | Description |
|---|---|---|
secret | string | The secret key to use for encryption/decryption |
Returns
Accessors
instance
Get Signature
get static instance(): CryptService;
Defined in: packages/crypt/src/crypt.service.ts:31
Gets the static CryptService instance.
Throws
Error if CryptService has not been initialized via init()
Returns
The CryptService instance
Methods
decrypt()
decrypt(value): Promise<string>;
Defined in: packages/crypt/src/crypt.service.ts:113
Decrypts a JWE compact serialization string. The secret is first derived using HKDF-SHA256.
Parameters
| Parameter | Type | Description |
|---|---|---|
value | string | The JWE string to decrypt |
Returns
Promise<string>
The decrypted plaintext string
encrypt()
encrypt(value): Promise<string>;
Defined in: packages/crypt/src/crypt.service.ts:99
Encrypts a string value using JWE with A256GCMKW and A256GCM. The secret is first derived using HKDF-SHA256.
Parameters
| Parameter | Type | Description |
|---|---|---|
value | string | The plaintext string to encrypt |
Returns
Promise<string>
A JWE compact serialization string
decrypt()
static decrypt(value): Promise<string>;
Defined in: packages/crypt/src/crypt.service.ts:71
Decrypts a JWE string using the static instance.
Parameters
| Parameter | Type | Description |
|---|---|---|
value | string | The JWE compact serialization string to decrypt |
Returns
Promise<string>
The decrypted plaintext string
Throws
Error if CryptService has not been initialized via init()
encrypt()
static encrypt(value): Promise<string>;
Defined in: packages/crypt/src/crypt.service.ts:61
Encrypts a string value using the static instance.
Parameters
| Parameter | Type | Description |
|---|---|---|
value | string | The plaintext string to encrypt |
Returns
Promise<string>
A JWE compact serialization string
Throws
Error if CryptService has not been initialized via init()
init()
static init(secret): void;
Defined in: packages/crypt/src/crypt.service.ts:51
Initializes the static CryptService instance with the given secret. Call this method at application startup to configure the default secret.
Parameters
| Parameter | Type | Description |
|---|---|---|
secret | string | The secret key to use for encryption/decryption |
Returns
void
Example
// In your application bootstrap
CryptService.init(process.env.CRYPT_SECRET);
Interfaces
CryptModuleOptions
Defined in: packages/crypt/src/crypt-module-options.interface.ts:4
Configuration options for the CryptModule.
Properties
secret?
optional secret: string;
Defined in: packages/crypt/src/crypt-module-options.interface.ts:9
The secret key used for encryption and decryption. If not provided, falls back to CRYPT_SECRET or APP_SECRET environment variables.
Functions
isJwe()
function isJwe(value): boolean;
Defined in: packages/crypt/src/utils/is-jwe.ts:14
Checks if a string is a valid JWE (JSON Web Encryption) compact serialization.
JWE compact serialization format: BASE64URL(UTF8(JWE Protected Header)) || '.' || BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE Authentication Tag)
Parameters
| Parameter | Type | Description |
|---|---|---|
value | string | The string to check |
Returns
boolean
true if the string appears to be a valid JWE