{"id":26193980,"url":"https://github.com/bjacobel/vinz","last_synced_at":"2025-10-04T08:57:39.444Z","repository":{"id":57392697,"uuid":"60141248","full_name":"bjacobel/vinz","owner":"bjacobel","description":"Enables secure storage of credentials right in your git repo using AWS KMS.","archived":false,"fork":false,"pushed_at":"2017-08-11T16:01:39.000Z","size":79,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-09-15T03:38:13.687Z","etag":null,"topics":["aws-kms","aws-lambda","client","credentials","kms","lambda"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bjacobel.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-06-01T03:04:24.000Z","updated_at":"2018-11-14T15:14:04.000Z","dependencies_parsed_at":"2022-09-26T16:51:28.606Z","dependency_job_id":null,"html_url":"https://github.com/bjacobel/vinz","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/bjacobel/vinz","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bjacobel%2Fvinz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bjacobel%2Fvinz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bjacobel%2Fvinz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bjacobel%2Fvinz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bjacobel","download_url":"https://codeload.github.com/bjacobel/vinz/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bjacobel%2Fvinz/sbom","scorecard":{"id":241120,"data":{"date":"2025-08-11","repo":{"name":"github.com/bjacobel/vinz","commit":"97a95a0a47eaa4c1a62cbff38ac4eee58d515588"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.7,"checks":[{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/26 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 6 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"75 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw","Warn: Project is vulnerable to: GHSA-rrc9-gqf8-8rwg","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-pp7h-53gx-mx7r","Warn: Project is vulnerable to: GHSA-832h-xg76-4gv6","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx","Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-9vvw-cc9w-f27h","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-hr2v-3952-633q","Warn: Project is vulnerable to: GHSA-h6ch-v84p-w6p9","Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h","Warn: Project is vulnerable to: GHSA-qrmc-fj45-qfc2","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-8r6j-v8pm-fqw3","Warn: Project is vulnerable to: MAL-2023-462","Warn: Project is vulnerable to: GHSA-xf7w-r453-m56c","Warn: Project is vulnerable to: GHSA-q42p-pg8m-cqh6","Warn: Project is vulnerable to: GHSA-w457-6q6x-cgp9","Warn: Project is vulnerable to: GHSA-62gr-4qp9-h98f","Warn: Project is vulnerable to: GHSA-f52g-6jhx-586p","Warn: Project is vulnerable to: GHSA-2cf5-4w76-r9qv","Warn: Project is vulnerable to: GHSA-3cqr-58rm-57f8","Warn: Project is vulnerable to: GHSA-g9r4-xpmj-mj65","Warn: Project is vulnerable to: GHSA-q2c6-c6pm-g3gh","Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44","Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988","Warn: Project is vulnerable to: GHSA-44pw-h2cw-w3vq","Warn: Project is vulnerable to: GHSA-jp4x-w63m-7wgm","Warn: Project is vulnerable to: GHSA-c429-5p7v-vgjp","Warn: Project is vulnerable to: GHSA-x55w-vjjp-222r","Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37","Warn: Project is vulnerable to: GHSA-4hpf-3wq7-5rpr","Warn: Project is vulnerable to: GHSA-f522-ffg8-j8r6","Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546","Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx","Warn: Project is vulnerable to: GHSA-896r-f27r-55mw","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-282f-qqgm-c34q","Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695","Warn: Project is vulnerable to: GHSA-fvqr-27wr-82fm","Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574","Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-f9cm-qmx5-m98h","Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-w9mr-4mfr-499f","Warn: Project is vulnerable to: GHSA-6394-6h9h-cfjg","Warn: Project is vulnerable to: GHSA-gqgv-6jq5-jjj9","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-6g33-f262-xjp4","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6","Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj","Warn: Project is vulnerable to: GHSA-2m39-62fm-q8r3","Warn: Project is vulnerable to: GHSA-mf6x-7mm4-x2g7","Warn: Project is vulnerable to: GHSA-j44m-qm6p-hp7m","Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9","Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v","Warn: Project is vulnerable to: GHSA-g7q5-pjjr-gqvp","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-xc7v-wxcw-j472","Warn: Project is vulnerable to: GHSA-v2p6-4mp7-3r9v","Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T06:42:18.930Z","repository_id":57392697,"created_at":"2025-08-17T06:42:18.930Z","updated_at":"2025-08-17T06:42:18.930Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278289498,"owners_count":25962356,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-04T02:00:05.491Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-kms","aws-lambda","client","credentials","kms","lambda"],"created_at":"2025-03-12T01:53:52.045Z","updated_at":"2025-10-04T08:57:39.408Z","avatar_url":"https://github.com/bjacobel.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Vinz\n\n[![Build Status](https://travis-ci.org/bjacobel/vinz.svg?branch=master)](https://travis-ci.org/bjacobel/vinz) [![Coverage Status](https://coveralls.io/repos/github/bjacobel/vinz/badge.svg)](https://coveralls.io/github/bjacobel/vinz) [![npm](https://img.shields.io/npm/v/vinz.svg?maxAge=2592000)](https://npmjs.com/package/vinz)\n\n![keymaster](https://gifs.bjacobel.com/keymaster.gif)\n\n\u003e _I am the Keymaster!_\n\u003e\n\u003e-- Vinz Clortho, _Ghostbusters_ (1984)\n\n\n### _Motivation_\nVinz is the keymaster of your AWS Lambda applications. Storing secrets (keys and configuration) in Lambda is difficult out of the box because Lambda has no persistent file system and no notion of environment variables. Vinz aims to make the secret storage and usage process easy for Lambda functions - by storing your secrets encrypted and versioned right alongside your application in its deployment bundle, and providing a simple API for secret decryption and access.\n\n### _Simple Usage_\n- Encrypt a secret using the Vinz bash CLI:\n\n    ```bash\n    $\u003e vinz --encrypt TwitterConsumerKey\n    vinz: Enter the secret to encrypt as 'TwitterSecretKey'. (typing hidden):\n    secrets/TwitterConsumerKey encrypted and saved.\n    ```\n\n- Decrypt a secret from node:\n\n    ```javascript\n    import Vinz from 'vinz';\n    vinz = new Vinz();\n    vinz.get('TwitterSecretKey').then((TwitterSecretKey) =\u003e {\n        console.log(TwitterSecretKey);\n    });\n    ```\n\n### _Detailed Usage_\n\n#### 1. Set up KMS with a root key\nIn the AWS console, open up \"Identity and Access Management\" and click on \"Encryption Keys,\" then click on \"Create Key\" to set up the root Vinz key.\n\nYou must name the key with alias \"vinz\".\n\n![Create a key](https://i.bjacobel.com/20160531-464t5.png)\n\nSkip step 2 - the only role that should be able to administer the Vinz key is your root account role.\n\nIn step 3, you may already have an execution role set up for the Lambda you plan to use Vinz with - if so, grant that role access to use Vinz's key. Otherwise, skip this step. You can change this all later.\n\n![Step 3](https://i.bjacobel.com/20160531-gh9jh.png)\n\nClick \"Finish,\" then when you see the success message you're ready to start using Vinz.\n\n#### 2. Install Vinz\n\nThis one's easy: just `npm install --save vinz`.\n\n#### 3. Encrypt your first secret\n\nWhen it installed itself, Vinz created a CLI for you. Check out its helptext:\n\n```bash\n$\u003e node_modules/.bin/vinz --help\n\n  Usage: vinz [options]\n\n  Options:\n\n    -h, --help                                 output usage information\n    -V, --version                              output the version number\n    -p, --profile \u003cprofile\u003e                    Specify a ~/.aws/credentials profile to use\n    -a, --access-key-id \u003caccessKeyId\u003e          Override AWS access key found in env or in ~/.aws\n    -s, --secret-access-key \u003csecretAccessKey\u003e  Override AWS secret key found in env or in ~/.aws\n    -r, --region \u003cregion\u003e                      Override AWS region found in env or in ~/.aws\n    -e, --encrypt \u003csecretName\u003e                 Store an encrypted secret in ./secrets/secretName\n```\n\n`--encrypt` is the star here - it's the interface you'll use for storing your secrets. First, though, Vinz needs to know about your AWS account.\n\nTo pass your AWS credentials and configuration to Vinz, you have three options:\n\n1. Set your AWS credentials in an `~/.aws/credentials` file, and your supplementary config information (i.e., region) in an `~/.aws/config` file. See the [Configuring the AWS Command Line Interface](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files) documentation for more.\n2. Setting your AWS config with environment variables. To use this method, set the following environment variables:\n    - `AWS_ACCESS_KEY_ID`\n    - `AWS_SECRET_ACCESS_KEY`\n    - `AWS_DEFAULT_REGION`\n3. Pass your configuration in on the command line. This generally isn't recommended, as secrets set on the command line can linger in your `~/.bash_history`, so only use the `--access-key-id`, `--secret-access-key` and `--region` options for Vinz if you have good reason.\n\nNote that Vinz doesn't currently support mixing and matching these options - i.e., you can't set your credentials in `~/.aws/credentials` and your region on the command line.\n\nOnce you've got your credentials ready to go, you can encrypt your first secret. Pass the `--encrypt` option to Vinz with the name you'd like your secret to be available in your application as. For example:\n\n```bash\nnode_modules/.bin/vinz --encrypt TwitterConsumerKey\n```\n\nVinz will now ask you to enter the value you'd like to encrypt. Typing will be hidden.\n\n```\nvinz: Enter the secret to encrypt as 'TwitterConsumerKey'. (typing hidden):\n```\n\nType your secret, press enter, and Vinz will encrypt your secret using AWS KMS and save it at `./secrets/TwitterConsumerKey`. Commit your encrypted secret file to Git and/or include it in your Lambda deployment bundle, and you're ready to start using it in a Node application.\n\n#### 4. Use your secrets in Node\n\nWhile you're developing an application that uses Vinz on your local machine, the Vinz JS client will need your credentials to access AWS, However, in production code (running on AWS Lambda) you don't have to do any configuration for this yourself, as Lambdas are created with AWS credentials preset in the environment. For this reason, it's recommended to use AWS credential environment variables while developing locally, as this way you can share the same code between development and production.\n\n```\nAWS_ACCESS_KEY_ID=AKAAAAAAAAAAAA AWS_SECRET_ACCESS_KEY=1AAAA+AAAA/AAAAA AWS_DEFAULT_REGION=us-east-1 node app.js\n```\n\nTo use Vinz in a Lambda application, import it like so:\n\n```javascript\nimport Vinz from 'vinz';\n```\n\nIf you're not using Babel for ES6 modules, use the CJS syntax:\n\n```javascript\nconst Vinz = require('vinz');\n```\n\nThe following steps are the same regardless of your environment: instantiate a Vinz object. Note that while Lambda environments already know your AWS access and secret keys, they don't know your region, so you must pass one in.\n\n```javascript\nconst vinz = new Vinz('us-east-1');\n```\n\nNow, try getting a secret out of Vinz. `vinz.get` is the interfaces you'll use; it can be used for retrieving one or many secrets. `vinz.get` returns a `Promise`, and is demonstrated in examples below.\n\n```javascript\nvinz.get('TwitterConsumerKey').then((TwitterConsumerKey) =\u003e {\n  console.log(TwitterConsumerKey);\n});\n\nvinz.get('TwitterConsumerKey', 'TwitterSecretKey').then((secrets) =\u003e {\n  const [TwitterConsumerKey, TwitterSecretKey] = secrets;\n  console.log(TwitterConsumerKey, TwitterSecretKey)\n});\n```\n\nThat's all there is to using Vinz.\n\n### _Contributing_\nVinz welcomes pull requests! Please provide appropriate test coverage for new features and mention `@bjacobel` on your PR.\n\n### _License_\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbjacobel%2Fvinz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbjacobel%2Fvinz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbjacobel%2Fvinz/lists"}