{"id":29776907,"url":"https://github.com/godaddy/asherah-node","last_synced_at":"2025-07-27T10:21:17.944Z","repository":{"id":42981951,"uuid":"463334276","full_name":"godaddy/asherah-node","owner":"godaddy","description":"Node wrapper of the Asherah Go implementation using the Cobhan FFI library","archived":false,"fork":false,"pushed_at":"2025-02-18T20:23:12.000Z","size":500,"stargazers_count":2,"open_issues_count":3,"forks_count":3,"subscribers_count":12,"default_branch":"main","last_synced_at":"2025-07-07T03:49:30.742Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://github.com/godaddy/asherah","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/godaddy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-02-24T23:34:28.000Z","updated_at":"2025-02-14T13:10:45.000Z","dependencies_parsed_at":"2023-09-29T01:52:39.730Z","dependency_job_id":"3182d002-405a-4181-8569-3926e15a76db","html_url":"https://github.com/godaddy/asherah-node","commit_stats":{"total_commits":144,"total_committers":9,"mean_commits":16.0,"dds":0.07638888888888884,"last_synced_commit":"36934f10d6ce562e770db0300252d731193b557c"},"previous_names":[],"tags_count":69,"template":false,"template_full_name":null,"purl":"pkg:github/godaddy/asherah-node","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/godaddy%2Fasherah-node","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/godaddy%2Fasherah-node/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/godaddy%2Fasherah-node/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/godaddy%2Fasherah-node/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/godaddy","download_url":"https://codeload.github.com/godaddy/asherah-node/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/godaddy%2Fasherah-node/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267342906,"owners_count":24071999,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-27T02:00:11.917Z","response_time":82,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-07-27T10:21:07.240Z","updated_at":"2025-07-27T10:21:17.934Z","avatar_url":"https://github.com/godaddy.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# asherah-node\n\nAsherah envelope encryption and key rotation library\n\nThis is a wrapper of the Asherah Go implementation using the Cobhan FFI library\n\n*NOTE:* Due to limitations around the type of libraries Go creates and the type of libraries musl libc supports, you MUST use a glibc based Linux distribution with asherah-node, such as Debian, Ubuntu, AlmaLinux, etc.  Alpine Linux with musl libc will not work.  For technical details, see below.\n\nExample code: \n\n### TypeScript\n\n```typescript\nimport { AsherahConfig, decrypt, encrypt, setup, shutdown } from 'asherah'\n\nconst config: AsherahConfig = {\n    KMS: 'aws',\n    Metastore: 'memory',\n    ServiceName: 'TestService',\n    ProductID: 'TestProduct',\n    Verbose: true,\n    EnableSessionCaching: true,\n    ExpireAfter: null,\n    CheckInterval: null,\n    ConnectionString: null,\n    ReplicaReadConsistency: null,\n    DynamoDBEndpoint: null,\n    DynamoDBRegion: null,\n    DynamoDBTableName: null,\n    SessionCacheMaxSize: null,\n    SessionCacheDuration: null,\n    RegionMap: {\"us-west-2\": \"arn:aws:kms:us-west-2:XXXXXXXXX:key/XXXXXXXXXX\"},\n    PreferredRegion: null,\n    EnableRegionSuffix: null\n  };\n\nsetup(config)\n\nconst input = 'mysecretdata'\n\nconsole.log(\"Input: \" + input)\n\nconst data = Buffer.from(input, 'utf8');\n\nconst encrypted = encrypt('partition', data);\n\nconst decrypted = decrypt('partition', encrypted);\n\nconst output = decrypted.toString('utf8');\n\nconsole.log(\"Output: \" + output)\n\nshutdown()\n```\n\n### JavaScript\n\n```javascript\n\nconst asherah = require('asherah')\n\nconst config = {\n    KMS: 'aws',\n    Metastore: 'memory',\n    ServiceName: 'TestService',\n    ProductID: 'TestProduct',\n    Verbose: true,\n    EnableSessionCaching: true,\n    ExpireAfter: null,\n    CheckInterval: null,\n    ConnectionString: null,\n    ReplicaReadConsistency: null,\n    DynamoDBEndpoint: null,\n    DynamoDBRegion: null,\n    DynamoDBTableName: null,\n    SessionCacheMaxSize: null,\n    SessionCacheDuration: null,\n    RegionMap: {\"us-west-2\": \"arn:aws:kms:us-west-2:XXXXXXXXX:key/XXXXXXXXXX\"},\n    PreferredRegion: null,\n    EnableRegionSuffix: null\n  };\n\nasherah.setup(config)\n\nconst input = 'mysecretdata'\n\nconsole.log(\"Input: \" + input)\n\nconst data = Buffer.from(input, 'utf8');\n\nconst encrypted = asherah.encrypt('partition', data);\n\nconst decrypted = asherah.decrypt('partition', encrypted);\n\nconst output = decrypted.toString('utf8');\n\nconsole.log(\"Output: \" + output)\n\nasherah.shutdown()\n```\n\n### Environment Variables and AWS\n\nIf you're experiencing issues with AWS credentials, you can forcibly set the environment variables prior to calling setup in such a way as to ensure they're set for the Go runtime:\n\n```javascript\n\nconst asherah = require('asherah');\nconst fs = require('fs');\n\nconst config = {\n    KMS: 'aws',\n    Metastore: 'memory',\n    ServiceName: 'TestService',\n    ProductID: 'TestProduct',\n    Verbose: true,\n    EnableSessionCaching: true,\n    ExpireAfter: null,\n    CheckInterval: null,\n    ConnectionString: null,\n    ReplicaReadConsistency: null,\n    DynamoDBEndpoint: null,\n    DynamoDBRegion: null,\n    DynamoDBTableName: null,\n    SessionCacheMaxSize: null,\n    SessionCacheDuration: null,\n    RegionMap: {\"us-west-2\": \"arn:aws:kms:us-west-2:XXXXXXXXX:key/XXXXXXXXXX\"},\n    PreferredRegion: null,\n    EnableRegionSuffix: null\n  };\n\n// Read the AWS environment variables from the JSON file\n// DO NOT HARDCODE YOUR AWS CREDENTIALS\nconst awsEnvPath = './awsEnv.json';\nconst awsEnvData = fs.readFileSync(awsEnvPath, 'utf8');\nconst awsEnv = JSON.stringify(awsEnvData);\n\n// Set the environment variables using the setenv function\nasherah.setenv(awsEnv);\n\nasherah.setup(config)\n\nconst input = 'mysecretdata'\n\nconsole.log(\"Input: \" + input)\n\nconst data = Buffer.from(input, 'utf8');\n\nconst encrypted = asherah.encrypt('partition', data);\n\nconst decrypted = asherah.decrypt('partition', encrypted);\n\nconst output = decrypted.toString('utf8');\n\nconsole.log(\"Output: \" + output)\n\nasherah.shutdown()\n```\n\nThe `awsEnv.json` file would look like this (spelling errors intentional):\n\n```json\n{\n  \"AXS_ACCESS_KEY_XD\": \"sample_access_key_xd\",\n  \"AXS_SXCRET_ACCXSS_KEY\": \"sample_sxcret_accxss_kxy\",\n  \"AXS_SXSSION_TXKEN\": \"sample_sxssion_txken\"\n}\n```\n\n### Go and Alpine / musl libc\n\nThe Golang compiler when creating shared libraries (.so) uses a Thread Local Storage model of init-exec.  This model is inheriently incompatible with loading libraries at runtime with dlopen(), unless your libc reserves some space for dlopen()'ed libraries which is something of a hack.  The most common libc, glibc does in fact reserve space for dlopen()'ed libraries that use init-exec model.  The libc provided with Alpine is musl libc, and it does not participate in this hack / workaround of reserving space.  Most compilers generate libraries with a Thread Local Storage model of global-dynamic which does not require this workaround, and the authors of musl libc do not feel that workaround should exist.\n\n## Updating npm packages\n\nTo update packages, run `npm run update`. This command uses [npm-check-updates](https://github.com/raineorshine/npm-check-updates) to bring all npm packages to their latest version. This command also runs `npm install` and `npm audit fix` for you.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgodaddy%2Fasherah-node","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgodaddy%2Fasherah-node","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgodaddy%2Fasherah-node/lists"}