{"id":18488458,"url":"https://github.com/maxdeviant/redux-persist-transform-encrypt","last_synced_at":"2025-04-08T21:30:31.629Z","repository":{"id":39707315,"uuid":"58835053","full_name":"maxdeviant/redux-persist-transform-encrypt","owner":"maxdeviant","description":"Encrypt your Redux store","archived":true,"fork":false,"pushed_at":"2024-02-02T16:21:28.000Z","size":416,"stargazers_count":362,"open_issues_count":0,"forks_count":63,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-03-19T05:44:47.910Z","etag":null,"topics":["encryption","react","redux","redux-persist","redux-persist-transform"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/maxdeviant.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-05-14T23:34:19.000Z","updated_at":"2025-03-02T19:35:25.000Z","dependencies_parsed_at":"2023-02-08T08:30:16.719Z","dependency_job_id":"fbdf2230-6959-40e7-bae3-6f80a06c7fa4","html_url":"https://github.com/maxdeviant/redux-persist-transform-encrypt","commit_stats":{"total_commits":122,"total_committers":5,"mean_commits":24.4,"dds":"0.049180327868852514","last_synced_commit":"9565c01ea9d2464bee9befc6c705dfc02f0845eb"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maxdeviant%2Fredux-persist-transform-encrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maxdeviant%2Fredux-persist-transform-encrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maxdeviant%2Fredux-persist-transform-encrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maxdeviant%2Fredux-persist-transform-encrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/maxdeviant","download_url":"https://codeload.github.com/maxdeviant/redux-persist-transform-encrypt/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247930970,"owners_count":21020142,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["encryption","react","redux","redux-persist","redux-persist-transform"],"created_at":"2024-11-06T12:51:45.309Z","updated_at":"2025-04-08T21:30:31.621Z","avatar_url":"https://github.com/maxdeviant.png","language":"TypeScript","funding_links":[],"categories":["TypeScript"],"sub_categories":[],"readme":"# redux-persist-transform-encrypt\n\n[![npm](https://img.shields.io/npm/v/redux-persist-transform-encrypt.svg?maxAge=3600)](https://www.npmjs.com/package/redux-persist-transform-encrypt)\n[![CI](https://github.com/maxdeviant/redux-persist-transform-encrypt/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/maxdeviant/redux-persist-transform-encrypt/actions/workflows/ci.yml)\n\nEncrypt your Redux store.\n\n## Maintenance notice\n\nAs of February 2, 2024, I will longer be maintaining `redux-persist-transform-encrypt`.\n\nI have been supporting it as best I can these past few years, but the reality of it is I have not used `redux-persist-transform-encrypt`, `redux-persist`, or Redux since 2017.\n\nSince I no longer use any of the technologies involved and don't have a good way of testing any potential changes, I am no longer in a position where I feel I can maintain this package to my desired standards.\n\nAdditionally, `redux-persist` as a project also seems dead, despite an attempted change in management.\n\n## Installation\n\n`redux-persist-transform-encrypt` must be used in conjunction with `redux-persist`, so make sure you have that installed as well.\n\n#### Yarn\n\n```sh\nyarn add redux-persist-transform-encrypt\n```\n\n#### npm\n\n```sh\nnpm install redux-persist-transform-encrypt\n```\n\n## Usage\n\n### Synchronous\n\n```js\nimport { persistReducer } from 'redux-persist';\nimport { encryptTransform } from 'redux-persist-transform-encrypt';\n\nconst reducer = persistReducer(\n  {\n    transforms: [\n      encryptTransform({\n        secretKey: 'my-super-secret-key',\n        onError: function (error) {\n          // Handle the error.\n        },\n      }),\n    ],\n  },\n  baseReducer\n);\n```\n\n### Asynchronous\n\nAsynchronous support was removed in v3.0.0, as it was never fully supported and is not able to be implemented correctly given the current constraints that `redux-persist` imposes on transforms. See [#48](https://github.com/maxdeviant/redux-persist-transform-encrypt/issues/48) for more details.\n\n### Custom Error Handling\n\nThe `onError` property given to the `encryptTransform` options is an optional\nfunction that receives an `Error` object as its only parameter. This allows\ncustom error handling from the parent application.\n\n## Secret Key Selection\n\nThe `secretKey` provided to `encryptTransform` is used as a passphrase to generate a 256-bit AES key which is then used to encrypt the Redux store.\n\nYou **SHOULD NOT** use a single secret key for all users of your application, as this negates any potential security benefits of encrypting the store in the first place.\n\nYou **SHOULD NOT** hard-code or generate your secret key anywhere on the client, as this risks exposing the key since the JavaScript source is ultimately accessible to the end-user.\n\nIf you are only interested in persisting the store over the course of a single session and then invalidating the store, consider using the user's access token or session key as the secret key.\n\nFor long-term persistence, you will want to use a unique, deterministic key that is provided by the server. For example, the server could derive a hash from the user's ID and a salt (also stored server-side) and then return that hash to the client to use to decrypt the store. Placing this key retrieval behind authentication would prevent someone from accessing the encrypted store data if they are not authenticated as the user.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaxdeviant%2Fredux-persist-transform-encrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmaxdeviant%2Fredux-persist-transform-encrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaxdeviant%2Fredux-persist-transform-encrypt/lists"}