maxdeviant/redux-persist-transform-encrypt maxdeviant/redux-persist-transform-encrypt

  • Stars
    star
    348
  • Rank 121,840 (Top 3 %)
  • Language
    TypeScript
  • License
    MIT License
  • Created over 8 years ago
  • Updated about 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
maxdeviant/redux-persist-transform-encrypt
github

maxdeviant

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Encrypt your Redux store

redux-persist-transform-encrypt

npm CI

Encrypt your Redux store.

Installation

redux-persist-transform-encrypt must be used in conjunction with redux-persist, so make sure you have that installed as well.

Yarn

yarn add redux-persist-transform-encrypt

npm

npm install redux-persist-transform-encrypt

Usage

Synchronous

import { persistReducer } from 'redux-persist';
import { encryptTransform } from 'redux-persist-transform-encrypt';

const reducer = persistReducer(
  {
    transforms: [
      encryptTransform({
        secretKey: 'my-super-secret-key',
        onError: function (error) {
          // Handle the error.
        },
      }),
    ],
  },
  baseReducer
);

Asynchronous

Asynchronous support was removed in v3.0.0, as it was never fully supported and is not able to be implemented correctly given the current constraints that redux-persist imposes on transforms. See #48 for more details.

Custom Error Handling

The onError property given to the encryptTransform options is an optional function that receives an Error object as its only parameter. This allows custom error handling from the parent application.

Secret Key Selection

The secretKey provided to encryptTransform is used as a passphrase to generate a 256-bit AES key which is then used to encrypt the Redux store.

You SHOULD NOT use a single secret key for all users of your application, as this negates any potential security benefits of encrypting the store in the first place.

You SHOULD NOT hard-code or generate your secret key anywhere on the client, as this risks exposing the key since the JavaScript source is ultimately accessible to the end-user.

If you are only interested in persisting the store over the course of a single session and then invalidating the store, consider using the user's access token or session key as the secret key.

For long-term persistence, you will want to use a unique, deterministic key that is provided by the server. For example, the server could derive a hash from the user's ID and a salt (also stored server-side) and then return that hash to the client to use to decrypt the store. Placing this key retrieval behind authentication would prevent someone from accessing the encrypted store data if they are not authenticated as the user.

More Repositories

1

peacock

A game engine for making beautiful games
Rust
53
star
2

lol-mastery-manager

A tool for managing mastery pages in League of Legends
Visual Basic
37
star
3

drop

Rust
19
star
4

purlin

A common foundation for your PureScript projects
PureScript
11
star
5

glecosystem

🗺️ Analyzing the Gleam ecosystem
Gleam
9
star
6

ledge

A time tracking CLI
Rust
6
star
7

peregrine

PureScript
5
star
8

wrench

Small utilities for Wren
5
star
9

purescript-heckin

Oh heck, it's a heckin' case conversion library for PureScript
PureScript
5
star
10

glenvy

🏞️ A pleasant way to interact with your environment
Gleam
4
star
11

dotfiles

~ sweet ~
Nix
4
star
12

purescript-ulid

PureScript
4
star
13

thaumaturgy

A fixtures and seeding library for TypeScript
TypeScript
4
star
14

ravenwm

A sleek, hybrid window manager with modern sensibilities
Rust
3
star
15

warp-form-method

A warp filter for accepting form submissions using any HTTP method
Rust
3
star
16

entity-id

Rust
3
star
17

danger-plugin-pr-hygiene

A Danger plugin for enforcing good PR hygiene
TypeScript
2
star
18

dhall-tsconfig

Dhall bindings for TSConfig
Dhall
2
star
19

my-packages

A directory of the various packages I have authored and/or maintain
2
star
20

data

2
star
21

glx

⚒️ Extensions to the Gleam standard library
Gleam
2
star
22

adventurous

A utility library for solving Advent of Code puzzles.
Rust
2
star
23

purescript-pwned-passwords

PureScript
2
star
24

tsuka

Rust
2
star
25

nsid

NameSpaced IDs for the AT Protocol
Rust
1
star
26

log

My personal time tracking log.
1
star
27

extract-intl

Extract translatable strings from React Intl
JavaScript
1
star
28

flox

An F# implementation of Lox from Crafting Interpreters
F#
1
star
29

minecraft-downloader

Rust
1
star
30

today-i-did

Rust
1
star
31

housekeeper

A dotfile manager, not your housekeeper.
Rust
1
star
32

biographer

Rust
1
star
33

ampl

A Mere Path Language
Rust
1
star
34

pluck

Rust
1
star
35

linear-sdk

A Linear SDK for Rust
Rust
1
star
36

serialize-killer

Make your objects unserializable
TypeScript
1
star
37

semantic-ui-css-in-js

CSS-in-JS for Semantic UI
TypeScript
1
star
38

purescript-oldschool

PureScript
1
star
39

pnpm-analyzer

Rust
1
star
40

advent-of-code

Advent of Code
PureScript
1
star
41

node-openid-client-is-plain-object-repro

A reproduction of an issue with `openid-client` and (seemingly) Jest
TypeScript
1
star
42

iced-playground

Rust
1
star
43

oldschool-rs

Rust
1
star
44

tsconfig

Dhall
1
star
45

sdkgen

Rust
1
star
46

purescript-which

PureScript bindings for `which`
PureScript
1
star
47

knowledge

My personal knowledge repository
Shell
1
star
48

awesome-bluesky

A collection of everything that's awesome about Bluesky and the AT protocol
1
star
49

polymorphism-primer

C#
1
star
50

purescript-npm-package-json

PureScript
1
star
51

time-clock

Haskell
1
star
52

dhall-semaphore

Dhall bindings for Semaphore CI
Dhall
1
star
53

install-bin

Install binaries from npm
TypeScript
1
star