Configuration Options
👨🔧 Let me help you a bit....
If at any point you need to securely generate a secret key for the following configuration, you can do so as follows.
- Linux / macOS
- Windows / Others
Type this on the terminal:
openssl rand -hex 32
Example Usage
import { Module } from '@nestjs/common';
import * as argon2 from 'argon2';
import {
CryptographyModule,
CryptographyOptionsInterface,
} from 'nestjs-cryptography';
@Module({
imports: [
CryptographyModule.registerAsync({
imports: [ConfigModule],
isGlobal: true,
useFactory: (configService: ConfigService) =>
({
isGlobal: true,
kdf: {
timeCost: 32,
memoryCost: 131072,
argon2Type: argon2.argon2i,
outputKeyLength: 32,
},
hashing: {
password: {
timeCost: 10,
memoryCost: 65536,
argon2Type: argon2.argon2id,
outputKeyLength: 64,
},
hmac: {
// ‼️ change me please ‼️
masterKey: '6c0504d3836ab96a25daeb61c44f6d6345d99a746f6a776290c48d9a5ba8b124',
},
},
encryption: {
symmetric: {
// ‼️ change me please ‼️
masterKey: '1538755db39d3d98115af5be688b1486673910f7d2630fc48dd27c1a1ace2631',
},
},
}) as CryptographyOptionsInterface,
inject: [ConfigService],
}),
],
export class AppModule {}
kdf
Settings for the Key Derivation Function.
-
outputKeyLength
type: number
| requiredThe default length (in bytes) of the derived key.
-
argon2Type
type: Argon2Type
| requiredThe variant of the Argon2 algorithm to use (Argon2d, Argon2i, or Argon2id)
-
memoryCost
type: number
| requiredMemory usage (in kilobytes) for the algorithm.
-
timeCost
type: number
| requiredNumber of iterations to perform.
hashing
Settings for hashing operations.
password
Configuration for password hashing.
-
outputKeyLength
type: number
| requiredThe default length (in bytes) of the derived key.
-
argon2Type
type: Argon2Type
| requiredThe variant of the Argon2 algorithm to use (Argon2d, Argon2i, or Argon2id)
-
memoryCost
type: number
| requiredMemory usage (in kilobytes) for the algorithm.
-
timeCost
type: number
| requiredNumber of iterations to perform.
hmac
Configuration for HMAC (Hash-Based Message Authentication Code).
-
masterKey
type: string
| requiredThe secret key used for generating HMACs.
encryption
Settings for encryption operations.
symmetric
Configuration for symmetric encryption.
-
masterKey
type: string
| requiredThe secret key used for encryption and decryption.
Note: Always ensure that secret keys are generated securely and stored safely. Do not hard-code them into your source files or expose them in version control systems.
Additional Information
-
Argon2Type: An enumeration defining the type of Argon2 algorithm to use. The options typically include
Argon2d
,Argon2i
, andArgon2id
. Choose the one that best fits your security requirements. -
Security Considerations: Adjust
memoryCost
andtimeCost
according to the desired balance between performance and security. Higher values increase security but require more resources. You could se more information on owasp or the official specs