Key Providers
InMemoryKeyProvider
Generates a random key in memory. Key is lost when the process ends.ConfigKeyProvider
Uses a pre-configured key from your environment.KeyProvider Interface
Encryption Functions
encryptPIIMap()
Encrypts a PII map.decryptPIIMap()
Decrypts a PII map.Key Generation
generateKey()
Generate a random 256-bit key.generateSalt()
Generate a random salt for key derivation.deriveKey()
Derive a key from a password using PBKDF2.Utility Functions
validateKey()
Check if a key is valid.secureCompare()
Constant-time comparison to prevent timing attacks.uint8ArrayToBase64()
Convert Uint8Array to Base64.base64ToUint8Array()
Convert Base64 to Uint8Array.EncryptedPIIMap Structure
Complete Example
Security Notes
Key Storage
Key Storage
- Never commit keys to version control
- Use environment variables or secrets managers
- Consider platform keystores (iOS Keychain, Android Keystore)
Key Rotation
Key Rotation
Implement key rotation for long-running applications:
Browser Security
Browser Security
In browsers:
- Keys in memory can be accessed by malicious scripts
- Consider using SubtleCrypto key wrapping
- Clear keys when no longer needed
Related
- Encryption Concept - How encryption works
- createAnonymizer - Key provider configuration