Encryption
Using the encryption service, you may encrypt and decrypt values in your application. The encryption is based on the aes-256-cbc algorithm, and we append an integrity hash (HMAC) to the final output to prevent value tampering.
The encryption
service uses the appKey
stored inside the config/app.ts
file as the secret to encrypt the values.
-
It is recommended to keep the
appKey
secure and inject it into your application using environment variables. Anyone with access to this key can decrypt values. -
The key should be at least 16 characters long and have a cryptographically secure random value. You may generate the key using the
node ace generate:key
command. -
If you decide to change the key later, you will not be able to decrypt existing values. This will result in invalidating existing cookies and user sessions.
Encrypting values
You may encrypt values using the encryption.encrypt
method. The method accepts the value to encrypt and an optional time duration after which to consider the value expired.
import encryption from '@adonisjs/core/services/encryption'
const encrypted = encryption.encrypt('hello world')
Define a time duration after which the value will be considered expired and cannot be decrypted.
const encrypted = encryption.encrypt('hello world', '2 hours')
Decrypting values
Encrypted values can be decrypted using the encryption.decrypt
method. The method accepts the encrypted value as the first argument.
import encryption from '@adonisjs/core/services/encryption'
encryption.decrypt(encryptedValue)
Supported data types
The value given to the encrypt
method is serialized to a string using JSON.stringify
. Therefore, you can use the following JavaScript data types.
- string
- number
- bigInt
- boolean
- null
- object
- array
import encryption from '@adonisjs/core/services/encryption'
// Object
encryption.encrypt({
id: 1,
fullName: 'virk',
})
// Array
encryption.encrypt([1, 2, 3, 4])
// Boolean
encryption.encrypt(true)
// Number
encryption.encrypt(10)
// BigInt
encryption.encrypt(BigInt(10))
// Data objects are converted to ISO string
encryption.encrypt(new Date())
Using custom secret keys
You can create an instance of the Encryption class directly to use custom secret keys.
import { Encryption } from '@adonisjs/core/encryption'
const encryption = new Encryption({
secret: 'alongrandomsecretkey',
})