Reference
Node.js SDK
You can use our Node.js SDK to:
- Encrypt data server-side
- Invoke Functions
- Decrypt data through Outbound Relay
Encrypting data with our backend SDKs instead of Inbound Relay may expose you to greater compliance burden because plaintext data touches your server before it is encrypted.
Instead you can:
- Use an Inbound Relay to encrypt data before it reaches your server.
- Use our client-side SDKs to encrypt data before sending it to your server.
Quickstart
Install SDK
First, let's install the Evervault SDK using your package manager of choice.
Initialize SDK
Now, let's initialize the SDK using our App's API key. If you don't have one yet, you can get one by creating an App in the Evervault Dashboard.
Encrypt a string
Now that the SDK is initialized, we can encrypt a string.
Full example
Pulling all of this together leaves us with the following working example. You can copy and paste the code below (using a sandbox API key), run it in your own environment and run the encryption for yourself.
Reference
new Evervault(apiKey)
The SDK constructor accepts two parameters:
- Your App's API key
- Optional configuration parameters
evervault.encrypt(data)
evervault.encrypt()
encrypts data using Evervault Encryption.
To encrypt strings using the Node.js SDK, simply pass a String
or an Object
into the evervault.encrypt()
function. To encrypt a file, pass a Buffer
.
The encrypted data can be stored in your database or file storage as normal. Evervault Strings can be used across all of our products. Evervault File Encryption is currently in Beta, and files can only be decrypted with Outbound Relay.
evervault.run(functionName, data, options)
evervault.run()
lets you invoke an Evervault Function with a given payload
Additional options.
Run your Function in async mode. Asynchronous Function runs will be queued for processing and return a 200 OK response saying your run has been queued.
Response
Function runs will return a JSON object containing a Function Run ID and the result from your Function in the following format:
evervault.createRunToken(data, options)
evervault.createRunToken()
creates a single use, time bound token (5 minutes) for invoking an Evervault Function with a given payload.
Run Tokens can be used to invoke an Evervault Function client-side without providing a sensitive API Key.
Response
When you create a Run Token, the SDK will return a JSON object containing your token.
Run Tokens can then be used to authenticate Function runs from the client-side.
evervault.enableOutboundRelay(options)
Configures your application to proxy HTTP requests using Outbound Relay based on the configuration created in the Evervault dashboard. See Outbound Relay to learn more.
Requests sent to any of the domains listed will be proxied through Outbound Relay. This will override the configuration created in the Evervault dashboard.
evervault.enableCagesBeta(cageAttestationData)
Configures your application to attest all TLS connections to Evervault Cages. See Cages's TLS Attestation to learn more.
A mapping of Cage names to their PCRs. This is optional. When included, the connection will only be attested when the PCRs match exactly. The provided data can be either a single Object, or an Array of Objects to allow roll-over between different sets of PCRs. If not provided, the attestation doc and its signature will be validated but the PCRs will be ignored.
The PCR0 to use when attesting the given Cage.
The PCR1 to use when attesting the given Cage.
The PCR2 to use when attesting the given Cage.