Skip to main content
Version: 3.x

Configuration Options

👨‍🔧 Let me help you a bit....
info

If at any point you need to securely generate a secret key for the following configuration, you can do so as follows.

Type this on the terminal:

openssl rand -hex 32
Example Usage
app.module.ts
import { Module } from '@nestjs/common';
import * as argon2 from 'argon2';
import {
  CryptographyModule,
  CryptographyOptionsInterface,
} from 'nestjs-cryptography';

@Module({
imports: [
  CryptographyModule.registerAsync({
    imports: [ConfigModule],
    isGlobal: true,
    useFactory: (configService: ConfigService) =>
      ({
        isGlobal: true,
        kdf: {
          timeCost: 32,
          memoryCost: 131072,
          argon2Type: argon2.argon2i,
          outputKeyLength: 32,
        },
        hashing: {
          password: {
            timeCost: 10,
            memoryCost: 65536,
            argon2Type: argon2.argon2id,
            outputKeyLength: 64,
          },
          hmac: {
            // ‼️ change me please ‼️
            masterKey: '6c0504d3836ab96a25daeb61c44f6d6345d99a746f6a776290c48d9a5ba8b124',
          },
        },
        encryption: {
          symmetric: {
            // ‼️ change me please ‼️
            masterKey: '1538755db39d3d98115af5be688b1486673910f7d2630fc48dd27c1a1ace2631',
          },
        },
      }) as CryptographyOptionsInterface,
      inject: [ConfigService],
  }),
],
export class AppModule {}

kdf

Settings for the Key Derivation Function.

  • outputKeyLength

    type: number | required

    The default length (in bytes) of the derived key.

  • argon2Type

    type: Argon2Type | required

    The variant of the Argon2 algorithm to use (Argon2d, Argon2i, or Argon2id)

  • memoryCost

    type: number | required

    Memory usage (in kilobytes) for the algorithm.

  • timeCost

    type: number | required

    Number of iterations to perform.

hashing

Settings for hashing operations.

password

Configuration for password hashing.

  • outputKeyLength

    type: number | required

    The default length (in bytes) of the derived key.

  • argon2Type

    type: Argon2Type | required

    The variant of the Argon2 algorithm to use (Argon2d, Argon2i, or Argon2id)

  • memoryCost

    type: number | required

    Memory usage (in kilobytes) for the algorithm.

  • timeCost

    type: number | required

    Number of iterations to perform.

hmac

Configuration for HMAC (Hash-Based Message Authentication Code).

  • masterKey

    type: string | required

    The secret key used for generating HMACs.

encryption

Settings for encryption operations.

symmetric

Configuration for symmetric encryption.

  • masterKey

    type: string | required

    The secret key used for encryption and decryption.

danger

Note: Always ensure that secret keys are generated securely and stored safely. Do not hard-code them into your source files or expose them in version control systems.

Additional Information

  • Argon2Type: An enumeration defining the type of Argon2 algorithm to use. The options typically include Argon2d, Argon2i, and Argon2id. Choose the one that best fits your security requirements.

  • Security Considerations: Adjust memoryCost and timeCost according to the desired balance between performance and security. Higher values increase security but require more resources. You could se more information on owasp or the official specs