Skip to main content
Version: 3.x

Configuration Options

πŸ‘¨β€πŸ”§ Let me help you a bit....
info

If at any point you need to securely generate a secret key for the following configuration, you can do so as follows.

Type this on the terminal:

openssl rand -hex 32
Example Usage
app.module.ts
import { Module } from '@nestjs/common';
import {
  CryptographyModule,
  CryptographyOptionsInterface,
  Argon2Type
} from 'nestjs-cryptography';

@Module({
imports: [
  CryptographyModule.registerAsync({
    imports: [ConfigModule],
    isGlobal: true,
    useFactory: (configService: ConfigService) =>
      ({
        isGlobal: true,
        kdf: {
          timeCost: 32,
          memoryCost: 131072,
          argon2Type: Argon2Type.argon2i,
          outputKeyLength: 32,
        },
        hashing: {
          password: {
            timeCost: 10,
            memoryCost: 65536,
            argon2Type: Argon2Type.argon2id,
            outputKeyLength: 64,
          },
          hmac: {
            // ‼️ change me please ‼️
            masterKey: '6c0504d3836ab96a25daeb61c44f6d6345d99a746f6a776290c48d9a5ba8b124',
          },
        },
        encryption: {
          symmetric: {
            // ‼️ change me please ‼️
            masterKey: '1538755db39d3d98115af5be688b1486673910f7d2630fc48dd27c1a1ace2631',
          },
        },
      }) as CryptographyOptionsInterface,
      inject: [ConfigService],
  }),
],
export class AppModule {}

isGlobal​

Makes this module global-scoped

type: boolean | optional | default: false

useDefaultValues​

Enables a secure default configuration, so advanced options below don’t need to be specified. Master keys for HMAC and symmetric encryption are still required.

type: boolean | optional | default: false

kdf​

Settings for the Key Derivation Function.

  • outputKeyLength​

    type: number | required

    The default length (in bytes) of the derived key.

  • argon2Type​

    type: Argon2Type | required

    The variant of the Argon2 algorithm to use (Argon2d, Argon2i, or Argon2id)

  • memoryCost​

    type: number | required

    Memory usage (in kilobytes) for the algorithm.

  • timeCost​

    type: number | required

    Number of iterations to perform.

hashing​

Settings for hashing operations.

password​

Configuration for password hashing.

  • outputKeyLength​

    type: number | required

    The default length (in bytes) of the derived key.

  • argon2Type​

    type: Argon2Type | required

    The variant of the Argon2 algorithm to use (Argon2d, Argon2i, or Argon2id)

  • memoryCost​

    type: number | required

    Memory usage (in kilobytes) for the algorithm.

  • timeCost​

    type: number | required

    Number of iterations to perform.

hmac​

Configuration for HMAC (Hash-Based Message Authentication Code).

  • masterKey​

    type: string | required

    The secret key used for generating HMACs.

encryption​

Settings for encryption operations.

symmetric​

Configuration for symmetric encryption.

  • masterKey​

    type: string | required

    The secret key used for encryption and decryption.

danger

Note: Always ensure that secret keys are generated securely and stored safely. Do not hard-code them into your source files or expose them in version control systems.

Additional Information​

  • Argon2Type: An enumeration defining the type of Argon2 algorithm to use. The options typically include Argon2d, Argon2i, and Argon2id. Choose the one that best fits your security requirements.

  • Security Considerations: Adjust memoryCost and timeCost according to the desired balance between performance and security. Higher values increase security but require more resources. You could se more information on owasp or the official specs