← Back to home

Node.js SDK

Full E2E encryption in your app code. Same Argon2id + AES-256-GCM as the CLI — byte-compatible.

Install

Terminal
npm install @meowlabs/meowpass

Quick Start

app.ts
import { MeowPass } from "@meowlabs/meowpass"; const mp = new MeowPass({ apiKey: process.env.MEOWPASS_API_KEY!, masterPassword: process.env.MEOWPASS_MASTER_PASSWORD!, keySalt: process.env.MEOWPASS_SALT!, // base64 }); // Get a single secret const stripeKey = await mp.get("vault-id", "STRIPE_KEY"); // Pull all secrets as key-value map const secrets = await mp.pull("vault-id"); console.log(secrets.DATABASE_URL); // Set a secret (encrypts client-side) await mp.set("vault-id", "NEW_KEY", "secret_value"); // List secret names (no values) const keys = await mp.list("vault-id");

API Reference

MethodReturnsDescription
get(vaultId, key)stringDecrypt and return a secret
set(vaultId, key, value){ version }Encrypt and store a secret
delete(vaultId, key)voidDelete a secret
list(vaultId)SecretInfo[]List keys with versions
pull(vaultId)Record<string, string>Pull all as key-value map
listVaults(){ id, name }[]List all vaults
createVault(name){ id, name }Create a new vault
whoami(){ email, name, tier }Get current user

Use in Express / Next.js

middleware.ts
import { MeowPass } from "@meowlabs/meowpass"; // Initialize once at startup const mp = new MeowPass({ apiKey: process.env.MEOWPASS_API_KEY!, masterPassword: process.env.MEOWPASS_MASTER_PASSWORD!, keySalt: process.env.MEOWPASS_SALT!, }); // Pull all secrets at startup, cache in memory const secrets = await mp.pull("vault-id"); // Use in your app const stripe = new Stripe(secrets.STRIPE_KEY);

Security

  • Master key derived client-side via Argon2id (time=3, mem=64MB)
  • Secrets encrypted/decrypted with AES-256-GCM in your process
  • API key authenticates but cannot decrypt — master password required
  • Same crypto primitives as the Go CLI — byte-compatible ciphertext