The official ByteHide Secrets Manager SDK for Node.js/TypeScript, enabling secure retrieval and management of environment-based secrets, rotation, and auditing. Eliminate hardcoded credentials and keep your secrets out of code.
npm install @bytehide/secretsAutomatically manage and retrieve secrets in your JavaScript/TypeScript projects—no more leaking .env files or hardcoded credentials! ByteHide Secrets is the official secrets manager SDK for Node.js/TS, seamlessly integrated with the ByteHide platform. It supports environment-based secrets, caching, optional in-memory encryption, and more.
Official Documentation
> Tip: If you need to detect hardcoded secrets or scan your code for credentials, check out @bytehide/secrets-scanner, our free secrets scanner.
---
- Easy Initialization: Automatically detect your ByteHide token & environment from environment variables or manually initialize in code.
- Enterprise security: Enterprise encryption, privacy-first solution with RBAC and top-security integrations.
- Environment-Aware: Different secrets for dev, staging, and production—no separate .env for each environment.
- Sync & Async APIs: get, set with Promises, or getSync, setSync for synchronous usage.
- Caching: Time-to-live (TTL)–based in-memory cache, configurable and easily cleared.
- Optional Encryption: Store secrets in memory with a simple XOR-based fallback encryption.
- One-Liner Setup: No complex multi-stage config required.
---
``bash`
npm install @bytehide/secretsor
yarn add @bytehide/secrets
---
1. Create a free account at cloud.bytehide.com/register.
2. Set up a Secrets project and grab your Project Token.
3. Keep this token private—never commit it to Git.
---
You can store your ByteHide credentials in:
1. Environment Variables on your server (AWS, Railway, etc.).
2. A local .env file (for Node.js projects).
3. During your build process (for browser-based or serverless apps).
> Required:
> - BYTEHIDE_SECRETS_TOKEN BYTEHIDE_SECRETS_ENVIRONMENT
> - (if missing, default: _production_)
If you’re building for the browser, you need to inject environment variables at build time.
#### Webpack Example
`js
// webpack.config.js
const webpack = require('webpack');
module.exports = {
// ...
plugins: [
new webpack.DefinePlugin({
'window.env': JSON.stringify({
BYTEHIDE_SECRETS_ENVIRONMENT: 'production',
BYTEHIDE_SECRETS_TOKEN: 'your-project-token'
})
})
]
};
`
#### Vite Example
`js
// vite.config.js
import { defineConfig } from 'vite';
export default defineConfig({
define: {
'window.env': {
BYTEHIDE_SECRETS_ENVIRONMENT: 'production',
BYTEHIDE_SECRETS_TOKEN: 'your-project-token'
}
}
});
`
In your code, SecretsManager can read these values from window.env or an equivalent approach.
1. Create a .env file in your project root:
`dotenv`
BYTEHIDE_SECRETS_ENVIRONMENT=production
BYTEHIDE_SECRETS_TOKEN=your-project-token
2. Now and process.env.BYTEHIDE_SECRETS_ENVIRONMENT will be available to SecretsManager.
---
`ts
import { SecretsManager } from "@bytehide/secrets";
async function main() {
// If environment variables are set, it auto-initializes
const apiKey = await SecretsManager.get("API_KEY");
console.log("API key:", apiKey);
}
main();
`
`ts
import { SecretsManager } from "@bytehide/secrets";
const pass = SecretsManager.getSync("DB_PASS");
console.log("Database password:", pass);
`
`ts`
await SecretsManager.set("NEW_SECRET", "myValue");
`ts`
SecretsManager.setSync("ANOTHER_SECRET", "anotherValue");
`ts
import { SecretsManager } from "@bytehide/secrets";
async function connectToDatabase() {
const dbUser = await SecretsManager.get("DB_USER");
const dbPass = await SecretsManager.get("DB_PASS");
// e.g., connect(dbUser, dbPass)
console.log("Connecting with", dbUser, dbPass);
}
connectToDatabase();
`
---
`ts
class SecretsManager {
static initialize(): void;
static unsecureInitialize(token: string, environment: string): void;
static configureCache(enabled: boolean, ttlMs?: number): void;
static clearCache(): void;
static get(key: string): Promise
static getSync(key: string): string;
static set(key: string, value: string): Promise
static setSync(key: string, value: string): boolean;
}
`
`ts`
SecretsManager.unsecureInitialize("my-token", "dev");
// Warns: do not use in production
If environment variables are not set, you can directly provide token and environment. This logs a warning about being unsecure—avoid in production.
By default, caching is enabled with a 5-minute TTL. Configure as follows:
`ts`
SecretsManager.configureCache(true, 10 60 1000); // 10 minutes
SecretsManager.clearCache();
---
- Production Token: Always store your production token in environment variables. Avoid committing tokens to Git.
---
- Official Integration with the ByteHide platform: secrets scan, environment-based secrets, rotation, alerts and auditing all in one.
- Node & Browser support: adapt for serverless, front-end, or backend.
- Minimal Setup: No complicated config—just set two variables (BYTEHIDE_SECRETS_TOKEN, BYTEHIDE_SECRETS_ENVIRONMENT) or call unsecureInitialize(...).
- Scalable: Works seamlessly in small Node scripts or large multi-environment deployments.
- Multi-platform support for JavaScript, Typescript, Dotnet (.NET) and more.
---
1. Install: npm install @bytehide/secrets
2. Obtain a Token: from cloud.bytehide.com/register.
3. Set environment variables or call .SecretsManager.get(...)
4. Use or SecretsManager.set(...)` to manage secrets.
Need to detect secrets in your code? Try @bytehide/secrets-scanner for free scanning and automatic fixes.
For detailed documentation, check our official docs or contact support@bytehide.com. Good luck and stay secure!