Encrypts sensitive login secrets stored in the database such as a login service’s application secret key and users’ access tokens.
The encryption key is 16 bytes, encoded in Base64.
To generate a key:
On the server only, use the
oauthSecretKey option to
This call to
Accounts.config should be made at load time (place at
the top level of your source file), not called from inside of a
To avoid storing the secret key in your application’s source code, you
This example for Twitter shows how existing unencrypted user tokens
can be encrypted. The query finds user documents which have a Twitter
access token but not the
algorithm field which is created when the
token is encrypted. The relevant fields in the service data are then
If you’re using the oauth packages directly instead of through the
Meteor accounts packages, you can load the OAuth encryption key
If you call
retrieveCredential (such as
Twitter.retrieveCredential) as part of your process, you’ll find
when using oauth-encryption that the sensitive service data fields
will be encrypted.
You can decrypt them using
This package depends on npm-node-aes-gcm, which requires you to have OpenSSL installed on your system to run. To install OpenSSL on Windows, use one of the binaries on this page. Don’t forget to install the Visual Studio 2008 redistributables if you don’t have them yet.