PBKDF2 is used for key derivation and AES-256-GCM for encryption.
PBKDF2 uses a passphrase (Master Key) and salt value with a pseudorandom function to derive a cryptographic (secret) key for use by a cryptographic algorithm (AES-256-GCM) to encrypt data.
AES-256-GCM is used as a symmetric-key cipher, meaning the same key is used for encryption and decryption, avoiding the complexity of an asymmetric key where a public key is used for encryption and a private key is required for decryption.
A symmetric-key model was chosen for this library because the fetching, encryption, and decryption of secrets are a machine or application level operation, not a user specific one, thus ruling out the need for asymmetric keys.
The passphrase is provided via a GITOPS_SECRETS_MASTER_KEY environment variable. It should be a cryptographically random string unique to each environment and must be 16 characters or more.
You can generate a cryptographically random passphrase in your shell by running:
node -e 'process.stdout.write(require("crypto").randomBytes(16).toString("hex"))'The default 1,000,000 rounds of key-stretching should be more than sufficient, but can be configured via the PBKDF2_ROUNDS environment variable.
Note that the PBKDF2_ROUNDS environment variable is not needed at time of decryption as it is encoded into the final cipher text payload so it can be derived without risk of mismatched values which would prevent decryption.
Providers are strongly encouraged to require auth related secrets to be supplied as environment variables to strongly discourage the hard-coding of credentials.
Please report any vulnerabilities to Doppler's Vulnerability Disclosure Program.