Removed encryptionKey and optimize internal property persistence

Eneris · Eneris · commit 6fddb64c5454 · 2025-12-09T15:48:20.000+01:00
diff --git a/readme.md b/readme.md
@@ -278,18 +278,6 @@ Overrides `projectName`.
 
 The only use-case I can think of is having the config located in the app directory or on some external storage.
 
-#### encryptionKey
-
-Type: `string | Uint8Array | TypedArray | DataView`\
-Default: `undefined`
-
-> [!CAUTION]
-> This is **not intended for security purposes**, since the encryption key would be easily found inside a plain-text Node.js app.
-
-Its main use is for obscurity. If a user looks through the config directory and finds the config file, since it's just a JSON file, they may be tempted to modify it. By providing an encryption key, the file will be obfuscated, which should hopefully deter any users from doing so.
-
-When specified, the store will be encrypted using the [`aes-256-cbc`](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation) encryption algorithm.
-
 #### fileExtension
 
 Type: `string`\
diff --git a/source/index.ts b/source/index.ts
@@ -18,11 +18,6 @@ import ajvFormatsModule from 'ajv-formats';
 import debounceFn from 'debounce-fn';
 import semver from 'semver';
 import {type JSONSchema} from 'json-schema-typed';
-import {
-	concatUint8Arrays,
-	stringToUint8Array,
-	uint8ArrayToString,
-} from 'uint8array-extras';
 import {
 	type Deserialize,
 	type Migrations,
@@ -38,8 +33,6 @@ import {
 	type Schema,
 } from './types.js';
 
-const encryptionAlgorithm = 'aes-256-cbc';
-
 const createPlainObject = <T = Record<string, unknown>>(): T => Object.create(null);
 
 // Minimal wrapper: clone and assign to null-prototype object
@@ -69,7 +62,6 @@ export default class Conf<T extends Record<string, any> = Record<string, unknown
 	readonly path: string;
 	readonly events: EventTarget;
 	#validator?: AjvValidateFunction;
-	readonly #encryptionKey?: string | Uint8Array | NodeJS.TypedArray | DataView;
 	readonly #options: Readonly<Partial<Options<T>>>;
 	readonly #defaultValues: Partial<T> = createPlainObject();
 	#isInMigration = false;
@@ -78,6 +70,7 @@ export default class Conf<T extends Record<string, any> = Record<string, unknown
 	#debouncedChangeHandler?: () => void;
 
 	#cache?: T;
+	#internalBackup?: Record<string, unknown>;
 	#writePending = false;
 	#writeTimer?: NodeJS.Timeout;
 	#atomicChangeLock?: PromiseWithResolvers<void>;
@@ -89,7 +82,6 @@ export default class Conf<T extends Record<string, any> = Record<string, unknown
 		this.#applyDefaultValues(options);
 		this.#configureSerialization(options);
 		this.events = new EventTarget();
-		this.#encryptionKey = options.encryptionKey;
 		this.path = this.#resolvePath(options);
 		this.#initializeStore(options);
 
@@ -107,7 +99,6 @@ export default class Conf<T extends Record<string, any> = Record<string, unknown
 			return;
 		}
 
-		this.#cache &&= undefined;
 		this._read();
 	}
 
@@ -297,6 +288,10 @@ export default class Conf<T extends Record<string, any> = Record<string, unknown
 	delete<Key extends keyof T>(key: Key): void;
 	delete<Key extends DotNotationKeyOf<T>>(key: Key): void;
 	delete(key: string): void {
+		if (this._isReservedKeyPath(key)) {
+			throw new Error(`The key \`${key}\` is reserved and cannot be deleted`);
+		}
+
 		const {store} = this;
 		if (this.#options.accessPropertiesByDotNotation) {
 			deleteProperty(store, key);
@@ -395,25 +390,21 @@ export default class Conf<T extends Record<string, any> = Record<string, unknown
 	}
 
 	set store(value: T) {
-		this._ensureDirectory();
-
 		// Preserve existing internal data if it exists and the new value doesn't contain it
-		if (!hasProperty(value, INTERNAL_KEY)) {
+		if (hasProperty(value, INTERNAL_KEY)) {
+			this.#internalBackup = getProperty(value, INTERNAL_KEY);
+		} else if (this.#internalBackup) {
 			try {
 				// Read directly from file to avoid recursion during migration
-				const data = fs.readFileSync(this.path, this.#encryptionKey ? null : 'utf8');
-				const dataString = this._decryptData(data);
-				const currentStore = this._deserialize(dataString);
-				if (hasProperty(currentStore, INTERNAL_KEY)) {
-					setProperty(value, INTERNAL_KEY, getProperty(currentStore, INTERNAL_KEY));
-				}
+				setProperty(value, INTERNAL_KEY, this.#internalBackup);
 			} catch {
 				// Silently ignore errors when trying to preserve internal data
 				// This could happen if the file doesn't exist yet or is corrupted
 				// In these cases, we just proceed without preserving internal data
 			}
 		}
 
+		// Validate before updating cache to ensure cache is never left in invalid state
 		if (!this.#isInMigration) {
 			this._validate(value);
 		}
@@ -487,32 +478,24 @@ export default class Conf<T extends Record<string, any> = Record<string, unknown
 		}
 	}
 
-	private _decryptData(data: string | Uint8Array): string {
-		if (!this.#encryptionKey) {
-			return typeof data === 'string' ? data : uint8ArrayToString(data);
+	private _decryptData(data: string | Buffer): string {
+		const {encryption} = this.#options;
+
+		if (!encryption) {
+			return data.toString();
 		}
 
-		// Check if an initialization vector has been used to encrypt the data.
-		try {
-			const initializationVector = data.slice(0, 16);
-			const password = crypto.pbkdf2Sync(this.#encryptionKey, initializationVector, 10_000, 32, 'sha512');
-			const decipher = crypto.createDecipheriv(encryptionAlgorithm, password, initializationVector);
-			const slice = data.slice(17);
-			const dataUpdate = typeof slice === 'string' ? stringToUint8Array(slice) : slice;
-			return uint8ArrayToString(concatUint8Arrays([decipher.update(dataUpdate), decipher.final()]));
-		} catch {
-			try {
-				// Fallback to legacy scheme (iv.toString() as salt)
-				const initializationVector = data.slice(0, 16);
-				const password = crypto.pbkdf2Sync(this.#encryptionKey, initializationVector.toString(), 10_000, 32, 'sha512');
-				const decipher = crypto.createDecipheriv(encryptionAlgorithm, password, initializationVector);
-				const slice = data.slice(17);
-				const dataUpdate = typeof slice === 'string' ? stringToUint8Array(slice) : slice;
-				return uint8ArrayToString(concatUint8Arrays([decipher.update(dataUpdate), decipher.final()]));
-			} catch {}
+		return encryption.decrypt(typeof data === 'string' ? Buffer.from(data) : data);
+	}
+
+	private _encryptData(data: string): Buffer {
+		const {encryption} = this.#options;
+
+		if (!encryption) {
+			return Buffer.from(data);
 		}
 
-		return typeof data === 'string' ? data : uint8ArrayToString(data);
+		return encryption.encrypt(data);
 	}
 
 	private _handleStoreChange(callback: OnDidAnyChangeCallback<T>): Unsubscribe {
@@ -563,18 +546,15 @@ export default class Conf<T extends Record<string, any> = Record<string, unknown
 	}
 
 	private readonly _deserialize: Deserialize<T> = value => {
-		const {deserialize, encryption} = this.#options;
-		const data = encryption ? encryption.decrypt(Uint8Array.from(value)) : value;
+		const {deserialize} = this.#options;
 
-		return deserialize ? deserialize(data) : JSON.parse(data);
+		return deserialize ? deserialize(value) : JSON.parse(value);
 	};
 
 	private readonly _serialize: Serialize<T> = value => {
-		const {serialize, encryption} = this.#options;
+		const {serialize} = this.#options;
 
-		const data = serialize ? serialize(value) : JSON.stringify(value, undefined, '\t');
-
-		return encryption ? encryption.encrypt(data).toString() : data;
+		return serialize ? serialize(value) : JSON.stringify(value, undefined, '\t');
 	};
 
 	private _validate(data: T | unknown): void {
@@ -598,8 +578,10 @@ export default class Conf<T extends Record<string, any> = Record<string, unknown
 	}
 
 	private _read(): void {
+		this.#internalBackup = undefined;
+
 		try {
-			const data = fs.readFileSync(this.path, this.#encryptionKey ? null : 'utf8');
+			const data = fs.readFileSync(this.path);
 			const dataString = this._decryptData(data);
 			const deserializedData = this._deserialize(dataString);
 
@@ -608,6 +590,8 @@ export default class Conf<T extends Record<string, any> = Record<string, unknown
 			}
 
 			this.#cache = Object.assign(createPlainObject(), deserializedData);
+			// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
+			this.#internalBackup = this.#cache[INTERNAL_KEY] ?? undefined;
 		} catch (error: unknown) {
 			if ((error as any)?.code === 'ENOENT') {
 				this._ensureDirectory();
@@ -642,22 +626,18 @@ export default class Conf<T extends Record<string, any> = Record<string, unknown
 		if (this.#writeTimer) {
 			this.#writePending = true;
 		} else {
-			this._forceWrite();
+			this.writeToDisk();
 			this._startWriteTimeout();
 		}
 	}
 
-	private _forceWrite(): void {
+	writeToDisk(): void {
 		this._cancelWriteTimeout();
 
-		let data: string | Uint8Array = this._serialize(this.#cache!);
+		// Validation already done in _write(), no need to validate again here
+		const data: string | Uint8Array = this._encryptData(this._serialize(this.#cache ?? createPlainObject<T>()));
 
-		if (this.#encryptionKey) {
-			const initializationVector = crypto.randomBytes(16);
-			const password = crypto.pbkdf2Sync(this.#encryptionKey, initializationVector, 10_000, 32, 'sha512');
-			const cipher = crypto.createCipheriv(encryptionAlgorithm, password, initializationVector);
-			data = concatUint8Arrays([initializationVector, stringToUint8Array(':'), cipher.update(stringToUint8Array(data)), cipher.final()]);
-		}
+		this._ensureDirectory();
 
 		// Temporary workaround for Conf being packaged in a Ubuntu Snap app.
 		// See https://github.com/sindresorhus/conf/pull/82
@@ -689,7 +669,7 @@ export default class Conf<T extends Record<string, any> = Record<string, unknown
 
 				if (this.#writePending) {
 					this.#writePending = false;
-					this._forceWrite();
+					this.writeToDisk();
 				}
 			}, this.#options.writeTimeout);
 		}
@@ -775,11 +755,6 @@ export default class Conf<T extends Record<string, any> = Record<string, unknown
 			} catch (error: unknown) {
 				// Restore backup (validation is skipped during migration)
 				this.store = storeBackup;
-				// Try to write the restored state to disk to ensure rollback persists
-				// If write fails (e.g., read-only file), we still throw the original error
-				try {
-					this._write(storeBackup);
-				} catch {}
 
 				const errorMessage = error instanceof Error ? error.message : String(error);
 				throw new Error(`Something went wrong during the migration! Changes applied to the store until this failed migration will be restored. ${errorMessage}`);
diff --git a/source/types.ts b/source/types.ts
@@ -167,20 +167,9 @@ export type Options<T extends Record<string, unknown>> = {
 	*/
 	cwd?: string;
 
-	/**
-	Note that this is __not intended for security purposes__, since the encryption key would be easily found inside a plain-text Node.js app.
-
-	Its main use is for obscurity. If a user looks through the config directory and finds the config file, since it's just a JSON file, they may be tempted to modify it. By providing an encryption key, the file will be obfuscated, which should hopefully deter any users from doing so.
-
-	It also has the added bonus of ensuring the config file's integrity. If the file is changed in any way, the decryption will not work, in which case the store will just reset back to its default state.
-
-	When specified, the store will be encrypted using the [`aes-256-cbc`](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation) encryption algorithm.
-	*/
-	encryptionKey?: string | Uint8Array | NodeJS.TypedArray | DataView;
-
 	encryption?: {
-		encrypt: (data: string) => Uint8Array;
-		decrypt: (data: Uint8Array) => string;
+		encrypt: (data: string) => Buffer;
+		decrypt: (data: Buffer) => string;
 	};
 
 	/**
diff --git a/test/advanced-features.ts b/test/advanced-features.ts
@@ -208,8 +208,8 @@ describe('Advanced Features', () => {
 		}
 
 		const cwd = createTempDirectory();
-		const conf = trackConf(new Conf({cwd, watch: true, encryptionKey: 'secret-key'}));
-		const writer = trackConf(new Conf({cwd, encryptionKey: 'secret-key'}));
+		const conf = trackConf(new Conf({cwd, watch: true}));
+		const writer = trackConf(new Conf({cwd}));
 		writer.set('foo', 'bar');
 
 		const changePromise = pEvent(conf.events, 'change', {timeout: 3000});
diff --git a/test/index.test-d.ts b/test/index.test-d.ts
@@ -1,5 +1,4 @@
 /* eslint-disable no-new, @typescript-eslint/naming-convention */
-import {stringToUint8Array} from 'uint8array-extras';
 import {expectTypeOf} from 'expect-type';
 import Conf from '../source/index.js';
 
@@ -37,19 +36,15 @@ new Conf<UnicornFoo>({
 });
 new Conf<UnicornFoo>({
 	projectName: typeTestProjectName,
-	encryptionKey: '',
 });
 new Conf<UnicornFoo>({
 	projectName: typeTestProjectName,
-	encryptionKey: stringToUint8Array(''),
 });
 new Conf<UnicornFoo>({
 	projectName: typeTestProjectName,
-	encryptionKey: new Uint8Array([1]),
 });
 new Conf<UnicornFoo>({
 	projectName: typeTestProjectName,
-	encryptionKey: new DataView(new ArrayBuffer(2)),
 });
 new Conf<UnicornFoo>({
 	projectName: typeTestProjectName,
diff --git a/test/index.ts b/test/index.ts
diff --git a/test/migrations.ts b/test/migrations.ts

Original file line number	Diff line number	Diff line change
`@@ -208,8 +208,8 @@ describe('Advanced Features', () => {`
`208`	`208`	`}`
`209`	`209`
`210`	`210`	`const cwd = createTempDirectory();`
`211`		`- const conf = trackConf(new Conf({cwd, watch: true, encryptionKey: 'secret-key'}));`
`212`		`- const writer = trackConf(new Conf({cwd, encryptionKey: 'secret-key'}));`
	`211`	`+ const conf = trackConf(new Conf({cwd, watch: true}));`
	`212`	`+ const writer = trackConf(new Conf({cwd}));`
`213`	`213`	`writer.set('foo', 'bar');`
`214`	`214`
`215`	`215`	`const changePromise = pEvent(conf.events, 'change', {timeout: 3000});`