Secure Credential Manager

Build a secure credential manager that stores sensitive user credentials in temporary files with proper security controls.

Requirements

Core Functionality

1. Credential Storage: Create a function storeCredentials(username, password, apiKey) that:

   • Creates a temporary file to store the credentials
   • Stores credentials in JSON format in the temporary file
   • Returns an object containing the file path and a cleanup function
   • Ensures the temporary file has restrictive permissions (owner-only read/write)

2. Credential Retrieval: Create a function retrieveCredentials(filePath) that:

   • Reads credentials from the specified file path
   • Returns the parsed JSON object containing username, password, and apiKey
   • Throws an error if the file doesn't exist or is unreadable

3. Secure Processing: Create a function processCredentialsSecurely(username, password, apiKey, processFn) that:

   • Creates a temporary file with secure permissions to store credentials
   • Writes the credentials to the temporary file
   • Calls the provided processFn with the file path
   • Automatically cleans up the temporary file after processing completes
   • Ensures cleanup happens even if processFn throws an error

Security Requirements

• All temporary files containing credentials must have permissions set to 0600 (owner read/write only)
• Temporary files must not persist after the program exits (unless explicitly kept for testing)
• The secure processing function must guarantee cleanup in all cases

Testing

Implement the following test cases in credential-manager.test.js:

// @test: Verify secure file permissions are set
const { storeCredentials } = require('./credential-manager');
const fs = require('fs');

async function testSecurePermissions() {
  const { path, cleanup } = await storeCredentials('user1', 'pass123', 'key-abc');

  const stats = fs.statSync(path);
  const mode = stats.mode & 0o777;

  console.assert(mode === 0o600, 'Expected file permissions to be 0600 (owner-only)');

  await cleanup();
  console.log('Test passed: Secure permissions verified');
}

testSecurePermissions().catch(console.error);

// @test: Verify automatic cleanup after secure processing
const { processCredentialsSecurely } = require('./credential-manager');
const fs = require('fs');

async function testAutoCleanup() {
  let tempPath;

  await processCredentialsSecurely('user1', 'pass123', 'key-abc', (path) => {
    tempPath = path;
    console.assert(fs.existsSync(path), 'File should exist during processing');
  });

  console.assert(!fs.existsSync(tempPath), 'File should be cleaned up after processing');
  console.log('Test passed: Automatic cleanup verified');
}

testAutoCleanup().catch(console.error);

// @test: Verify cleanup happens even on error
const { processCredentialsSecurely } = require('./credential-manager');
const fs = require('fs');

async function testCleanupOnError() {
  let tempPath;

  try {
    await processCredentialsSecurely('user1', 'pass123', 'key-abc', (path) => {
      tempPath = path;
      throw new Error('Simulated processing error');
    });
  } catch (err) {
    // Expected error
  }

  console.assert(!fs.existsSync(tempPath), 'File should be cleaned up even after error');
  console.log('Test passed: Cleanup on error verified');
}

testCleanupOnError().catch(console.error);

Implementation Guidelines

• Create a file named credential-manager.js with the three required functions
• Use Node.js filesystem APIs for file operations
• Handle errors appropriately
• Export all functions for testing

Dependencies { .dependencies }

tmp-promise { .dependency }

Provides promise-based temporary file creation with automatic cleanup support.