Required Elements

If any elements in the below list are not checked, this repo will fail standards compliance.

• Not running node 4 or below
• Has at least some test coverage?
• Has a README?
• Has no hard-coded critical secrets like API keys?

Rubric

• 1 pt Is in Version Control/Github ✅ (free points)
• 1-2 pt node version:
  • 2 pt Best: running node 8+ 🏅
  • 1 pt Questionable: node 6
  • 0 pt Not ok: running node4 or below ⛔️
• 1 pt No hard-coded config parameters?
• 1 pt No special branches that need to be deployed?
  • Uncertain of branch v1.x
• 1 pt All production stacks on latest master?
  • Is not deployed to AWS, no associated stacks.
• 1 pt No hard-coded secrets like API keys?
• 1 pt No secrets in CloudFormation templates that don’t use [secure]?
• 1 pt CI enabled for repo?
• 1 pt Not running Circle CI version 1? (Point awarded if using Travis)
• 1 pt nyc integrated to show test coverage summary?
• 1-3 pt test coverage percentage from nyc?
  • 3 pt High coverage: > 90%
  • 2 pt Moderate coverage: between 75 and 90% total coverage
  • 1 pt 0 - 74% test coverage
• 1-2 pt evidence of bug fixes/edge cases being tested?
  • 2 pt Strong evidence/several instances noted
  • 1 pt Some evidence
• 1 pt no flags to enable different functionality in non-test environments?
• 1 pt Has README?
• 1-2 pt README explains purpose of a project and how it works to some detail?
  • 2 pt High (but appropriate) amount of detail about the project
  • 1 pt Some detail about the project documented, could be more extensive
• 1 pt README contains dev install instructions?
• 1 pt README contains CI badges, as appropriate?
• 1-2 pt Code seems self-documenting: file/module names, function names, variables? No redundant comments to explain naming conventions?
  • 2 pt Strongly self-documented code, little to no improvements needed
  • 1 pt Some evidence of self-documenting code
• 1 pt No extraneous permissions in IAM roles?
• 1 pt Stack has alarms for AWS resources used routed to PagerDuty? (CPU utilization, Lambda failures, etc.)
• 1 pt Stack has other appropriate alarms routed to PagerDuty? (Point awarded if no other alarms needed)
• 1 pt Alarms documented?
  • In progress: mapbox/stork#29
• master branch protected?
  • 1 pt PRs can only be merged if tests are passing?
  • 1 pt PRs must be approved before merging?
• 2 pt BONUS: was this repo covered in a deep dive at some point?

Total possible: 30 points (+2 bonus)
Grading scale:

Repo grade: 15 - Scaled Grade 2

Suggestions

Not ideal for the standard scoring schema, decrypt-kms-env is a utility not a deployed stack. Next steps:

• Update to a newer version of Node (currently on 4)
• Update any dependencies
• Add CI badge and ensure tests are working as anticipated
• Move to @mapbox namespace, as per #7

/cc @mapbox/assembly-line

Would be nice to expose a simple way to decrypt in js only. Use case: lambda functions.

var decrypt = require('decrypt-kms-env');
decrypt(function(err) {
   // do stuff w secrets
});