In both decrypt.js and encrypt.js, the secret text is sent to the logger facility. Is this really necessary? It seems to reduce the security of the secrets - let the caller decide if they want to log this info. I'd suggest you ought to not log the decrypted secret in those two cases.

Yes, i agree this its valid point, can we have not show the secret text in logger? please check this once?