@adobe/aio-cli-plugin-api-mesh 3.4.0 → 3.5.0-alpha.1

package/oclif.manifest.json

@@ -1 +1 @@
-{"version":"3.4.0","commands":{"PLUGINNAME":{"id":"PLUGINNAME","description":"Your description here","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"examples":["$ aio PLUGINNAME:some_command"],"flags":{"someflag":{"name":"someflag","type":"option","char":"f","description":"this is some flag"}},"args":[]},"api-mesh:create":{"id":"api-mesh:create","description":"Create a mesh with the given config.","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"flags":{"ignoreCache":{"name":"ignoreCache","type":"boolean","char":"i","description":"Ignore cache and force manual org -> project -> workspace selection","allowNo":false},"autoConfirmAction":{"name":"autoConfirmAction","type":"boolean","char":"c","description":"Auto confirm action prompt. CLI will not check for user approval before executing the action.","allowNo":false},"json":{"name":"json","type":"boolean","description":"Output JSON","allowNo":false},"env":{"name":"env","type":"option","char":"e","description":"Path to env file","default":".env"}},"args":[{"name":"file"}]},"api-mesh:delete":{"id":"api-mesh:delete","description":"Delete the config of a given mesh","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"flags":{"ignoreCache":{"name":"ignoreCache","type":"boolean","char":"i","description":"Ignore cache and force manual org -> project -> workspace selection","allowNo":false},"autoConfirmAction":{"name":"autoConfirmAction","type":"boolean","char":"c","description":"Auto confirm action prompt. CLI will not check for user approval before executing the action.","allowNo":false}},"args":[]},"api-mesh:describe":{"id":"api-mesh:describe","description":"Get details of a mesh","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"flags":{"ignoreCache":{"name":"ignoreCache","type":"boolean","char":"i","description":"Ignore cache and force manual org -> project -> workspace selection","allowNo":false}},"args":[]},"api-mesh:get":{"id":"api-mesh:get","description":"Get the config of a given mesh","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"flags":{"ignoreCache":{"name":"ignoreCache","type":"boolean","char":"i","description":"Ignore cache and force manual org -> project -> workspace selection","allowNo":false},"json":{"name":"json","type":"boolean","description":"Output JSON","allowNo":false}},"args":[{"name":"file"}]},"api-mesh:init":{"id":"api-mesh:init","description":"This command will create a workspace where you can organise your API mesh configuration and other files","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"examples":[{"description":"API mesh workspace init","command":"aio api-mesh init commerce-mesh"},{"description":"API mesh workspace init with flags","command":"aio api-mesh init commerce-mesh --path ./mesh_projects/test_mesh --git y --packageManager yarn"}],"flags":{"path":{"name":"path","type":"option","char":"p","default":"."},"packageManager":{"name":"packageManager","type":"option","char":"m","options":["npm","yarn"]},"git":{"name":"git","type":"option","char":"g","options":["y","n"]}},"args":[{"name":"projectName","description":"Project name","required":true}]},"api-mesh:run":{"id":"api-mesh:run","description":"Run a local development server that builds and compiles a mesh locally","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"examples":[],"flags":{"port":{"name":"port","type":"option","char":"p","description":"Port number for the local dev server"},"debug":{"name":"debug","type":"boolean","description":"Enable debugging mode","allowNo":false},"env":{"name":"env","type":"option","char":"e","description":"Path to env file","default":".env"},"autoConfirmAction":{"name":"autoConfirmAction","type":"boolean","char":"c","description":"Auto confirm action prompt. CLI will not check for user approval before executing the action.","allowNo":false},"select":{"name":"select","type":"boolean","description":"Retrieve existing artifacts from the mesh","allowNo":false}},"args":[{"name":"file","description":"Mesh File"}]},"api-mesh:status":{"id":"api-mesh:status","description":"Get a mesh status with a given meshid.","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"flags":{"ignoreCache":{"name":"ignoreCache","type":"boolean","char":"i","description":"Ignore cache and force manual org -> project -> workspace selection","allowNo":false}},"args":[]},"api-mesh:update":{"id":"api-mesh:update","description":"Update a mesh with the given config.","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"flags":{"ignoreCache":{"name":"ignoreCache","type":"boolean","char":"i","description":"Ignore cache and force manual org -> project -> workspace selection","allowNo":false},"autoConfirmAction":{"name":"autoConfirmAction","type":"boolean","char":"c","description":"Auto confirm action prompt. CLI will not check for user approval before executing the action.","allowNo":false},"env":{"name":"env","type":"option","char":"e","description":"Path to env file","default":".env"}},"args":[{"name":"file"}]},"api-mesh:source:discover":{"id":"api-mesh:source:discover","description":"Return the list of avaliable sources","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"flags":{"confirm":{"name":"confirm","type":"boolean","char":"c","description":"Auto confirm install action prompt. CLI will not check ask user to install source.","allowNo":false}},"args":[]},"api-mesh:source:get":{"id":"api-mesh:source:get","description":"Command returns the content of a specific source.","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"examples":["$ aio api-mesh:source:get -s=<version>@<source_name>","$ aio api-mesh:source:get -s<source_name>","$ aio api-mesh:source:get -m"],"flags":{"confirm":{"name":"confirm","type":"boolean","char":"c","description":"Auto confirm print action prompt. CLI will not check ask user to print source.","allowNo":false},"source":{"name":"source","type":"option","char":"s","description":"Source name"},"multiple":{"name":"multiple","type":"boolean","char":"m","description":"Select multiple sources","allowNo":false}},"args":[]},"api-mesh:source:install":{"id":"api-mesh:source:install","description":"Command to install the source to your API mesh.","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"examples":["$ aio api-mesh:source:install <version>@<source_name>","$ aio api-mesh:source:install <source_name> -v <variable_name>=<variable_value>","$ aio api-mesh:source:install <source_name> -f <path_to_variables_file>"],"flags":{"source":{"name":"source","type":"option","char":"s","description":"Source name"},"confirm":{"name":"confirm","type":"boolean","char":"c","description":"Auto confirm override action prompt. CLI will not check ask user to override source.","allowNo":false},"variable":{"name":"variable","type":"option","char":"v","description":"Variables required for the source"},"variable-file":{"name":"variable-file","type":"option","char":"f","description":"Variables file path"},"ignoreCache":{"name":"ignoreCache","type":"boolean","char":"i","description":"Ignore cache and force manual org -> project -> workspace selection","allowNo":false}},"args":[{"name":"source"}]}}}
+{"version":"3.5.0-alpha.1","commands":{"PLUGINNAME":{"id":"PLUGINNAME","description":"Your description here","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"examples":["$ aio PLUGINNAME:some_command"],"flags":{"someflag":{"name":"someflag","type":"option","char":"f","description":"this is some flag"}},"args":[]},"api-mesh:create":{"id":"api-mesh:create","description":"Create a mesh with the given config.","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"flags":{"ignoreCache":{"name":"ignoreCache","type":"boolean","char":"i","description":"Ignore cache and force manual org -> project -> workspace selection","allowNo":false},"autoConfirmAction":{"name":"autoConfirmAction","type":"boolean","char":"c","description":"Auto confirm action prompt. CLI will not check for user approval before executing the action.","allowNo":false},"json":{"name":"json","type":"boolean","description":"Output JSON","allowNo":false},"env":{"name":"env","type":"option","char":"e","description":"Path to env file","default":".env"},"secrets":{"name":"secrets","type":"option","char":"s","description":"Path to secrets file","default":false}},"args":[{"name":"file"}]},"api-mesh:delete":{"id":"api-mesh:delete","description":"Delete the config of a given mesh","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"flags":{"ignoreCache":{"name":"ignoreCache","type":"boolean","char":"i","description":"Ignore cache and force manual org -> project -> workspace selection","allowNo":false},"autoConfirmAction":{"name":"autoConfirmAction","type":"boolean","char":"c","description":"Auto confirm action prompt. CLI will not check for user approval before executing the action.","allowNo":false}},"args":[]},"api-mesh:describe":{"id":"api-mesh:describe","description":"Get details of a mesh","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"flags":{"ignoreCache":{"name":"ignoreCache","type":"boolean","char":"i","description":"Ignore cache and force manual org -> project -> workspace selection","allowNo":false}},"args":[]},"api-mesh:get":{"id":"api-mesh:get","description":"Get the config of a given mesh","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"flags":{"ignoreCache":{"name":"ignoreCache","type":"boolean","char":"i","description":"Ignore cache and force manual org -> project -> workspace selection","allowNo":false},"json":{"name":"json","type":"boolean","description":"Output JSON","allowNo":false}},"args":[{"name":"file"}]},"api-mesh:init":{"id":"api-mesh:init","description":"This command will create a workspace where you can organise your API mesh configuration and other files","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"examples":[{"description":"API mesh workspace init","command":"aio api-mesh init commerce-mesh"},{"description":"API mesh workspace init with flags","command":"aio api-mesh init commerce-mesh --path ./mesh_projects/test_mesh --git y --packageManager yarn"}],"flags":{"path":{"name":"path","type":"option","char":"p","default":"."},"packageManager":{"name":"packageManager","type":"option","char":"m","options":["npm","yarn"]},"git":{"name":"git","type":"option","char":"g","options":["y","n"]}},"args":[{"name":"projectName","description":"Project name","required":true}]},"api-mesh:run":{"id":"api-mesh:run","description":"Run a local development server that builds and compiles a mesh locally","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"examples":[],"flags":{"port":{"name":"port","type":"option","char":"p","description":"Port number for the local dev server"},"debug":{"name":"debug","type":"boolean","description":"Enable debugging mode","allowNo":false},"env":{"name":"env","type":"option","char":"e","description":"Path to env file","default":".env"},"autoConfirmAction":{"name":"autoConfirmAction","type":"boolean","char":"c","description":"Auto confirm action prompt. CLI will not check for user approval before executing the action.","allowNo":false},"select":{"name":"select","type":"boolean","description":"Retrieve existing artifacts from the mesh","allowNo":false},"secrets":{"name":"secrets","type":"option","char":"s","description":"Path to secrets file","default":false}},"args":[{"name":"file","description":"Mesh File"}]},"api-mesh:status":{"id":"api-mesh:status","description":"Get a mesh status with a given meshid.","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"flags":{"ignoreCache":{"name":"ignoreCache","type":"boolean","char":"i","description":"Ignore cache and force manual org -> project -> workspace selection","allowNo":false}},"args":[]},"api-mesh:update":{"id":"api-mesh:update","description":"Update a mesh with the given config.","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"flags":{"ignoreCache":{"name":"ignoreCache","type":"boolean","char":"i","description":"Ignore cache and force manual org -> project -> workspace selection","allowNo":false},"autoConfirmAction":{"name":"autoConfirmAction","type":"boolean","char":"c","description":"Auto confirm action prompt. CLI will not check for user approval before executing the action.","allowNo":false},"env":{"name":"env","type":"option","char":"e","description":"Path to env file","default":".env"},"secrets":{"name":"secrets","type":"option","char":"s","description":"Path to secrets file","default":false}},"args":[{"name":"file"}]},"api-mesh:source:discover":{"id":"api-mesh:source:discover","description":"Return the list of avaliable sources","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"flags":{"confirm":{"name":"confirm","type":"boolean","char":"c","description":"Auto confirm install action prompt. CLI will not check ask user to install source.","allowNo":false}},"args":[]},"api-mesh:source:get":{"id":"api-mesh:source:get","description":"Command returns the content of a specific source.","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"examples":["$ aio api-mesh:source:get -s=<version>@<source_name>","$ aio api-mesh:source:get -s<source_name>","$ aio api-mesh:source:get -m"],"flags":{"confirm":{"name":"confirm","type":"boolean","char":"c","description":"Auto confirm print action prompt. CLI will not check ask user to print source.","allowNo":false},"source":{"name":"source","type":"option","char":"s","description":"Source name"},"multiple":{"name":"multiple","type":"boolean","char":"m","description":"Select multiple sources","allowNo":false}},"args":[]},"api-mesh:source:install":{"id":"api-mesh:source:install","description":"Command to install the source to your API mesh.","pluginName":"@adobe/aio-cli-plugin-api-mesh","pluginType":"core","aliases":[],"examples":["$ aio api-mesh:source:install <version>@<source_name>","$ aio api-mesh:source:install <source_name> -v <variable_name>=<variable_value>","$ aio api-mesh:source:install <source_name> -f <path_to_variables_file>"],"flags":{"source":{"name":"source","type":"option","char":"s","description":"Source name"},"confirm":{"name":"confirm","type":"boolean","char":"c","description":"Auto confirm override action prompt. CLI will not check ask user to override source.","allowNo":false},"variable":{"name":"variable","type":"option","char":"v","description":"Variables required for the source"},"variable-file":{"name":"variable-file","type":"option","char":"f","description":"Variables file path"},"ignoreCache":{"name":"ignoreCache","type":"boolean","char":"i","description":"Ignore cache and force manual org -> project -> workspace selection","allowNo":false}},"args":[{"name":"source"}]}}}

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@adobe/aio-cli-plugin-api-mesh",
-	"version": "3.4.0",
+	"version": "3.5.0-alpha.1",
 	"description": "Adobe I/O CLI plugin to develop and manage API mesh sources",
 	"keywords": [
 		"oclif-plugin"
@@ -37,7 +37,7 @@
 		"version": "oclif-dev readme && git add README.md"
 	},
 	"dependencies": {
-		"@adobe-apimesh/mesh-builder": "1.5.0",
+		"@adobe-apimesh/mesh-builder": "1.4.4",
 		"@adobe/aio-cli-lib-console": "^4.0.0",
 		"@adobe/aio-lib-core-config": "^3.0.0",
 		"@adobe/aio-lib-core-logging": "^2.0.0",
@@ -52,6 +52,7 @@
 		"@graphql-mesh/plugin-http-details-extensions": "0.1.21",
 		"@graphql-mesh/runtime": "0.46.21",
 		"@graphql-mesh/soap": "0.14.25",
+		"@graphql-mesh/store": "0.9.20",
 		"@graphql-mesh/transform-encapsulate": "0.4.21",
 		"@graphql-mesh/transform-federation": "0.11.14",
 		"@graphql-mesh/transform-filter-schema": "0.15.23",
@@ -64,7 +65,6 @@
 		"@graphql-mesh/transform-resolvers-composition": "0.13.20",
 		"@graphql-mesh/transform-type-merging": "0.5.20",
 		"@graphql-mesh/types": "0.91.12",
-		"@graphql-mesh/store": "0.9.20",
 		"@oclif/command": "^1.6.1",
 		"@oclif/config": "^1.15.1",
 		"@oclif/core": "^1.14.1",
@@ -74,6 +74,7 @@
 		"child_process": "^1.0.2",
 		"content-disposition": "^0.5.4",
 		"dotenv": "^16.0.3",
+		"envsub": "^4.1.0",
 		"eslint-plugin-promise": "^6.0.0",
 		"eslint-plugin-security": "^1.5.0",
 		"eslint-plugin-sonarjs": "^0.16.0",
@@ -92,7 +93,8 @@
 		"pupa": "^3.1.0",
 		"source-registry-storage-adapter": "github:devx-services/source-registry-storage-adapter#main",
 		"util": "^0.12.5",
-		"uuid": "^8.3.2"
+		"uuid": "^8.3.2",
+		"yaml": "^2.4.2"
 	},
 	"devDependencies": {
 		"@babel/eslint-parser": "^7.15.8",

package/src/commands/__fixtures__/sample_secrets_mesh.json

@@ -0,0 +1,18 @@
+{
+	"meshConfig": {
+		"sources": [
+			{
+				"name": "Commerce",
+				"handler": {
+					"graphql": {
+						"endpoint": "https://venia.magento.com/graphql",
+						"operationHeaders": {
+							"Authorization": "{context.secrets.Token}"
+						},
+						"useGETForQueries": true
+					}
+				}
+			}
+		]
+	}
+}

package/src/commands/__fixtures__/secrets_invalid.yaml

@@ -0,0 +1,3 @@
+HOME: 'home'
+TOKEN: "dummy-token"
+TOKEN: "dummy-token-duplicate"

package/src/commands/__fixtures__/secrets_valid.yaml

@@ -0,0 +1,2 @@
+HOME: 'home'
+TOKEN: "dummy-token"

package/src/commands/__fixtures__/secrets_with_batch_variables.yaml

@@ -0,0 +1,4 @@
+HOME: 'home'
+TOKEN: "dummy-token"
+batchHome: '$HOME'
+USER: '${USER}'

package/src/commands/api-mesh/__tests__/create.test.js

@@ -11,6 +11,7 @@ governing permissions and limitations under the License.
 */
 
 const mockConsoleCLIInstance = {};
+const crypto = require('crypto');
 
 jest.mock('axios');
 jest.mock('@adobe/aio-lib-ims');
@@ -44,19 +45,56 @@ const {
 	createAPIMeshCredentials,
 	subscribeCredentialToMeshService,
 	getTenantFeatures,
+	getPublicEncryptionKey,
 } = require('../../../lib/devConsole');
 
 const selectedOrg = { id: '1234', code: 'CODE1234@AdobeOrg', name: 'ORG01', type: 'entp' };
+
+const os = require('os');
+
 const selectedProject = { id: '5678', title: 'Project01' };
 const selectedWorkspace = { id: '123456789', title: 'Workspace01' };
 
+jest.mock('@adobe/aio-cli-lib-console', () => ({
+	init: jest.fn().mockResolvedValue(mockConsoleCLIInstance),
+	cleanStdOut: jest.fn(),
+}));
+
+jest.mock('axios');
+jest.mock('@adobe/aio-lib-ims');
+jest.mock('@adobe/aio-lib-env');
+jest.mock('@adobe/aio-cli-lib-console');
+jest.mock('../../../helpers', () => ({
+	initSdk: jest.fn().mockResolvedValue({}),
+	initRequestId: jest.fn().mockResolvedValue({}),
+	promptConfirm: jest.fn().mockResolvedValue(true),
+	interpolateMesh: jest.fn().mockResolvedValue({}),
+	importFiles: jest.fn().mockResolvedValue(),
+}));
+jest.mock('../../../lib/devConsole');
+jest.mock('chalk', () => ({
+	red: jest.fn(text => text), // Return the input text without any color formatting
+	bold: jest.fn(text => text),
+}));
+jest.mock('crypto');
+
 let logSpy = null;
 let errorLogSpy = null;
 let parseSpy = null;
+let platformSpy = null;
 
 const mockIgnoreCacheFlag = Promise.resolve(true);
 const mockAutoApproveAction = Promise.resolve(false);
 
+// Mock randomBytes for aesKey and iv
+const mockAesKey = Buffer.from('mockAesKey');
+const mockIv = Buffer.from('mockIv');
+const mockEncryptedAesKey = Buffer.from('mockEncryptedAesKey');
+const mockCipher = {
+	update: jest.fn().mockReturnValueOnce('mockEncryptedData'),
+	final: jest.fn().mockReturnValueOnce(''),
+};
+
 describe('create command tests', () => {
 	beforeEach(() => {
 		initSdk.mockResolvedValue({
@@ -69,6 +107,12 @@ describe('create command tests', () => {
 			projectName: selectedProject.title,
 		});
 
+		global.requestId = 'dummy_request_id';
+
+		logSpy = jest.spyOn(CreateCommand.prototype, 'log');
+		errorLogSpy = jest.spyOn(CreateCommand.prototype, 'error');
+		platformSpy = jest.spyOn(os, 'platform');
+
 		createMesh.mockResolvedValue({
 			mesh: {
 				meshId: 'dummy_mesh_id',
@@ -95,6 +139,7 @@ describe('create command tests', () => {
 			showCloudflareURL: false,
 		});
 
+		getPublicEncryptionKey.mockResolvedValue('dummy_public_key');
 		global.requestId = 'dummy_request_id';
 
 		logSpy = jest.spyOn(CreateCommand.prototype, 'log');
@@ -109,6 +154,10 @@ describe('create command tests', () => {
 		});
 	});
 
+	afterEach(() => {
+		platformSpy.mockRestore();
+	});
+
 	test('must return proper object structure used by adobe/generator-app-api-mesh', async () => {
 		parseSpy.mockResolvedValueOnce({
 			args: { file: 'src/commands/__fixtures__/sample_mesh.json' },
@@ -171,6 +220,15 @@ describe('create command tests', () => {
 		    "parse": [Function],
 		    "type": "boolean",
 		  },
+		  "secrets": {
+		    "char": "s",
+		    "default": false,
+		    "description": "Path to secrets file",
+		    "input": [],
+		    "multiple": false,
+		    "parse": [Function],
+		    "type": "option",
+		  },
 		}
 	`);
 		expect(CreateCommand.aliases).toMatchInlineSnapshot(`[]`);
@@ -1831,4 +1889,244 @@ describe('create command tests', () => {
 			'https://graph.adobe.io/api/dummy_mesh_id/graphql?api_key=dummy_api_key',
 		);
 	});
+
+	test('should return error if mesh has placeholders and the provided secrets file is invalid', async () => {
+		parseSpy.mockResolvedValueOnce({
+			args: { file: 'src/commands/__fixtures__/sample_secrets_mesh.json' },
+			flags: {
+				ignoreCache: mockIgnoreCacheFlag,
+				autoConfirmAction: Promise.resolve(true),
+				secrets: 'src/commands/__fixtures__/secrets_invalid.yaml',
+			},
+		});
+
+		const runResult = CreateCommand.run();
+
+		await expect(runResult).rejects.toEqual(
+			new Error('Unable to import secrets. Please check the file and try again.'),
+		);
+
+		expect(errorLogSpy.mock.calls).toMatchInlineSnapshot(`
+		[
+		  [
+		    "Unable to import secrets. Please check the file and try again.",
+		  ],
+		]
+	`);
+	});
+
+	test('should return error if mesh has placeholders and the provided secrets file is not yaml or yml', async () => {
+		parseSpy.mockResolvedValueOnce({
+			args: { file: 'src/commands/__fixtures__/sample_secrets_mesh.json' },
+			flags: {
+				ignoreCache: mockIgnoreCacheFlag,
+				autoConfirmAction: Promise.resolve(true),
+				secrets: 'src/commands/__fixtures__/.secrets_file.env',
+			},
+		});
+
+		const runResult = CreateCommand.run();
+
+		await expect(runResult).rejects.toEqual(
+			new Error('Unable to import secrets. Please check the file and try again.'),
+		);
+
+		expect(logSpy.mock.calls).toMatchInlineSnapshot(`
+		[
+		  [
+		    "Invalid file format. Please provide a YAML file (.yaml or .yml).",
+		  ],
+		]
+	`);
+
+		expect(errorLogSpy.mock.calls).toMatchInlineSnapshot(`
+		[
+		  [
+		    "Unable to import secrets. Please check the file and try again.",
+		  ],
+		]
+	`);
+	});
+
+	test('should successfully create a mesh if provided secrets file is valid', async () => {
+		parseSpy.mockResolvedValueOnce({
+			args: { file: 'src/commands/__fixtures__/sample_secrets_mesh.json' },
+			flags: {
+				ignoreCache: mockIgnoreCacheFlag,
+				autoConfirmAction: Promise.resolve(true),
+				secrets: 'src/commands/__fixtures__/secrets_valid.yaml',
+			},
+		});
+
+		crypto.randomBytes.mockReturnValueOnce(mockAesKey).mockReturnValueOnce(mockIv);
+		crypto.createCipheriv.mockReturnValueOnce(mockCipher);
+		crypto.publicEncrypt.mockReturnValueOnce(mockEncryptedAesKey);
+
+		const runResult = await CreateCommand.run();
+		expect(runResult).toMatchInlineSnapshot(`
+		{
+		  "apiKey": "dummy_api_key",
+		  "mesh": {
+		    "meshConfig": {
+		      "sources": [
+		        {
+		          "handler": {
+		            "graphql": {
+		              "endpoint": "<gql_endpoint>",
+		            },
+		          },
+		          "name": "<api_name>",
+		        },
+		      ],
+		    },
+		    "meshId": "dummy_mesh_id",
+		  },
+		  "sdkList": [
+		    "dummy_service",
+		  ],
+		}
+	`);
+	});
+
+	test('should return error if ran against windows platform with batch variables', async () => {
+		platformSpy.mockReturnValue('win32');
+		parseSpy.mockResolvedValueOnce({
+			args: { file: 'src/commands/__fixtures__/sample_secrets_mesh.json' },
+			flags: {
+				ignoreCache: mockIgnoreCacheFlag,
+				autoConfirmAction: Promise.resolve(true),
+				secrets: 'src/commands/__fixtures__/secrets_with_batch_variables.yaml',
+			},
+		});
+
+		const runResult = CreateCommand.run();
+
+		await expect(runResult).rejects.toEqual(
+			new Error('Unable to import secrets. Please check the file and try again.'),
+		);
+
+		expect(logSpy.mock.calls).toMatchInlineSnapshot(`
+		[
+		  [
+		    "Batch variables are not supported in YAML files on Windows.",
+		  ],
+		]
+	`);
+		expect(errorLogSpy.mock.calls).toMatchInlineSnapshot(`
+		[
+		  [
+		    "Unable to import secrets. Please check the file and try again.",
+		  ],
+		]
+	`);
+	});
+
+	test('should pass if ran against linux platform with batch variables', async () => {
+		platformSpy.mockReturnValue('linux');
+		parseSpy.mockResolvedValueOnce({
+			args: { file: 'src/commands/__fixtures__/sample_secrets_mesh.json' },
+			flags: {
+				ignoreCache: mockIgnoreCacheFlag,
+				autoConfirmAction: Promise.resolve(true),
+				secrets: 'src/commands/__fixtures__/secrets_with_batch_variables.yaml',
+			},
+		});
+
+		crypto.randomBytes.mockReturnValueOnce(mockAesKey).mockReturnValueOnce(mockIv);
+		crypto.createCipheriv.mockReturnValueOnce(mockCipher);
+		crypto.publicEncrypt.mockReturnValueOnce(mockEncryptedAesKey);
+
+		const runResult = await CreateCommand.run();
+		expect(runResult).toMatchInlineSnapshot(`
+		{
+		  "apiKey": "dummy_api_key",
+		  "mesh": {
+		    "meshConfig": {
+		      "sources": [
+		        {
+		          "handler": {
+		            "graphql": {
+		              "endpoint": "<gql_endpoint>",
+		            },
+		          },
+		          "name": "<api_name>",
+		        },
+		      ],
+		    },
+		    "meshId": "dummy_mesh_id",
+		  },
+		  "sdkList": [
+		    "dummy_service",
+		  ],
+		}
+	`);
+	});
+
+	test('should pass if ran against darwin(macOS) platform with batch variables', async () => {
+		platformSpy.mockReturnValue('darwin');
+		parseSpy.mockResolvedValueOnce({
+			args: { file: 'src/commands/__fixtures__/sample_secrets_mesh.json' },
+			flags: {
+				ignoreCache: mockIgnoreCacheFlag,
+				autoConfirmAction: Promise.resolve(true),
+				secrets: 'src/commands/__fixtures__/secrets_with_batch_variables.yaml',
+			},
+		});
+
+		crypto.randomBytes.mockReturnValueOnce(mockAesKey).mockReturnValueOnce(mockIv);
+		crypto.createCipheriv.mockReturnValueOnce(mockCipher);
+		crypto.publicEncrypt.mockReturnValueOnce(mockEncryptedAesKey);
+
+		const runResult = await CreateCommand.run();
+		expect(runResult).toMatchInlineSnapshot(`
+		{
+		  "apiKey": "dummy_api_key",
+		  "mesh": {
+		    "meshConfig": {
+		      "sources": [
+		        {
+		          "handler": {
+		            "graphql": {
+		              "endpoint": "<gql_endpoint>",
+		            },
+		          },
+		          "name": "<api_name>",
+		        },
+		      ],
+		    },
+		    "meshId": "dummy_mesh_id",
+		  },
+		  "sdkList": [
+		    "dummy_service",
+		  ],
+		}
+	`);
+	});
+
+	test('should return error if secrets file is valid but public key for encryption is empty', async () => {
+		parseSpy.mockResolvedValueOnce({
+			args: { file: 'src/commands/__fixtures__/sample_secrets_mesh.json' },
+			flags: {
+				ignoreCache: mockIgnoreCacheFlag,
+				autoConfirmAction: Promise.resolve(true),
+				secrets: 'src/commands/__fixtures__/secrets_valid.yaml',
+			},
+		});
+		getPublicEncryptionKey.mockResolvedValue('');
+
+		crypto.randomBytes.mockReturnValueOnce(mockAesKey).mockReturnValueOnce(mockIv);
+		crypto.createCipheriv.mockReturnValueOnce(mockCipher);
+
+		const runResult = CreateCommand.run();
+		await expect(runResult).rejects.toEqual(
+			new Error('Unable to import secrets. Please check the file and try again.'),
+		);
+		expect(logSpy.mock.calls).toMatchInlineSnapshot(`
+		[
+		  [
+		    "Unable to encrypt secerts. Invalid Public Key.",
+		  ],
+		]
+	`);
+	});
 });

package/src/commands/api-mesh/__tests__/run.test.js

@@ -18,6 +18,7 @@ const {
 	promptConfirm,
 	setUpTenantFiles,
 	initSdk,
+	writeSecretsFile,
 } = require('../../../helpers');
 const { getMeshId, getMeshArtifact } = require('../../../lib/devConsole');
 require('@adobe-apimesh/mesh-builder');
@@ -35,12 +36,16 @@ jest.mock('../../../helpers', () => ({
 	importFiles: jest.fn().mockResolvedValue(),
 	promptConfirm: jest.fn().mockResolvedValue(true),
 	setUpTenantFiles: jest.fn().mockResolvedValue(),
+	writeSecretsFile: jest.fn().mockResolvedValue(),
 }));
 
 jest.mock('../../../lib/devConsole', () => ({
 	getMeshId: jest.fn().mockResolvedValue('mockMeshId'),
 	getMeshArtifact: jest.fn().mockResolvedValue(),
 }));
+jest.mock('chalk', () => ({
+	red: jest.fn(text => text), // Return the input text without any color formatting
+}));
 
 jest.mock('@adobe-apimesh/mesh-builder', () => {
 	return {
@@ -55,12 +60,15 @@ jest.mock('@adobe-apimesh/mesh-builder', () => {
 let logSpy = null;
 let errorLogSpy = null;
 let parseSpy = null;
+let platformSpy = null;
 
 const originalEnv = {
 	API_MESH_TIER: 'NON-TI',
 };
 
 const defaultPort = 5000;
+const os = require('os');
+
 describe('run command tests', () => {
 	beforeEach(() => {
 		global.requestId = 'dummy_request_id';
@@ -68,10 +76,14 @@ describe('run command tests', () => {
 		logSpy = jest.spyOn(RunCommand.prototype, 'log');
 		errorLogSpy = jest.spyOn(RunCommand.prototype, 'error');
 		parseSpy = jest.spyOn(RunCommand.prototype, 'parse');
+		platformSpy = jest.spyOn(os, 'platform');
 		process.env = {
 			...originalEnv,
 		};
 	});
+	afterEach(() => {
+		platformSpy.mockRestore();
+	});
 
 	test('snapshot run command description', () => {
 		expect(RunCommand.description).toMatchInlineSnapshot(
@@ -121,6 +133,15 @@ describe('run command tests', () => {
 		    "parse": [Function],
 		    "type": "option",
 		  },
+		  "secrets": {
+		    "char": "s",
+		    "default": false,
+		    "description": "Path to secrets file",
+		    "input": [],
+		    "multiple": false,
+		    "parse": [Function],
+		    "type": "option",
+		  },
 		  "select": {
 		    "allowNo": false,
 		    "default": false,
@@ -836,4 +857,109 @@ describe('run command tests', () => {
 		);
 		expect(setUpTenantFiles).toHaveBeenCalled();
 	});
+
+	test('should return error for run command if mesh has placeholders and the provided secrets file is invalid', async () => {
+		parseSpy.mockResolvedValueOnce({
+			args: { file: 'src/commands/__fixtures__/sample_secrets_mesh.json' },
+			flags: {
+				secrets: 'src/commands/__fixtures__/secrets_invalid.yaml',
+			},
+		});
+
+		const runResult = RunCommand.run();
+
+		await expect(runResult).rejects.toEqual(
+			new Error('Unable to import secrets. Please check the file and try again.'),
+		);
+	});
+
+	test('should return error for run command if mesh has placeholders and the provided secrets file is not yaml or yml', async () => {
+		parseSpy.mockResolvedValueOnce({
+			args: { file: 'src/commands/__fixtures__/sample_secrets_mesh.json' },
+			flags: {
+				secrets: 'src/commands/__fixtures__/.secrets_file.env',
+			},
+		});
+
+		const runResult = RunCommand.run();
+
+		await expect(runResult).rejects.toEqual(
+			new Error('Unable to import secrets. Please check the file and try again.'),
+		);
+
+		expect(logSpy.mock.calls).toMatchInlineSnapshot(`
+		[
+		  [
+		    "Invalid file format. Please provide a YAML file (.yaml or .yml).",
+		  ],
+		]
+	`);
+	});
+
+	test('should successfully run the mesh if provided secrets file is valid', async () => {
+		parseSpy.mockResolvedValueOnce({
+			args: { file: 'src/commands/__fixtures__/sample_secrets_mesh.json' },
+			flags: {
+				secrets: 'src/commands/__fixtures__/secrets_valid.yaml',
+				debug: false,
+			},
+		});
+
+		await RunCommand.run();
+		expect(writeSecretsFile).toHaveBeenCalled();
+		expect(startGraphqlServer).toHaveBeenCalledWith(expect.anything(), defaultPort, false);
+	});
+
+	test('should return error if ran with secrets against windows platform with batch variables', async () => {
+		platformSpy.mockReturnValue('win32');
+		parseSpy.mockResolvedValueOnce({
+			args: { file: 'src/commands/__fixtures__/sample_secrets_mesh.json' },
+			flags: {
+				secrets: 'src/commands/__fixtures__/secrets_with_batch_variables.yaml',
+			},
+		});
+
+		const runResult = RunCommand.run();
+		await expect(runResult).rejects.toEqual(
+			new Error('Unable to import secrets. Please check the file and try again.'),
+		);
+
+		expect(logSpy.mock.calls).toMatchInlineSnapshot(`
+		[
+		  [
+		    "Batch variables are not supported in YAML files on Windows.",
+		  ],
+		]
+	`);
+	});
+
+	test('should pass if ran with secrets against linux platform with batch variables', async () => {
+		platformSpy.mockReturnValue('linux');
+		parseSpy.mockResolvedValueOnce({
+			args: { file: 'src/commands/__fixtures__/sample_secrets_mesh.json' },
+			flags: {
+				secrets: 'src/commands/__fixtures__/secrets_with_batch_variables.yaml',
+				debug: false,
+			},
+		});
+
+		await RunCommand.run();
+		expect(writeSecretsFile).toHaveBeenCalled();
+		expect(startGraphqlServer).toHaveBeenCalledWith(expect.anything(), defaultPort, false);
+	});
+
+	test('should pass if ran with secrets against darwin(macOS) platform with batch variables', async () => {
+		platformSpy.mockReturnValue('darwin');
+		parseSpy.mockResolvedValueOnce({
+			args: { file: 'src/commands/__fixtures__/sample_secrets_mesh.json' },
+			flags: {
+				secrets: 'src/commands/__fixtures__/secrets_with_batch_variables.yaml',
+				debug: false,
+			},
+		});
+
+		await RunCommand.run();
+		expect(writeSecretsFile).toHaveBeenCalled();
+		expect(startGraphqlServer).toHaveBeenCalledWith(expect.anything(), defaultPort, false);
+	});
 });

package/src/commands/api-mesh/create.js

@@ -19,11 +19,15 @@ const {
 	jsonFlag,
 	getFilesInMeshConfig,
 	envFileFlag,
+	secretsFlag,
 	checkPlaceholders,
 	readFileContents,
 	validateAndInterpolateMesh,
+	interpolateSecrets,
+	validateSecretsFile,
+	encryptSecrets,
 } = require('../../utils');
-const { createMesh, getTenantFeatures } = require('../../lib/devConsole');
+const { createMesh, getTenantFeatures, getPublicEncryptionKey } = require('../../lib/devConsole');
 const { buildEdgeMeshUrl, buildMeshUrl } = require('../../urlBuilder');
 
 class CreateCommand extends Command {
@@ -33,6 +37,7 @@ class CreateCommand extends Command {
 		autoConfirmAction: autoConfirmActionFlag,
 		json: jsonFlag,
 		env: envFileFlag,
+		secrets: secretsFlag,
 	};
 
 	static enableJsonFlag = true;
@@ -53,6 +58,7 @@ class CreateCommand extends Command {
 		const ignoreCache = await flags.ignoreCache;
 		const autoConfirmAction = await flags.autoConfirmAction;
 		const envFilePath = await flags.env;
+		const secretsFilePath = await flags.secrets;
 		const {
 			imsOrgId,
 			imsOrgCode,
@@ -103,6 +109,20 @@ class CreateCommand extends Command {
 			}
 		}
 
+		// if secrets is present, include that in data.secrets
+		if (secretsFilePath) {
+			try {
+				await validateSecretsFile(secretsFilePath);
+				const secretsData = await interpolateSecrets(secretsFilePath, this);
+				const publicKey = await getPublicEncryptionKey(imsOrgCode);
+				const encryptedSecrets = await encryptSecrets(publicKey, secretsData);
+				data.secrets = encryptedSecrets;
+			} catch (err) {
+				this.log(err.message);
+				this.error('Unable to import secrets. Please check the file and try again.');
+			}
+		}
+
 		let shouldContinue = true;
 
 		if (!autoConfirmAction) {

package/src/commands/api-mesh/run.js

@@ -15,11 +15,14 @@ const {
 	debugFlag,
 	selectFlag,
 	envFileFlag,
+	secretsFlag,
 	autoConfirmActionFlag,
 	readFileContents,
 	validateAndInterpolateMesh,
 	checkPlaceholders,
 	getFilesInMeshConfig,
+	validateSecretsFile,
+	interpolateSecrets,
 } = require('../../utils');
 const meshBuilder = require('@adobe-apimesh/mesh-builder');
 const fs = require('fs');
@@ -31,6 +34,7 @@ const {
 	startGraphqlServer,
 	importFiles,
 	setUpTenantFiles,
+	writeSecretsFile,
 } = require('../../helpers');
 const logger = require('../../classes/logger');
 const { getMeshId, getMeshArtifact } = require('../../lib/devConsole');
@@ -55,6 +59,7 @@ class RunCommand extends Command {
 		env: envFileFlag,
 		autoConfirmAction: autoConfirmActionFlag,
 		select: selectFlag,
+		secrets: secretsFlag,
 	};
 
 	static enableJsonFlag = true;
@@ -67,6 +72,7 @@ class RunCommand extends Command {
 		logger.info(`RequestId: ${global.requestId}`);
 
 		const { args, flags } = await this.parse(RunCommand);
+		const secretsFilePath = await flags.secrets;
 
 		//Initialize the meshId based on
 		let meshId = null;
@@ -165,6 +171,17 @@ class RunCommand extends Command {
 				}
 
 				let portNo;
+				//secrets management
+				if (secretsFilePath) {
+					try {
+						await validateSecretsFile(secretsFilePath);
+						const stringifiedSecrets = await interpolateSecrets(secretsFilePath, this);
+						await writeSecretsFile(stringifiedSecrets, meshId);
+					} catch (error) {
+						this.log(error.message);
+						this.error('Unable to import secrets. Please check the file and try again.');
+					}
+				}
 
 				//To set the port number using the environment file
 				if (process.env.PORT !== undefined) {

package/src/commands/api-mesh/update.js

@@ -17,12 +17,16 @@ const {
 	ignoreCacheFlag,
 	autoConfirmActionFlag,
 	envFileFlag,
+	secretsFlag,
 	checkPlaceholders,
 	readFileContents,
 	validateAndInterpolateMesh,
 	getFilesInMeshConfig,
+	interpolateSecrets,
+	validateSecretsFile,
+	encryptSecrets,
 } = require('../../utils');
-const { getMeshId, updateMesh } = require('../../lib/devConsole');
+const { getMeshId, updateMesh, getPublicEncryptionKey } = require('../../lib/devConsole');
 
 class UpdateCommand extends Command {
 	static args = [{ name: 'file' }];
@@ -30,6 +34,7 @@ class UpdateCommand extends Command {
 		ignoreCache: ignoreCacheFlag,
 		autoConfirmAction: autoConfirmActionFlag,
 		env: envFileFlag,
+		secrets: secretsFlag,
 	};
 
 	async run() {
@@ -48,12 +53,19 @@ class UpdateCommand extends Command {
 		const ignoreCache = await flags.ignoreCache;
 		const autoConfirmAction = await flags.autoConfirmAction;
 		const envFilePath = await flags.env;
-
-		const { imsOrgId, projectId, workspaceId, orgName, projectName, workspaceName } = await initSdk(
-			{
-				ignoreCache,
-			},
-		);
+		const secretsFilePath = await flags.secrets;
+
+		const {
+			imsOrgId,
+			imsOrgCode,
+			projectId,
+			workspaceId,
+			orgName,
+			projectName,
+			workspaceName,
+		} = await initSdk({
+			ignoreCache,
+		});
 
 		//Input the mesh data from the input file
 		let inputMeshData = await readFileContents(args.file, this, 'mesh');
@@ -103,6 +115,20 @@ class UpdateCommand extends Command {
 			}
 		}
 
+		// if secrets is present, include that in data.secrets
+		if (secretsFilePath) {
+			try {
+				await validateSecretsFile(secretsFilePath);
+				const secretsData = await interpolateSecrets(secretsFilePath, this);
+				const publicKey = await getPublicEncryptionKey(imsOrgCode);
+				const encryptedSecrets = await encryptSecrets(publicKey, secretsData);
+				data.secrets = encryptedSecrets;
+			} catch (err) {
+				this.log(err.message);
+				this.error('Unable to import secrets. Please check the file and try again.');
+			}
+		}
+
 		if (meshId) {
 			let shouldContinue = true;
 

package/src/helpers.js

@@ -860,6 +860,26 @@ async function setUpTenantFiles(meshId) {
 	}
 }
 
+/**
+ * This function is to create secrets.yaml in mesh-artifacts for respective meshId. Used for local development run command
+ *
+ * @secretsData secretsData
+ * @meshId meshId
+ */
+async function writeSecretsFile(secretsData, meshId) {
+	if (!fs.existsSync(path.resolve(process.cwd(), 'mesh-artifact', meshId))) {
+		throw new Error(`Unexpected Error: issue creating secrets file.`);
+	}
+	try {
+		const secretsFileName = 'secrets.yaml';
+		const folderPath = path.join(process.cwd(), 'mesh-artifact', meshId);
+		const filePath = path.join(folderPath, secretsFileName);
+		fs.writeFileSync(filePath, secretsData);
+	} catch (error) {
+		throw new Error(error.message);
+	}
+}
+
 module.exports = {
 	objToString,
 	promptInput,
@@ -876,4 +896,5 @@ module.exports = {
 	updateFilesArray,
 	startGraphqlServer,
 	setUpTenantFiles,
+	writeSecretsFile,
 };

package/src/lib/devConsole.js

@@ -10,6 +10,7 @@ const fs = require('fs');
 const util = require('util');
 const exec = util.promisify(require('child_process').exec);
 const contentDisposition = require('content-disposition');
+const chalk = require('chalk');
 
 const { DEV_CONSOLE_TRANSPORTER_API_KEY, SMS_BASE_URL } = CONSTANTS;
 
@@ -968,6 +969,52 @@ const getMeshDeployments = async (organizationCode, projectId, workspaceId, mesh
 	}
 };
 
+/**
+ * Gets the public key to encrypt secrets.
+ *
+ * This request bypasses the Dev Console and is sent directly to the Schema Management Service.
+ * As a result, we provide the publicKey used for secrets encryption.
+ * The near-term goal is to stop using Dev Console as a proxy for all routes.
+ * @param organizationCode
+ * @returns string
+ */
+const getPublicEncryptionKey = async organizationCode => {
+	const { accessToken, apiKey } = await getDevConsoleConfig();
+	const config = {
+		method: 'get',
+		url: `${SMS_BASE_URL}/organizations/${organizationCode}/getPublicKey?API_KEY=${apiKey}`,
+		headers: {
+			'Authorization': `Bearer ${accessToken}`,
+			'x-request-id': global.requestId,
+		},
+	};
+	logger.info(
+		'Initiating GET %s',
+		`${SMS_BASE_URL}/organizations/${organizationCode}/getPublicKey?API_KEY=${apiKey}`,
+	);
+	try {
+		const response = await axios(config);
+
+		logger.info('Response from GET %s', response.status);
+		if (response.status == 200) {
+			let publicKey = '';
+			logger.info(`Public key for encryption: ${objToString(response, ['data'])}`);
+			if (response.data.publicKey) {
+				publicKey = response.data.publicKey.replace(/\\n/g, '\n'); //correcting public key format
+			}
+			return publicKey;
+		} else {
+			let errorMessage = `Failed to load encryption keys. Please contact support.`;
+			logger.error(`${errorMessage}. Received ${response.status}, expected 200`);
+			throw new Error(chalk.red(errorMessage));
+		}
+	} catch (error) {
+		let errorMessage = `Something went wrong while encrypting secrets. Please try again.`;
+		logger.error(errorMessage);
+		throw new Error(chalk.red(errorMessage));
+	}
+};
+
 module.exports = {
 	getApiKeyCredential,
 	describeMesh,
@@ -984,4 +1031,5 @@ module.exports = {
 	getMeshArtifact,
 	getTenantFeatures,
 	getMeshDeployments,
+	getPublicEncryptionKey,
 };

package/src/server.js

@@ -13,6 +13,7 @@ const {
 	removeRequestHeaders,
 	prepSourceResponseHeaders,
 	processResponseHeaders,
+	readSecretsFile,
 } = require('./serverUtils');
 
 let yogaServer = null;
@@ -64,6 +65,8 @@ const getYogaServer = async () => {
 		const tenantMesh = await getBuiltMesh();
 		const corsOptions = getCORSOptions();
 
+		const secrets = readSecretsFile(meshId);
+
 		logger.info('Creating graphQL server');
 
 		meshConfig = readMeshConfig(meshId);
@@ -73,6 +76,10 @@ const getYogaServer = async () => {
 			graphqlEndpoint: `/graphql`,
 			graphiql: true,
 			cors: corsOptions,
+			context: initialContext => ({
+				...initialContext,
+				secrets,
+			}),
 		});
 
 		return yogaServer;

package/src/serverUtils.js

@@ -2,6 +2,7 @@ const fs = require('fs');
 const path = require('path');
 const LRUCache = require('lru-cache');
 const logger = require('./classes/logger');
+const YAML = require('yaml');
 
 const headersCache = new LRUCache({
 	max: parseInt(process.env.CACHE_OPT_MAX || '500', 10),
@@ -315,9 +316,29 @@ function ccDirectivesToString(directives) {
 	return chStr.toString();
 }
 
+/**
+ * Returns secrets content from artifacts
+ * @param meshId
+ * @returns
+ */
+function readSecretsFile(meshId) {
+	let secrets = {};
+	try {
+		const filePath = path.resolve(process.cwd(), 'mesh-artifact', `${meshId}`, 'secrets.yaml');
+		if (fs.existsSync(filePath)) {
+			secrets = YAML.parse(fs.readFileSync(filePath, 'utf8'));
+		}
+	} catch (error) {
+		logger.error('Unexpected error: unable to locate secrets file in mesh artifacts.');
+		throw new Error(error.message);
+	}
+	return secrets;
+}
+
 module.exports = {
 	readMeshConfig,
 	removeRequestHeaders,
 	prepSourceResponseHeaders,
 	processResponseHeaders,
+	readSecretsFile,
 };

package/src/utils.js

@@ -5,6 +5,11 @@ const { Flags } = require('@oclif/core');
 const { readFile } = require('fs/promises');
 const { interpolateMesh } = require('./helpers');
 const dotenv = require('dotenv');
+const YAML = require('yaml');
+const parseEnv = require('envsub/js/envsub-parser');
+const os = require('os');
+const chalk = require('chalk');
+const crypto = require('crypto');
 
 /**
  * @returns returns the root directory of the project
@@ -41,6 +46,12 @@ const envFileFlag = Flags.string({
 	default: '.env',
 });
 
+const secretsFlag = Flags.string({
+	char: 's',
+	description: 'Path to secrets file',
+	default: false,
+});
+
 const portNoFlag = Flags.integer({
 	char: 'p',
 	description: 'Port number for the local dev server',
@@ -391,6 +402,136 @@ async function validateAndInterpolateMesh(inputMeshData, envFilePath, command) {
 	}
 }
 
+/**
+ * Validate secrets file
+ *
+ * @param secretsFile Validates that secrets file extension is in yaml
+ */
+async function validateSecretsFile(secretsFile) {
+	try {
+		const validExtensions = ['.yaml', '.yml'];
+		const fileExtension = secretsFile.split('.').pop().toLowerCase();
+		if (!validExtensions.includes('.' + fileExtension)) {
+			throw new Error(
+				chalk.red('Invalid file format. Please provide a YAML file (.yaml or .yml).'),
+			);
+		}
+	} catch (error) {
+		logger.error(error.message);
+		throw new Error(error.message);
+	}
+}
+
+/**
+ * Read the secrets file, checks validation and interpolate mesh
+ *
+ * @param secretsFilePath Secrets file path
+ * @param command
+ */
+async function interpolateSecrets(secretsFilePath, command) {
+	try {
+		const secretsContent = await readFileContents(secretsFilePath, command, 'secrets');
+
+		// Check if environment variables are used in the file content
+		if (os.platform() === 'win32' && /\$({)?[a-zA-Z_][a-zA-Z0-9_]*}?/.test(secretsContent)) {
+			throw new Error(chalk.red('Batch variables are not supported in YAML files on Windows.'));
+		}
+		const secrets = await parseSecrets(secretsContent);
+		return secrets;
+	} catch (err) {
+		logger.error(err.message);
+		throw new Error(err.message);
+	}
+}
+
+/**
+ * Parse secrets YAML content.
+ *
+ * @param secretsFilePath Secrets file path
+ */
+async function parseSecrets(secretsContent) {
+	try {
+		const envParserConfig = {
+			outputFile: null,
+			options: {
+				all: false,
+				diff: false,
+				protect: false,
+				syntax: 'dollar-both',
+			},
+			cli: false,
+		};
+		const compiledSecretsFileContent = parseEnv(secretsContent, envParserConfig);
+		const parsedSecrets = YAML.parse(compiledSecretsFileContent);
+		//check if secrets file is empty
+		if (!parsedSecrets) {
+			throw new Error(chalk.red('Invalid YAML file contents. Please verify and try again.'));
+		}
+		//check if parsedSecrets is string and not in k:v pair
+		if (typeof parsedSecrets === 'string') {
+			throw new Error(chalk.red('Please provide a valid YAML in key:value format.'));
+		}
+		const secretsYamlString = YAML.stringify(parsedSecrets);
+		return secretsYamlString; //TODO: here we will encrypt secrets and return.
+	} catch (err) {
+		throw new Error(chalk.red(getSecretsYamlParseError(err)));
+	}
+}
+
+/**
+ * This function returns user friendly errors that occurs while YAML.parse
+ *
+ * @param error errors from YAML.parse
+ */
+function getSecretsYamlParseError(error) {
+	if (error.code === 'BAD_INDENT') {
+		return 'Invalid YAML - Bad Indentation: ' + error.message;
+	} else if (error.code === 'DUPLICATE_KEY') {
+		return 'Invalid YAML - Found Duplicate Keys: ' + error.message;
+	} else {
+		return 'Unexpected Error: ' + error.message;
+	}
+}
+
+/**
+ * Performs hybrid encryption of secrets(AES + RSA)
+ *
+ * @param publicKey Public key for (AES + RSA) encryption
+ * @param secrets Secrets Data that needs encryption
+ */
+async function encryptSecrets(publicKey, secrets) {
+	if (!publicKey || typeof publicKey !== 'string' || !publicKey.trim()) {
+		throw new Error(chalk.red('Unable to encrypt secerts. Invalid Public Key.'));
+	}
+	try {
+		// Generate a random AES key and IV
+		const aesKey = crypto.randomBytes(32); // 256-bit key for AES-256
+		const iv = crypto.randomBytes(16); // Initialization vector
+		// Encrypt the secrets using AES-256-CBC
+		const cipher = crypto.createCipheriv('aes-256-cbc', aesKey, iv);
+		let encryptedData = cipher.update(secrets, 'utf8', 'base64');
+		encryptedData += cipher.final('base64');
+		// Encrypt the AES key using RSA with OAEP padding
+		const encryptedAesKey = crypto.publicEncrypt(
+			{
+				key: publicKey,
+				padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
+			},
+			aesKey,
+		);
+		// Package the encrypted AES key, IV, and encrypted data
+		const encryptedPackage = {
+			iv: iv.toString('base64'),
+			key: encryptedAesKey.toString('base64'),
+			data: encryptedData,
+		};
+		return JSON.stringify(encryptedPackage);
+	} catch (error) {
+		logger.error('Unable to encrypt secrets. Please try again. :', error.message);
+		throw new Error(`Unable to encrypt secerts. ${error.message}`);
+	}
+}
+
 module.exports = {
 	ignoreCacheFlag,
 	autoConfirmActionFlag,
@@ -405,4 +546,8 @@ module.exports = {
 	portNoFlag,
 	debugFlag,
 	selectFlag,
+	secretsFlag,
+	interpolateSecrets,
+	validateSecretsFile,
+	encryptSecrets,
 };