@alacard-project/config-sdk 1.0.0

package/src/types/types.ts

@@ -0,0 +1,12 @@
+export interface ConfigMap {
+  [key: string]: string;
+}
+
+export interface ConfigOptions {
+    serviceName: string;
+    environment: string;
+    grpcUrl: string;
+    version?: string;
+    kafkaBrokers?: string[];
+    useDotenvFallback?: boolean;
+}

package/src/vault-client.ts

@@ -0,0 +1,84 @@
+import axios, { AxiosInstance } from 'axios';
+
+export interface VaultOptions {
+    address: string;
+    roleId: string;
+    secretId: string;
+    pkiPath?: string;
+}
+
+export interface VaultCerts {
+    ca: string;
+    certificate: string;
+    privateKey: string;
+}
+
+export class VaultClient {
+    private http: AxiosInstance;
+    private options: VaultOptions;
+    private token: string | null = null;
+    private tokenExpiry: number = 0;
+
+    constructor(options: VaultOptions) {
+        this.options = options;
+        this.http = axios.create({
+            baseURL: `${options.address}/v1`,
+        });
+    }
+
+    private async login(): Promise<void> {
+        if (this.token && Date.now() < this.tokenExpiry) {
+            return;
+        }
+
+        try {
+            const response = await this.http.post('/auth/approle/login', {
+                role_id: this.options.roleId,
+                secret_id: this.options.secretId,
+            });
+
+            const { client_token, lease_duration } = response.data.auth;
+            this.token = client_token;
+            // Buffer of 60 seconds for token renewal
+            this.tokenExpiry = Date.now() + (lease_duration - 60) * 1000;
+
+            this.http.defaults.headers.common['X-Vault-Token'] = this.token;
+            console.log('[VaultSDK] Successfully authenticated with AppRole');
+        } catch (error: any) {
+            throw new Error(`[VaultSDK] Login failed: ${error.response?.data?.errors?.[0] || error.message}`);
+        }
+    }
+
+    async getKVSecrets(path: string): Promise<Record<string, string>> {
+        await this.login();
+        try {
+            const response = await this.http.get(`/secret/data/${path}`);
+            return response.data.data.data;
+        } catch (error: any) {
+            if (error.response?.status === 404) {
+                console.warn(`[VaultSDK] Secret not found at path: ${path}`);
+                return {};
+            }
+            throw new Error(`[VaultSDK] Failed to fetch secrets: ${error.message}`);
+        }
+    }
+
+    async issueCertificate(commonName: string): Promise<VaultCerts> {
+        await this.login();
+        const pkiPath = this.options.pkiPath || 'pki/issue/config-service';
+        try {
+            const response = await this.http.post(pkiPath, {
+                common_name: commonName,
+            });
+
+            const { ca_chain, certificate, private_key } = response.data.data;
+            return {
+                ca: ca_chain[0] || '', // Use the first CA in the chain
+                certificate,
+                privateKey: private_key,
+            };
+        } catch (error: any) {
+            throw new Error(`[VaultSDK] Failed to issue certificate: ${error.message}`);
+        }
+    }
+}

package/tsconfig.json

@@ -0,0 +1,21 @@
+{
+    "compilerOptions": {
+        "module": "CommonJS",
+        "target": "ES2022",
+        "declaration": true,
+        "outDir": "./dist",
+        "rootDir": "./src",
+        "strict": true,
+        "esModuleInterop": true,
+        "skipLibCheck": true,
+        "forceConsistentCasingInFileNames": true,
+        "moduleResolution": "node"
+    },
+    "include": [
+        "src/**/*"
+    ],
+    "exclude": [
+        "node_modules",
+        "dist"
+    ]
+}