@biocomputingup/infisical-secrets-loader 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Mehdi Zoubiri
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,212 @@
+# Infisical Secrets Loader
+
+A lightweight Node.js library to load secrets from [Infisical](https://infisical.com) and transform them into a structured JavaScript object. Designed to work seamlessly with NestJS config modules.
+
+## Installation
+
+```bash
+npm install @biocomputingup/infisical-secrets-loader
+# or
+yarn add @biocomputingup/infisical-secrets-loader
+```
+
+**Requirements:** Node.js 20+
+
+## Quick Start
+
+```typescript
+import { loadSecretsFromInfisical, LogLevel } from '@biocomputingup/infisical-secrets-loader';
+
+const config = await loadSecretsFromInfisical({
+  baseUrl: 'https://infisical.example.com',
+  environment: 'production',
+  projectId: '550e8400-e29b-41d4-a716-446655440000',
+  auth: {
+    clientId: 'your-client-id',
+    clientSecret: 'your-client-secret',
+  },
+});
+
+console.log(config); // { secret1: 'value1', secret2: 'value2', ... }
+```
+
+## Configuration
+
+### LoadConfig Shape
+
+```typescript
+interface LoadConfig {
+  // Required
+  baseUrl: string;              // Infisical instance URL (e.g., https://infisical.example.com)
+  environment: string;           // Environment name (e.g., 'development', 'production')
+  projectId: string;             // UUID of your Infisical project
+  auth: {
+    clientId: string;            // Infisical machine identity client ID
+    clientSecret: string;        // Infisical machine identity client secret
+  };
+
+  // Optional
+  mode?: 'rootOnly' | 'flat' | 'nested'; // Secret retrieval mode (default: 'rootOnly')
+  logger?: Logger;               // Custom logger (default: console)
+  logLevel?: 'debug' | 'info' | 'warn' | 'error'; // Log level (default: 'debug')
+}
+```
+
+## Retrieval Modes
+
+Secrets are organized in Infisical using paths. This library offers three modes to transform them:
+
+### `rootOnly` (default)
+Returns only secrets in the root directory, ignoring secrets in subfolders.
+
+```
+Infisical:
+  /API_KEY
+  /db/HOST
+  /db/PORT
+
+Result: { API_KEY: '...' }
+```
+
+### `flat`
+Flattens the entire secret structure into a single-level object. <span style="color:FireBrick">**Last secret loaded wins on key collision.**</span>.
+
+```
+Result: { API_KEY: '...', HOST: '...', PORT: '...' }
+```
+
+### `nested`
+Preserves the folder structure using nested objects.
+
+```
+Result: {
+  API_KEY: '...',
+  db: { HOST: '...', PORT: '...' }
+}
+```
+
+## Error Handling
+
+The library throws typed errors for different failure scenarios:
+
+```typescript
+import {
+  InfisicalError,
+  InfisicalAuthError,
+  InfisicalConfigError,
+  InfisicalFetchError,
+} from '@biocomputingup/infisical-secrets-loader';
+
+try {
+  const secrets = await loadSecretsFromInfisical(config);
+} catch (err) {
+  if (err instanceof InfisicalAuthError) {
+    console.error('Authentication failed:', err.message);
+  } else if (err instanceof InfisicalConfigError) {
+    console.error('Invalid configuration:', err.details?.errors);
+  } else if (err instanceof InfisicalFetchError) {
+    console.error('Failed to fetch secrets:', err.cause);
+  } else if (err instanceof InfisicalError) {
+    console.error('Infisical error:', err.code, err.details);
+  }
+}
+```
+
+### Error Types
+
+- **InfisicalAuthError**: Authentication with Infisical failed
+- **InfisicalConfigError**: Invalid configuration passed to `loadSecretsFromInfisical`
+- **InfisicalFetchError**: Failed to fetch secrets from Infisical
+- **InfisicalParseError**: Failed to parse secrets response
+
+All errors extend `InfisicalError` with properties:
+- `code`: Unique error code (e.g., 'INFISICAL_AUTH_ERROR')
+- `cause`: Original error if available
+- `details`: Additional context (e.g., validation errors)
+
+## Logging
+
+Customize logging behavior by passing a logger and log level:
+
+```typescript
+import { LogLevel } from '@biocomputingup/infisical-secrets-loader';
+
+const secrets = await loadSecretsFromInfisical({
+  // ... config
+  logLevel: LogLevel.info,
+  logger: console, // or your custom logger
+});
+```
+
+**Log Levels:** `debug`, `info`, `warn`, `error`, `silent`
+
+Custom loggers must implement:
+
+```typescript
+interface Logger {
+  debug: (message: string, meta?: Record<string, unknown>) => void;
+  info: (message: string, meta?: Record<string, unknown>) => void;
+  warn: (message: string, meta?: Record<string, unknown>) => void;
+  error: (message: string, meta?: Record<string, unknown>) => void;
+}
+```
+
+## NestJS Integration
+
+Use with NestJS ConfigModule:
+
+```typescript
+import { Module } from '@nestjs/common';
+import { ConfigModule, ConfigService } from '@nestjs/config';
+import { loadSecretsFromInfisical } from '@biocomputingup/infisical-secrets-loader';
+
+@Module({
+  imports: [
+    ConfigModule.forRoot({
+      load: [
+        async () => {
+          return await loadSecretsFromInfisical({
+            baseUrl: process.env.INFISICAL_BASE_URL!,
+            environment: process.env.INFISICAL_ENVIRONMENT!,
+            projectId: process.env.INFISICAL_PROJECT_ID!,
+            auth: {
+              clientId: process.env.INFISICAL_CLIENT_ID!,
+              clientSecret: process.env.INFISICAL_CLIENT_SECRET!,
+            },
+            mode: 'nested',
+          });
+        },
+      ],
+    }),
+  ],
+})
+export class AppModule {}
+```
+
+## Exported Types & Utilities
+
+```typescript
+// Main function
+export { loadSecretsFromInfisical };
+
+// Error classes
+export {
+  InfisicalError,
+  InfisicalAuthError,
+  InfisicalConfigError,
+  InfisicalFetchError,
+  InfisicalParseError,
+};
+
+// Logger utilities
+export { LogLevel, createLogger };
+export type { Logger };
+
+// Types
+export type { LoadConfig };
+export { TRetrievalMode };
+```
+
+## License
+
+MIT

package/dist/errors/error.d.ts

@@ -0,0 +1,23 @@
+export type InfisicalErrorOptions = {
+    code: string;
+    cause?: unknown;
+    details?: Record<string, unknown>;
+};
+export declare class InfisicalError extends Error {
+    readonly code: string;
+    readonly cause?: unknown;
+    readonly details?: Record<string, unknown>;
+    constructor(message: string, options: InfisicalErrorOptions);
+}
+export declare class InfisicalAuthError extends InfisicalError {
+    constructor(message: string, options?: Omit<InfisicalErrorOptions, "code">);
+}
+export declare class InfisicalConfigError extends InfisicalError {
+    constructor(message: string, options?: Omit<InfisicalErrorOptions, "code">);
+}
+export declare class InfisicalFetchError extends InfisicalError {
+    constructor(message: string, options?: Omit<InfisicalErrorOptions, "code">);
+}
+export declare class InfisicalParseError extends InfisicalError {
+    constructor(message: string, options?: Omit<InfisicalErrorOptions, "code">);
+}

package/dist/errors/error.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InfisicalParseError = exports.InfisicalFetchError = exports.InfisicalConfigError = exports.InfisicalAuthError = exports.InfisicalError = void 0;
+class InfisicalError extends Error {
+    constructor(message, options) {
+        super(message);
+        this.name = "InfisicalError";
+        this.code = options.code;
+        this.cause = options.cause;
+        this.details = options.details;
+    }
+}
+exports.InfisicalError = InfisicalError;
+class InfisicalAuthError extends InfisicalError {
+    constructor(message, options = {}) {
+        super(message, { ...options, code: "INFISICAL_AUTH_ERROR" });
+        this.name = "InfisicalAuthError";
+    }
+}
+exports.InfisicalAuthError = InfisicalAuthError;
+class InfisicalConfigError extends InfisicalError {
+    constructor(message, options = {}) {
+        super(message, { ...options, code: "INFISICAL_CONFIG_ERROR" });
+        this.name = "InfisicalConfigError";
+    }
+}
+exports.InfisicalConfigError = InfisicalConfigError;
+class InfisicalFetchError extends InfisicalError {
+    constructor(message, options = {}) {
+        super(message, { ...options, code: "INFISICAL_FETCH_ERROR" });
+        this.name = "InfisicalFetchError";
+    }
+}
+exports.InfisicalFetchError = InfisicalFetchError;
+class InfisicalParseError extends InfisicalError {
+    constructor(message, options = {}) {
+        super(message, { ...options, code: "INFISICAL_PARSE_ERROR" });
+        this.name = "InfisicalParseError";
+    }
+}
+exports.InfisicalParseError = InfisicalParseError;

package/dist/helpers/mapSecretsToObjects.d.ts

@@ -0,0 +1,11 @@
+import { TRetrievalMode } from "../types/types";
+type SecretLike = {
+    secretKey: string;
+    secretValue: string;
+    secretPath?: string;
+};
+type ExtractKeyValuesOptions = {
+    mode?: TRetrievalMode;
+};
+export declare function mapSecretsToObject(secrets: SecretLike[], options?: ExtractKeyValuesOptions): Record<string, unknown>;
+export {};

package/dist/helpers/mapSecretsToObjects.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.mapSecretsToObject = mapSecretsToObject;
+const types_1 = require("../types/types");
+function isRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function mergeObjects(target, source) {
+    for (const [key, value] of Object.entries(source)) {
+        const existingValue = target[key];
+        if (isRecord(existingValue) && isRecord(value)) {
+            target[key] = mergeObjects(existingValue, value);
+        }
+        else {
+            target[key] = value;
+        }
+    }
+    return target;
+}
+function normalizeSecretPath(secretPath) {
+    if (!secretPath) {
+        return [];
+    }
+    const trimmed = secretPath.trim();
+    if (!trimmed) {
+        return [];
+    }
+    const cleaned = trimmed.replace(/^\/+|\/+$/g, "");
+    if (!cleaned) {
+        return [];
+    }
+    return cleaned.split("/").filter(Boolean);
+}
+function mapSecretsToObject(secrets, options = {}) {
+    const result = {};
+    for (const secret of secrets) {
+        const { secretKey, secretValue } = secret;
+        if (options.mode !== types_1.TRetrievalMode.nested) {
+            result[secretKey] = secretValue;
+            continue;
+        }
+        const pathSegments = normalizeSecretPath(secret.secretPath ?? null);
+        if (pathSegments.length === 0) {
+            result[secretKey] = secretValue;
+            continue;
+        }
+        let nestedObject = {
+            [secretKey]: secretValue,
+        };
+        for (let index = pathSegments.length - 1; index >= 0; index -= 1) {
+            nestedObject = {
+                [pathSegments[index]]: nestedObject,
+            };
+        }
+        mergeObjects(result, nestedObject);
+    }
+    return result;
+}

package/dist/helpers/validate.d.ts

@@ -0,0 +1,2 @@
+import { LoadConfig } from "../validators/loadConfig.schema";
+export declare function validateInput(config: LoadConfig): void;

package/dist/helpers/validate.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateInput = validateInput;
+const error_1 = require("../errors/error");
+const loadConfig_schema_1 = require("../validators/loadConfig.schema");
+function validateInput(config) {
+    const result = loadConfig_schema_1.LoadConfigSchema.safeParse(config);
+    if (!result.success) {
+        const errorMessages = result.error.issues
+            .map((err) => `${err.path.join(".")} : ${err.message}`)
+            .join("; ");
+        throw new error_1.InfisicalConfigError(`Invalid configuration: ${errorMessages}`, {
+            details: {
+                errors: errorMessages,
+            },
+        });
+    }
+}

package/dist/index.d.ts

@@ -0,0 +1,6 @@
+export { InfisicalError, InfisicalAuthError, InfisicalConfigError, InfisicalFetchError, InfisicalParseError, } from "./errors/error";
+export { LogLevel, createLogger } from "./logger/logger";
+export type { Logger } from "./logger/logger";
+export { TRetrievalMode } from "./types/types";
+export { loadSecretsFromInfisical } from "./main";
+export type { LoadConfig } from "./validators/loadConfig.schema";

package/dist/index.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadSecretsFromInfisical = exports.TRetrievalMode = exports.createLogger = exports.LogLevel = exports.InfisicalParseError = exports.InfisicalFetchError = exports.InfisicalConfigError = exports.InfisicalAuthError = exports.InfisicalError = void 0;
+var error_1 = require("./errors/error");
+Object.defineProperty(exports, "InfisicalError", { enumerable: true, get: function () { return error_1.InfisicalError; } });
+Object.defineProperty(exports, "InfisicalAuthError", { enumerable: true, get: function () { return error_1.InfisicalAuthError; } });
+Object.defineProperty(exports, "InfisicalConfigError", { enumerable: true, get: function () { return error_1.InfisicalConfigError; } });
+Object.defineProperty(exports, "InfisicalFetchError", { enumerable: true, get: function () { return error_1.InfisicalFetchError; } });
+Object.defineProperty(exports, "InfisicalParseError", { enumerable: true, get: function () { return error_1.InfisicalParseError; } });
+var logger_1 = require("./logger/logger");
+Object.defineProperty(exports, "LogLevel", { enumerable: true, get: function () { return logger_1.LogLevel; } });
+Object.defineProperty(exports, "createLogger", { enumerable: true, get: function () { return logger_1.createLogger; } });
+var types_1 = require("./types/types");
+Object.defineProperty(exports, "TRetrievalMode", { enumerable: true, get: function () { return types_1.TRetrievalMode; } });
+var main_1 = require("./main");
+Object.defineProperty(exports, "loadSecretsFromInfisical", { enumerable: true, get: function () { return main_1.loadSecretsFromInfisical; } });

package/dist/logger/logger.d.ts

@@ -0,0 +1,15 @@
+export declare const LogLevel: {
+    readonly silent: "silent";
+    readonly error: "error";
+    readonly warn: "warn";
+    readonly info: "info";
+    readonly debug: "debug";
+};
+export type LogLevel = (typeof LogLevel)[keyof typeof LogLevel];
+export type Logger = {
+    debug: (message: string, meta?: Record<string, unknown>) => void;
+    info: (message: string, meta?: Record<string, unknown>) => void;
+    warn: (message: string, meta?: Record<string, unknown>) => void;
+    error: (message: string, meta?: Record<string, unknown>) => void;
+};
+export declare function createLogger(level?: LogLevel, baseLogger?: Logger): Logger;

package/dist/logger/logger.js

@@ -0,0 +1,53 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LogLevel = void 0;
+exports.createLogger = createLogger;
+exports.LogLevel = {
+    silent: "silent",
+    error: "error",
+    warn: "warn",
+    info: "info",
+    debug: "debug",
+};
+const logLevelPriority = {
+    silent: 0,
+    error: 1,
+    warn: 2,
+    info: 3,
+    debug: 4,
+};
+function shouldLog(current, target) {
+    return logLevelPriority[target] <= logLevelPriority[current];
+}
+function createLogger(level = exports.LogLevel.info, baseLogger = console) {
+    const prefix = "[infisical-secrets-loader]";
+    const logWithMeta = (logFn, message, meta) => {
+        if (meta === undefined) {
+            logFn(message);
+            return;
+        }
+        logFn(message, meta);
+    };
+    return {
+        debug: (message, meta) => {
+            if (shouldLog(level, exports.LogLevel.debug)) {
+                logWithMeta(baseLogger.debug, `${prefix}[DEBUG] ${message}`, meta);
+            }
+        },
+        info: (message, meta) => {
+            if (shouldLog(level, exports.LogLevel.info)) {
+                logWithMeta(baseLogger.info, `${prefix}[INFO] ${message}`, meta);
+            }
+        },
+        warn: (message, meta) => {
+            if (shouldLog(level, exports.LogLevel.warn)) {
+                logWithMeta(baseLogger.warn, `${prefix}[WARN] ${message}`, meta);
+            }
+        },
+        error: (message, meta) => {
+            if (shouldLog(level, exports.LogLevel.error)) {
+                logWithMeta(baseLogger.error, `${prefix}[ERROR] ${message}`, meta);
+            }
+        },
+    };
+}

package/dist/main.d.ts

@@ -0,0 +1,2 @@
+import { LoadConfig } from "./validators/loadConfig.schema";
+export declare function loadSecretsFromInfisical(config: LoadConfig, skipInputValidation?: boolean): Promise<Record<string, unknown>>;

package/dist/main.js

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadSecretsFromInfisical = loadSecretsFromInfisical;
+const sdk_1 = require("@infisical/sdk");
+const mapSecretsToObjects_1 = require("./helpers/mapSecretsToObjects");
+const error_1 = require("./errors/error");
+const logger_1 = require("./logger/logger");
+const types_1 = require("./types/types");
+const validate_1 = require("./helpers/validate");
+async function loadSecretsFromInfisical(config, skipInputValidation = false) {
+    const { baseUrl, environment, auth, projectId, mode = types_1.TRetrievalMode.rootOnly, logger, logLevel = logger_1.LogLevel.debug, } = config;
+    const activeLogger = (0, logger_1.createLogger)(logLevel, logger ?? console);
+    if (!skipInputValidation) {
+        activeLogger.debug("Validating input configuration");
+        (0, validate_1.validateInput)(config);
+        activeLogger.debug("Input configuration is valid");
+    }
+    const client = new sdk_1.InfisicalSDK({
+        siteUrl: baseUrl,
+    });
+    try {
+        activeLogger.info("Authenticating with Infisical");
+        await client.auth().universalAuth.login({
+            clientId: auth.clientId,
+            clientSecret: auth.clientSecret,
+        });
+    }
+    catch (err) {
+        activeLogger.error("Error authenticating with Infisical", {
+            error: err,
+        });
+        throw new error_1.InfisicalAuthError("Authentication failed", {
+            cause: err,
+            details: { baseUrl },
+        });
+    }
+    activeLogger.info(`Successfully authenticated with Infisical instance at ${baseUrl}`);
+    try {
+        activeLogger.info("Fetching secrets", {
+            environment,
+            projectId: projectId,
+        });
+        const loadRecursive = mode !== types_1.TRetrievalMode.rootOnly;
+        const allSecrets = await client.secrets().listSecrets({
+            environment,
+            projectId: projectId,
+            expandSecretReferences: false,
+            viewSecretValue: true,
+            includeImports: false,
+            recursive: loadRecursive,
+        });
+        return (0, mapSecretsToObjects_1.mapSecretsToObject)(allSecrets.secrets, { mode });
+    }
+    catch (err) {
+        activeLogger.error("Error fetching secrets", { error: err });
+        throw new error_1.InfisicalFetchError("Failed to fetch secrets", {
+            cause: err,
+        });
+    }
+}

package/dist/types/types.d.ts

@@ -0,0 +1,6 @@
+export declare const TRetrievalMode: {
+    readonly rootOnly: "rootOnly";
+    readonly flat: "flat";
+    readonly nested: "nested";
+};
+export type TRetrievalMode = (typeof TRetrievalMode)[keyof typeof TRetrievalMode];

package/dist/types/types.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TRetrievalMode = void 0;
+exports.TRetrievalMode = {
+    // return secrets only in the root directory, ignore all secrets in subfolders
+    rootOnly: "rootOnly",
+    // ignore file structure and return secrets in a flat key-value pair format
+    flat: "flat",
+    // return secrets in a nested format that reflects the folder structure in Infisical
+    nested: "nested",
+};

package/dist/validators/loadConfig.schema.d.ts

@@ -0,0 +1,25 @@
+import * as zod from "zod";
+import { Logger } from "../logger/logger";
+export declare const LogLevels: readonly ["debug", "info", "warn", "error"];
+export declare const LoadConfigSchema: zod.ZodObject<{
+    baseUrl: zod.ZodURL;
+    environment: zod.ZodString;
+    auth: zod.ZodObject<{
+        clientId: zod.ZodString;
+        clientSecret: zod.ZodString;
+    }, zod.z.core.$strip>;
+    projectId: zod.ZodUUID;
+    mode: zod.ZodOptional<zod.ZodEnum<{
+        readonly rootOnly: "rootOnly";
+        readonly flat: "flat";
+        readonly nested: "nested";
+    }>>;
+    logger: zod.ZodOptional<zod.ZodCustom<Logger, Logger>>;
+    logLevel: zod.ZodOptional<zod.ZodEnum<{
+        error: "error";
+        warn: "warn";
+        info: "info";
+        debug: "debug";
+    }>>;
+}, zod.z.core.$strip>;
+export type LoadConfig = zod.infer<typeof LoadConfigSchema>;

package/dist/validators/loadConfig.schema.js

@@ -0,0 +1,51 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LoadConfigSchema = exports.LogLevels = void 0;
+const zod = __importStar(require("zod"));
+const types_1 = require("../types/types");
+exports.LogLevels = ["debug", "info", "warn", "error"];
+exports.LoadConfigSchema = zod.object({
+    baseUrl: zod.url(),
+    environment: zod.string().trim().min(1),
+    auth: zod.object({
+        clientId: zod.string().trim().min(1),
+        clientSecret: zod.string().trim().min(1),
+    }),
+    projectId: zod.uuid(),
+    mode: zod.enum(types_1.TRetrievalMode).optional(),
+    logger: zod.custom().optional(),
+    logLevel: zod.enum(exports.LogLevels).optional(),
+});

package/package.json

@@ -0,0 +1,50 @@
+{
+  "name": "@biocomputingup/infisical-secrets-loader",
+  "version": "1.0.0",
+  "description": "A small library to load secrets from infisical into a JSON shaped object to be injected into your config service. Designed to work with NestJS config module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json",
+    "watch": "tsc --watch",
+    "prepublishOnly": "npm run build",
+    "test": "jest",
+    "test:file": "jest --runTestsByPath"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Mehdi-SK/infisical-secrets-loader.git"
+  },
+  "keywords": [
+    "infisical",
+    "nestjs",
+    "secrets management"
+  ],
+  "author": "Mehdi Zoubiri",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/Mehdi-SK/infisical-secrets-loader/issues"
+  },
+  "homepage": "https://github.com/Mehdi-SK/infisical-secrets-loader#readme",
+  "devDependencies": {
+    "@types/jest": "^30.0.0",
+    "@types/node": "^25.6.0",
+    "@typescript-eslint/eslint-plugin": "^8.59.0",
+    "@typescript-eslint/parser": "^8.59.0",
+    "dotenv": "^17.4.2",
+    "eslint": "^10.2.1",
+    "jest": "^30.4.2",
+    "ts-jest": "^29.4.9",
+    "typescript": "^6.0.3"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "dependencies": {
+    "@infisical/sdk": "^5.0.1",
+    "zod": "^4.4.3"
+  }
+}