npm - @captainsafia/burrow - Versions diffs - 1.0.0-preview.aac83a8 → 1.0.0-preview.bc1a66f - Mend

@captainsafia/burrow 1.0.0-preview.aac83a8 → 1.0.0-preview.bc1a66f

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # burrow
-A platform-agnostic, directory-scoped secrets manager. Store secrets outside your repos, inherit them through directory ancestry.
+Burrow is a platform-agnostic, directory-scoped secrets manager. Secrets are stored outside your repos in a local SQLite store and exportable to various formats via the CLI. For a nicer dev experience, Burrow currently stores secrets in a plain-text format outside the target repo, which means that secrets can still be leaked to other users on your machine or people who gain access to your device. But, for your day-to-day dev use, this beats keeping secrets in gitignored files in your repo.
 ```
 ~/projects/                     # DATABASE_URL, API_KEY defined here
@@ -32,6 +32,8 @@ burrow set DATABASE_URL=postgres://localhost/mydb --path ~/projects
 ```bash
 burrow get API_KEY
 burrow get API_KEY --format json
+# Redact the secret value in output
+burrow get API_KEY --redact
 ```
 ### List all secrets
@@ -39,13 +41,21 @@ burrow get API_KEY --format json
 ```bash
 burrow list
 burrow list --format json
+# Redact secret values in output
+burrow list --redact
 ```
 ### Export to your shell
 ```bash
+# Auto-detects your shell (bash, fish, powershell, cmd)
 eval "$(burrow export)"
-eval "$(burrow export --format shell)" && npm start
+# Or specify a format explicitly
+burrow export --format fish
+burrow export --format powershell
+burrow export --format dotenv
+burrow export --format json
 ```
 ### Block inheritance

package/dist/api.d.ts CHANGED Viewed

@@ -5,7 +5,7 @@ export interface ResolvedSecret {
 	value: string;
 	sourcePath: string;
 }
-export type ExportFormat = "shell" | "dotenv" | "json";
+export type ExportFormat = "shell" | "bash" | "fish" | "powershell" | "cmd" | "dotenv" | "json";
 /**
  * Configuration options for creating a BurrowClient instance.
  */

package/dist/api.js CHANGED Viewed

@@ -66,10 +66,10 @@ class Storage {
       await chmod(this.configDir, 448);
     }
     this.db = new Database(this.storePath);
-    this.db.run("PRAGMA journal_mode = WAL");
     if (!isWindows()) {
       await chmod(this.storePath, 384);
     }
+    this.db.run("PRAGMA journal_mode = WAL");
     this.db.run(`
       CREATE TABLE IF NOT EXISTS secrets (
         path TEXT NOT NULL,
@@ -122,7 +122,12 @@ class Storage {
   }
   async getAncestorPaths(canonicalPath) {
     const db = await this.ensureDb();
-    const rows = db.query("SELECT DISTINCT path FROM secrets WHERE ? = path OR ? LIKE path || '/' || '%' OR path = '/'").all(canonicalPath, canonicalPath);
+    let rows;
+    if (isWindows()) {
+      rows = db.query("SELECT DISTINCT path FROM secrets WHERE ? = path OR ? LIKE path || '\\' || '%' OR (length(path) = 3 AND path LIKE '_:\\' AND ? LIKE path || '%')").all(canonicalPath, canonicalPath, canonicalPath);
+    } else {
+      rows = db.query("SELECT DISTINCT path FROM secrets WHERE ? = path OR ? LIKE path || '/' || '%' OR path = '/'").all(canonicalPath, canonicalPath);
+    }
     return rows.map((row) => row.path);
   }
   async removeKey(canonicalPath, key) {
@@ -246,6 +251,9 @@ function escapeShellValue(value) {
 function escapeDoubleQuotes(value) {
   return value.replace(/\\/g, "\\\\").replace(/"/g, "\\\"");
 }
+function escapePowerShellValue(value) {
+  return value.replace(/'/g, "''");
+}
 function formatShell(secrets) {
   const lines = [];
   const sortedKeys = Array.from(secrets.keys()).sort();
@@ -258,6 +266,42 @@ function formatShell(secrets) {
   return lines.join(`
 `);
 }
+function formatFish(secrets) {
+  const lines = [];
+  const sortedKeys = Array.from(secrets.keys()).sort();
+  for (const key of sortedKeys) {
+    const secret = secrets.get(key);
+    assertValidEnvKey(key);
+    const escapedValue = escapeShellValue(secret.value);
+    lines.push(`set -gx ${key} '${escapedValue}'`);
+  }
+  return lines.join(`
+`);
+}
+function formatPowerShell(secrets) {
+  const lines = [];
+  const sortedKeys = Array.from(secrets.keys()).sort();
+  for (const key of sortedKeys) {
+    const secret = secrets.get(key);
+    assertValidEnvKey(key);
+    const escapedValue = escapePowerShellValue(secret.value);
+    lines.push(`$env:${key} = '${escapedValue}'`);
+  }
+  return lines.join(`
+`);
+}
+function formatCmd(secrets) {
+  const lines = [];
+  const sortedKeys = Array.from(secrets.keys()).sort();
+  for (const key of sortedKeys) {
+    const secret = secrets.get(key);
+    assertValidEnvKey(key);
+    const escapedValue = secret.value.replace(/([&|<>^])/g, "^$1");
+    lines.push(`set ${key}=${escapedValue}`);
+  }
+  return lines.join(`
+`);
+}
 function formatDotenv(secrets) {
   const lines = [];
   const sortedKeys = Array.from(secrets.keys()).sort();
@@ -295,7 +339,14 @@ function formatJson(secrets, includeSources = false) {
 function format(secrets, fmt, options = {}) {
   switch (fmt) {
     case "shell":
+    case "bash":
       return formatShell(secrets);
+    case "fish":
+      return formatFish(secrets);
+    case "powershell":
+      return formatPowerShell(secrets);
+    case "cmd":
+      return formatCmd(secrets);
     case "dotenv":
       return formatDotenv(secrets);
     case "json":

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@captainsafia/burrow",
-  "version": "1.0.0-preview.aac83a8",
+  "version": "1.0.0-preview.bc1a66f",
   "description": "Platform-agnostic, directory-scoped secrets manager",
   "type": "module",
   "main": "dist/api.js",