@chriscode/hush 2.8.1 → 2.8.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export declare const OP_ITEM_PREFIX = "SOPS Key - ";
|
|
1
|
+
export declare const OP_ITEM_PREFIX = "SOPS Key - hush/";
|
|
2
2
|
export declare function opAvailable(): boolean;
|
|
3
3
|
export declare function opGetKey(project: string, vault?: string): string | null;
|
|
4
4
|
export declare function opStoreKey(project: string, privateKey: string, publicKey: string, vault?: string): void;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"onepassword.d.ts","sourceRoot":"","sources":["../../src/lib/onepassword.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,cAAc,
|
|
1
|
+
{"version":3,"file":"onepassword.d.ts","sourceRoot":"","sources":["../../src/lib/onepassword.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,cAAc,qBAAqB,CAAC;AAcjD,wBAAgB,WAAW,IAAI,OAAO,CAOrC;AAED,wBAAgB,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CASvE;AAED,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAiBvG;AAED,wBAAgB,UAAU,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAYnD"}
|
package/dist/lib/onepassword.js
CHANGED
|
@@ -1,8 +1,19 @@
|
|
|
1
|
-
import { execSync
|
|
2
|
-
export const OP_ITEM_PREFIX = 'SOPS Key - ';
|
|
1
|
+
import { execSync } from 'node:child_process';
|
|
2
|
+
export const OP_ITEM_PREFIX = 'SOPS Key - hush/';
|
|
3
|
+
/**
|
|
4
|
+
* 1Password CLI sessions don't persist across subprocesses, so we run
|
|
5
|
+
* `op signin` before every command to trigger biometric auth.
|
|
6
|
+
*/
|
|
7
|
+
function opExec(command) {
|
|
8
|
+
return execSync(`op signin && ${command}`, {
|
|
9
|
+
encoding: 'utf-8',
|
|
10
|
+
stdio: 'pipe',
|
|
11
|
+
shell: '/bin/bash',
|
|
12
|
+
});
|
|
13
|
+
}
|
|
3
14
|
export function opAvailable() {
|
|
4
15
|
try {
|
|
5
|
-
|
|
16
|
+
opExec('op whoami');
|
|
6
17
|
return true;
|
|
7
18
|
}
|
|
8
19
|
catch {
|
|
@@ -12,7 +23,8 @@ export function opAvailable() {
|
|
|
12
23
|
export function opGetKey(project, vault) {
|
|
13
24
|
try {
|
|
14
25
|
const vaultArgs = vault ? ['--vault', vault] : [];
|
|
15
|
-
const
|
|
26
|
+
const command = ['op', 'item', 'get', `${OP_ITEM_PREFIX}${project}`, ...vaultArgs, '--fields', 'password', '--reveal'].join(' ');
|
|
27
|
+
const result = opExec(command);
|
|
16
28
|
return result.trim() || null;
|
|
17
29
|
}
|
|
18
30
|
catch {
|
|
@@ -20,23 +32,28 @@ export function opGetKey(project, vault) {
|
|
|
20
32
|
}
|
|
21
33
|
}
|
|
22
34
|
export function opStoreKey(project, privateKey, publicKey, vault) {
|
|
23
|
-
const
|
|
24
|
-
|
|
35
|
+
const vaultArgs = vault ? ['--vault', vault] : [];
|
|
36
|
+
const command = [
|
|
37
|
+
'op', 'item', 'create',
|
|
25
38
|
'--category', 'password',
|
|
26
|
-
'--title',
|
|
27
|
-
...
|
|
28
|
-
`password=${privateKey}`,
|
|
29
|
-
`public_key[text]=${publicKey}`,
|
|
30
|
-
];
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
39
|
+
'--title', `"${OP_ITEM_PREFIX}${project}"`,
|
|
40
|
+
...vaultArgs,
|
|
41
|
+
`"password=${privateKey}"`,
|
|
42
|
+
`"public_key[text]=${publicKey}"`,
|
|
43
|
+
].join(' ');
|
|
44
|
+
try {
|
|
45
|
+
opExec(command);
|
|
46
|
+
}
|
|
47
|
+
catch (err) {
|
|
48
|
+
const message = err instanceof Error ? err.message : 'Failed to store in 1Password';
|
|
49
|
+
throw new Error(message);
|
|
34
50
|
}
|
|
35
51
|
}
|
|
36
52
|
export function opListKeys(vault) {
|
|
37
53
|
try {
|
|
38
54
|
const vaultArgs = vault ? ['--vault', vault] : [];
|
|
39
|
-
const
|
|
55
|
+
const command = ['op', 'item', 'list', '--categories', 'password', ...vaultArgs, '--format', 'json'].join(' ');
|
|
56
|
+
const result = opExec(command);
|
|
40
57
|
const items = JSON.parse(result);
|
|
41
58
|
return items
|
|
42
59
|
.filter(i => i.title.startsWith(OP_ITEM_PREFIX))
|