@dataformer/env-service 1.0.0

package/dist/index.d.ts

@@ -0,0 +1,48 @@
+declare const askQuestion: (question: string, defaultValue?: string) => Promise<string>;
+declare function obfuscateCred(cred: string | null): string;
+declare function getEnvVar(baseSecretKey: string): Promise<string | null>;
+declare function getCustomSearchApiKey(): Promise<string>;
+declare function getSearchEngineId(): Promise<string>;
+declare function getFirestoreProjectId(): Promise<string>;
+declare function setEnvVar(baseSecretKey: string, value: string): Promise<boolean>;
+declare const setLogToConsole: () => Promise<void>;
+declare const setPostgresUser: () => Promise<void>;
+declare const setPostgresPassword: () => Promise<void>;
+declare const setPostgresDatabase: () => Promise<void>;
+declare const setPostgresHostName: () => Promise<void>;
+declare const setPostgresIpType: () => Promise<void>;
+declare const setPostgresPoolSizeMax: () => Promise<void>;
+declare const setPostgresInstanceConnectionName: () => Promise<void>;
+declare const setBigtableInstanceName: () => Promise<void>;
+declare const setBigtableTableName: () => Promise<void>;
+declare const setBigtableProjectId: () => Promise<void>;
+declare const setJiraApiToken: () => Promise<void>;
+declare const setJiraApiBaseUrl: () => Promise<void>;
+declare const setJiraUserEmail: () => Promise<void>;
+declare const setGeminiApiKey: () => Promise<void>;
+declare const setNpmToken: () => Promise<void>;
+declare const setCustomSearchApiKey: () => Promise<void>;
+declare const setFirestoreProjectId: () => Promise<void>;
+declare const getLogToConsole: () => Promise<string | null>;
+declare const getPostgresUser: () => Promise<string | null>;
+declare const getPostgresPassword: () => Promise<string | null>;
+declare const getPostgresDatabase: () => Promise<string | null>;
+declare const getPostgresHostName: () => Promise<string | null>;
+declare const getPostgresIpType: () => Promise<string | null>;
+declare const getPostgresPoolSizeMax: () => Promise<number | null>;
+declare const getPostgresInstanceConnectionName: () => Promise<string | null>;
+declare const getBigtableInstanceName: () => Promise<string | null>;
+declare const getBigtableTableName: () => Promise<string | null>;
+declare const getBigtableProjectId: () => Promise<string | null>;
+declare const getJiraApiToken: () => Promise<string | null>;
+declare const getJiraApiBaseUrl: () => Promise<string | null>;
+declare const getJiraUserEmail: () => Promise<string | null>;
+declare const getGeminiApiKey: () => Promise<string | null>;
+declare const getNpmToken: () => Promise<string | null>;
+declare const getProjectRoot: () => string;
+declare const getGcpProjectId: () => Promise<string | null>;
+declare const getGcpUserEmail: () => Promise<string | null>;
+declare const printEnv: () => Promise<void>;
+declare const run: () => Promise<void>;
+
+export { askQuestion, getBigtableInstanceName, getBigtableProjectId, getBigtableTableName, getCustomSearchApiKey, getEnvVar, getFirestoreProjectId, getGcpProjectId, getGcpUserEmail, getGeminiApiKey, getJiraApiBaseUrl, getJiraApiToken, getJiraUserEmail, getLogToConsole, getNpmToken, getPostgresDatabase, getPostgresHostName, getPostgresInstanceConnectionName, getPostgresIpType, getPostgresPassword, getPostgresPoolSizeMax, getPostgresUser, getProjectRoot, getSearchEngineId, obfuscateCred, printEnv, run, setBigtableInstanceName, setBigtableProjectId, setBigtableTableName, setCustomSearchApiKey, setEnvVar, setFirestoreProjectId, setGeminiApiKey, setJiraApiBaseUrl, setJiraApiToken, setJiraUserEmail, setLogToConsole, setNpmToken, setPostgresDatabase, setPostgresHostName, setPostgresInstanceConnectionName, setPostgresIpType, setPostgresPassword, setPostgresPoolSizeMax, setPostgresUser };

package/dist/index.js

@@ -0,0 +1,387 @@
+// src/index.ts
+import readline from "readline";
+import path from "path";
+import { createSecretManagerClient } from "@dataformer/secret-manager-client";
+var secretManager = null;
+var secretManagerInitialized = false;
+async function getSecretManager() {
+  if (secretManagerInitialized) {
+    return secretManager;
+  }
+  try {
+    secretManager = await createSecretManagerClient();
+    secretManagerInitialized = true;
+    return secretManager;
+  } catch (error) {
+    console.error("[EnvService.ts] Failed to initialize SecretManagerClient:", error.message);
+    console.warn("[EnvService.ts] Secret Manager functionality will be unavailable.");
+    secretManagerInitialized = true;
+    return null;
+  }
+}
+var rl = readline.createInterface({
+  input: process.stdin,
+  output: process.stdout
+});
+var askQuestion = (question, defaultValue = "") => {
+  return new Promise((resolve) => {
+    rl.question(question + (defaultValue ? ` [${defaultValue}]: ` : ": "), (answer) => {
+      resolve(answer || defaultValue);
+    });
+  });
+};
+function obfuscateCred(cred) {
+  if (cred && cred.length >= 6) {
+    const start = cred.substring(0, 3);
+    const end = cred.substring(cred.length - 3);
+    return `${start}...${end}`;
+  } else {
+    return cred || "";
+  }
+}
+async function getEnvVar(baseSecretKey) {
+  const sm = await getSecretManager();
+  if (!sm) {
+    console.warn(`[EnvService.ts] SecretManager not available for getEnvVar (key: ${baseSecretKey})`);
+    return null;
+  }
+  return sm.getSecret(baseSecretKey);
+}
+async function getCustomSearchApiKey() {
+  const apiKey = await getEnvVar("CUSTOM_SEARCH_API_KEY");
+  if (!apiKey) {
+    throw new Error("CUSTOM_SEARCH_API_KEY not found in environment variables.");
+  }
+  return apiKey;
+}
+async function getSearchEngineId() {
+  const searchEngineId = await getEnvVar("SEARCH_ENGINE_ID");
+  if (!searchEngineId) {
+    throw new Error("SEARCH_ENGINE_ID not found in environment variables.");
+  }
+  return searchEngineId;
+}
+async function getFirestoreProjectId() {
+  const projectId = await getEnvVar("FIRESTORE_PROJECT_ID");
+  if (!projectId) {
+    throw new Error("FIRESTORE_PROJECT_ID not found in environment variables.");
+  }
+  return projectId;
+}
+async function setEnvVar(baseSecretKey, value) {
+  const sm = await getSecretManager();
+  if (!sm) {
+    console.warn(`[EnvService.ts] SecretManager not available for setEnvVar (key: ${baseSecretKey})`);
+    return false;
+  }
+  return sm.setSecret(baseSecretKey, value);
+}
+var setLogToConsole = async () => {
+  const logToConsole = await askQuestion("Use consoleLogger to log to console? (yes, no)", "no");
+  if (logToConsole) {
+    await setEnvVar("LOG_TO_CONSOLE", logToConsole);
+  }
+};
+var setPostgresUser = async () => {
+  const user = await askQuestion("Enter PostgreSQL User", "");
+  if (user) {
+    await setEnvVar("POSTGRES_USER", user);
+  }
+};
+var setPostgresPassword = async () => {
+  const password = await askQuestion("Enter PostgreSQL Password", "");
+  if (password) {
+    await setEnvVar("POSTGRES_PASSWORD", password);
+  }
+};
+var setPostgresDatabase = async () => {
+  const database = await askQuestion("Enter PostgreSQL Database", "");
+  if (database) {
+    await setEnvVar("POSTGRES_DATABASE", database);
+  }
+};
+var setPostgresHostName = async () => {
+  const hostName = await askQuestion("Enter PostgreSQL Host name", "localhost");
+  if (hostName) {
+    await setEnvVar("POSTGRES_HOST_NAME", hostName);
+  }
+};
+var setPostgresIpType = async () => {
+  const ipType = await askQuestion("Enter PostgreSQL IP Type (PUBLIC, PRIVATE)", "PUBLIC");
+  if (ipType) {
+    await setEnvVar("POSTGRES_IP_TYPE", ipType);
+  }
+};
+var setPostgresPoolSizeMax = async () => {
+  const poolSizeMax = await askQuestion("Enter Maximum Pool Size for PostgreSQL", "10");
+  if (poolSizeMax) {
+    await setEnvVar("POSTGRES_POOL_SIZE_MAX", poolSizeMax);
+  }
+};
+var setPostgresInstanceConnectionName = async () => {
+  const instanceConnectionName = await askQuestion("Enter PostgreSQL Instance Connection Name (your-project:your-region:your-instance)", "");
+  if (instanceConnectionName) {
+    await setEnvVar("POSTGRES_INSTANCE_CONNECTION_NAME", instanceConnectionName);
+  }
+};
+var setBigtableInstanceName = async () => {
+  const btInstanceName = await askQuestion("Enter Bigtable Instance Name", "");
+  if (btInstanceName) {
+    await setEnvVar("BIGTABLE_INSTANCE_NAME", btInstanceName);
+  }
+};
+var setBigtableTableName = async () => {
+  const btTableName = await askQuestion("Enter Bigtable Table Name", "");
+  if (btTableName) {
+    await setEnvVar("BIGTABLE_TABLE_NAME", btTableName);
+  }
+};
+var setBigtableProjectId = async () => {
+  const btProjectId = await askQuestion("Enter Bigtable Google Project", "");
+  if (btProjectId) {
+    await setEnvVar("BIGTABLE_PROJECT_ID", btProjectId);
+  }
+};
+var setJiraApiToken = async () => {
+  const jiraApiToken = await askQuestion("Enter Jira API token", "");
+  if (jiraApiToken) {
+    await setEnvVar("JIRA_API_TOKEN", jiraApiToken);
+  }
+};
+var setJiraApiBaseUrl = async () => {
+  const jiraApiBaseUrl = await askQuestion("Enter Jira API Base URL", "");
+  if (jiraApiBaseUrl) {
+    await setEnvVar("JIRA_API_BASE_URL", jiraApiBaseUrl);
+  }
+};
+var setJiraUserEmail = async () => {
+  const jiraUserEmail = await askQuestion("Enter Jira user email", "you@domain.com");
+  if (jiraUserEmail) {
+    await setEnvVar("JIRA_USER_EMAIL", jiraUserEmail);
+  }
+};
+var setGeminiApiKey = async () => {
+  const apiKey = await askQuestion("Enter Gemini API key:");
+  if (apiKey) await setEnvVar("GEMINI_API_KEY", apiKey);
+};
+var setNpmToken = async () => {
+  const npmToken = await askQuestion("Enter NPM Token:");
+  if (npmToken) await setEnvVar("NPM_TOKEN", npmToken);
+};
+var setCustomSearchApiKey = async () => {
+  const customSearchApiKey = await askQuestion("Enter Custom Search API Key", "");
+  if (customSearchApiKey) {
+    await setEnvVar("CUSTOM_SEARCH_API_KEY", customSearchApiKey);
+  }
+};
+var setFirestoreProjectId = async () => {
+  const firestoreProjectId = await askQuestion("Enter Firestore Project ID", "dataformer-prod");
+  if (firestoreProjectId) {
+    await setEnvVar("FIRESTORE_PROJECT_ID", firestoreProjectId);
+  }
+};
+var getLogToConsole = async () => await getEnvVar("LOG_TO_CONSOLE");
+var getPostgresUser = async () => await getEnvVar("POSTGRES_USER");
+var getPostgresPassword = async () => await getEnvVar("POSTGRES_PASSWORD");
+var getPostgresDatabase = async () => await getEnvVar("POSTGRES_DATABASE");
+var getPostgresHostName = async () => await getEnvVar("POSTGRES_HOST_NAME");
+var getPostgresIpType = async () => await getEnvVar("POSTGRES_IP_TYPE");
+var getPostgresPoolSizeMax = async () => {
+  const value = await getEnvVar("POSTGRES_POOL_SIZE_MAX");
+  return value ? parseInt(value, 10) : null;
+};
+var getPostgresInstanceConnectionName = async () => await getEnvVar("POSTGRES_INSTANCE_CONNECTION_NAME");
+var getBigtableInstanceName = async () => await getEnvVar("BIGTABLE_INSTANCE_NAME");
+var getBigtableTableName = async () => await getEnvVar("BIGTABLE_TABLE_NAME");
+var getBigtableProjectId = async () => await getEnvVar("BIGTABLE_PROJECT_ID");
+var _getFirestoreProjectId = async () => await getEnvVar("FIRESTORE_PROJECT_ID");
+var getJiraApiToken = async () => await getEnvVar("JIRA_API_TOKEN");
+var getJiraApiBaseUrl = async () => await getEnvVar("JIRA_API_BASE_URL");
+var getJiraUserEmail = async () => await getEnvVar("JIRA_USER_EMAIL");
+var getGeminiApiKey = async () => await getEnvVar("GEMINI_API_KEY");
+var getNpmToken = async () => await getEnvVar("NPM_TOKEN");
+var getProjectRoot = () => {
+  const currentDir = path.dirname(new URL(import.meta.url).pathname);
+  return path.resolve(currentDir, "../..");
+};
+var _getResolvedGcpProjectId = async () => {
+  const sm = await getSecretManager();
+  if (!sm) {
+    console.warn("[EnvService.ts] SecretManager not available for _getResolvedGcpProjectId");
+    return null;
+  }
+  return sm.getResolvedProjectId();
+};
+var _getResolvedGcpUserEmail = async () => {
+  const sm = await getSecretManager();
+  if (!sm) {
+    console.warn("[EnvService.ts] SecretManager not available for _getResolvedGcpUserEmail");
+    return null;
+  }
+  return sm.getResolvedUserEmail();
+};
+var getGcpProjectId = _getResolvedGcpProjectId;
+var getGcpUserEmail = _getResolvedGcpUserEmail;
+var printEnv = async () => {
+  const logToConsole = await getLogToConsole();
+  const postgresUser = await getPostgresUser();
+  const postgresPassword = await getPostgresPassword();
+  const postgresDatabase = await getPostgresDatabase();
+  const postgresHostName = await getPostgresHostName();
+  const postgresIpType = await getPostgresIpType();
+  const postgresPoolSizeMax = await getPostgresPoolSizeMax();
+  const postgresInstanceConnectionName = await getPostgresInstanceConnectionName();
+  const bigtableInstanceName = await getBigtableInstanceName();
+  const bigtableTableName = await getBigtableTableName();
+  const bigtableProjectId = await getBigtableProjectId();
+  const firestoreProjectId = await _getFirestoreProjectId();
+  const jiraApiToken = await getJiraApiToken();
+  const jiraApiBaseUrl = await getJiraApiBaseUrl();
+  const jiraUserEmail = await getJiraUserEmail();
+  const geminiApiKey = await getGeminiApiKey();
+  const customSearchApiKey = await getCustomSearchApiKey();
+  const gcpProjectIdVal = await getGcpProjectId();
+  const gcpUserEmailVal = await getGcpUserEmail();
+  const npmToken = await getNpmToken();
+  console.log(`Project Root: ${getProjectRoot()}`);
+  console.log(`GCP Project ID: ${gcpProjectIdVal}`);
+  console.log(`GCP User Email (for Secret Manager naming): ${gcpUserEmailVal}`);
+  console.log(`Log to Console: ${logToConsole}`);
+  console.log(`PostgreSQL User: ${postgresUser}`);
+  console.log(`PostgreSQL Password: ${obfuscateCred(postgresPassword)}`);
+  console.log(`PostgreSQL Database: ${postgresDatabase}`);
+  console.log(`PostgreSQL Host Name: ${postgresHostName}`);
+  console.log(`PostgreSQL IP Type: ${postgresIpType}`);
+  console.log(`PostgreSQL Pool Size Max: ${postgresPoolSizeMax}`);
+  console.log(`PostgreSQL Instance Connection Name: ${postgresInstanceConnectionName}`);
+  console.log(`Bigtable Instance Name: ${bigtableInstanceName}`);
+  console.log(`Bigtable Table Name: ${bigtableTableName}`);
+  console.log(`Bigtable Project ID: ${bigtableProjectId}`);
+  console.log(`Firestore Project ID: ${firestoreProjectId}`);
+  console.log(`Jira API Token: ${obfuscateCred(jiraApiToken)}`);
+  console.log(`Jira API Base URL: ${jiraApiBaseUrl}`);
+  console.log(`Jira User Email: ${jiraUserEmail}`);
+  console.log(`Custom Search API Key: ${obfuscateCred(customSearchApiKey)}`);
+  console.log(`Gemini API Key: ${obfuscateCred(geminiApiKey)}`);
+  console.log(`NPM Token: ${obfuscateCred(npmToken)}`);
+};
+var run = async () => {
+  const command = process.argv[2];
+  switch (command) {
+    case "setLogToConsole":
+      await setLogToConsole();
+      break;
+    case "setPostgresUser":
+      await setPostgresUser();
+      break;
+    case "setPostgresPassword":
+      await setPostgresPassword();
+      break;
+    case "setPostgresDatabase":
+      await setPostgresDatabase();
+      break;
+    case "setPostgresHostName":
+      await setPostgresHostName();
+      break;
+    case "setPostgresIpType":
+      await setPostgresIpType();
+      break;
+    case "setPostgresPoolSizeMax":
+      await setPostgresPoolSizeMax();
+      break;
+    case "setPostgresInstanceConnectionName":
+      await setPostgresInstanceConnectionName();
+      break;
+    case "setBigtableInstanceName":
+      await setBigtableInstanceName();
+      break;
+    case "setBigtableTableName":
+      await setBigtableTableName();
+      break;
+    case "setBigtableProjectId":
+      await setBigtableProjectId();
+      break;
+    case "setFirestoreProjectId":
+      await setFirestoreProjectId();
+      break;
+    case "setJiraApiToken":
+      await setJiraApiToken();
+      break;
+    case "setJiraApiBaseUrl":
+      await setJiraApiBaseUrl();
+      break;
+    case "setJiraUserEmail":
+      await setJiraUserEmail();
+      break;
+    case "setGeminiApiKey":
+      await setGeminiApiKey();
+      break;
+    case "setNpmToken":
+      await setNpmToken();
+      break;
+    case "setCustomSearchApiKey":
+      await setCustomSearchApiKey();
+      break;
+    case "printEnv":
+      await printEnv();
+      break;
+    default:
+      console.log("Unknown command. Available commands: setEnv, setBearerToken, ..., printEnv");
+  }
+  rl.close();
+};
+if (process.argv[1] === new URL(import.meta.url).pathname) {
+  run().catch((error) => {
+    console.error("[EnvService.ts] An error occurred:", error);
+    rl.close();
+    process.exit(1);
+  });
+}
+export {
+  askQuestion,
+  getBigtableInstanceName,
+  getBigtableProjectId,
+  getBigtableTableName,
+  getCustomSearchApiKey,
+  getEnvVar,
+  getFirestoreProjectId,
+  getGcpProjectId,
+  getGcpUserEmail,
+  getGeminiApiKey,
+  getJiraApiBaseUrl,
+  getJiraApiToken,
+  getJiraUserEmail,
+  getLogToConsole,
+  getNpmToken,
+  getPostgresDatabase,
+  getPostgresHostName,
+  getPostgresInstanceConnectionName,
+  getPostgresIpType,
+  getPostgresPassword,
+  getPostgresPoolSizeMax,
+  getPostgresUser,
+  getProjectRoot,
+  getSearchEngineId,
+  obfuscateCred,
+  printEnv,
+  run,
+  setBigtableInstanceName,
+  setBigtableProjectId,
+  setBigtableTableName,
+  setCustomSearchApiKey,
+  setEnvVar,
+  setFirestoreProjectId,
+  setGeminiApiKey,
+  setJiraApiBaseUrl,
+  setJiraApiToken,
+  setJiraUserEmail,
+  setLogToConsole,
+  setNpmToken,
+  setPostgresDatabase,
+  setPostgresHostName,
+  setPostgresInstanceConnectionName,
+  setPostgresIpType,
+  setPostgresPassword,
+  setPostgresPoolSizeMax,
+  setPostgresUser
+};

package/package.json

@@ -0,0 +1,30 @@
+{
+  "name": "@dataformer/env-service",
+  "version": "1.0.0",
+  "description": "Environment service for Dataformer",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "scripts": {
+    "build": "tsup src/index.ts --format esm --dts --clean",
+    "dev": "tsup src/index.ts --format esm --dts --watch",
+    "prepublish": "pnpm run build"
+  },
+  "dependencies": {
+    "@google-cloud/secret-manager": "^5.4.0",
+    "@dataformer/secret-manager-client": "workspace:*"
+  },
+  "devDependencies": {
+    "tsup": "^8.0.0",
+    "typescript": "^5.5.3"
+  },
+  "peerDependencies": {
+    "typescript": "^5.0.0"
+  }
+}

package/src/index.ts

@@ -0,0 +1,440 @@
+// EnvService.ts - Manages environment variables and credentials using Google Secret Manager.
+//
+// HOW TO USE:
+// This script is typically invoked via the wrapper `env.js` in the project root.
+// Commands are passed as arguments, e.g.:
+//   node env.js printEnv                    - Prints all current environment variable values.
+//   node env.js setApiKey                   - Prompts to set the API key.
+//   ... and so on for other specific setters listed in the `run` function's switch statement.
+//
+// GCLOUD AUTHENTICATION REQUIREMENT:
+// This script requires you to be authenticated with Google Cloud CLI (`gcloud`).
+// The credentials are used by the underlying SecretManagerClient to access Google Secret Manager.
+//
+// TO AUTHENTICATE WITH GCLOUD:
+// 1. Install Google Cloud SDK: https://cloud.google.com/sdk/docs/install
+// 2. Initialize gcloud (if you haven't already):
+//    gcloud init
+//    - Follow the prompts to log in with your Google account and choose/create a project.
+// 3. Log in with application default credentials:
+//    gcloud auth application-default login
+//    - This command opens a browser window for you to authorize gcloud to access your Google account.
+//      Your user credentials will be used by SecretManagerClient to interact with Secret Manager.
+//      Ensure the authenticated user has the necessary IAM permissions on Secret Manager
+//      (e.g., roles/secretmanager.secretAccessor and roles/secretmanager.secretVersionAdder)
+//      for your GCP project.
+//
+// PROJECT ID DETECTION:
+// The SecretManagerClient automatically detects the GCP project ID from:
+// 1. SECRET_MANAGER_PROJECT_ID environment variable (for CI/CD deployments)
+// 2. Your local gcloud configuration (for development: `gcloud config get-value project`)
+// 3. Explicit override via createSecretManagerClient({ projectId: "your-project" })
+//
+// SECRET NAMING CONVENTION:
+// Secrets are named using the format: {projectId}_{userEmail}_{secretId}
+// This ensures user-specific secrets that don't conflict across users or projects.
+
+import readline from 'readline';
+import path from 'path';
+import { createSecretManagerClient, SecretManagerClient } from '@dataformer/secret-manager-client';
+
+// SecretManager client will be initialized lazily on first use
+let secretManager: SecretManagerClient | null = null;
+let secretManagerInitialized = false;
+
+async function getSecretManager(): Promise<SecretManagerClient | null> {
+  if (secretManagerInitialized) {
+    return secretManager;
+  }
+  
+  try {
+    secretManager = await createSecretManagerClient();
+    secretManagerInitialized = true;
+    return secretManager;
+  } catch (error) {
+    console.error('[EnvService.ts] Failed to initialize SecretManagerClient:', (error as Error).message);
+    console.warn('[EnvService.ts] Secret Manager functionality will be unavailable.');
+    secretManagerInitialized = true; // Prevent retrying
+    return null;
+  }
+}
+
+const rl = readline.createInterface({
+  input: process.stdin,
+  output: process.stdout,
+});
+
+const askQuestion = (question: string, defaultValue: string = ''): Promise<string> => {
+  return new Promise((resolve) => {
+    rl.question(question + (defaultValue ? ` [${defaultValue}]: ` : ': '), (answer: string) => {
+      resolve(answer || defaultValue);
+    });
+  });
+};
+
+function obfuscateCred(cred: string | null): string {
+  if (cred && cred.length >= 6) {
+      const start = cred.substring(0, 3);
+      const end = cred.substring(cred.length - 3);
+      return `${start}...${end}`;
+  } else {
+      return cred || '';
+  }
+}
+
+// --- Generic Environment Variable Accessors ---
+async function getEnvVar(baseSecretKey: string): Promise<string | null> {
+  const sm = await getSecretManager();
+  if (!sm) {
+    console.warn(`[EnvService.ts] SecretManager not available for getEnvVar (key: ${baseSecretKey})`);
+    return null;
+  }
+  return sm.getSecret(baseSecretKey);
+}
+
+export async function getCustomSearchApiKey(): Promise<string> {
+  const apiKey = await getEnvVar('CUSTOM_SEARCH_API_KEY');
+  if (!apiKey) {
+    throw new Error('CUSTOM_SEARCH_API_KEY not found in environment variables.');
+  }
+  return apiKey;
+}
+
+export async function getSearchEngineId(): Promise<string> {
+  const searchEngineId = await getEnvVar('SEARCH_ENGINE_ID');
+  if (!searchEngineId) {
+    throw new Error('SEARCH_ENGINE_ID not found in environment variables.');
+  }
+  return searchEngineId;
+}
+
+export async function getFirestoreProjectId(): Promise<string> {
+  const projectId = await getEnvVar('FIRESTORE_PROJECT_ID');
+  if (!projectId) {
+    throw new Error('FIRESTORE_PROJECT_ID not found in environment variables.');
+  }
+  return projectId;
+}
+
+async function setEnvVar(baseSecretKey: string, value: string): Promise<boolean> {
+  const sm = await getSecretManager();
+  if (!sm) {
+    console.warn(`[EnvService.ts] SecretManager not available for setEnvVar (key: ${baseSecretKey})`);
+    return false; // Indicate failure
+  }
+  // TODO: need to get change iamPolicy permissions
+  // const currentUserOnly = true;
+  return sm.setSecret(baseSecretKey, value);
+}
+
+// --- Specific Setters (Now use generic setEnvVar) ---
+const setLogToConsole = async (): Promise<void> => {
+    const logToConsole = await askQuestion('Use consoleLogger to log to console? (yes, no)', 'no');
+    if (logToConsole) {
+      await setEnvVar('LOG_TO_CONSOLE', logToConsole);
+    }
+};
+
+const setPostgresUser = async (): Promise<void> => {
+  const user = await askQuestion('Enter PostgreSQL User', '');
+  if (user) {
+      await setEnvVar('POSTGRES_USER', user);
+  }
+};
+
+const setPostgresPassword = async (): Promise<void> => {
+  const password = await askQuestion('Enter PostgreSQL Password', '');
+  if (password) {
+      await setEnvVar('POSTGRES_PASSWORD', password);
+  }
+};
+
+const setPostgresDatabase = async (): Promise<void> => {
+  const database = await askQuestion('Enter PostgreSQL Database', '');
+  if (database) {
+      await setEnvVar('POSTGRES_DATABASE', database);
+  }
+};
+
+const setPostgresHostName = async (): Promise<void> => {
+  const hostName = await askQuestion('Enter PostgreSQL Host name', 'localhost');
+  if (hostName) {
+    await setEnvVar('POSTGRES_HOST_NAME', hostName);
+  }
+};
+
+const setPostgresIpType = async (): Promise<void> => {
+  const ipType = await askQuestion('Enter PostgreSQL IP Type (PUBLIC, PRIVATE)', 'PUBLIC');
+  if (ipType) {
+      await setEnvVar('POSTGRES_IP_TYPE', ipType);
+  }
+};
+
+const setPostgresPoolSizeMax = async (): Promise<void> => {
+  const poolSizeMax = await askQuestion('Enter Maximum Pool Size for PostgreSQL', '10');
+  if (poolSizeMax) {
+      await setEnvVar('POSTGRES_POOL_SIZE_MAX', poolSizeMax);
+  }
+};
+
+const setPostgresInstanceConnectionName = async (): Promise<void> => {
+  const instanceConnectionName = await askQuestion('Enter PostgreSQL Instance Connection Name (your-project:your-region:your-instance)', '');
+  if (instanceConnectionName) {
+      await setEnvVar('POSTGRES_INSTANCE_CONNECTION_NAME', instanceConnectionName);
+  }
+};
+
+const setBigtableInstanceName = async (): Promise<void> => {
+  const btInstanceName = await askQuestion('Enter Bigtable Instance Name', '');
+  if (btInstanceName) {
+    await setEnvVar('BIGTABLE_INSTANCE_NAME', btInstanceName);
+  }
+};
+
+const setBigtableTableName = async (): Promise<void> => {
+  const btTableName = await askQuestion('Enter Bigtable Table Name', '');
+  if (btTableName) {
+    await setEnvVar('BIGTABLE_TABLE_NAME', btTableName);
+  }
+};
+
+const setBigtableProjectId = async (): Promise<void> => {
+  const btProjectId = await askQuestion('Enter Bigtable Google Project', '');
+  if (btProjectId) {
+    await setEnvVar('BIGTABLE_PROJECT_ID', btProjectId);
+  }
+};
+
+const setJiraApiToken = async (): Promise<void> => {
+  const jiraApiToken = await askQuestion('Enter Jira API token', '');
+  if (jiraApiToken) {
+    await setEnvVar('JIRA_API_TOKEN', jiraApiToken);
+  }
+};
+
+const setJiraApiBaseUrl = async (): Promise<void> => {
+  const jiraApiBaseUrl = await askQuestion('Enter Jira API Base URL', '');
+  if (jiraApiBaseUrl) {
+    await setEnvVar('JIRA_API_BASE_URL', jiraApiBaseUrl);
+  }
+};
+
+const setJiraUserEmail = async (): Promise<void> => {
+  const jiraUserEmail = await askQuestion('Enter Jira user email', 'you@domain.com');
+  if (jiraUserEmail) {
+    await setEnvVar('JIRA_USER_EMAIL', jiraUserEmail);
+  }
+};
+
+const setGeminiApiKey = async (): Promise<void> => {
+  const apiKey = await askQuestion('Enter Gemini API key:');
+  if (apiKey) await setEnvVar('GEMINI_API_KEY', apiKey);
+};
+
+const setNpmToken = async (): Promise<void> => {
+  const npmToken = await askQuestion('Enter NPM Token:');
+  if (npmToken) await setEnvVar('NPM_TOKEN', npmToken);
+};
+
+const setCustomSearchApiKey = async (): Promise<void> => {
+  const customSearchApiKey = await askQuestion('Enter Custom Search API Key', '');
+  if (customSearchApiKey) {
+      await setEnvVar('CUSTOM_SEARCH_API_KEY', customSearchApiKey);
+  }
+};
+
+const setFirestoreProjectId = async (): Promise<void> => {
+  const firestoreProjectId = await askQuestion('Enter Firestore Project ID', 'dataformer-prod');
+  if (firestoreProjectId) {
+    await setEnvVar('FIRESTORE_PROJECT_ID', firestoreProjectId);
+  }
+};
+
+// --- Specific Getters (Now use generic getEnvVar) ---
+const getLogToConsole = async (): Promise<string | null> => await getEnvVar('LOG_TO_CONSOLE');
+const getPostgresUser = async (): Promise<string | null> => await getEnvVar('POSTGRES_USER');
+const getPostgresPassword = async (): Promise<string | null> => await getEnvVar('POSTGRES_PASSWORD');
+const getPostgresDatabase = async (): Promise<string | null> => await getEnvVar('POSTGRES_DATABASE');
+const getPostgresHostName = async (): Promise<string | null> => await getEnvVar('POSTGRES_HOST_NAME');
+const getPostgresIpType = async (): Promise<string | null> => await getEnvVar('POSTGRES_IP_TYPE');
+const getPostgresPoolSizeMax = async (): Promise<number | null> => {
+  const value = await getEnvVar('POSTGRES_POOL_SIZE_MAX');
+  return value ? parseInt(value, 10) : null;
+};
+const getPostgresInstanceConnectionName = async (): Promise<string | null> => await getEnvVar('POSTGRES_INSTANCE_CONNECTION_NAME');
+const getBigtableInstanceName = async (): Promise<string | null> => await getEnvVar('BIGTABLE_INSTANCE_NAME');
+const getBigtableTableName = async (): Promise<string | null> => await getEnvVar('BIGTABLE_TABLE_NAME');
+const getBigtableProjectId = async (): Promise<string | null> => await getEnvVar('BIGTABLE_PROJECT_ID');
+const _getFirestoreProjectId = async (): Promise<string | null> => await getEnvVar('FIRESTORE_PROJECT_ID');
+const getJiraApiToken = async (): Promise<string | null> => await getEnvVar('JIRA_API_TOKEN');
+const getJiraApiBaseUrl = async (): Promise<string | null> => await getEnvVar('JIRA_API_BASE_URL');
+const getJiraUserEmail = async (): Promise<string | null> => await getEnvVar('JIRA_USER_EMAIL');
+const getGeminiApiKey = async (): Promise<string | null> => await getEnvVar('GEMINI_API_KEY');
+const getNpmToken = async (): Promise<string | null> => await getEnvVar('NPM_TOKEN');
+
+const getProjectRoot = (): string => {
+  // When compiled, this will be in dist/services/, so we need to go up two levels
+  // Use import.meta.url for ES modules instead of __dirname
+  const currentDir = path.dirname(new URL(import.meta.url).pathname);
+  return path.resolve(currentDir, '../..'); 
+};
+
+const _getResolvedGcpProjectId = async (): Promise<string | null> => {
+  const sm = await getSecretManager();
+  if (!sm) {
+    console.warn('[EnvService.ts] SecretManager not available for _getResolvedGcpProjectId');
+    return null;
+  }
+  return sm.getResolvedProjectId();
+};
+
+const _getResolvedGcpUserEmail = async (): Promise<string | null> => {
+  const sm = await getSecretManager();
+  if (!sm) {
+    console.warn('[EnvService.ts] SecretManager not available for _getResolvedGcpUserEmail');
+    return null;
+  }
+  return sm.getResolvedUserEmail();
+};
+
+const getGcpProjectId = _getResolvedGcpProjectId;
+const getGcpUserEmail = _getResolvedGcpUserEmail;
+
+const printEnv = async (): Promise<void> => {
+  const logToConsole = await getLogToConsole();
+  const postgresUser = await getPostgresUser();
+  const postgresPassword = await getPostgresPassword();
+  const postgresDatabase = await getPostgresDatabase();
+  const postgresHostName = await getPostgresHostName();
+  const postgresIpType = await getPostgresIpType();
+  const postgresPoolSizeMax = await getPostgresPoolSizeMax();
+  const postgresInstanceConnectionName = await getPostgresInstanceConnectionName();
+  const bigtableInstanceName = await getBigtableInstanceName();
+  const bigtableTableName = await getBigtableTableName();
+  const bigtableProjectId = await getBigtableProjectId();
+  const firestoreProjectId = await _getFirestoreProjectId();
+  const jiraApiToken = await getJiraApiToken();
+  const jiraApiBaseUrl = await getJiraApiBaseUrl();
+  const jiraUserEmail = await getJiraUserEmail();
+  const geminiApiKey = await getGeminiApiKey();
+  const customSearchApiKey = await getCustomSearchApiKey();
+  const gcpProjectIdVal = await getGcpProjectId(); 
+  const gcpUserEmailVal = await getGcpUserEmail();
+  const npmToken = await getNpmToken();
+
+  console.log(`Project Root: ${getProjectRoot()}`);
+  console.log(`GCP Project ID: ${gcpProjectIdVal}`);
+  console.log(`GCP User Email (for Secret Manager naming): ${gcpUserEmailVal}`);
+  console.log(`Log to Console: ${logToConsole}`);
+  console.log(`PostgreSQL User: ${postgresUser}`);
+  console.log(`PostgreSQL Password: ${obfuscateCred(postgresPassword)}`);
+  console.log(`PostgreSQL Database: ${postgresDatabase}`);
+  console.log(`PostgreSQL Host Name: ${postgresHostName}`);
+  console.log(`PostgreSQL IP Type: ${postgresIpType}`);
+  console.log(`PostgreSQL Pool Size Max: ${postgresPoolSizeMax}`);
+  console.log(`PostgreSQL Instance Connection Name: ${postgresInstanceConnectionName}`);
+  console.log(`Bigtable Instance Name: ${bigtableInstanceName}`);
+  console.log(`Bigtable Table Name: ${bigtableTableName}`);
+  console.log(`Bigtable Project ID: ${bigtableProjectId}`);
+  console.log(`Firestore Project ID: ${firestoreProjectId}`);
+  console.log(`Jira API Token: ${obfuscateCred(jiraApiToken)}`);
+  console.log(`Jira API Base URL: ${jiraApiBaseUrl}`);
+  console.log(`Jira User Email: ${jiraUserEmail}`);
+  console.log(`Custom Search API Key: ${obfuscateCred(customSearchApiKey)}`);
+  console.log(`Gemini API Key: ${obfuscateCred(geminiApiKey)}`);
+  console.log(`NPM Token: ${obfuscateCred(npmToken)}`);
+};
+
+const run = async (): Promise<void> => {
+  const command = process.argv[2];
+  switch (command) {
+    case 'setLogToConsole': await setLogToConsole(); break;
+    case 'setPostgresUser': await setPostgresUser(); break;
+    case 'setPostgresPassword': await setPostgresPassword(); break;
+    case 'setPostgresDatabase': await setPostgresDatabase(); break;
+    case 'setPostgresHostName': await setPostgresHostName(); break;
+    case 'setPostgresIpType': await setPostgresIpType(); break;
+    case 'setPostgresPoolSizeMax': await setPostgresPoolSizeMax(); break;
+    case 'setPostgresInstanceConnectionName': await setPostgresInstanceConnectionName(); break;
+    case 'setBigtableInstanceName': await setBigtableInstanceName(); break;
+    case 'setBigtableTableName': await setBigtableTableName(); break;
+    case 'setBigtableProjectId': await setBigtableProjectId(); break;
+    case 'setFirestoreProjectId': await setFirestoreProjectId(); break;
+    case 'setJiraApiToken': await setJiraApiToken(); break;
+    case 'setJiraApiBaseUrl': await setJiraApiBaseUrl(); break;
+    case 'setJiraUserEmail': await setJiraUserEmail(); break;
+    case 'setGeminiApiKey': await setGeminiApiKey(); break;
+    case 'setNpmToken': await setNpmToken(); break;
+    case 'setCustomSearchApiKey': await setCustomSearchApiKey(); break;
+    case 'printEnv': await printEnv(); break;
+    default: console.log('Unknown command. Available commands: setEnv, setBearerToken, ..., printEnv');
+  }
+  rl.close();
+};
+
+// If run directly from command line (ES module check)
+if (process.argv[1] === new URL(import.meta.url).pathname) {
+  run().catch((error: Error) => {
+    console.error('[EnvService.ts] An error occurred:', error);
+    rl.close();
+    process.exit(1);
+  });
+}
+
+// Export all functions
+export {
+  // CLI functions
+  run,
+  printEnv,
+
+  // Setters
+  setLogToConsole,
+  setPostgresUser,
+  setPostgresPassword,
+  setPostgresDatabase,
+  setPostgresHostName,
+  setPostgresIpType,
+  setPostgresPoolSizeMax,
+  setPostgresInstanceConnectionName,
+  setBigtableInstanceName,
+  setBigtableTableName,
+  setBigtableProjectId,
+  setFirestoreProjectId,
+  setJiraApiToken,
+  setJiraApiBaseUrl,
+  setJiraUserEmail,
+  setGeminiApiKey,
+  setNpmToken,
+  setCustomSearchApiKey,
+
+  // Getters
+  getLogToConsole,
+  getPostgresUser,
+  getPostgresPassword,
+  getPostgresDatabase,
+  getPostgresHostName,
+  getPostgresIpType,
+  getPostgresPoolSizeMax,
+  getPostgresInstanceConnectionName,
+  getBigtableInstanceName,
+  getBigtableTableName,
+  getBigtableProjectId,
+  getJiraApiToken,
+  getJiraApiBaseUrl,
+  getJiraUserEmail,
+  getGeminiApiKey,
+  getNpmToken,
+
+  // Synchronous Getters / Utility
+  getProjectRoot,
+  getGcpProjectId,
+  getGcpUserEmail,
+
+  // Generic accessors
+  getEnvVar,
+  setEnvVar,
+
+  // Utility functions
+  obfuscateCred,
+  askQuestion
+};