@dotenvx/dotenvx-vlt 0.49.0

package/src/cli/actions/settings/username.js

@@ -0,0 +1,22 @@
+const { logger } = require('@dotenvx/dotenvx')
+
+const Session = require('./../../../db/session')
+
+async function username () {
+  try {
+    const sesh = new Session()
+    const username = sesh.username()
+
+    if (username) {
+      console.log(username)
+    } else {
+      logger.error('login required. Try running [dotenvx-pro login].')
+      process.exit(1)
+    }
+  } catch (error) {
+    logger.error(error.message)
+    process.exit(1)
+  }
+}
+
+module.exports = username

package/src/cli/actions/status.js

@@ -0,0 +1,13 @@
+const { logger } = require('@dotenvx/dotenvx')
+
+const Status = require('./../../lib/services/status')
+
+async function status () {
+  const options = this.opts()
+  logger.debug(`options: ${JSON.stringify(options)}`)
+
+  const { status } = new Status().run()
+  console.log(status)
+}
+
+module.exports = status

package/src/cli/actions/sync.js

@@ -0,0 +1,104 @@
+const fs = require('fs')
+
+const { logger } = require('@dotenvx/dotenvx')
+const Session = require('./../../db/session')
+
+const { createSpinner } = require('./../../lib/helpers/createSpinner')
+const pluralize = require('./../../lib/helpers/pluralize')
+const sha256File = require('./../../lib/helpers/sha256File')
+
+const Sync = require('./../../lib/services/sync')
+const SyncConflict = require('./../../lib/services/syncConflict')
+
+const spinner = createSpinner('syncing')
+
+async function sync () {
+  // debug opts
+  const options = this.opts()
+  const sesh = new Session()
+  const hostname = options.hostname || sesh.hostname()
+
+  try {
+    logger.debug(`options: ${JSON.stringify(options)}`)
+
+    spinner.start()
+
+    const {
+      projectUsernameName,
+      files
+    } = await new Sync(hostname, options.force).run()
+    logger.debug(`files: ${JSON.stringify(files)}`)
+
+    // write output files
+    for (const file of files) {
+      const { filepath, src, sha } = file
+
+      let needsWrite = true
+      if (fs.existsSync(filepath)) {
+        const localSha = sha256File(filepath)
+        needsWrite = localSha !== sha
+      }
+
+      if (needsWrite) {
+        logger.debug(`writing ${filepath}`)
+        fs.writeFileSync(filepath, src, 'utf8')
+      } else {
+        logger.debug(`unchanged ${filepath} (skipped)`)
+      }
+    }
+
+    spinner.stop()
+
+    logger.success(`✔ synced [${projectUsernameName}]`)
+  } catch (error) {
+    spinner.stop()
+    if (error.message) {
+      logger.error(error.message)
+    } else {
+      logger.error(error)
+    }
+    if (error.help) {
+      logger.help(error.help)
+    }
+    if (error.stack) {
+      logger.debug(error.stack)
+    }
+
+    try {
+      if (error.code === 'DOTENVX_SYNC_CONFLICT') {
+        spinner.start()
+
+        const synchronizationId = error.meta.synchronization_id
+        const { conflictedFiles } = await new SyncConflict(hostname, synchronizationId).run()
+
+        spinner.stop()
+
+        // loop through any conflicted files
+        for (const conflictedFile of conflictedFiles) {
+          logger.info('')
+          logger.info(`✖ conflict [${conflictedFile.filepath}]`)
+          console.log(conflictedFile.diffAnsi)
+        }
+
+        logger.info(`Review and edit the ${pluralize('file', conflictedFiles.length)} as needed, then confirm your version with [dotenvx-ops sync --force]`)
+      }
+    } catch (error) {
+      spinner.stop()
+      if (error.message) {
+        logger.error(error.message)
+      } else {
+        logger.error(error)
+      }
+      if (error.help) {
+        logger.help(error.help)
+      }
+      if (error.stack) {
+        logger.debug(error.stack)
+      }
+    }
+
+    process.exit(1)
+  }
+}
+
+module.exports = sync

package/src/cli/commands/armor.js

@@ -0,0 +1,73 @@
+const { Command } = require('commander')
+const Session = require('./../../db/session')
+
+const armor = new Command('armor')
+
+armor
+  .description('ARMORED KEYS ⛨')
+  .allowUnknownOption()
+  .action(async function () {
+    const sesh = new Session()
+    await sesh.notifyUpdate()
+    this.help()
+  })
+
+// dotenvx-ops armor up
+const upAction = require('./../actions/armor/up')
+armor
+  .command('up')
+  .description('armor private key')
+  .option('-f, --env-file <path>', 'path to your env file')
+  .option('--token <token>', 'set token')
+  .option('--team <team>', 'team to armor private key for')
+  .action(upAction)
+
+// dotenvx-ops armor down
+const downAction = require('./../actions/armor/down')
+armor
+  .command('down')
+  .description('dearmor private key')
+  .option('-f, --env-file <path>', 'path to your env file')
+  .option('--token <token>', 'set token')
+  .option('--team <team>', 'team to dearmor private key from')
+  .action(downAction)
+
+// dotenvx-ops armor push
+const pushAction = require('./../actions/armor/push')
+armor
+  .command('push')
+  .description('push armored key (from .env.keys)')
+  .option('-f, --env-file <path>', 'path to your env file')
+  .option('--token <token>', 'set token')
+  .option('--team <team>', 'team to push armored private key for')
+  .action(pushAction)
+
+// dotenvx-ops armor pull
+const pullAction = require('./../actions/armor/pull')
+armor
+  .command('pull')
+  .description('pull armored key (into .env.keys)')
+  .option('-f, --env-file <path>', 'path to your env file')
+  .option('--token <token>', 'set token')
+  .option('--team <team>', 'team to pull armored private key from')
+  .action(pullAction)
+
+// dotenvx-ops armor rotate
+const rotateAction = require('./../actions/armor/rotate')
+armor
+  .command('rotate')
+  .description('rotate armored key and re-encrypt .env file')
+  .option('-f, --env-file <path>', 'path to your env file')
+  .option('--token <token>', 'set token')
+  .action(rotateAction)
+
+// dotenvx-ops armor move
+const moveAction = require('./../actions/armor/move')
+armor
+  .command('move')
+  .description('move armored key (to other team)')
+  .option('-f, --env-file <path>', 'path to your env file')
+  .option('--token <token>', 'set token')
+  .action(moveAction)
+
+module.exports = armor

package/src/cli/commands/gateway.js

@@ -0,0 +1,16 @@
+const { Command } = require('commander')
+
+const gateway = new Command('gateway')
+
+gateway
+  .description('[INTERNAL] ⛩ gateway')
+  .allowUnknownOption()
+
+// dotenvx-ops gateway start
+const startAction = require('./../actions/gateway/start')
+gateway
+  .command('start')
+  .description('start gateway')
+  .action(startAction)
+
+module.exports = gateway

package/src/cli/commands/rotate/github.js

@@ -0,0 +1,26 @@
+const { Command } = require('commander')
+
+const github = new Command('github')
+
+const Session = require('./../../../db/session')
+const sesh = new Session()
+
+github
+  .description('github')
+  .allowUnknownOption()
+
+github
+  .command('connect')
+  .description('connect passcard')
+  .option('--org <organizationSlug>')
+  .option('--username <username>')
+  .option('--password <password>')
+  .option('--email <email>')
+  .option('--hostname <url>', 'set hostname', sesh.hostname())
+  .option('--token <token>', 'set token')
+  .action(async function (...args) {
+    const connectAction = require('./../../actions/rotate/github/connect')
+    await connectAction.apply(this, args)
+  })
+
+module.exports = github

package/src/cli/commands/rotate/npm.js

@@ -0,0 +1,26 @@
+const { Command } = require('commander')
+
+const npm = new Command('npm')
+
+const Session = require('./../../../db/session')
+const sesh = new Session()
+
+npm
+  .description('npm')
+  .allowUnknownOption()
+
+npm
+  .command('connect')
+  .description('connect passcard')
+  .option('--org <organizationSlug>')
+  .option('--username <username>')
+  .option('--password <password>')
+  .option('--email <email>')
+  .option('--hostname <url>', 'set hostname', sesh.hostname())
+  .option('--token <token>', 'set token')
+  .action(async function (...args) {
+    const connectAction = require('./../../actions/rotate/npm/connect')
+    await connectAction.apply(this, args)
+  })
+
+module.exports = npm

package/src/cli/commands/rotate/openai.js

@@ -0,0 +1,26 @@
+const { Command } = require('commander')
+
+const openai = new Command('openai')
+
+const Session = require('./../../../db/session')
+const sesh = new Session()
+
+openai
+  .description('openai')
+  .allowUnknownOption()
+
+openai
+  .command('connect')
+  .description('connect passcard')
+  .option('--org <organizationSlug>')
+  .option('--username <username>')
+  .option('--password <password>')
+  .option('--email <email>')
+  .option('--hostname <url>', 'set hostname', sesh.hostname())
+  .option('--token <token>', 'set token')
+  .action(async function (...args) {
+    const connectAction = require('./../../actions/rotate/openai/connect')
+    await connectAction.apply(this, args)
+  })
+
+module.exports = openai

package/src/cli/commands/rotate.js

@@ -0,0 +1,32 @@
+const { Command } = require('commander')
+
+const rotate = new Command('rotate')
+
+const Session = require('./../../db/session')
+const sesh = new Session()
+
+rotate
+  .description('[INTERNAL] rotate secret')
+  .allowUnknownOption()
+
+rotate.addCommand(require('./rotate/github'))
+rotate.addCommand(require('./rotate/npm'))
+rotate.addCommand(require('./rotate/openai'))
+
+// dotenvx-ops rotate (fallback positional argument handler)
+const rotateAction = require('../actions/rotate')
+rotate
+  .argument('[URI]', 'URI') // brackets = optional
+  .option('--hostname <url>', 'set hostname', sesh.hostname())
+  .option('--token <token>', 'set token')
+  .action(async function (uri, options, command) {
+    if (!uri) {
+      command.help()
+      return
+    }
+
+    // Call external action with correct "this" binding
+    await rotateAction.call(this, uri)
+  })
+
+module.exports = rotate

package/src/cli/commands/settings.js

@@ -0,0 +1,60 @@
+const { Command } = require('commander')
+
+const settings = new Command('settings')
+
+settings
+  .description('settings')
+  .allowUnknownOption()
+
+// dotenvx-ops settings username
+const usernameAction = require('./../actions/settings/username')
+settings
+  .command('username')
+  .description('print your username')
+  .action(usernameAction)
+
+// dotenvx-ops settings token
+const tokenAction = require('./../actions/settings/token')
+settings
+  .command('token')
+  .description('print your access token (--unmask)')
+  .option('--unmask', 'unmask access token')
+  .action(tokenAction)
+
+// dotenvx-ops settings device
+const deviceAction = require('./../actions/settings/device')
+settings
+  .command('device')
+  .description('print your device pubkey (--unmask)')
+  .option('--unmask', 'unmask device pubkey')
+  .action(deviceAction)
+
+// dotenvx-ops settings hostname
+const hostnameAction = require('./../actions/settings/hostname')
+settings
+  .command('hostname')
+  .description('print hostname')
+  .action(hostnameAction)
+
+// dotenvx-ops settings path
+const pathAction = require('./../actions/settings/path')
+settings
+  .command('path')
+  .description('print path to settings file')
+  .action(pathAction)
+
+// dotenvx-ops settings on
+const onAction = require('./../actions/settings/on')
+settings
+  .command('on')
+  .description('turn ops on')
+  .action(onAction)
+
+// dotenvx-ops settings off
+const offAction = require('./../actions/settings/off')
+settings
+  .command('off')
+  .description('turn ops off')
+  .action(offAction)
+
+module.exports = settings

package/src/cli/dotenvx-ops.js

@@ -0,0 +1,163 @@
+#!/usr/bin/env node
+
+/* c8 ignore start */
+const { Command } = require('commander')
+const program = new Command()
+
+const { setLogLevel } = require('@dotenvx/dotenvx')
+
+const packageJson = require('./../lib/helpers/packageJson')
+const Session = require('./../db/session')
+const argv = process.argv.slice(2)
+const firstArg = argv[0]
+
+// global log levels
+program
+  .usage('login')
+  .option('-l, --log-level <level>', 'set log level', 'info')
+  .option('-q, --quiet', 'sets log level to error')
+  .option('-v, --verbose', 'sets log level to verbose')
+  .option('-d, --debug', 'sets log level to debug')
+  .hook('preAction', async (thisCommand, actionCommand) => {
+    const options = thisCommand.opts()
+
+    setLogLevel(options)
+  })
+
+// cli
+program
+  .name('dotenvx-ops')
+  .description(packageJson.description)
+  .version(packageJson.version)
+  .allowUnknownOption()
+
+// dotenvx-ops backup
+const backupAction = require('./actions/backup')
+program
+  .command('backup')
+  .description('[INTERNAL] back up .env.keys')
+  .option('--org <organizationSlug>')
+  .option('-h, --hostname <url>', 'set hostname')
+  .action(backupAction)
+
+// dotenvx-ops open
+const openAction = require('./actions/open')
+program
+  .command('open')
+  .description('[INTERNAL] open project')
+  .option('-h, --hostname <url>', 'set hostname')
+  .action(openAction)
+
+// dotenvx-ops observe base64String
+const observeAction = require('./actions/observe')
+program.command('observe')
+  .usage('<BASE64> [options]')
+  .description('[INTERNAL] observe')
+  .allowUnknownOption()
+  .argument('BASE64', 'BASE64')
+  .option('--hostname <url>', 'set hostname')
+  .option('--token <token>', 'set token')
+  .option('--dotenvxProjectId <identifier>', 'set DOTENVX_PROJECT_ID')
+  .action(function (...args) {
+    observeAction.apply(this, args)
+  })
+
+// dotenvx-ops sync
+const syncAction = require('./actions/sync')
+program
+  .command('sync')
+  .description('[INTERNAL] sync .env*')
+  .option('-h, --hostname <url>', 'set hostname')
+  .option('--force', 'force changes')
+  .action(syncAction)
+
+// dotenvx-ops get
+const getAction = require('./actions/get')
+program
+  .command('get')
+  .description('[INTERNAL] fetch secret')
+  .argument('URI', 'URI')
+  .option('--hostname <url>', 'set hostname')
+  .option('--token <token>', 'set token')
+  .action(getAction)
+
+// dotenvx-ops set
+const setAction = require('./actions/set')
+program
+  .command('set')
+  .description('[INTERNAL] set secret')
+  .argument('URI', 'URI')
+  .argument('value', 'value')
+  .option('--hostname <url>', 'set hostname')
+  .option('--token <token>', 'set token')
+  .action(setAction)
+
+// dotenvx-ops rotate
+const shouldLoadRotateCommand = firstArg === 'rotate' || firstArg === 'help' || firstArg === '--help' || firstArg === '-h'
+if (shouldLoadRotateCommand) {
+  program.addCommand(require('./commands/rotate'))
+}
+
+// dotenvx-ops armor
+program.addCommand(require('./commands/armor'))
+
+// dotenvx-ops login
+const loginAction = require('./actions/login')
+program
+  .command('login')
+  .description('log in')
+  .option('--hostname <url>', 'set hostname')
+  .action(loginAction)
+
+// dotenvx-ops logout
+const logoutAction = require('./actions/logout')
+program
+  .command('logout')
+  .description('log out')
+  .option('--hostname <url>', 'set hostname')
+  .action(logoutAction)
+
+// dotenvx-ops status
+const statusAction = require('./actions/status')
+program
+  .command('status')
+  .description('[INTERNAL] status')
+  .action(statusAction)
+
+// dotenvx-ops keypair
+const keypairAction = require('./actions/keypair')
+program
+  .command('keypair')
+  .description('generate armored keypair ⛨')
+  .argument('[publicKey]', 'existing public key')
+  .option('-h, --hostname <url>', 'set hostname')
+  .option('--token <token>', 'set token')
+  .option('--team <team>', 'team to generate keypair for')
+  .option('-f, --env-file <path>', 'path to your env file', '.env')
+  .option('--no-spinner', 'disable spinner output')
+  .option('--pp, --pretty-print', 'pretty print output')
+  .action(keypairAction)
+
+program.addCommand(require('./commands/gateway'))
+program.addCommand(require('./commands/settings'))
+
+// monkey-patch help output
+program.helpInformation = function () {
+  const originalHelp = Command.prototype.helpInformation.call(this)
+  const lines = originalHelp.split('\n')
+
+  const filteredLines = lines.filter(line =>
+    !line.includes('INTERNAL') // hide observe command
+  )
+
+  return filteredLines.join('\n')
+}
+
+/* c8 ignore stop */
+program.action(async function () {
+  const sesh = new Session()
+  await sesh.notifyUpdate()
+  this.help()
+})
+
+program.parseAsync(process.argv)

package/src/cli/postinstall.js

@@ -0,0 +1,16 @@
+const packageJson = require('./../lib/helpers/packageJson')
+const path = require('path')
+
+const commandName = 'dotenvx-ops'
+const isGlobalInstall = process.env.npm_config_global === 'true' || process.env.npm_config_location === 'global'
+
+let installPath = commandName
+if (isGlobalInstall && process.env.npm_config_prefix) {
+  const binaryName = process.platform === 'win32' ? `${commandName}.cmd` : commandName
+  installPath = process.platform === 'win32'
+    ? path.join(process.env.npm_config_prefix, binaryName)
+    : path.join(process.env.npm_config_prefix, 'bin', binaryName)
+}
+
+console.log(`⛨ installed (${packageJson.version}:${installPath})`)
+console.log('⮕ next run [dotenvx-ops login] and then [dotenvx encrypt]')

package/src/db/device.js

@@ -0,0 +1,73 @@
+const Conf = require('conf')
+const { PrivateKey } = require('eciesjs')
+
+const encryptValue = require('./../lib/helpers/encryptValue')
+const decryptValue = require('./../lib/helpers/decryptValue')
+
+class Device {
+  constructor () {
+    this.store = new Conf({
+      cwd: process.env.DOTENVX_CONFIG || undefined,
+      projectName: 'dotenvx',
+      configName: '.device-key',
+      projectSuffix: '',
+      fileExtension: '',
+      encryptionKey: 'dotenvxpro dotenvxpro dotenvxpro' // backwards compatible
+    })
+  }
+
+  touch () {
+    const _privateKey = this.privateKey()
+    const _publicKey = this.publicKey()
+
+    return {
+      privateKey: _privateKey,
+      publicKey: _publicKey
+    }
+  }
+
+  configPath () {
+    return this.store.path
+  }
+
+  privateKey () {
+    const currentPrivateKey = this.store.get('private_key/1')
+    if (currentPrivateKey && currentPrivateKey.length > 0) {
+      this.store.set('private_key/1', currentPrivateKey)
+
+      return currentPrivateKey
+    }
+
+    // generate privateKey for the first time
+    const kp = new PrivateKey()
+    const _privateKey = kp.secret.toString('hex')
+
+    this.store.set('private_key/1', _privateKey)
+
+    return _privateKey
+  }
+
+  publicKey () {
+    // must have private key to try and get public key
+    const privateKeyHex = this.privateKey()
+    if (!privateKeyHex || privateKeyHex.length < 1) {
+      return ''
+    }
+
+    // create keyPair object from hex string
+    const _privateKey = new PrivateKey(Buffer.from(privateKeyHex, 'hex'))
+
+    // compute publicKey from privateKey
+    return _privateKey.publicKey.toHex()
+  }
+
+  encrypt (value) {
+    return encryptValue(value, this.publicKey())
+  }
+
+  decrypt (value) {
+    return decryptValue(value, this.privateKey())
+  }
+}
+
+module.exports = Device