@dotenvx/dotenvx-vlt 0.49.0

package/src/lib/helpers/sha256File.js

@@ -0,0 +1,9 @@
+const fs = require('fs')
+const crypto = require('crypto')
+
+function sha256File (filepath) {
+  const buf = fs.readFileSync(filepath)
+  return crypto.createHash('sha256').update(buf).digest('hex')
+}
+
+module.exports = sha256File

package/src/lib/helpers/smartMask.js

@@ -0,0 +1,11 @@
+const mask = require('./mask')
+
+function smartMask (str, unmask = false, showChar = 7) {
+  if (unmask) {
+    return str
+  } else {
+    return mask(str, showChar)
+  }
+}
+
+module.exports = smartMask

package/src/lib/helpers/truncate.js

@@ -0,0 +1,10 @@
+function truncate (str, showChar = 7) {
+  if (str && str.length > 0) {
+    const visiblePart = str.slice(0, showChar)
+    return visiblePart + '…'
+  } else {
+    return ''
+  }
+}
+
+module.exports = truncate

package/src/lib/helpers/upsertEnvKey.js

@@ -0,0 +1,61 @@
+const fs = require('fs')
+const path = require('path')
+
+function escapeForRegex (value) {
+  return value.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
+}
+
+function upsertEnvKey (key, value, keysFilepath = '.env.keys') {
+  const resolvedKeysFilepath = path.resolve(keysFilepath)
+  const keyValueLine = `${key}=${value}`
+  const created = !fs.existsSync(resolvedKeysFilepath)
+
+  let src = ''
+  if (!created) {
+    src = fs.readFileSync(resolvedKeysFilepath, 'utf8')
+  }
+
+  const eol = src.includes('\r\n') ? '\r\n' : '\n'
+  const keyPattern = new RegExp(`^\\s*(?:export\\s+)?${escapeForRegex(key)}\\s*=`)
+  const lines = src.length > 0 ? src.split(/\r?\n/) : []
+
+  while (lines.length > 0 && lines[lines.length - 1] === '') {
+    lines.pop()
+  }
+
+  let replaced = false
+  const nextLines = []
+
+  for (const line of lines) {
+    if (keyPattern.test(line)) {
+      if (!replaced) {
+        nextLines.push(keyValueLine)
+        replaced = true
+      }
+      continue
+    }
+
+    nextLines.push(line)
+  }
+
+  if (!replaced) {
+    nextLines.push(keyValueLine)
+  }
+
+  const nextSrc = `${nextLines.join(eol)}${eol}`
+  const changed = created || nextSrc !== src
+
+  if (changed) {
+    fs.writeFileSync(resolvedKeysFilepath, nextSrc, 'utf8')
+  }
+
+  return {
+    changed,
+    key,
+    value,
+    created,
+    filepath: keysFilepath
+  }
+}
+
+module.exports = upsertEnvKey

package/src/lib/main.d.ts

@@ -0,0 +1,152 @@
+import type { URL } from 'url';
+
+/**
+ * Observes a dotenvx run
+ *
+ * @see https://dotenvx.com/docs
+ * @param payload - observability payload string
+ * @returns the original payload string
+ */
+export function observe(payload: string): string;
+
+export interface DotenvOpsOptions {
+  hostname?: string;
+  token?: string;
+}
+
+export interface DotenvOpsKeypairOptions extends DotenvOpsOptions {
+  team?: string;
+}
+
+export interface DotenvOpsKeypairOutput {
+  publicKey: string;
+  privateKey: string;
+}
+
+/**
+ * Creates a remote keypair for the current authenticated device.
+ *
+ * @param publicKey - optional existing public key to fetch
+ * @param options - optional hostname/token/team overrides
+ * @returns generated public and private keys
+ */
+export function keypair(publicKey?: string, options?: DotenvOpsKeypairOptions): Promise<DotenvOpsKeypairOutput>;
+
+export interface DotenvConfigOptions {
+  /**
+   * Specify a custom path if your file containing environment variables is located elsewhere.
+   * Can also be an array of strings, specifying multiple paths.
+   *
+   * @default require('path').resolve(process.cwd(), '.env')
+   * @example require('@dotenvx/dotenvx').config({ path: '/custom/path/to/.env' })
+   * @example require('@dotenvx/dotenvx').config({ path: ['/path/to/first.env', '/path/to/second.env'] })
+   */
+  path?: string | string[] | URL;
+
+  /**
+   * Specify the encoding of your file containing environment variables.
+   *
+   * @default 'utf8'
+   * @example require('@dotenvx/dotenvx').config({ encoding: 'latin1' })
+   */
+  encoding?: string;
+
+  /**
+   * Override any environment variables that have already been set on your machine with values from your .env file.
+   * @default false
+   * @example require('@dotenvx/dotenvx').config({ overload: true })
+   * @alias overload
+   */
+  overload?: boolean;
+
+  /**
+   * @default false
+   * @alias override
+   */
+  override?: boolean;
+
+  /**
+   * Throw immediately if an error is encountered - like a missing .env file.
+   * @default false
+   * @example require('@dotenvx/dotenvx').config({ strict: true })
+   */
+  strict?: boolean;
+
+  /**
+   * Suppress specific errors like MISSING_ENV_FILE. The error keys can be found
+   * in src/lib/helpers/errors.js
+   * @default []
+   * @example require('@dotenvx/dotenvx').config({ ignore: ['MISSING_ENV_FILE'] })
+   */
+  ignore?: string[];
+
+  /**
+   * Specify an object to write your secrets to. Defaults to process.env environment variables.
+   *
+   * @default process.env
+   * @example const processEnv = {}; require('@dotenvx/dotenvx').config({ processEnv: processEnv })
+   */
+  processEnv?: DotenvPopulateInput;
+
+  /**
+   * Customize the path to your .env.keys file. This is useful with monorepos.
+   * @default []
+   * @example require('@dotenvx/dotenvx').config({ envKeysFile: '../../.env.keys'} })
+   */
+  envKeysFile?: string;
+
+  /**
+   * Pass the DOTENV_KEY directly to config options. Defaults to looking for process.env.DOTENV_KEY environment variable. Note this only applies to decrypting .env.vault files. If passed as null or undefined, or not passed at all, dotenv falls back to its traditional job of parsing a .env file.
+   *
+   * @default undefined
+   * @example require('@dotenvx/dotenvx').config({ DOTENV_KEY: 'dotenv://:key_1234…@dotenvx.com/vault/.env.vault?environment=production' })
+   */
+  DOTENV_KEY?: string;
+
+  /**
+   * Load a .env convention (available conventions: 'nextjs, flow')
+   */
+  convention?: string;
+
+  /**
+   * Turn on logging to help debug why certain keys or values are not being set as you expect.
+   *
+   * @default false
+   * @example require('@dotenvx/dotenvx').config({ debug: process.env.DEBUG })
+   */
+  debug?: boolean;
+
+  verbose?: boolean;
+
+  quiet?: boolean;
+
+  logLevel?:
+    | 'error'
+    | 'warn'
+    | 'success'
+    | 'successv'
+    | 'info'
+    | 'help'
+    | 'verbose'
+    | 'debug';
+}
+
+export interface DotenvConfigOutput {
+  error?: Error;
+  parsed?: DotenvParseOutput;
+}
+
+export interface DotenvPopulateInput {
+  [name: string]: string;
+}
+
+/**
+ * Loads `.env` file contents into process.env by default. If `DOTENV_KEY` is present, it smartly attempts to load encrypted `.env.vault` file contents into process.env.
+ *
+ * @see https://dotenvx.com/docs
+ *
+ * @param options - additional options. example: `{ path: './custom/path', encoding: 'latin1', debug: true, overload: false }`
+ * @returns an object with a `parsed` key if successful or `error` key if an error occurred. example: { parsed: { KEY: 'value' } }
+ *
+ */
+export function config(options?: DotenvConfigOptions): DotenvConfigOutput;

package/src/lib/main.js

@@ -0,0 +1,114 @@
+const si = require('systeminformation')
+const dotenvx = require('@dotenvx/dotenvx')
+
+const Session = require('./../db/session')
+const PostObserve = require('./api/postObserve')
+const PostGet = require('./api/postGet')
+const PostSet = require('./api/postSet')
+const Keypair = require('./services/keypair')
+
+const gitUrl = require('./helpers/gitUrl')
+const gitBranch = require('./helpers/gitBranch')
+const dotenvxProjectId = require('./helpers/dotenvxProjectId')
+
+const observe = async function (encoded, options = {}) {
+  const sesh = new Session() // TODO: handle scenario where constructor fails
+
+  let hostname = options.hostname
+  if (!hostname) {
+    hostname = sesh.hostname()
+  }
+
+  let token = options.token
+  if (!token) {
+    token = sesh.token()
+  }
+
+  const _pwd = process.cwd()
+  const _dotenvxProjectId = options.dotenvxProjectId || dotenvxProjectId(_pwd, false)
+
+  const _gitUrl = gitUrl()
+  const _gitBranch = gitBranch()
+
+  const system = await si.system()
+  const _systemUuid = system.uuid
+
+  const osInfo = await si.osInfo()
+  const _osPlatform = osInfo.platform
+  const _osArch = osInfo.arch
+
+  const json = await new PostObserve(hostname, token, encoded, _pwd, _gitUrl, _gitBranch, _systemUuid, _osPlatform, _osArch, _dotenvxProjectId).run()
+
+  return json
+}
+
+const get = async function (uri, options = {}) {
+  const sesh = new Session() // TODO: handle scenario where constructor fails
+
+  let hostname = options.hostname
+  if (!hostname) {
+    hostname = sesh.hostname()
+  }
+
+  let token = options.token
+  if (!token) {
+    token = sesh.token()
+  }
+
+  const value = await new PostGet(hostname, token, uri).run()
+  return value
+}
+
+const set = async function (uri, value, options = {}) {
+  const sesh = new Session() // TODO: handle scenario where constructor fails
+
+  let hostname = options.hostname
+  if (!hostname) {
+    hostname = sesh.hostname()
+  }
+
+  let token = options.token
+  if (!token) {
+    token = sesh.token()
+  }
+
+  const devicePublicKey = sesh.devicePublicKey()
+
+  return await new PostSet(hostname, token, devicePublicKey, uri, value).run()
+}
+
+const keypair = async function (publicKey, options = {}) {
+  const sesh = new Session() // TODO: handle scenario where constructor fails
+
+  let hostname = options.hostname
+  if (!hostname) {
+    hostname = sesh.hostname()
+  }
+
+  let token = options.token
+  if (!token) {
+    token = sesh.token()
+  }
+
+  const devicePublicKey = sesh.devicePublicKey()
+
+  const json = await new Keypair(hostname, token, devicePublicKey, publicKey, options.team, options.envFile).run()
+
+  return {
+    publicKey: json.public_key,
+    privateKey: json.private_key
+  }
+}
+
+const config = function (options = {}) {
+  return dotenvx.config(options)
+}
+
+module.exports = {
+  observe,
+  get,
+  set,
+  keypair,
+  // dotenv proxies
+  config
+}

package/src/lib/services/armorDown.js

@@ -0,0 +1,77 @@
+const dotenvx = require('@dotenvx/dotenvx')
+const prompts = require('../helpers/prompts')
+const PostArmorDown = require('../api/postArmorDown')
+const keyNamesForEnvFile = require('../helpers/keyNamesForEnvFile')
+const upsertEnvKey = require('../helpers/upsertEnvKey')
+
+function teamChoicesFromMeta (meta) {
+  return meta.organizations.map(org => ({
+    name: org.provider_slug,
+    value: org.provider_slug
+  }))
+}
+
+class ArmorDown {
+  constructor (hostname, token, devicePublicKey, envFile = '.env', team = undefined) {
+    this.hostname = hostname
+    this.token = token
+    this.devicePublicKey = devicePublicKey
+    this.envFile = envFile
+    this.team = team
+  }
+
+  async run () {
+    const hostname = this.hostname
+    const token = this.token
+    const devicePublicKey = this.devicePublicKey
+    const envFile = this.envFile
+    const team = this.team
+
+    const {
+      publicKeyName,
+      privateKeyName
+    } = keyNamesForEnvFile(envFile)
+
+    const publicKey = dotenvx.get(publicKeyName, { path: envFile, strict: true, ignore: ['MISSING_PRIVATE_KEY'], noOps: true })
+    let json
+
+    if (team) {
+      json = await new PostArmorDown(hostname, token, devicePublicKey, publicKey, team).run()
+    } else {
+      try {
+        json = await new PostArmorDown(hostname, token, devicePublicKey, publicKey, undefined).run()
+      } catch (error) {
+        if (error.code !== 'DOTENVX_TEAM_REQUIRED') {
+          throw error
+        }
+
+        const choices = teamChoicesFromMeta(error.meta)
+
+        let team = choices[0].value
+        if (choices.length > 1) {
+          team = await prompts.select({
+            message: 'Select team',
+            choices
+          }, {
+            input: process.stdin,
+            output: process.stderr
+          })
+        }
+
+        json = await new PostArmorDown(hostname, token, devicePublicKey, publicKey, team).run()
+      }
+    }
+
+    upsertEnvKey(privateKeyName, json.private_key)
+
+    return {
+      ...json,
+      changed: json.changed,
+      privateKeyName,
+      privateKeyValue: json.private_key,
+      publicKeyValue: publicKey
+    }
+  }
+}
+
+module.exports = ArmorDown

package/src/lib/services/armorMove.js

@@ -0,0 +1,54 @@
+const dotenvx = require('@dotenvx/dotenvx')
+const prompts = require('../helpers/prompts')
+const PostArmorMove = require('../api/postArmorMove')
+const GetAccount = require('../api/getAccount')
+const keyNamesForEnvFile = require('../helpers/keyNamesForEnvFile')
+
+class ArmorMove {
+  constructor (hostname, token, devicePublicKey, envFile = '.env') {
+    this.hostname = hostname
+    this.token = token
+    this.devicePublicKey = devicePublicKey
+    this.envFile = envFile
+
+    this.team = null // implement
+  }
+
+  async run () {
+    const hostname = this.hostname
+    const token = this.token
+    const devicePublicKey = this.devicePublicKey
+    const envFile = this.envFile
+    let team = this.team
+
+    const {
+      publicKeyName,
+      privateKeyName
+    } = keyNamesForEnvFile(envFile)
+    const publicKey = dotenvx.get(publicKeyName, { path: envFile, strict: true, ignore: ['MISSING_PRIVATE_KEY'], noOps: true })
+
+    const accountJson = await new GetAccount(hostname, token).run()
+    const choices = accountJson.organizations.map(o => ({
+      name: o.provider_slug,
+      value: o.provider_slug
+    }))
+    team = await prompts.select({
+      message: 'Select team',
+      choices
+    }, {
+      input: process.stdin,
+      output: process.stderr
+    })
+
+    const json = await new PostArmorMove(hostname, token, devicePublicKey, publicKey, team).run()
+
+    return {
+      ...json,
+      privateKeyName,
+      privateKeyValue: json.private_key,
+      publicKeyValue: publicKey
+    }
+  }
+}
+
+module.exports = ArmorMove

package/src/lib/services/armorPull.js

@@ -0,0 +1,77 @@
+const dotenvx = require('@dotenvx/dotenvx')
+const prompts = require('../helpers/prompts')
+const PostArmorPull = require('../api/postArmorPull')
+const upsertEnvKey = require('../helpers/upsertEnvKey')
+const keyNamesForEnvFile = require('../helpers/keyNamesForEnvFile')
+
+function teamChoicesFromMeta (meta) {
+  return meta.organizations.map(org => ({
+    name: org.provider_slug,
+    value: org.provider_slug
+  }))
+}
+
+class ArmorPull {
+  constructor (hostname, token, devicePublicKey, envFile = '.env', team = undefined) {
+    this.hostname = hostname
+    this.token = token
+    this.devicePublicKey = devicePublicKey
+    this.envFile = envFile
+    this.team = team
+  }
+
+  async run () {
+    const hostname = this.hostname
+    const token = this.token
+    const devicePublicKey = this.devicePublicKey
+    const envFile = this.envFile
+    const team = this.team
+
+    const {
+      publicKeyName,
+      privateKeyName
+    } = keyNamesForEnvFile(envFile)
+
+    const publicKey = dotenvx.get(publicKeyName, { path: envFile, strict: true, ignore: ['MISSING_PRIVATE_KEY'], noOps: true })
+    let json
+
+    if (team) {
+      json = await new PostArmorPull(hostname, token, devicePublicKey, publicKey, team).run()
+    } else {
+      try {
+        json = await new PostArmorPull(hostname, token, devicePublicKey, publicKey, undefined).run()
+      } catch (error) {
+        if (error.code !== 'DOTENVX_TEAM_REQUIRED') {
+          throw error
+        }
+
+        const choices = teamChoicesFromMeta(error.meta)
+
+        let team = choices[0].value
+        if (choices.length > 1) {
+          team = await prompts.select({
+            message: 'Select team',
+            choices
+          }, {
+            input: process.stdin,
+            output: process.stderr
+          })
+        }
+
+        json = await new PostArmorPull(hostname, token, devicePublicKey, publicKey, team).run()
+      }
+    }
+
+    const result = upsertEnvKey(privateKeyName, json.private_key)
+
+    return {
+      ...json,
+      changed: result.changed,
+      privateKeyName,
+      privateKeyValue: json.private_key,
+      publicKeyValue: publicKey
+    }
+  }
+}
+
+module.exports = ArmorPull

package/src/lib/services/armorPush.js

@@ -0,0 +1,82 @@
+const dotenvx = require('@dotenvx/dotenvx')
+const { PrivateKey } = require('eciesjs')
+const prompts = require('../helpers/prompts')
+const PostArmorPush = require('../api/postArmorPush')
+const keyNamesForEnvFile = require('../helpers/keyNamesForEnvFile')
+
+function teamChoicesFromMeta (meta) {
+  return meta.organizations.map(org => ({
+    name: org.provider_slug,
+    value: org.provider_slug
+  }))
+}
+
+function publicKeyFromPrivateKey (privateKey) {
+  try {
+    return new PrivateKey(Buffer.from(privateKey, 'hex')).publicKey.toHex()
+  } catch {
+    return ''
+  }
+}
+
+class ArmorPush {
+  constructor (hostname, token, devicePublicKey, envFile = '.env', team = undefined) {
+    this.hostname = hostname
+    this.token = token
+    this.devicePublicKey = devicePublicKey
+    this.envFile = envFile
+    this.team = team
+  }
+
+  async run () {
+    const hostname = this.hostname
+    const token = this.token
+    const devicePublicKey = this.devicePublicKey
+    const envFile = this.envFile
+    const team = this.team
+
+    const { privateKeyName } = keyNamesForEnvFile(envFile)
+
+    const privateKey = dotenvx.get(privateKeyName, { path: '.env.keys', strict: true, noOps: true })
+    const publicKey = publicKeyFromPrivateKey(privateKey)
+
+    let json
+
+    if (team) {
+      json = await new PostArmorPush(hostname, token, devicePublicKey, privateKey, team).run()
+    } else {
+      try {
+        json = await new PostArmorPush(hostname, token, devicePublicKey, privateKey, undefined).run()
+      } catch (error) {
+        if (error.code !== 'DOTENVX_TEAM_REQUIRED') {
+          throw error
+        }
+
+        const choices = teamChoicesFromMeta(error.meta)
+
+        let team = choices[0].value
+        if (choices.length > 1) {
+          team = await prompts.select({
+            message: 'Select team',
+            choices
+          }, {
+            input: process.stdin,
+            output: process.stderr
+          })
+        }
+
+        json = await new PostArmorPush(hostname, token, devicePublicKey, privateKey, team).run()
+      }
+    }
+
+    return {
+      ...json,
+      changed: json.changed,
+      privateKeyName,
+      privateKeyValue: json.private_key,
+      publicKeyValue: publicKey
+    }
+  }
+}
+
+module.exports = ArmorPush