@dragonmastery/tamer 0.31.0 → 0.31.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/tamer.mjs +17 -16
- package/dist/tamer.mjs.map +1 -1
- package/package.json +1 -1
package/dist/tamer.mjs
CHANGED
|
@@ -7702,40 +7702,42 @@ function parseDotenvContent(content) {
|
|
|
7702
7702
|
function readDotenvFile(filePath) {
|
|
7703
7703
|
return parseDotenvContent(readFileSync(resolve(process.cwd(), filePath), "utf8"));
|
|
7704
7704
|
}
|
|
7705
|
+
/** Default bulk-load file for a remote env. Plain `.dev.vars` is wrangler dev / local only. */
|
|
7706
|
+
function defaultSecretsLoadFile(env) {
|
|
7707
|
+
return `.dev.vars.${env}`;
|
|
7708
|
+
}
|
|
7705
7709
|
/**
|
|
7706
|
-
*
|
|
7707
|
-
* entries overwrite on duplicate keys (file wins).
|
|
7710
|
+
* Reject plain `.dev.vars` — reserved for local `wrangler dev`, not vault seeding.
|
|
7708
7711
|
*/
|
|
7709
|
-
function
|
|
7710
|
-
|
|
7711
|
-
for (const [key, value] of Object.entries(process.env)) if (value != null && value !== "") merged[key] = value;
|
|
7712
|
-
for (const [key, value] of Object.entries(fileEntries)) merged[key] = value;
|
|
7713
|
-
return merged;
|
|
7712
|
+
function assertRemoteSecretsLoadFile(filePath, env) {
|
|
7713
|
+
if ((filePath.replace(/\\/g, "/").split("/").pop() ?? filePath) === ".dev.vars") throw new Error(`\`.dev.vars\` is for local wrangler dev only. Seed the vault with \`.dev.vars.${env}\` or omit --file (default).`);
|
|
7714
7714
|
}
|
|
7715
7715
|
|
|
7716
7716
|
//#endregion
|
|
7717
7717
|
//#region src/cli/commands/secrets/load.ts
|
|
7718
7718
|
async function runSecretsLoad(options) {
|
|
7719
|
-
|
|
7719
|
+
const env = resolveSecretsEnv(options.env);
|
|
7720
|
+
const file = options.file?.trim() || defaultSecretsLoadFile(env);
|
|
7721
|
+
assertRemoteSecretsLoadFile(file, env);
|
|
7720
7722
|
const ctx = await createSecretsContext({
|
|
7721
|
-
env
|
|
7723
|
+
env,
|
|
7722
7724
|
configPath: options.configPath
|
|
7723
7725
|
});
|
|
7724
|
-
const
|
|
7725
|
-
const names = Object.keys(
|
|
7726
|
+
const fileEntries = readDotenvFile(file);
|
|
7727
|
+
const names = Object.keys(fileEntries).sort();
|
|
7726
7728
|
if (names.length === 0) {
|
|
7727
7729
|
console.log("secrets load: no entries to import");
|
|
7728
7730
|
return;
|
|
7729
7731
|
}
|
|
7730
7732
|
let count = 0;
|
|
7731
7733
|
for (const name of names) {
|
|
7732
|
-
const plaintext =
|
|
7734
|
+
const plaintext = fileEntries[name];
|
|
7733
7735
|
const encrypted = await encryptSecretValue(plaintext, ctx.masterKey);
|
|
7734
7736
|
const valueHash = await secretValueFingerprint(plaintext);
|
|
7735
7737
|
await ctx.vault.upsert(name, encrypted, valueHash, { updatedBy: cliUpdatedBy() });
|
|
7736
7738
|
count += 1;
|
|
7737
7739
|
}
|
|
7738
|
-
console.log(`secrets: loaded ${count} secret(s) into ${ctx.env} vault from ${
|
|
7740
|
+
console.log(`secrets: loaded ${count} secret(s) into ${ctx.env} vault from ${file}`);
|
|
7739
7741
|
}
|
|
7740
7742
|
|
|
7741
7743
|
//#endregion
|
|
@@ -8154,7 +8156,7 @@ async function runSecretsPush(options) {
|
|
|
8154
8156
|
const SECRETS_USAGE = `usage:
|
|
8155
8157
|
tamer secrets init --env <env> [--config <path>]
|
|
8156
8158
|
tamer secrets set <NAME> --env <env> [--config <path>] # value on stdin (pipe only)
|
|
8157
|
-
tamer secrets load --
|
|
8159
|
+
tamer secrets load --env <env> [--file <path>] [--config <path>] # default file: .dev.vars.{env}
|
|
8158
8160
|
tamer secrets get <NAME> --env <env> [--config <path>] # confirmation + audit log
|
|
8159
8161
|
tamer secrets list --env <env> [--config <path>]
|
|
8160
8162
|
tamer secrets rm <NAME> --env <env> [--config <path>]
|
|
@@ -8202,7 +8204,6 @@ async function runSecrets(argv) {
|
|
|
8202
8204
|
});
|
|
8203
8205
|
return 0;
|
|
8204
8206
|
case "load":
|
|
8205
|
-
if (!parsed.file) throw new Error("secrets load requires --file <path>");
|
|
8206
8207
|
await runSecretsLoad({
|
|
8207
8208
|
file: parsed.file,
|
|
8208
8209
|
env: parsed.env,
|
|
@@ -8730,7 +8731,7 @@ Options:
|
|
|
8730
8731
|
Secrets (requires TAMER_SECRETS_KEY_{env} master key env var):
|
|
8731
8732
|
tamer secrets init --env <env> Generate master key (print once) + provision vault
|
|
8732
8733
|
tamer secrets set <NAME> --env <env> Encrypt value from stdin into vault (pipe only)
|
|
8733
|
-
tamer secrets load --file .dev.vars
|
|
8734
|
+
tamer secrets load --env <env> [--file .dev.vars.<env>] Bulk import from env file; not plain .dev.vars
|
|
8734
8735
|
tamer secrets get <NAME> --env <env> Decrypt + print (confirmation + audit log)
|
|
8735
8736
|
tamer secrets list --env <env> Names + fingerprints + last-set (never values)
|
|
8736
8737
|
tamer secrets rm <NAME> --env <env> Remove from vault
|