@geekmidas/envkit 0.2.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{EnvironmentBuilder-DfmYRBm-.mjs → EnvironmentBuilder-BSuHZm0y.mjs} +2 -4
- package/dist/EnvironmentBuilder-BSuHZm0y.mjs.map +1 -0
- package/dist/EnvironmentBuilder-DHfDXJUm.d.mts.map +1 -0
- package/dist/{EnvironmentBuilder-W2wku49g.cjs → EnvironmentBuilder-Djr1VsWM.cjs} +2 -4
- package/dist/EnvironmentBuilder-Djr1VsWM.cjs.map +1 -0
- package/dist/EnvironmentBuilder-Xuf2Dd9u.d.cts.map +1 -0
- package/dist/EnvironmentBuilder.cjs +1 -1
- package/dist/EnvironmentBuilder.mjs +1 -1
- package/dist/EnvironmentParser-Bt246UeP.cjs.map +1 -1
- package/dist/{EnvironmentParser-CVWU1ooT.d.mts → EnvironmentParser-CY8TosTN.d.mts} +2 -1
- package/dist/EnvironmentParser-CY8TosTN.d.mts.map +1 -0
- package/dist/{EnvironmentParser-tV-JjCg7.d.cts → EnvironmentParser-DtOL86NU.d.cts} +2 -1
- package/dist/EnvironmentParser-DtOL86NU.d.cts.map +1 -0
- package/dist/EnvironmentParser-c06agx31.mjs.map +1 -1
- package/dist/EnvironmentParser.d.cts +1 -1
- package/dist/EnvironmentParser.d.mts +1 -1
- package/dist/SnifferEnvironmentParser.cjs.map +1 -1
- package/dist/SnifferEnvironmentParser.d.cts +3 -2
- package/dist/SnifferEnvironmentParser.d.cts.map +1 -0
- package/dist/SnifferEnvironmentParser.d.mts +3 -2
- package/dist/SnifferEnvironmentParser.d.mts.map +1 -0
- package/dist/SnifferEnvironmentParser.mjs.map +1 -1
- package/dist/{SstEnvironmentBuilder-DEa3lTUB.mjs → SstEnvironmentBuilder-BEBFSUYr.mjs} +2 -2
- package/dist/SstEnvironmentBuilder-BEBFSUYr.mjs.map +1 -0
- package/dist/SstEnvironmentBuilder-CjURMGjW.d.mts.map +1 -0
- package/dist/SstEnvironmentBuilder-D4oSo_KX.d.cts.map +1 -0
- package/dist/{SstEnvironmentBuilder-BuFw1hCe.cjs → SstEnvironmentBuilder-wFnN2M5O.cjs} +2 -2
- package/dist/SstEnvironmentBuilder-wFnN2M5O.cjs.map +1 -0
- package/dist/SstEnvironmentBuilder.cjs +2 -2
- package/dist/SstEnvironmentBuilder.mjs +2 -2
- package/dist/credentials.cjs +66 -0
- package/dist/credentials.cjs.map +1 -0
- package/dist/credentials.d.cts +31 -0
- package/dist/credentials.d.cts.map +1 -0
- package/dist/credentials.d.mts +31 -0
- package/dist/credentials.d.mts.map +1 -0
- package/dist/credentials.mjs +62 -0
- package/dist/credentials.mjs.map +1 -0
- package/dist/index.cjs +1 -1
- package/dist/index.d.cts +1 -1
- package/dist/index.d.mts +1 -1
- package/dist/index.mjs +1 -1
- package/dist/sst.cjs +2 -2
- package/dist/sst.cjs.map +1 -1
- package/dist/sst.d.cts +1 -0
- package/dist/sst.d.cts.map +1 -0
- package/dist/sst.d.mts +1 -0
- package/dist/sst.d.mts.map +1 -0
- package/dist/sst.mjs +2 -2
- package/dist/sst.mjs.map +1 -1
- package/examples/basic-usage.ts +329 -333
- package/package.json +6 -1
- package/src/EnvironmentBuilder.ts +76 -80
- package/src/EnvironmentParser.ts +231 -231
- package/src/SnifferEnvironmentParser.ts +178 -178
- package/src/SstEnvironmentBuilder.ts +127 -127
- package/src/__tests__/ConfigParser.spec.ts +388 -388
- package/src/__tests__/EnvironmentBuilder.spec.ts +245 -265
- package/src/__tests__/EnvironmentParser.spec.ts +828 -828
- package/src/__tests__/SnifferEnvironmentParser.spec.ts +380 -326
- package/src/__tests__/SstEnvironmentBuilder.spec.ts +347 -367
- package/src/__tests__/credentials.integration.spec.ts +239 -0
- package/src/__tests__/credentials.spec.ts +136 -0
- package/src/__tests__/sst.spec.ts +390 -413
- package/src/credentials.ts +99 -0
- package/src/index.ts +11 -11
- package/src/sst.ts +24 -24
- package/sst-env.d.ts +0 -1
- package/tsconfig.json +9 -0
- package/dist/EnvironmentBuilder-DfmYRBm-.mjs.map +0 -1
- package/dist/EnvironmentBuilder-W2wku49g.cjs.map +0 -1
- package/dist/SstEnvironmentBuilder-BuFw1hCe.cjs.map +0 -1
- package/dist/SstEnvironmentBuilder-DEa3lTUB.mjs.map +0 -1
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
Object.defineProperty(exports, '__esModule', { value: true });
|
|
2
|
+
const require_chunk = require('./chunk-CUT6urMc.cjs');
|
|
3
|
+
const node_crypto = require_chunk.__toESM(require("node:crypto"));
|
|
4
|
+
|
|
5
|
+
//#region src/credentials.ts
|
|
6
|
+
/** AES-256-GCM auth tag length */
|
|
7
|
+
const AUTH_TAG_LENGTH = 16;
|
|
8
|
+
/**
|
|
9
|
+
* Decrypt credentials from encrypted payload.
|
|
10
|
+
* Exported for testing purposes.
|
|
11
|
+
*/
|
|
12
|
+
function decryptCredentials(encrypted, iv, masterKey) {
|
|
13
|
+
const key = Buffer.from(masterKey, "hex");
|
|
14
|
+
const ivBuffer = Buffer.from(iv, "hex");
|
|
15
|
+
const combined = Buffer.from(encrypted, "base64");
|
|
16
|
+
const ciphertext = combined.subarray(0, -AUTH_TAG_LENGTH);
|
|
17
|
+
const authTag = combined.subarray(-AUTH_TAG_LENGTH);
|
|
18
|
+
const decipher = (0, node_crypto.createDecipheriv)("aes-256-gcm", key, ivBuffer);
|
|
19
|
+
decipher.setAuthTag(authTag);
|
|
20
|
+
const plaintext = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
|
|
21
|
+
return JSON.parse(plaintext.toString("utf-8"));
|
|
22
|
+
}
|
|
23
|
+
/**
|
|
24
|
+
* Credentials object for use with EnvironmentParser.
|
|
25
|
+
*
|
|
26
|
+
* In development mode (no embedded credentials), this returns an empty object.
|
|
27
|
+
* In production mode, it decrypts embedded credentials using the GKM_MASTER_KEY
|
|
28
|
+
* environment variable.
|
|
29
|
+
*
|
|
30
|
+
* @example
|
|
31
|
+
* ```typescript
|
|
32
|
+
* import { EnvironmentParser } from '@geekmidas/envkit';
|
|
33
|
+
* import { Credentials } from '@geekmidas/envkit/credentials';
|
|
34
|
+
*
|
|
35
|
+
* export const envParser = new EnvironmentParser({...process.env, ...Credentials})
|
|
36
|
+
* .create((get) => ({
|
|
37
|
+
* database: {
|
|
38
|
+
* url: get('DATABASE_URL').string(),
|
|
39
|
+
* },
|
|
40
|
+
* }))
|
|
41
|
+
* .parse();
|
|
42
|
+
* ```
|
|
43
|
+
*/
|
|
44
|
+
const Credentials = (() => {
|
|
45
|
+
if (typeof __GKM_ENCRYPTED_CREDENTIALS__ === "undefined" || typeof __GKM_CREDENTIALS_IV__ === "undefined") return {};
|
|
46
|
+
const masterKey = process.env.GKM_MASTER_KEY;
|
|
47
|
+
if (!masterKey) {
|
|
48
|
+
console.error("[gkm] GKM_MASTER_KEY environment variable is required to decrypt credentials.");
|
|
49
|
+
console.error("[gkm] Falling back to environment variables. Some secrets may be missing.");
|
|
50
|
+
return {};
|
|
51
|
+
}
|
|
52
|
+
try {
|
|
53
|
+
return decryptCredentials(__GKM_ENCRYPTED_CREDENTIALS__, __GKM_CREDENTIALS_IV__, masterKey);
|
|
54
|
+
} catch (error) {
|
|
55
|
+
console.error("[gkm] Failed to decrypt credentials:", error);
|
|
56
|
+
console.error("[gkm] Falling back to environment variables.");
|
|
57
|
+
return {};
|
|
58
|
+
}
|
|
59
|
+
})();
|
|
60
|
+
var credentials_default = Credentials;
|
|
61
|
+
|
|
62
|
+
//#endregion
|
|
63
|
+
exports.Credentials = Credentials;
|
|
64
|
+
exports.decryptCredentials = decryptCredentials;
|
|
65
|
+
exports.default = credentials_default;
|
|
66
|
+
//# sourceMappingURL=credentials.cjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"credentials.cjs","names":["encrypted: string","iv: string","masterKey: string","Credentials: Record<string, string>"],"sources":["../src/credentials.ts"],"sourcesContent":["import { createDecipheriv } from 'node:crypto';\n\n/**\n * Build-time injected encrypted credentials.\n * These are replaced by tsdown/esbuild --define at build time.\n */\ndeclare const __GKM_ENCRYPTED_CREDENTIALS__: string | undefined;\ndeclare const __GKM_CREDENTIALS_IV__: string | undefined;\n\n/** AES-256-GCM auth tag length */\nconst AUTH_TAG_LENGTH = 16;\n\n/**\n * Decrypt credentials from encrypted payload.\n * Exported for testing purposes.\n */\nexport function decryptCredentials(\n\tencrypted: string,\n\tiv: string,\n\tmasterKey: string,\n): Record<string, string> {\n\tconst key = Buffer.from(masterKey, 'hex');\n\tconst ivBuffer = Buffer.from(iv, 'hex');\n\tconst combined = Buffer.from(encrypted, 'base64');\n\n\t// Split ciphertext and auth tag\n\tconst ciphertext = combined.subarray(0, -AUTH_TAG_LENGTH);\n\tconst authTag = combined.subarray(-AUTH_TAG_LENGTH);\n\n\t// Decrypt using AES-256-GCM\n\tconst decipher = createDecipheriv('aes-256-gcm', key, ivBuffer);\n\tdecipher.setAuthTag(authTag);\n\n\tconst plaintext = Buffer.concat([\n\t\tdecipher.update(ciphertext),\n\t\tdecipher.final(),\n\t]);\n\n\treturn JSON.parse(plaintext.toString('utf-8'));\n}\n\n/**\n * Credentials object for use with EnvironmentParser.\n *\n * In development mode (no embedded credentials), this returns an empty object.\n * In production mode, it decrypts embedded credentials using the GKM_MASTER_KEY\n * environment variable.\n *\n * @example\n * ```typescript\n * import { EnvironmentParser } from '@geekmidas/envkit';\n * import { Credentials } from '@geekmidas/envkit/credentials';\n *\n * export const envParser = new EnvironmentParser({...process.env, ...Credentials})\n * .create((get) => ({\n * database: {\n * url: get('DATABASE_URL').string(),\n * },\n * }))\n * .parse();\n * ```\n */\nexport const Credentials: Record<string, string> = (() => {\n\t// Development mode - no credentials embedded at build time\n\tif (\n\t\ttypeof __GKM_ENCRYPTED_CREDENTIALS__ === 'undefined' ||\n\t\ttypeof __GKM_CREDENTIALS_IV__ === 'undefined'\n\t) {\n\t\treturn {};\n\t}\n\n\t// Production mode - decrypt credentials using master key\n\tconst masterKey = process.env.GKM_MASTER_KEY;\n\n\tif (!masterKey) {\n\t\t// Log warning but don't throw - allows graceful fallback to env vars\n\t\tconsole.error(\n\t\t\t'[gkm] GKM_MASTER_KEY environment variable is required to decrypt credentials.',\n\t\t);\n\t\tconsole.error(\n\t\t\t'[gkm] Falling back to environment variables. Some secrets may be missing.',\n\t\t);\n\t\treturn {};\n\t}\n\n\ttry {\n\t\treturn decryptCredentials(\n\t\t\t__GKM_ENCRYPTED_CREDENTIALS__,\n\t\t\t__GKM_CREDENTIALS_IV__,\n\t\t\tmasterKey,\n\t\t);\n\t} catch (error) {\n\t\tconsole.error('[gkm] Failed to decrypt credentials:', error);\n\t\tconsole.error('[gkm] Falling back to environment variables.');\n\t\treturn {};\n\t}\n})();\n\nexport default Credentials;\n"],"mappings":";;;;;;AAUA,MAAM,kBAAkB;;;;;AAMxB,SAAgB,mBACfA,WACAC,IACAC,WACyB;CACzB,MAAM,MAAM,OAAO,KAAK,WAAW,MAAM;CACzC,MAAM,WAAW,OAAO,KAAK,IAAI,MAAM;CACvC,MAAM,WAAW,OAAO,KAAK,WAAW,SAAS;CAGjD,MAAM,aAAa,SAAS,SAAS,IAAI,gBAAgB;CACzD,MAAM,UAAU,SAAS,UAAU,gBAAgB;CAGnD,MAAM,WAAW,kCAAiB,eAAe,KAAK,SAAS;AAC/D,UAAS,WAAW,QAAQ;CAE5B,MAAM,YAAY,OAAO,OAAO,CAC/B,SAAS,OAAO,WAAW,EAC3B,SAAS,OAAO,AAChB,EAAC;AAEF,QAAO,KAAK,MAAM,UAAU,SAAS,QAAQ,CAAC;AAC9C;;;;;;;;;;;;;;;;;;;;;;AAuBD,MAAaC,cAAsC,CAAC,MAAM;AAEzD,YACQ,kCAAkC,sBAClC,2BAA2B,YAElC,QAAO,CAAE;CAIV,MAAM,YAAY,QAAQ,IAAI;AAE9B,MAAK,WAAW;AAEf,UAAQ,MACP,gFACA;AACD,UAAQ,MACP,4EACA;AACD,SAAO,CAAE;CACT;AAED,KAAI;AACH,SAAO,mBACN,+BACA,wBACA,UACA;CACD,SAAQ,OAAO;AACf,UAAQ,MAAM,wCAAwC,MAAM;AAC5D,UAAQ,MAAM,+CAA+C;AAC7D,SAAO,CAAE;CACT;AACD,IAAG;AAEJ,0BAAe"}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
//#region src/credentials.d.ts
|
|
2
|
+
/**
|
|
3
|
+
* Decrypt credentials from encrypted payload.
|
|
4
|
+
* Exported for testing purposes.
|
|
5
|
+
*/
|
|
6
|
+
declare function decryptCredentials(encrypted: string, iv: string, masterKey: string): Record<string, string>;
|
|
7
|
+
/**
|
|
8
|
+
* Credentials object for use with EnvironmentParser.
|
|
9
|
+
*
|
|
10
|
+
* In development mode (no embedded credentials), this returns an empty object.
|
|
11
|
+
* In production mode, it decrypts embedded credentials using the GKM_MASTER_KEY
|
|
12
|
+
* environment variable.
|
|
13
|
+
*
|
|
14
|
+
* @example
|
|
15
|
+
* ```typescript
|
|
16
|
+
* import { EnvironmentParser } from '@geekmidas/envkit';
|
|
17
|
+
* import { Credentials } from '@geekmidas/envkit/credentials';
|
|
18
|
+
*
|
|
19
|
+
* export const envParser = new EnvironmentParser({...process.env, ...Credentials})
|
|
20
|
+
* .create((get) => ({
|
|
21
|
+
* database: {
|
|
22
|
+
* url: get('DATABASE_URL').string(),
|
|
23
|
+
* },
|
|
24
|
+
* }))
|
|
25
|
+
* .parse();
|
|
26
|
+
* ```
|
|
27
|
+
*/
|
|
28
|
+
declare const Credentials: Record<string, string>;
|
|
29
|
+
//#endregion
|
|
30
|
+
export { Credentials, Credentials as default, decryptCredentials };
|
|
31
|
+
//# sourceMappingURL=credentials.d.cts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"credentials.d.cts","names":[],"sources":["../src/credentials.ts"],"sourcesContent":[],"mappings":";;AAgBA;AA8CA;;iBA9CgB,kBAAA,oDAIb;;;;;;;;;;;;;;;;;;;;;;cA0CU,aAAa"}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
//#region src/credentials.d.ts
|
|
2
|
+
/**
|
|
3
|
+
* Decrypt credentials from encrypted payload.
|
|
4
|
+
* Exported for testing purposes.
|
|
5
|
+
*/
|
|
6
|
+
declare function decryptCredentials(encrypted: string, iv: string, masterKey: string): Record<string, string>;
|
|
7
|
+
/**
|
|
8
|
+
* Credentials object for use with EnvironmentParser.
|
|
9
|
+
*
|
|
10
|
+
* In development mode (no embedded credentials), this returns an empty object.
|
|
11
|
+
* In production mode, it decrypts embedded credentials using the GKM_MASTER_KEY
|
|
12
|
+
* environment variable.
|
|
13
|
+
*
|
|
14
|
+
* @example
|
|
15
|
+
* ```typescript
|
|
16
|
+
* import { EnvironmentParser } from '@geekmidas/envkit';
|
|
17
|
+
* import { Credentials } from '@geekmidas/envkit/credentials';
|
|
18
|
+
*
|
|
19
|
+
* export const envParser = new EnvironmentParser({...process.env, ...Credentials})
|
|
20
|
+
* .create((get) => ({
|
|
21
|
+
* database: {
|
|
22
|
+
* url: get('DATABASE_URL').string(),
|
|
23
|
+
* },
|
|
24
|
+
* }))
|
|
25
|
+
* .parse();
|
|
26
|
+
* ```
|
|
27
|
+
*/
|
|
28
|
+
declare const Credentials: Record<string, string>;
|
|
29
|
+
//#endregion
|
|
30
|
+
export { Credentials, Credentials as default, decryptCredentials };
|
|
31
|
+
//# sourceMappingURL=credentials.d.mts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"credentials.d.mts","names":[],"sources":["../src/credentials.ts"],"sourcesContent":[],"mappings":";;AAgBA;AA8CA;;iBA9CgB,kBAAA,oDAIb;;;;;;;;;;;;;;;;;;;;;;cA0CU,aAAa"}
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
import { createDecipheriv } from "node:crypto";
|
|
2
|
+
|
|
3
|
+
//#region src/credentials.ts
|
|
4
|
+
/** AES-256-GCM auth tag length */
|
|
5
|
+
const AUTH_TAG_LENGTH = 16;
|
|
6
|
+
/**
|
|
7
|
+
* Decrypt credentials from encrypted payload.
|
|
8
|
+
* Exported for testing purposes.
|
|
9
|
+
*/
|
|
10
|
+
function decryptCredentials(encrypted, iv, masterKey) {
|
|
11
|
+
const key = Buffer.from(masterKey, "hex");
|
|
12
|
+
const ivBuffer = Buffer.from(iv, "hex");
|
|
13
|
+
const combined = Buffer.from(encrypted, "base64");
|
|
14
|
+
const ciphertext = combined.subarray(0, -AUTH_TAG_LENGTH);
|
|
15
|
+
const authTag = combined.subarray(-AUTH_TAG_LENGTH);
|
|
16
|
+
const decipher = createDecipheriv("aes-256-gcm", key, ivBuffer);
|
|
17
|
+
decipher.setAuthTag(authTag);
|
|
18
|
+
const plaintext = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
|
|
19
|
+
return JSON.parse(plaintext.toString("utf-8"));
|
|
20
|
+
}
|
|
21
|
+
/**
|
|
22
|
+
* Credentials object for use with EnvironmentParser.
|
|
23
|
+
*
|
|
24
|
+
* In development mode (no embedded credentials), this returns an empty object.
|
|
25
|
+
* In production mode, it decrypts embedded credentials using the GKM_MASTER_KEY
|
|
26
|
+
* environment variable.
|
|
27
|
+
*
|
|
28
|
+
* @example
|
|
29
|
+
* ```typescript
|
|
30
|
+
* import { EnvironmentParser } from '@geekmidas/envkit';
|
|
31
|
+
* import { Credentials } from '@geekmidas/envkit/credentials';
|
|
32
|
+
*
|
|
33
|
+
* export const envParser = new EnvironmentParser({...process.env, ...Credentials})
|
|
34
|
+
* .create((get) => ({
|
|
35
|
+
* database: {
|
|
36
|
+
* url: get('DATABASE_URL').string(),
|
|
37
|
+
* },
|
|
38
|
+
* }))
|
|
39
|
+
* .parse();
|
|
40
|
+
* ```
|
|
41
|
+
*/
|
|
42
|
+
const Credentials = (() => {
|
|
43
|
+
if (typeof __GKM_ENCRYPTED_CREDENTIALS__ === "undefined" || typeof __GKM_CREDENTIALS_IV__ === "undefined") return {};
|
|
44
|
+
const masterKey = process.env.GKM_MASTER_KEY;
|
|
45
|
+
if (!masterKey) {
|
|
46
|
+
console.error("[gkm] GKM_MASTER_KEY environment variable is required to decrypt credentials.");
|
|
47
|
+
console.error("[gkm] Falling back to environment variables. Some secrets may be missing.");
|
|
48
|
+
return {};
|
|
49
|
+
}
|
|
50
|
+
try {
|
|
51
|
+
return decryptCredentials(__GKM_ENCRYPTED_CREDENTIALS__, __GKM_CREDENTIALS_IV__, masterKey);
|
|
52
|
+
} catch (error) {
|
|
53
|
+
console.error("[gkm] Failed to decrypt credentials:", error);
|
|
54
|
+
console.error("[gkm] Falling back to environment variables.");
|
|
55
|
+
return {};
|
|
56
|
+
}
|
|
57
|
+
})();
|
|
58
|
+
var credentials_default = Credentials;
|
|
59
|
+
|
|
60
|
+
//#endregion
|
|
61
|
+
export { Credentials, decryptCredentials, credentials_default as default };
|
|
62
|
+
//# sourceMappingURL=credentials.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"credentials.mjs","names":["encrypted: string","iv: string","masterKey: string","Credentials: Record<string, string>"],"sources":["../src/credentials.ts"],"sourcesContent":["import { createDecipheriv } from 'node:crypto';\n\n/**\n * Build-time injected encrypted credentials.\n * These are replaced by tsdown/esbuild --define at build time.\n */\ndeclare const __GKM_ENCRYPTED_CREDENTIALS__: string | undefined;\ndeclare const __GKM_CREDENTIALS_IV__: string | undefined;\n\n/** AES-256-GCM auth tag length */\nconst AUTH_TAG_LENGTH = 16;\n\n/**\n * Decrypt credentials from encrypted payload.\n * Exported for testing purposes.\n */\nexport function decryptCredentials(\n\tencrypted: string,\n\tiv: string,\n\tmasterKey: string,\n): Record<string, string> {\n\tconst key = Buffer.from(masterKey, 'hex');\n\tconst ivBuffer = Buffer.from(iv, 'hex');\n\tconst combined = Buffer.from(encrypted, 'base64');\n\n\t// Split ciphertext and auth tag\n\tconst ciphertext = combined.subarray(0, -AUTH_TAG_LENGTH);\n\tconst authTag = combined.subarray(-AUTH_TAG_LENGTH);\n\n\t// Decrypt using AES-256-GCM\n\tconst decipher = createDecipheriv('aes-256-gcm', key, ivBuffer);\n\tdecipher.setAuthTag(authTag);\n\n\tconst plaintext = Buffer.concat([\n\t\tdecipher.update(ciphertext),\n\t\tdecipher.final(),\n\t]);\n\n\treturn JSON.parse(plaintext.toString('utf-8'));\n}\n\n/**\n * Credentials object for use with EnvironmentParser.\n *\n * In development mode (no embedded credentials), this returns an empty object.\n * In production mode, it decrypts embedded credentials using the GKM_MASTER_KEY\n * environment variable.\n *\n * @example\n * ```typescript\n * import { EnvironmentParser } from '@geekmidas/envkit';\n * import { Credentials } from '@geekmidas/envkit/credentials';\n *\n * export const envParser = new EnvironmentParser({...process.env, ...Credentials})\n * .create((get) => ({\n * database: {\n * url: get('DATABASE_URL').string(),\n * },\n * }))\n * .parse();\n * ```\n */\nexport const Credentials: Record<string, string> = (() => {\n\t// Development mode - no credentials embedded at build time\n\tif (\n\t\ttypeof __GKM_ENCRYPTED_CREDENTIALS__ === 'undefined' ||\n\t\ttypeof __GKM_CREDENTIALS_IV__ === 'undefined'\n\t) {\n\t\treturn {};\n\t}\n\n\t// Production mode - decrypt credentials using master key\n\tconst masterKey = process.env.GKM_MASTER_KEY;\n\n\tif (!masterKey) {\n\t\t// Log warning but don't throw - allows graceful fallback to env vars\n\t\tconsole.error(\n\t\t\t'[gkm] GKM_MASTER_KEY environment variable is required to decrypt credentials.',\n\t\t);\n\t\tconsole.error(\n\t\t\t'[gkm] Falling back to environment variables. Some secrets may be missing.',\n\t\t);\n\t\treturn {};\n\t}\n\n\ttry {\n\t\treturn decryptCredentials(\n\t\t\t__GKM_ENCRYPTED_CREDENTIALS__,\n\t\t\t__GKM_CREDENTIALS_IV__,\n\t\t\tmasterKey,\n\t\t);\n\t} catch (error) {\n\t\tconsole.error('[gkm] Failed to decrypt credentials:', error);\n\t\tconsole.error('[gkm] Falling back to environment variables.');\n\t\treturn {};\n\t}\n})();\n\nexport default Credentials;\n"],"mappings":";;;;AAUA,MAAM,kBAAkB;;;;;AAMxB,SAAgB,mBACfA,WACAC,IACAC,WACyB;CACzB,MAAM,MAAM,OAAO,KAAK,WAAW,MAAM;CACzC,MAAM,WAAW,OAAO,KAAK,IAAI,MAAM;CACvC,MAAM,WAAW,OAAO,KAAK,WAAW,SAAS;CAGjD,MAAM,aAAa,SAAS,SAAS,IAAI,gBAAgB;CACzD,MAAM,UAAU,SAAS,UAAU,gBAAgB;CAGnD,MAAM,WAAW,iBAAiB,eAAe,KAAK,SAAS;AAC/D,UAAS,WAAW,QAAQ;CAE5B,MAAM,YAAY,OAAO,OAAO,CAC/B,SAAS,OAAO,WAAW,EAC3B,SAAS,OAAO,AAChB,EAAC;AAEF,QAAO,KAAK,MAAM,UAAU,SAAS,QAAQ,CAAC;AAC9C;;;;;;;;;;;;;;;;;;;;;;AAuBD,MAAaC,cAAsC,CAAC,MAAM;AAEzD,YACQ,kCAAkC,sBAClC,2BAA2B,YAElC,QAAO,CAAE;CAIV,MAAM,YAAY,QAAQ,IAAI;AAE9B,MAAK,WAAW;AAEf,UAAQ,MACP,gFACA;AACD,UAAQ,MACP,4EACA;AACD,SAAO,CAAE;CACT;AAED,KAAI;AACH,SAAO,mBACN,+BACA,wBACA,UACA;CACD,SAAQ,OAAO;AACf,UAAQ,MAAM,wCAAwC,MAAM;AAC5D,UAAQ,MAAM,+CAA+C;AAC7D,SAAO,CAAE;CACT;AACD,IAAG;AAEJ,0BAAe"}
|
package/dist/index.cjs
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
const require_EnvironmentBuilder = require('./EnvironmentBuilder-
|
|
1
|
+
const require_EnvironmentBuilder = require('./EnvironmentBuilder-Djr1VsWM.cjs');
|
|
2
2
|
const require_EnvironmentParser = require('./EnvironmentParser-Bt246UeP.cjs');
|
|
3
3
|
|
|
4
4
|
exports.ConfigParser = require_EnvironmentParser.ConfigParser;
|
package/dist/index.d.cts
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
import { EnvRecord, EnvValue, EnvironmentBuilder, EnvironmentBuilderOptions, EnvironmentResolver, InputValue, Resolvers, TypedInputValue, TypedResolvers, environmentCase } from "./EnvironmentBuilder-Xuf2Dd9u.cjs";
|
|
2
|
-
import { ConfigParser, EnvironmentParser } from "./EnvironmentParser-
|
|
2
|
+
import { ConfigParser, EnvironmentParser } from "./EnvironmentParser-DtOL86NU.cjs";
|
|
3
3
|
export { ConfigParser, EnvRecord, EnvValue, EnvironmentBuilder, EnvironmentBuilderOptions, EnvironmentParser, EnvironmentResolver, InputValue, Resolvers, TypedInputValue, TypedResolvers, environmentCase };
|
package/dist/index.d.mts
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
import { EnvRecord, EnvValue, EnvironmentBuilder, EnvironmentBuilderOptions, EnvironmentResolver, InputValue, Resolvers, TypedInputValue, TypedResolvers, environmentCase } from "./EnvironmentBuilder-DHfDXJUm.mjs";
|
|
2
|
-
import { ConfigParser, EnvironmentParser } from "./EnvironmentParser-
|
|
2
|
+
import { ConfigParser, EnvironmentParser } from "./EnvironmentParser-CY8TosTN.mjs";
|
|
3
3
|
export { ConfigParser, EnvRecord, EnvValue, EnvironmentBuilder, EnvironmentBuilderOptions, EnvironmentParser, EnvironmentResolver, InputValue, Resolvers, TypedInputValue, TypedResolvers, environmentCase };
|
package/dist/index.mjs
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { EnvironmentBuilder, environmentCase } from "./EnvironmentBuilder-
|
|
1
|
+
import { EnvironmentBuilder, environmentCase } from "./EnvironmentBuilder-BSuHZm0y.mjs";
|
|
2
2
|
import { ConfigParser, EnvironmentParser } from "./EnvironmentParser-c06agx31.mjs";
|
|
3
3
|
|
|
4
4
|
export { ConfigParser, EnvironmentBuilder, EnvironmentParser, environmentCase };
|
package/dist/sst.cjs
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
const require_EnvironmentBuilder = require('./EnvironmentBuilder-
|
|
2
|
-
const require_SstEnvironmentBuilder = require('./SstEnvironmentBuilder-
|
|
1
|
+
const require_EnvironmentBuilder = require('./EnvironmentBuilder-Djr1VsWM.cjs');
|
|
2
|
+
const require_SstEnvironmentBuilder = require('./SstEnvironmentBuilder-wFnN2M5O.cjs');
|
|
3
3
|
|
|
4
4
|
//#region src/sst.ts
|
|
5
5
|
/**
|
package/dist/sst.cjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sst.cjs","names":["record: Record<string, SstResource | string>","SstEnvironmentBuilder"],"sources":["../src/sst.ts"],"sourcesContent":["// Re-export everything from SstEnvironmentBuilder\
|
|
1
|
+
{"version":3,"file":"sst.cjs","names":["record: Record<string, SstResource | string>","SstEnvironmentBuilder"],"sources":["../src/sst.ts"],"sourcesContent":["// Re-export everything from SstEnvironmentBuilder\n\n// Re-export types from EnvironmentBuilder\nexport type {\n\tEnvironmentBuilderOptions,\n\tEnvRecord,\n\tEnvValue,\n} from './EnvironmentBuilder';\n\n// Re-export environmentCase from EnvironmentBuilder\nexport { environmentCase } from './EnvironmentBuilder';\nexport {\n\ttype ApiGatewayV2,\n\ttype Bucket,\n\ttype Function,\n\ttype Postgres,\n\ttype ResourceProcessor,\n\tResourceType,\n\ttype Secret,\n\ttype SnsTopic,\n\tSstEnvironmentBuilder,\n\ttype SstResource,\n\tsstResolvers,\n\ttype Vpc,\n} from './SstEnvironmentBuilder';\n\n// Import for deprecated function\nimport {\n\tSstEnvironmentBuilder,\n\ttype SstResource,\n} from './SstEnvironmentBuilder';\n\n/**\n * @deprecated Use `new SstEnvironmentBuilder(record).build()` instead.\n *\n * Normalizes SST resources and plain strings into environment variables.\n * Processes resources based on their type and converts names to environment case.\n *\n * @param record - Object containing resources and/or string values\n * @returns Normalized environment variables object\n *\n * @example\n * // Old usage (deprecated):\n * normalizeResourceEnv({ database: postgresResource })\n *\n * // New usage:\n * new SstEnvironmentBuilder({ database: postgresResource }).build()\n */\nexport function normalizeResourceEnv(\n\trecord: Record<string, SstResource | string>,\n): Record<string, string | number | boolean | Record<string, unknown>> {\n\treturn new SstEnvironmentBuilder(record).build();\n}\n\n// Keep Resource type as deprecated alias for backwards compatibility\n/**\n * @deprecated Use `SstResource` instead.\n */\nexport type Resource = SstResource;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAgDA,SAAgB,qBACfA,QACsE;AACtE,QAAO,IAAIC,oDAAsB,QAAQ,OAAO;AAChD"}
|
package/dist/sst.d.cts
CHANGED
|
@@ -24,6 +24,7 @@ declare function normalizeResourceEnv(record: Record<string, SstResource | strin
|
|
|
24
24
|
* @deprecated Use `SstResource` instead.
|
|
25
25
|
*/
|
|
26
26
|
type Resource = SstResource;
|
|
27
|
+
//# sourceMappingURL=sst.d.ts.map
|
|
27
28
|
//#endregion
|
|
28
29
|
export { ApiGatewayV2, Bucket, EnvRecord, EnvValue, EnvironmentBuilderOptions, Function, Postgres, Resource, ResourceProcessor, ResourceType, Secret, SnsTopic, SstEnvironmentBuilder, SstResource, Vpc, environmentCase, normalizeResourceEnv, sstResolvers };
|
|
29
30
|
//# sourceMappingURL=sst.d.cts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sst.d.cts","names":[],"sources":["../src/sst.ts"],"sourcesContent":[],"mappings":";;;;;AAgDA;;;;;;AAES;AAQT;;;;;;;;;iBAVgB,oBAAA,SACP,eAAe,wBACrB,2CAA2C;;;;KAQlC,QAAA,GAAW"}
|
package/dist/sst.d.mts
CHANGED
|
@@ -24,6 +24,7 @@ declare function normalizeResourceEnv(record: Record<string, SstResource | strin
|
|
|
24
24
|
* @deprecated Use `SstResource` instead.
|
|
25
25
|
*/
|
|
26
26
|
type Resource = SstResource;
|
|
27
|
+
//# sourceMappingURL=sst.d.ts.map
|
|
27
28
|
//#endregion
|
|
28
29
|
export { ApiGatewayV2, Bucket, EnvRecord, EnvValue, EnvironmentBuilderOptions, Function, Postgres, Resource, ResourceProcessor, ResourceType, Secret, SnsTopic, SstEnvironmentBuilder, SstResource, Vpc, environmentCase, normalizeResourceEnv, sstResolvers };
|
|
29
30
|
//# sourceMappingURL=sst.d.mts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sst.d.mts","names":[],"sources":["../src/sst.ts"],"sourcesContent":[],"mappings":";;;;;AAgDA;;;;;;AAES;AAQT;;;;;;;;;iBAVgB,oBAAA,SACP,eAAe,wBACrB,2CAA2C;;;;KAQlC,QAAA,GAAW"}
|
package/dist/sst.mjs
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { environmentCase } from "./EnvironmentBuilder-
|
|
2
|
-
import { ResourceType, SstEnvironmentBuilder, sstResolvers } from "./SstEnvironmentBuilder-
|
|
1
|
+
import { environmentCase } from "./EnvironmentBuilder-BSuHZm0y.mjs";
|
|
2
|
+
import { ResourceType, SstEnvironmentBuilder, sstResolvers } from "./SstEnvironmentBuilder-BEBFSUYr.mjs";
|
|
3
3
|
|
|
4
4
|
//#region src/sst.ts
|
|
5
5
|
/**
|
package/dist/sst.mjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sst.mjs","names":["record: Record<string, SstResource | string>"],"sources":["../src/sst.ts"],"sourcesContent":["// Re-export everything from SstEnvironmentBuilder\
|
|
1
|
+
{"version":3,"file":"sst.mjs","names":["record: Record<string, SstResource | string>"],"sources":["../src/sst.ts"],"sourcesContent":["// Re-export everything from SstEnvironmentBuilder\n\n// Re-export types from EnvironmentBuilder\nexport type {\n\tEnvironmentBuilderOptions,\n\tEnvRecord,\n\tEnvValue,\n} from './EnvironmentBuilder';\n\n// Re-export environmentCase from EnvironmentBuilder\nexport { environmentCase } from './EnvironmentBuilder';\nexport {\n\ttype ApiGatewayV2,\n\ttype Bucket,\n\ttype Function,\n\ttype Postgres,\n\ttype ResourceProcessor,\n\tResourceType,\n\ttype Secret,\n\ttype SnsTopic,\n\tSstEnvironmentBuilder,\n\ttype SstResource,\n\tsstResolvers,\n\ttype Vpc,\n} from './SstEnvironmentBuilder';\n\n// Import for deprecated function\nimport {\n\tSstEnvironmentBuilder,\n\ttype SstResource,\n} from './SstEnvironmentBuilder';\n\n/**\n * @deprecated Use `new SstEnvironmentBuilder(record).build()` instead.\n *\n * Normalizes SST resources and plain strings into environment variables.\n * Processes resources based on their type and converts names to environment case.\n *\n * @param record - Object containing resources and/or string values\n * @returns Normalized environment variables object\n *\n * @example\n * // Old usage (deprecated):\n * normalizeResourceEnv({ database: postgresResource })\n *\n * // New usage:\n * new SstEnvironmentBuilder({ database: postgresResource }).build()\n */\nexport function normalizeResourceEnv(\n\trecord: Record<string, SstResource | string>,\n): Record<string, string | number | boolean | Record<string, unknown>> {\n\treturn new SstEnvironmentBuilder(record).build();\n}\n\n// Keep Resource type as deprecated alias for backwards compatibility\n/**\n * @deprecated Use `SstResource` instead.\n */\nexport type Resource = SstResource;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAgDA,SAAgB,qBACfA,QACsE;AACtE,QAAO,IAAI,sBAAsB,QAAQ,OAAO;AAChD"}
|