@itgorillaz/configify 3.0.0-alpha.4 → 3.1.0-alpha.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +12 -1
- package/configuration/resolvers/bitwarden/bitwarden-secrets-manager.resolver.d.ts +13 -0
- package/configuration/resolvers/bitwarden/bitwarden-secrets-manager.resolver.js +59 -0
- package/configuration/resolvers/bitwarden/bitwarden-secrets-manager.resolver.js.map +1 -0
- package/configuration/resolvers/bitwarden/bitwarden-secrets-resolver.factory.d.ts +7 -0
- package/configuration/resolvers/bitwarden/bitwarden-secrets-resolver.factory.js +33 -0
- package/configuration/resolvers/bitwarden/bitwarden-secrets-resolver.factory.js.map +1 -0
- package/configuration/resolvers/bitwarden/bitwarden-server.region.d.ts +4 -0
- package/configuration/resolvers/bitwarden/bitwarden-server.region.js +9 -0
- package/configuration/resolvers/bitwarden/bitwarden-server.region.js.map +1 -0
- package/configuration/resolvers/bitwarden/index.d.ts +3 -0
- package/configuration/resolvers/bitwarden/index.js +20 -0
- package/configuration/resolvers/bitwarden/index.js.map +1 -0
- package/package.json +2 -1
package/README.md
CHANGED
|
@@ -172,9 +172,20 @@ export class DatabaseConfiguration {
|
|
|
172
172
|
|
|
173
173
|
### Dealing with Secrets
|
|
174
174
|
|
|
175
|
-
Out of the box, this module can resolve AWS Secrets Manager and Parameter Store secrets.
|
|
175
|
+
Out of the box, this module can resolve AWS Secrets Manager and Parameter Store secrets.
|
|
176
|
+
|
|
177
|
+
For that, first is you need to install the required aws-sdk modules:
|
|
178
|
+
|
|
179
|
+
```
|
|
180
|
+
npm install @aws-sdk/client-ssm @aws-sdk/client-secrets-manager
|
|
181
|
+
```
|
|
182
|
+
|
|
183
|
+
then you can choose which strategies you would like to use to resolve AWS secrets:
|
|
176
184
|
|
|
177
185
|
```js
|
|
186
|
+
import { ConfigifyModule } from '@itgorillaz/configify';
|
|
187
|
+
import { AwsSecretsResolverFactory } from '@itgorillaz/configify/configuration/resolvers/aws';
|
|
188
|
+
|
|
178
189
|
// use default aws client instances
|
|
179
190
|
ConfigifyModule.forRootAsync({
|
|
180
191
|
secretsResolverStrategies: [
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { BitwardenClient } from '@bitwarden/sdk-napi';
|
|
2
|
+
import { ConfigurationResolver } from '../configuration-resolver.interface';
|
|
3
|
+
export declare class BitwardenSecretsManagerConfigurationResolver implements ConfigurationResolver {
|
|
4
|
+
private readonly client;
|
|
5
|
+
private readonly accessToken;
|
|
6
|
+
private readonly BITWARDEN_SECRETS_MANAGER_YAML_KEY;
|
|
7
|
+
private readonly BITWARDEN_SECRETS_MANAGER_ENV_PREFIX;
|
|
8
|
+
constructor(client: BitwardenClient, accessToken: string);
|
|
9
|
+
resolve(config: Record<string, any>): Promise<Record<string, any>>;
|
|
10
|
+
private filterConfiguration;
|
|
11
|
+
private resolveSecretValue;
|
|
12
|
+
private buildBulkRequest;
|
|
13
|
+
}
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.BitwardenSecretsManagerConfigurationResolver = void 0;
|
|
4
|
+
class BitwardenSecretsManagerConfigurationResolver {
|
|
5
|
+
constructor(client, accessToken) {
|
|
6
|
+
this.client = client;
|
|
7
|
+
this.accessToken = accessToken;
|
|
8
|
+
this.BITWARDEN_SECRETS_MANAGER_YAML_KEY = 'bitwarden-secrets-manager';
|
|
9
|
+
this.BITWARDEN_SECRETS_MANAGER_ENV_PREFIX = 'BITWARDEN_SECRETS_MANAGER';
|
|
10
|
+
}
|
|
11
|
+
async resolve(config) {
|
|
12
|
+
const parameters = this.filterConfiguration(config);
|
|
13
|
+
const promises = this.buildBulkRequest(parameters);
|
|
14
|
+
const results = await Promise.all(promises);
|
|
15
|
+
const errors = results.filter((r) => !r.success);
|
|
16
|
+
if (errors && errors.length) {
|
|
17
|
+
throw new Error(`Unable to resolve parameter:\n${errors
|
|
18
|
+
.map((e) => { var _a; return `${e.key}: ${e.id} - ${(_a = e.error) === null || _a === void 0 ? void 0 : _a.message}`; })
|
|
19
|
+
.join('\n')}`);
|
|
20
|
+
}
|
|
21
|
+
for (const result of results) {
|
|
22
|
+
config[result.key] = result.value;
|
|
23
|
+
}
|
|
24
|
+
return config;
|
|
25
|
+
}
|
|
26
|
+
filterConfiguration(config) {
|
|
27
|
+
return Object.fromEntries(Object.entries(config).filter(([key]) => key.startsWith(this.BITWARDEN_SECRETS_MANAGER_YAML_KEY) ||
|
|
28
|
+
key.startsWith(this.BITWARDEN_SECRETS_MANAGER_ENV_PREFIX)));
|
|
29
|
+
}
|
|
30
|
+
async resolveSecretValue(key, id) {
|
|
31
|
+
try {
|
|
32
|
+
await this.client.auth().loginAccessToken(this.accessToken);
|
|
33
|
+
const response = await this.client.secrets().get(id);
|
|
34
|
+
return {
|
|
35
|
+
id,
|
|
36
|
+
key,
|
|
37
|
+
value: response.value,
|
|
38
|
+
success: true,
|
|
39
|
+
};
|
|
40
|
+
}
|
|
41
|
+
catch (e) {
|
|
42
|
+
return {
|
|
43
|
+
id,
|
|
44
|
+
key,
|
|
45
|
+
error: e,
|
|
46
|
+
success: false,
|
|
47
|
+
};
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
buildBulkRequest(config) {
|
|
51
|
+
const promises = [];
|
|
52
|
+
for (const [key, value] of Object.entries(config)) {
|
|
53
|
+
promises.push(this.resolveSecretValue(key, value));
|
|
54
|
+
}
|
|
55
|
+
return promises;
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
exports.BitwardenSecretsManagerConfigurationResolver = BitwardenSecretsManagerConfigurationResolver;
|
|
59
|
+
//# sourceMappingURL=bitwarden-secrets-manager.resolver.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"bitwarden-secrets-manager.resolver.js","sourceRoot":"","sources":["../../../../src/configuration/resolvers/bitwarden/bitwarden-secrets-manager.resolver.ts"],"names":[],"mappings":";;;AAOA,MAAa,4CAA4C;IAcvD,YACmB,MAAuB,EACvB,WAAmB;QADnB,WAAM,GAAN,MAAM,CAAiB;QACvB,gBAAW,GAAX,WAAW,CAAQ;QAbrB,uCAAkC,GACjD,2BAA2B,CAAC;QAEb,yCAAoC,GACnD,2BAA2B,CAAC;IAU3B,CAAC;IAUJ,KAAK,CAAC,OAAO,CAAC,MAA2B;QACvC,MAAM,UAAU,GAAG,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;QACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAEnD,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAE5C,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CACb,iCAAiC,MAAM;iBACpC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,WAAC,OAAA,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,EAAE,MAAM,MAAA,CAAC,CAAC,KAAK,0CAAE,OAAO,EAAE,CAAA,EAAA,CAAC;iBACrD,IAAI,CAAC,IAAI,CAAC,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC;QACpC,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAQO,mBAAmB,CACzB,MAA2B;QAE3B,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,CAC3B,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CACR,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,kCAAkC,CAAC;YACvD,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAC5D,CACF,CAAC;IACJ,CAAC;IASO,KAAK,CAAC,kBAAkB,CAC9B,GAAW,EACX,EAAU;QAEV,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAC5D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACrD,OAAO;gBACL,EAAE;gBACF,GAAG;gBACH,KAAK,EAAE,QAAQ,CAAC,KAAK;gBACrB,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO;gBACL,EAAE;gBACF,GAAG;gBACH,KAAK,EAAE,CAAU;gBACjB,OAAO,EAAE,KAAK;aACf,CAAC;QACJ,CAAC;IACH,CAAC;IAQO,gBAAgB,CACtB,MAA2B;QAE3B,MAAM,QAAQ,GAA6B,EAAE,CAAC;QAC9C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAClD,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF;AAhHD,oGAgHC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { BitwardenSecretsManagerConfigurationResolver } from './bitwarden-secrets-manager.resolver';
|
|
2
|
+
import { BitwardenServerRegion } from './bitwarden-server.region';
|
|
3
|
+
export declare class BitwardenSecretsResolverFactory {
|
|
4
|
+
private static readonly BITWARDEN_EU_SETTINGS;
|
|
5
|
+
private static readonly BITWARDEN_US_SETTINGS;
|
|
6
|
+
static defaultBitwardenSecretsResolver(region: BitwardenServerRegion, accessToken?: string): BitwardenSecretsManagerConfigurationResolver;
|
|
7
|
+
}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.BitwardenSecretsResolverFactory = void 0;
|
|
4
|
+
const sdk_napi_1 = require("@bitwarden/sdk-napi");
|
|
5
|
+
const bitwarden_secrets_manager_resolver_1 = require("./bitwarden-secrets-manager.resolver");
|
|
6
|
+
const bitwarden_server_region_1 = require("./bitwarden-server.region");
|
|
7
|
+
class BitwardenSecretsResolverFactory {
|
|
8
|
+
static defaultBitwardenSecretsResolver(region, accessToken) {
|
|
9
|
+
const token = accessToken || process.env.BWS_ACCESS_TOKEN;
|
|
10
|
+
if (!token) {
|
|
11
|
+
throw new Error('No Bitwarden access token provided');
|
|
12
|
+
}
|
|
13
|
+
const settings = bitwarden_server_region_1.BitwardenServerRegion.EU === region
|
|
14
|
+
? this.BITWARDEN_EU_SETTINGS
|
|
15
|
+
: this.BITWARDEN_US_SETTINGS;
|
|
16
|
+
const client = new sdk_napi_1.BitwardenClient(settings);
|
|
17
|
+
return new bitwarden_secrets_manager_resolver_1.BitwardenSecretsManagerConfigurationResolver(client, token);
|
|
18
|
+
}
|
|
19
|
+
}
|
|
20
|
+
exports.BitwardenSecretsResolverFactory = BitwardenSecretsResolverFactory;
|
|
21
|
+
BitwardenSecretsResolverFactory.BITWARDEN_EU_SETTINGS = {
|
|
22
|
+
apiUrl: 'https://api.bitwarden.eu',
|
|
23
|
+
identityUrl: 'https://identity.bitwarden.eu',
|
|
24
|
+
userAgent: 'Bitwarden SDK',
|
|
25
|
+
deviceType: sdk_napi_1.DeviceType.SDK,
|
|
26
|
+
};
|
|
27
|
+
BitwardenSecretsResolverFactory.BITWARDEN_US_SETTINGS = {
|
|
28
|
+
apiUrl: 'https://api.bitwarden.com',
|
|
29
|
+
identityUrl: 'https://identity.bitwarden.com',
|
|
30
|
+
userAgent: 'Bitwarden SDK',
|
|
31
|
+
deviceType: sdk_napi_1.DeviceType.SDK,
|
|
32
|
+
};
|
|
33
|
+
//# sourceMappingURL=bitwarden-secrets-resolver.factory.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"bitwarden-secrets-resolver.factory.js","sourceRoot":"","sources":["../../../../src/configuration/resolvers/bitwarden/bitwarden-secrets-resolver.factory.ts"],"names":[],"mappings":";;;AAAA,kDAI6B;AAC7B,6FAAoG;AACpG,uEAAkE;AAMlE,MAAa,+BAA+B;IA6B1C,MAAM,CAAC,+BAA+B,CACpC,MAA6B,EAC7B,WAAoB;QAEpB,MAAM,KAAK,GAAG,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;QAE1D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,QAAQ,GACZ,+CAAqB,CAAC,EAAE,KAAK,MAAM;YACjC,CAAC,CAAC,IAAI,CAAC,qBAAqB;YAC5B,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC;QAEjC,MAAM,MAAM,GAAG,IAAI,0BAAe,CAAC,QAAQ,CAAC,CAAC;QAE7C,OAAO,IAAI,iFAA4C,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACzE,CAAC;;AA/CH,0EAgDC;AA5CyB,qDAAqB,GAAmB;IAC9D,MAAM,EAAE,0BAA0B;IAClC,WAAW,EAAE,+BAA+B;IAC5C,SAAS,EAAE,eAAe;IAC1B,UAAU,EAAE,qBAAU,CAAC,GAAG;CAC3B,CAAC;AAKsB,qDAAqB,GAAmB;IAC9D,MAAM,EAAE,2BAA2B;IACnC,WAAW,EAAE,gCAAgC;IAC7C,SAAS,EAAE,eAAe;IAC1B,UAAU,EAAE,qBAAU,CAAC,GAAG;CAC3B,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.BitwardenServerRegion = void 0;
|
|
4
|
+
var BitwardenServerRegion;
|
|
5
|
+
(function (BitwardenServerRegion) {
|
|
6
|
+
BitwardenServerRegion["EU"] = "EU";
|
|
7
|
+
BitwardenServerRegion["US"] = "US";
|
|
8
|
+
})(BitwardenServerRegion || (exports.BitwardenServerRegion = BitwardenServerRegion = {}));
|
|
9
|
+
//# sourceMappingURL=bitwarden-server.region.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"bitwarden-server.region.js","sourceRoot":"","sources":["../../../../src/configuration/resolvers/bitwarden/bitwarden-server.region.ts"],"names":[],"mappings":";;;AAAA,IAAY,qBAGX;AAHD,WAAY,qBAAqB;IAC/B,kCAAS,CAAA;IACT,kCAAS,CAAA;AACX,CAAC,EAHW,qBAAqB,qCAArB,qBAAqB,QAGhC"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./bitwarden-secrets-manager.resolver"), exports);
|
|
18
|
+
__exportStar(require("./bitwarden-secrets-resolver.factory"), exports);
|
|
19
|
+
__exportStar(require("./bitwarden-server.region"), exports);
|
|
20
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/configuration/resolvers/bitwarden/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,uEAAqD;AACrD,uEAAqD;AACrD,4DAA0C"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@itgorillaz/configify",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.1.0-alpha.0",
|
|
4
4
|
"description": "NestJS Config on Steroids",
|
|
5
5
|
"author": "tommelo",
|
|
6
6
|
"private": false,
|
|
@@ -39,6 +39,7 @@
|
|
|
39
39
|
"devDependencies": {
|
|
40
40
|
"@aws-sdk/client-secrets-manager": "^3.454.0",
|
|
41
41
|
"@aws-sdk/client-ssm": "^3.461.0",
|
|
42
|
+
"@bitwarden/sdk-napi": "^1.0.0",
|
|
42
43
|
"@nestjs/cli": "^11.0.2",
|
|
43
44
|
"@nestjs/schematics": "^11.0.0",
|
|
44
45
|
"@nestjs/testing": "^11.0.5",
|