@karmaniverous/aws-secrets-manager-tools 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/LICENSE +28 -0
  2. package/README.md +96 -0
  3. package/dist/cli/aws-secrets-manager-tools/index.js +889 -0
  4. package/dist/index.d.ts +250 -0
  5. package/dist/mjs/index.js +873 -0
  6. package/package.json +148 -0
package/LICENSE ADDED
@@ -0,0 +1,28 @@
1
+ BSD 3-Clause License
2
+
3
+ Copyright (c) 2025, Jason Williscroft
4
+
5
+ Redistribution and use in source and binary forms, with or without
6
+ modification, are permitted provided that the following conditions are met:
7
+
8
+ 1. Redistributions of source code must retain the above copyright notice, this
9
+ list of conditions and the following disclaimer.
10
+
11
+ 2. Redistributions in binary form must reproduce the above copyright notice,
12
+ this list of conditions and the following disclaimer in the documentation
13
+ and/or other materials provided with the distribution.
14
+
15
+ 3. Neither the name of the copyright holder nor the names of its
16
+ contributors may be used to endorse or promote products derived from
17
+ this software without specific prior written permission.
18
+
19
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
20
+ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22
+ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
23
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
25
+ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
26
+ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
27
+ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package/README.md ADDED
@@ -0,0 +1,96 @@
1
+ # AWS Secrets Manager Tools
2
+
3
+ Tools and a get-dotenv plugin for working with AWS Secrets Manager “env-map” secrets (JSON object maps of environment variables).
4
+
5
+ This package provides:
6
+
7
+ - A tools-style wrapper that owns AWS client setup (including optional AWS X-Ray capture):
8
+ - `AwsSecretsManagerTools`
9
+ - A get-dotenv plugin intended to be mounted under `aws`:
10
+ - `secretsPlugin()` → `aws secrets pull|push|delete`
11
+ - A CLI embedding get-dotenv with the secrets plugin:
12
+ - `aws-secrets-manager-tools`
13
+
14
+ ## Documentation
15
+
16
+ - Learn the programmatic API: [AwsSecretsManagerTools guide](guides/aws-secrets-manager-tools.md)
17
+ - Learn the CLI and plugin behavior: [aws secrets plugin guide](guides/secrets-plugin.md)
18
+ - Browse the generated API reference: [TypeDoc site](https://docs.karmanivero.us/aws-secrets-manager-tools)
19
+
20
+ ## Install
21
+
22
+ ```bash
23
+ npm i @karmaniverous/aws-secrets-manager-tools
24
+ ```
25
+
26
+ This package is ESM-only (Node >= 20).
27
+
28
+ ## Quick start (programmatic)
29
+
30
+ ```ts
31
+ import { AwsSecretsManagerTools } from '@karmaniverous/aws-secrets-manager-tools';
32
+
33
+ const tools = await AwsSecretsManagerTools.init({
34
+ clientConfig: { region: 'us-east-1', logger: console },
35
+ xray: 'auto',
36
+ });
37
+
38
+ const current = await tools.readEnvSecret({ secretId: 'my-app/dev' });
39
+ await tools.upsertEnvSecret({ secretId: 'my-app/dev', value: current });
40
+ ```
41
+
42
+ When you need AWS functionality not wrapped by this package, use the fully configured AWS SDK v3 client at `tools.client` (see the [programmatic guide](guides/aws-secrets-manager-tools.md) for examples).
43
+
44
+ ## Quick start (CLI)
45
+
46
+ ```bash
47
+ aws-secrets-manager-tools --env dev aws secrets pull --secret-name '$STACK_NAME'
48
+ aws-secrets-manager-tools --env dev aws secrets push --secret-name '$STACK_NAME'
49
+ aws-secrets-manager-tools --env dev aws secrets delete --secret-name '$STACK_NAME'
50
+ ```
51
+
52
+ Notes:
53
+
54
+ - `--env` is a root-level (get-dotenv) option and must appear before the command path.
55
+ - Secret name expansion is evaluated at action time against `{ ...process.env, ...ctx.dotenv }` (ctx wins).
56
+
57
+ ## Env-map secret format
58
+
59
+ Secrets are stored as a JSON object map of environment variables in `SecretString`:
60
+
61
+ ```json
62
+ { "KEY": "value", "OPTIONAL": null }
63
+ ```
64
+
65
+ Notes:
66
+
67
+ - Values must be strings or `null`.
68
+ - `null` is treated as `undefined` when decoding.
69
+
70
+ ## AWS X-Ray capture (optional)
71
+
72
+ X-Ray support is guarded:
73
+
74
+ - Default behavior is `xray: 'auto'`: capture is enabled only when `AWS_XRAY_DAEMON_ADDRESS` is set.
75
+ - To enable capture, install the optional peer dependency:
76
+ - `aws-xray-sdk`
77
+ - In `auto` mode, if `AWS_XRAY_DAEMON_ADDRESS` is set but `aws-xray-sdk` is not installed, initialization throws.
78
+
79
+ ## Config defaults (getdotenv.config.*)
80
+
81
+ If you embed the plugin in your own get-dotenv host (or use the shipped CLI), you can provide safe defaults in config under `plugins['aws/secrets']`:
82
+
83
+ ```jsonc
84
+ {
85
+ "plugins": {
86
+ "aws/secrets": {
87
+ "secretName": "$STACK_NAME",
88
+ "templateExtension": "template",
89
+ "push": { "from": ["file:env:private"] },
90
+ "pull": { "to": "env:private" }
91
+ }
92
+ }
93
+ }
94
+ ```
95
+
96
+ See the [secrets plugin guide](guides/secrets-plugin.md) for `--from` / `--to` selector details and all supported config keys.