@kitsy/cnos-cli 1.11.1 → 1.11.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +72 -22
- package/package.json +3 -3
package/dist/index.js
CHANGED
|
@@ -2078,11 +2078,11 @@ var COMMANDS = [
|
|
|
2078
2078
|
},
|
|
2079
2079
|
{
|
|
2080
2080
|
flag: "--provider <name>",
|
|
2081
|
-
description: "Provider name for
|
|
2081
|
+
description: "Provider name for remote/reference secret metadata writes."
|
|
2082
2082
|
},
|
|
2083
2083
|
{
|
|
2084
2084
|
flag: "--vault <name>",
|
|
2085
|
-
description: "Use a manifest-defined vault.
|
|
2085
|
+
description: "Use a manifest-defined vault. Local vaults store encrypted material; non-local vaults write reference metadata only."
|
|
2086
2086
|
},
|
|
2087
2087
|
{
|
|
2088
2088
|
flag: "--reveal",
|
|
@@ -2095,7 +2095,8 @@ var COMMANDS = [
|
|
|
2095
2095
|
"cnos vault auth local-dev",
|
|
2096
2096
|
"cnos secret set app.token super-secret --vault local-dev",
|
|
2097
2097
|
"cnos vault create github-ci --provider environment --no-passphrase",
|
|
2098
|
-
"cnos secret set app.token APP_TOKEN --vault github-ci"
|
|
2098
|
+
"cnos secret set app.token APP_TOKEN --vault github-ci",
|
|
2099
|
+
"cnos secret set app.token --vault prod-gcp"
|
|
2099
2100
|
]
|
|
2100
2101
|
},
|
|
2101
2102
|
{
|
|
@@ -2155,7 +2156,7 @@ var COMMANDS = [
|
|
|
2155
2156
|
id: "vault list",
|
|
2156
2157
|
summary: "List manifest-defined vaults.",
|
|
2157
2158
|
usage: "cnos vault list [global-options]",
|
|
2158
|
-
description: "Lists vault definitions together with provider and passphrase policy.",
|
|
2159
|
+
description: "Lists project vault definitions together with provider and passphrase policy. Outside a CNOS project, lists local vault stores from the configured CNOS secret home.",
|
|
2159
2160
|
examples: ["cnos vault list"]
|
|
2160
2161
|
},
|
|
2161
2162
|
{
|
|
@@ -2450,7 +2451,7 @@ var COMMANDS = [
|
|
|
2450
2451
|
id: "secret set",
|
|
2451
2452
|
summary: "Write a secret securely.",
|
|
2452
2453
|
usage: "cnos secret set <path> [value] [--local|--remote|--ref] [--vault <name>] [--provider <name>] [--stdin] [global-options]",
|
|
2453
|
-
description: "Writes a secret reference into the repo. When a local vault is selected, CNOS stores encrypted secret material outside the repo under ~/.cnos/secrets/vaults/<vault>; when
|
|
2454
|
+
description: "Writes a secret reference into the repo. When a local vault is selected, CNOS stores encrypted secret material outside the repo under ~/.cnos/secrets/vaults/<vault>; when a non-local vault is selected, CNOS writes reference metadata only and never prompts for secret material by default. If [value] is omitted for a non-local vault, the logical path is used as the external ref.",
|
|
2454
2455
|
examples: [
|
|
2455
2456
|
"cnos vault create db",
|
|
2456
2457
|
"cnos vault auth db",
|
|
@@ -2458,7 +2459,8 @@ var COMMANDS = [
|
|
|
2458
2459
|
"cnos secret set app.token --vault db",
|
|
2459
2460
|
'printf "super-secret" | cnos secret set app.token --vault db --stdin',
|
|
2460
2461
|
"cnos vault create github-ci --provider environment --no-passphrase",
|
|
2461
|
-
"cnos secret set app.token APP_TOKEN --vault github-ci"
|
|
2462
|
+
"cnos secret set app.token APP_TOKEN --vault github-ci",
|
|
2463
|
+
"cnos secret set app.token --vault prod-gcp"
|
|
2462
2464
|
]
|
|
2463
2465
|
},
|
|
2464
2466
|
{
|
|
@@ -4699,23 +4701,50 @@ async function runVault(args = [], options = {}) {
|
|
|
4699
4701
|
}
|
|
4700
4702
|
return result.deleted ? `removed vault "${result.name}"` : `vault "${result.name}" was not found`;
|
|
4701
4703
|
}
|
|
4702
|
-
const
|
|
4703
|
-
|
|
4704
|
-
|
|
4705
|
-
|
|
4704
|
+
const localStoreVaults = await listLocalStoreVaults(options);
|
|
4705
|
+
let manifestVaults = [];
|
|
4706
|
+
try {
|
|
4707
|
+
manifestVaults = await listVaultDefinitions(options);
|
|
4708
|
+
} catch (error) {
|
|
4709
|
+
const message = error instanceof Error ? error.message : String(error);
|
|
4710
|
+
if (!message.includes("No .cnosrc.yml found") && !message.includes("Could not locate .cnos/cnos.yml")) {
|
|
4711
|
+
throw error;
|
|
4712
|
+
}
|
|
4713
|
+
}
|
|
4714
|
+
const manifestNames = new Set(manifestVaults.map((vault) => vault.name));
|
|
4715
|
+
const localOnlyVaults = localStoreVaults.filter((name) => !manifestNames.has(name)).sort((left, right) => left.localeCompare(right)).map((name) => ({
|
|
4716
|
+
name,
|
|
4717
|
+
provider: "local",
|
|
4718
|
+
authMethod: "passphrase",
|
|
4719
|
+
localStore: true,
|
|
4720
|
+
source: "local-store"
|
|
4721
|
+
}));
|
|
4706
4722
|
if (options.json) {
|
|
4707
4723
|
return printJson(
|
|
4708
|
-
|
|
4709
|
-
...vault
|
|
4710
|
-
|
|
4711
|
-
|
|
4724
|
+
[
|
|
4725
|
+
...manifestVaults.map((vault) => ({
|
|
4726
|
+
...vault,
|
|
4727
|
+
localStore: localStoreVaults.includes(vault.name)
|
|
4728
|
+
})),
|
|
4729
|
+
...localOnlyVaults
|
|
4730
|
+
]
|
|
4712
4731
|
);
|
|
4713
4732
|
}
|
|
4714
|
-
|
|
4733
|
+
const vaults = [
|
|
4734
|
+
...manifestVaults.map((vault) => ({
|
|
4735
|
+
name: vault.name,
|
|
4736
|
+
provider: vault.provider,
|
|
4737
|
+
authMethod: vault.authMethod,
|
|
4738
|
+
localStore: localStoreVaults.includes(vault.name),
|
|
4739
|
+
source: void 0
|
|
4740
|
+
})),
|
|
4741
|
+
...localOnlyVaults
|
|
4742
|
+
];
|
|
4743
|
+
if (vaults.length === 0) {
|
|
4715
4744
|
return "";
|
|
4716
4745
|
}
|
|
4717
|
-
return
|
|
4718
|
-
(vault) => `${vault.name} provider=${vault.provider} auth=${vault.authMethod}${
|
|
4746
|
+
return vaults.map(
|
|
4747
|
+
(vault) => `${vault.name} provider=${vault.provider} auth=${vault.authMethod}${vault.localStore ? " local-store=true" : ""}${vault.source ? ` source=${vault.source}` : ""}`
|
|
4719
4748
|
).join("\n");
|
|
4720
4749
|
}
|
|
4721
4750
|
|
|
@@ -4773,14 +4802,30 @@ async function promptHiddenValue(message) {
|
|
|
4773
4802
|
rl.close();
|
|
4774
4803
|
}
|
|
4775
4804
|
}
|
|
4776
|
-
async function
|
|
4805
|
+
async function shouldPromptForMissingSecretValue(vault, mode, options) {
|
|
4806
|
+
if (mode === "local") {
|
|
4807
|
+
return true;
|
|
4808
|
+
}
|
|
4809
|
+
if (mode === "remote" || mode === "ref") {
|
|
4810
|
+
return false;
|
|
4811
|
+
}
|
|
4812
|
+
const runtime = await createRuntimeService({
|
|
4813
|
+
...options,
|
|
4814
|
+
secretResolution: "lazy"
|
|
4815
|
+
});
|
|
4816
|
+
return runtime.manifest.vaults[vault]?.provider === "local";
|
|
4817
|
+
}
|
|
4818
|
+
async function resolveSecretSetValue(secretPath, providedValue, stdin, promptForMissingValue) {
|
|
4777
4819
|
if (stdin) {
|
|
4778
4820
|
return readStdinValue();
|
|
4779
4821
|
}
|
|
4780
4822
|
if (providedValue !== void 0) {
|
|
4781
4823
|
return providedValue;
|
|
4782
4824
|
}
|
|
4783
|
-
|
|
4825
|
+
if (promptForMissingValue) {
|
|
4826
|
+
return promptHiddenValue(`Enter value for secret "${secretPath}": `);
|
|
4827
|
+
}
|
|
4828
|
+
return secretPath;
|
|
4784
4829
|
}
|
|
4785
4830
|
var WritableMask = class extends Writable {
|
|
4786
4831
|
muted = false;
|
|
@@ -4836,7 +4881,12 @@ async function runSecret(argsOrPath, options = {}) {
|
|
|
4836
4881
|
const vault = consumeOption(cliArgs, "--vault") ?? "default";
|
|
4837
4882
|
const mode = local ? "local" : remote ? "remote" : ref ? "ref" : void 0;
|
|
4838
4883
|
const resolvedSecretPath = secretPath2 ?? "app.token";
|
|
4839
|
-
const
|
|
4884
|
+
const promptForMissingValue = await shouldPromptForMissingSecretValue(vault, mode, {
|
|
4885
|
+
...options,
|
|
4886
|
+
cliArgs,
|
|
4887
|
+
target
|
|
4888
|
+
});
|
|
4889
|
+
const rawValue = await resolveSecretSetValue(resolvedSecretPath, tail[1], stdin, promptForMissingValue);
|
|
4840
4890
|
const result = await setSecret(resolvedSecretPath, rawValue, {
|
|
4841
4891
|
...options,
|
|
4842
4892
|
cliArgs,
|
|
@@ -4848,7 +4898,7 @@ async function runSecret(argsOrPath, options = {}) {
|
|
|
4848
4898
|
if (options.json) {
|
|
4849
4899
|
return printJson(result);
|
|
4850
4900
|
}
|
|
4851
|
-
return result.provider === "local" ? `set secret.${secretPath2} in vault "${result.vault ?? "default"}" with ref "${result.ref}" and repo pointer ${displayPath(result.filePath, root)}` : `
|
|
4901
|
+
return result.provider === "local" ? `set secret.${secretPath2} in vault "${result.vault ?? "default"}" with ref "${result.ref}" and repo pointer ${displayPath(result.filePath, root)}` : `added secret reference secret.${secretPath2} -> ref "${result.ref}" in vault "${result.vault ?? "default"}" using provider "${result.provider}" at ${displayPath(result.filePath, root)}. No secret material was written by CNOS; create or update the secret in the configured vault separately.`;
|
|
4852
4902
|
}
|
|
4853
4903
|
if (action === "delete") {
|
|
4854
4904
|
const secretPath2 = tail[0];
|
|
@@ -6139,7 +6189,7 @@ async function runValidate(options = {}) {
|
|
|
6139
6189
|
// package.json
|
|
6140
6190
|
var package_default = {
|
|
6141
6191
|
name: "@kitsy/cnos-cli",
|
|
6142
|
-
version: "1.11.
|
|
6192
|
+
version: "1.11.2",
|
|
6143
6193
|
description: "CLI entry point and developer tooling for CNOS.",
|
|
6144
6194
|
type: "module",
|
|
6145
6195
|
main: "./dist/index.js",
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@kitsy/cnos-cli",
|
|
3
|
-
"version": "1.11.
|
|
3
|
+
"version": "1.11.2",
|
|
4
4
|
"description": "CLI entry point and developer tooling for CNOS.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -37,8 +37,8 @@
|
|
|
37
37
|
},
|
|
38
38
|
"dependencies": {
|
|
39
39
|
"smol-toml": "^1.4.2",
|
|
40
|
-
"@kitsy/cnos": "1.11.
|
|
41
|
-
"@kitsy/cnos-ui": "1.11.
|
|
40
|
+
"@kitsy/cnos": "1.11.2",
|
|
41
|
+
"@kitsy/cnos-ui": "1.11.2"
|
|
42
42
|
},
|
|
43
43
|
"scripts": {
|
|
44
44
|
"build": "tsup src/index.ts --format esm --dts",
|