npm - @kitsy/cnos-cli - Versions diffs - 1.8.2 → 1.8.4 - Mend

@kitsy/cnos-cli 1.8.2 → 1.8.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +27 -11
package/package.json +2 -2

package/dist/index.js CHANGED Viewed

@@ -802,7 +802,10 @@ async function defineValue(namespace, configPath, rawValue, options = {}) {
   };
 }
 async function setSecret(configPath, rawValue, options = {}) {
-  const runtime = await createRuntimeService(options);
+  const runtime = await createRuntimeService({
+    ...options,
+    secretResolution: "lazy"
+  });
   const workspaceRoot = getSelectedWorkspaceRoot(options, runtime);
   const profile = options.profile ?? runtime.graph.profile;
   const filePath = resolveConfigDocumentPath(workspaceRoot, "secret", configPath, profile);
@@ -843,7 +846,10 @@ async function setSecret(configPath, rawValue, options = {}) {
 }
 async function deleteSecret(configPath, options = {}) {
   await assertWritableConfigRoot(`delete secret.${configPath}`, options);
-  const runtime = await createRuntimeService(options);
+  const runtime = await createRuntimeService({
+    ...options,
+    secretResolution: "lazy"
+  });
   const workspaceRoot = getSelectedWorkspaceRoot(options, runtime);
   const profile = options.profile ?? runtime.graph.profile;
   const filePath = resolveConfigDocumentPath(workspaceRoot, "secret", configPath, profile);
@@ -2914,7 +2920,10 @@ function toStoredEntry(namespace, entry, filter = {}) {
   };
 }
 async function listStoredNamespace(namespace, options) {
-  const runtime = await createRuntimeService(options);
+  const runtime = await createRuntimeService({
+    ...options,
+    ...namespace === "secret" ? { secretResolution: "lazy" } : {}
+  });
   return Array.from(runtime.graph.entries.values()).filter((entry) => entry.namespace === namespace).map((entry) => {
     const stored = toStoredEntry(namespace, entry, options);
     if (!stored) {
@@ -4012,21 +4021,21 @@ async function authenticateVault(name, options = {}) {
   const auth = await resolveVaultAuth2(vault, definition, options.processEnv ?? process.env);
   const storeRoot = resolveSecretStoreRoot2(options.processEnv);
   if (definition.provider === "local") {
-    if (!auth.passphrase) {
-      throw new Error(`Vault "${vault}" requires passphrase-based authentication.`);
-    }
     const metadata = await readVaultMetadata(storeRoot, vault);
     if (!metadata) {
       throw new Error(
         `Vault "${vault}" has not been initialized yet. Run cnos vault create ${vault} first.`
       );
     }
-    const derivedKey = deriveVaultKey(auth.passphrase, Buffer.from(metadata.salt, "base64"), metadata.iterations);
+    const derivedKey = auth.derivedKey ?? (auth.passphrase ? deriveVaultKey(auth.passphrase, Buffer.from(metadata.salt, "base64"), metadata.iterations) : void 0);
+    if (!derivedKey) {
+      throw new Error(`Vault "${vault}" requires passphrase-based authentication.`);
+    }
     await listLocalSecrets(
       storeRoot,
       {
         derivedKey,
-        method: auth.method,
+        method: auth.derivedKey ? auth.method : "passphrase",
         ...definition.auth?.config ? { config: definition.auth.config } : {}
       },
       vault
@@ -4191,7 +4200,10 @@ async function runSecret(argsOrPath, options = {}) {
     return runVault(["create", tail[0] ?? "default"], options);
   }
   if (action === "list") {
-    const runtime2 = await createRuntimeService(options);
+    const runtime2 = await createRuntimeService({
+      ...options,
+      secretResolution: "lazy"
+    });
     const prefix = consumeOption(cliArgs, "--prefix");
     const vault = consumeOption(cliArgs, "--vault");
     const provider = consumeOption(cliArgs, "--provider");
@@ -4254,12 +4266,16 @@ async function runSecret(argsOrPath, options = {}) {
     }
     return result.deleted ? `deleted secret.${secretPath2} from ${displayPath(result.filePath, root)}` : `no secret.${secretPath2} found in ${displayPath(result.filePath, root)}`;
   }
-  const runtime = await createRuntimeService(options);
+  const runtime = await createRuntimeService({
+    ...options,
+    secretResolution: "lazy"
+  });
   const secretPath = tail[0] ?? "app.token";
   const expectedVault = consumeOption(cliArgs, "--vault");
   const reveal = consumeFlag(cliArgs, "--reveal");
   const entry = runtime.graph.entries.get(`secret.${secretPath}`);
   const secretRef = entry?.winner.metadata?.secretRef;
+  await runtime.refreshSecret(`secret.${secretPath}`);
   const value = runtime.secret(secretPath);
   if (value === void 0) {
     throw new Error(`Missing CNOS secret path: ${secretPath}`);
@@ -4318,7 +4334,7 @@ async function runValidate(options = {}) {
 // package.json
 var package_default = {
   name: "@kitsy/cnos-cli",
-  version: "1.8.2",
+  version: "1.8.4",
   description: "CLI entry point and developer tooling for CNOS.",
   type: "module",
   main: "./dist/index.js",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@kitsy/cnos-cli",
-  "version": "1.8.2",
+  "version": "1.8.4",
   "description": "CLI entry point and developer tooling for CNOS.",
   "type": "module",
   "main": "./dist/index.js",
@@ -37,7 +37,7 @@
   },
   "dependencies": {
     "smol-toml": "^1.4.2",
-    "@kitsy/cnos": "1.8.2"
+    "@kitsy/cnos": "1.8.4"
   },
   "scripts": {
     "build": "tsup src/index.ts --format esm --dts",