@kitsy/cnos-cli 1.9.1 → 1.9.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +49 -5
- package/package.json +3 -3
package/dist/index.js
CHANGED
|
@@ -2177,12 +2177,14 @@ var COMMANDS = [
|
|
|
2177
2177
|
{
|
|
2178
2178
|
id: "secret set",
|
|
2179
2179
|
summary: "Write a secret securely.",
|
|
2180
|
-
usage: "cnos secret set <path>
|
|
2181
|
-
description: "Writes a secret reference into the repo. When a local vault is selected, CNOS stores encrypted secret material outside the repo under ~/.cnos/secrets/vaults/<vault>; when an environment-backed vault is selected, CNOS writes an env-backed ref for CI or cloud runtimes.",
|
|
2180
|
+
usage: "cnos secret set <path> [value] [--local|--remote|--ref] [--vault <name>] [--provider <name>] [--stdin] [global-options]",
|
|
2181
|
+
description: "Writes a secret reference into the repo. When a local vault is selected, CNOS stores encrypted secret material outside the repo under ~/.cnos/secrets/vaults/<vault>; when an environment-backed vault is selected, CNOS writes an env-backed ref for CI or cloud runtimes. If [value] is omitted, CNOS prompts for a masked value interactively; use --stdin for pipelines.",
|
|
2182
2182
|
examples: [
|
|
2183
2183
|
"cnos vault create db",
|
|
2184
2184
|
"cnos vault auth db",
|
|
2185
2185
|
"cnos secret set app.token super-secret --vault db",
|
|
2186
|
+
"cnos secret set app.token --vault db",
|
|
2187
|
+
'printf "super-secret" | cnos secret set app.token --vault db --stdin',
|
|
2186
2188
|
"cnos vault create github-ci --provider environment --no-passphrase",
|
|
2187
2189
|
"cnos secret set app.token APP_TOKEN --vault github-ci"
|
|
2188
2190
|
]
|
|
@@ -4132,6 +4134,8 @@ async function runCommand(command, options = {}) {
|
|
|
4132
4134
|
|
|
4133
4135
|
// src/commands/secret.ts
|
|
4134
4136
|
import path21 from "path";
|
|
4137
|
+
import readline3 from "readline";
|
|
4138
|
+
import { Writable } from "stream";
|
|
4135
4139
|
|
|
4136
4140
|
// src/commands/vault.ts
|
|
4137
4141
|
import path20 from "path";
|
|
@@ -4470,6 +4474,45 @@ async function readStdinValue() {
|
|
|
4470
4474
|
}
|
|
4471
4475
|
return Buffer.concat(chunks).toString("utf8").trimEnd();
|
|
4472
4476
|
}
|
|
4477
|
+
async function promptHiddenValue(message) {
|
|
4478
|
+
if (!process.stdin.isTTY || !process.stdout.isTTY) {
|
|
4479
|
+
throw new Error("Cannot prompt for a secret value in non-interactive mode. Pass <value> explicitly or use --stdin.");
|
|
4480
|
+
}
|
|
4481
|
+
const mutableStdout = new WritableMask();
|
|
4482
|
+
const rl = readline3.createInterface({
|
|
4483
|
+
input: process.stdin,
|
|
4484
|
+
output: mutableStdout,
|
|
4485
|
+
terminal: true
|
|
4486
|
+
});
|
|
4487
|
+
try {
|
|
4488
|
+
mutableStdout.muted = true;
|
|
4489
|
+
const value = await new Promise((resolve) => {
|
|
4490
|
+
rl.question(message, resolve);
|
|
4491
|
+
});
|
|
4492
|
+
process.stdout.write("\n");
|
|
4493
|
+
return value;
|
|
4494
|
+
} finally {
|
|
4495
|
+
rl.close();
|
|
4496
|
+
}
|
|
4497
|
+
}
|
|
4498
|
+
async function resolveSecretSetValue(secretPath, providedValue, stdin) {
|
|
4499
|
+
if (stdin) {
|
|
4500
|
+
return readStdinValue();
|
|
4501
|
+
}
|
|
4502
|
+
if (providedValue !== void 0) {
|
|
4503
|
+
return providedValue;
|
|
4504
|
+
}
|
|
4505
|
+
return promptHiddenValue(`Enter value for secret "${secretPath}": `);
|
|
4506
|
+
}
|
|
4507
|
+
var WritableMask = class extends Writable {
|
|
4508
|
+
muted = false;
|
|
4509
|
+
_write(chunk, _encoding, callback) {
|
|
4510
|
+
if (!this.muted) {
|
|
4511
|
+
process.stdout.write(chunk);
|
|
4512
|
+
}
|
|
4513
|
+
callback();
|
|
4514
|
+
}
|
|
4515
|
+
};
|
|
4473
4516
|
async function runSecret(argsOrPath, options = {}) {
|
|
4474
4517
|
const args = Array.isArray(argsOrPath) ? argsOrPath : [argsOrPath];
|
|
4475
4518
|
const { action, tail } = normalizeSecretCommand(args);
|
|
@@ -4514,8 +4557,9 @@ async function runSecret(argsOrPath, options = {}) {
|
|
|
4514
4557
|
const provider = consumeOption(cliArgs, "--provider");
|
|
4515
4558
|
const vault = consumeOption(cliArgs, "--vault") ?? "default";
|
|
4516
4559
|
const mode = local ? "local" : remote ? "remote" : ref ? "ref" : void 0;
|
|
4517
|
-
const
|
|
4518
|
-
const
|
|
4560
|
+
const resolvedSecretPath = secretPath2 ?? "app.token";
|
|
4561
|
+
const rawValue = await resolveSecretSetValue(resolvedSecretPath, tail[1], stdin);
|
|
4562
|
+
const result = await setSecret(resolvedSecretPath, rawValue, {
|
|
4519
4563
|
...options,
|
|
4520
4564
|
cliArgs,
|
|
4521
4565
|
target,
|
|
@@ -4905,7 +4949,7 @@ async function runValidate(options = {}) {
|
|
|
4905
4949
|
// package.json
|
|
4906
4950
|
var package_default = {
|
|
4907
4951
|
name: "@kitsy/cnos-cli",
|
|
4908
|
-
version: "1.9.
|
|
4952
|
+
version: "1.9.2",
|
|
4909
4953
|
description: "CLI entry point and developer tooling for CNOS.",
|
|
4910
4954
|
type: "module",
|
|
4911
4955
|
main: "./dist/index.js",
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@kitsy/cnos-cli",
|
|
3
|
-
"version": "1.9.
|
|
3
|
+
"version": "1.9.2",
|
|
4
4
|
"description": "CLI entry point and developer tooling for CNOS.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -37,8 +37,8 @@
|
|
|
37
37
|
},
|
|
38
38
|
"dependencies": {
|
|
39
39
|
"smol-toml": "^1.4.2",
|
|
40
|
-
"@kitsy/cnos-ui": "1.9.
|
|
41
|
-
"@kitsy/cnos": "1.9.
|
|
40
|
+
"@kitsy/cnos-ui": "1.9.2",
|
|
41
|
+
"@kitsy/cnos": "1.9.2"
|
|
42
42
|
},
|
|
43
43
|
"scripts": {
|
|
44
44
|
"build": "tsup src/index.ts --format esm --dts",
|