@marktoflow/core 2.0.0-alpha.7 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +24 -220
- package/dist/built-in-operations.d.ts +150 -0
- package/dist/built-in-operations.d.ts.map +1 -0
- package/dist/built-in-operations.js +799 -0
- package/dist/built-in-operations.js.map +1 -0
- package/dist/core-tools.d.ts +39 -0
- package/dist/core-tools.d.ts.map +1 -0
- package/dist/core-tools.js +58 -0
- package/dist/core-tools.js.map +1 -0
- package/dist/credentials.d.ts +60 -1
- package/dist/credentials.d.ts.map +1 -1
- package/dist/credentials.js +229 -4
- package/dist/credentials.js.map +1 -1
- package/dist/engine.d.ts +144 -3
- package/dist/engine.d.ts.map +1 -1
- package/dist/engine.js +1385 -49
- package/dist/engine.js.map +1 -1
- package/dist/file-operations.d.ts +86 -0
- package/dist/file-operations.d.ts.map +1 -0
- package/dist/file-operations.js +363 -0
- package/dist/file-operations.js.map +1 -0
- package/dist/index.d.ts +16 -5
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +46 -4
- package/dist/index.js.map +1 -1
- package/dist/logging.d.ts +40 -2
- package/dist/logging.d.ts.map +1 -1
- package/dist/logging.js +166 -13
- package/dist/logging.js.map +1 -1
- package/dist/models.d.ts +1931 -203
- package/dist/models.d.ts.map +1 -1
- package/dist/models.js +303 -13
- package/dist/models.js.map +1 -1
- package/dist/nunjucks-filters.d.ts +271 -0
- package/dist/nunjucks-filters.d.ts.map +1 -0
- package/dist/nunjucks-filters.js +648 -0
- package/dist/nunjucks-filters.js.map +1 -0
- package/dist/oauth-manager.d.ts +128 -0
- package/dist/oauth-manager.d.ts.map +1 -0
- package/dist/oauth-manager.js +291 -0
- package/dist/oauth-manager.js.map +1 -0
- package/dist/oauth-refresh.d.ts +37 -0
- package/dist/oauth-refresh.d.ts.map +1 -0
- package/dist/oauth-refresh.js +76 -0
- package/dist/oauth-refresh.js.map +1 -0
- package/dist/parser.d.ts.map +1 -1
- package/dist/parser.js +291 -10
- package/dist/parser.js.map +1 -1
- package/dist/permissions.d.ts +49 -0
- package/dist/permissions.d.ts.map +1 -0
- package/dist/permissions.js +286 -0
- package/dist/permissions.js.map +1 -0
- package/dist/prompt-loader.d.ts +53 -0
- package/dist/prompt-loader.d.ts.map +1 -0
- package/dist/prompt-loader.js +205 -0
- package/dist/prompt-loader.js.map +1 -0
- package/dist/scheduler.d.ts +22 -3
- package/dist/scheduler.d.ts.map +1 -1
- package/dist/scheduler.js +72 -73
- package/dist/scheduler.js.map +1 -1
- package/dist/script-executor.d.ts +65 -0
- package/dist/script-executor.d.ts.map +1 -0
- package/dist/script-executor.js +261 -0
- package/dist/script-executor.js.map +1 -0
- package/dist/sdk-registry.d.ts +20 -2
- package/dist/sdk-registry.d.ts.map +1 -1
- package/dist/sdk-registry.js +100 -15
- package/dist/sdk-registry.js.map +1 -1
- package/dist/secret-providers/index.d.ts +12 -0
- package/dist/secret-providers/index.d.ts.map +1 -0
- package/dist/secret-providers/index.js +11 -0
- package/dist/secret-providers/index.js.map +1 -0
- package/dist/secret-providers/providers/aws.d.ts +32 -0
- package/dist/secret-providers/providers/aws.d.ts.map +1 -0
- package/dist/secret-providers/providers/aws.js +118 -0
- package/dist/secret-providers/providers/aws.js.map +1 -0
- package/dist/secret-providers/providers/azure.d.ts +40 -0
- package/dist/secret-providers/providers/azure.d.ts.map +1 -0
- package/dist/secret-providers/providers/azure.js +170 -0
- package/dist/secret-providers/providers/azure.js.map +1 -0
- package/dist/secret-providers/providers/env.d.ts +26 -0
- package/dist/secret-providers/providers/env.d.ts.map +1 -0
- package/dist/secret-providers/providers/env.js +59 -0
- package/dist/secret-providers/providers/env.js.map +1 -0
- package/dist/secret-providers/providers/vault.d.ts +39 -0
- package/dist/secret-providers/providers/vault.d.ts.map +1 -0
- package/dist/secret-providers/providers/vault.js +180 -0
- package/dist/secret-providers/providers/vault.js.map +1 -0
- package/dist/secret-providers/secret-manager.d.ts +72 -0
- package/dist/secret-providers/secret-manager.d.ts.map +1 -0
- package/dist/secret-providers/secret-manager.js +226 -0
- package/dist/secret-providers/secret-manager.js.map +1 -0
- package/dist/secret-providers/types.d.ts +105 -0
- package/dist/secret-providers/types.d.ts.map +1 -0
- package/dist/secret-providers/types.js +8 -0
- package/dist/secret-providers/types.js.map +1 -0
- package/dist/security.d.ts +1 -0
- package/dist/security.d.ts.map +1 -1
- package/dist/security.js +4 -0
- package/dist/security.js.map +1 -1
- package/dist/state.d.ts.map +1 -1
- package/dist/state.js +16 -9
- package/dist/state.js.map +1 -1
- package/dist/template-engine.d.ts +51 -0
- package/dist/template-engine.d.ts.map +1 -0
- package/dist/template-engine.js +227 -0
- package/dist/template-engine.js.map +1 -0
- package/dist/templates.d.ts +10 -0
- package/dist/templates.d.ts.map +1 -1
- package/dist/templates.js +21 -17
- package/dist/templates.js.map +1 -1
- package/dist/tools/mcp-tool.js +9 -9
- package/dist/tools/mcp-tool.js.map +1 -1
- package/dist/trigger-manager.js +1 -1
- package/dist/trigger-manager.js.map +1 -1
- package/dist/workflow-tools.d.ts +102 -0
- package/dist/workflow-tools.d.ts.map +1 -0
- package/dist/workflow-tools.js +130 -0
- package/dist/workflow-tools.js.map +1 -0
- package/package.json +24 -6
package/dist/sdk-registry.js
CHANGED
|
@@ -5,6 +5,7 @@
|
|
|
5
5
|
* Supports lazy loading and caching of SDK instances.
|
|
6
6
|
*/
|
|
7
7
|
import { McpLoader } from './mcp-loader.js';
|
|
8
|
+
import { SecretManager } from './secret-providers/secret-manager.js';
|
|
8
9
|
// ============================================================================
|
|
9
10
|
// Default SDK Loader (dynamic import)
|
|
10
11
|
// ============================================================================
|
|
@@ -22,6 +23,20 @@ export const defaultSDKLoader = {
|
|
|
22
23
|
},
|
|
23
24
|
};
|
|
24
25
|
// ============================================================================
|
|
26
|
+
// SDK Package Name Mappings
|
|
27
|
+
// ============================================================================
|
|
28
|
+
/**
|
|
29
|
+
* Maps SDK names to actual npm package names.
|
|
30
|
+
* Used when the SDK name in workflows differs from the npm package name.
|
|
31
|
+
*/
|
|
32
|
+
export const packageNameMappings = {
|
|
33
|
+
'google-gmail': 'googleapis',
|
|
34
|
+
'google-sheets': 'googleapis',
|
|
35
|
+
'google-calendar': 'googleapis',
|
|
36
|
+
'google-drive': 'googleapis',
|
|
37
|
+
'google-docs': 'googleapis',
|
|
38
|
+
};
|
|
39
|
+
// ============================================================================
|
|
25
40
|
// SDK Initializers for common services
|
|
26
41
|
// ============================================================================
|
|
27
42
|
export const defaultInitializers = {
|
|
@@ -65,19 +80,30 @@ export const defaultInitializers = {
|
|
|
65
80
|
},
|
|
66
81
|
'jira.js': {
|
|
67
82
|
async initialize(module, config) {
|
|
68
|
-
const { Version3Client } = module;
|
|
83
|
+
const { Version2Client, Version3Client } = module;
|
|
69
84
|
const host = config.auth?.['host'];
|
|
70
85
|
const email = config.auth?.['email'];
|
|
71
86
|
const apiToken = config.auth?.['api_token'];
|
|
87
|
+
const apiVersion = config.auth?.['api_version'] || 'auto';
|
|
72
88
|
if (!host || !email || !apiToken) {
|
|
73
89
|
throw new Error('Jira SDK requires auth.host, auth.email, and auth.api_token');
|
|
74
90
|
}
|
|
75
|
-
|
|
91
|
+
// Auto-detect API version based on host
|
|
92
|
+
// Cloud (*.atlassian.net) uses v3, self-hosted uses v2
|
|
93
|
+
let useVersion3 = true;
|
|
94
|
+
if (apiVersion === 'auto') {
|
|
95
|
+
useVersion3 = host.includes('.atlassian.net');
|
|
96
|
+
}
|
|
97
|
+
else {
|
|
98
|
+
useVersion3 = apiVersion === '3' || apiVersion === 'v3';
|
|
99
|
+
}
|
|
100
|
+
const authConfig = {
|
|
76
101
|
host,
|
|
77
102
|
authentication: {
|
|
78
103
|
basic: { email, apiToken },
|
|
79
104
|
},
|
|
80
|
-
}
|
|
105
|
+
};
|
|
106
|
+
return useVersion3 ? new Version3Client(authConfig) : new Version2Client(authConfig);
|
|
81
107
|
},
|
|
82
108
|
},
|
|
83
109
|
};
|
|
@@ -89,15 +115,31 @@ export class SDKRegistry {
|
|
|
89
115
|
loader;
|
|
90
116
|
initializers;
|
|
91
117
|
mcpLoader;
|
|
92
|
-
|
|
118
|
+
secretManager;
|
|
119
|
+
constructor(loader = defaultSDKLoader, initializers = defaultInitializers, mcpLoader, secretManager) {
|
|
93
120
|
this.loader = loader;
|
|
94
121
|
this.initializers = new Map(Object.entries(initializers));
|
|
95
122
|
this.mcpLoader = mcpLoader || new McpLoader();
|
|
123
|
+
if (secretManager) {
|
|
124
|
+
this.secretManager = secretManager;
|
|
125
|
+
}
|
|
96
126
|
}
|
|
97
127
|
/**
|
|
98
128
|
* Register tool configurations from a workflow.
|
|
99
129
|
*/
|
|
100
130
|
registerTools(tools) {
|
|
131
|
+
// Always register built-in tools (core and workflow) if not already present
|
|
132
|
+
const builtInTools = ['core', 'workflow'];
|
|
133
|
+
for (const toolName of builtInTools) {
|
|
134
|
+
if (!this.sdks.has(toolName)) {
|
|
135
|
+
this.sdks.set(toolName, {
|
|
136
|
+
name: toolName,
|
|
137
|
+
sdk: null,
|
|
138
|
+
config: { sdk: toolName }, // Minimal config for built-in tools
|
|
139
|
+
});
|
|
140
|
+
}
|
|
141
|
+
}
|
|
142
|
+
// Register workflow-specific tools
|
|
101
143
|
for (const [name, config] of Object.entries(tools)) {
|
|
102
144
|
if (!this.sdks.has(name)) {
|
|
103
145
|
// Store config for lazy loading
|
|
@@ -127,43 +169,69 @@ export class SDKRegistry {
|
|
|
127
169
|
if (instance.sdk) {
|
|
128
170
|
return instance.sdk;
|
|
129
171
|
}
|
|
172
|
+
// Resolve secret references in config.auth before initializing
|
|
173
|
+
const resolvedConfig = await this.resolveConfigSecrets(instance.config);
|
|
130
174
|
// Load the SDK module
|
|
175
|
+
// Check if there's a package name mapping (e.g., 'google-gmail' -> 'googleapis')
|
|
176
|
+
const packageName = packageNameMappings[resolvedConfig.sdk] || resolvedConfig.sdk;
|
|
131
177
|
let module;
|
|
132
178
|
try {
|
|
133
|
-
module = await this.loader.load(
|
|
179
|
+
module = await this.loader.load(packageName);
|
|
134
180
|
}
|
|
135
181
|
catch (error) {
|
|
136
182
|
// If we have an initializer, ignore load error and pass null (e.g. for 'script' tool)
|
|
137
|
-
if (this.initializers.has(
|
|
183
|
+
if (this.initializers.has(resolvedConfig.sdk)) {
|
|
138
184
|
module = null;
|
|
139
185
|
}
|
|
140
186
|
else {
|
|
141
187
|
throw error;
|
|
142
188
|
}
|
|
143
189
|
}
|
|
144
|
-
// Initialize with config
|
|
145
|
-
const initializer = this.initializers.get(
|
|
190
|
+
// Initialize with resolved config
|
|
191
|
+
const initializer = this.initializers.get(resolvedConfig.sdk);
|
|
146
192
|
if (initializer) {
|
|
147
|
-
instance.sdk = await initializer.initialize(module,
|
|
193
|
+
instance.sdk = await initializer.initialize(module, resolvedConfig);
|
|
148
194
|
}
|
|
149
195
|
else {
|
|
150
196
|
// Check for MCP
|
|
151
197
|
if (this.isMcpModule(module)) {
|
|
152
198
|
try {
|
|
153
|
-
const client = await this.mcpLoader.connectModule(module,
|
|
199
|
+
const client = await this.mcpLoader.connectModule(module, resolvedConfig);
|
|
154
200
|
instance.sdk = this.createMcpProxy(client);
|
|
155
201
|
}
|
|
156
202
|
catch (error) {
|
|
157
|
-
throw new Error(`Failed to connect to MCP module '${
|
|
203
|
+
throw new Error(`Failed to connect to MCP module '${resolvedConfig.sdk}': ${error}`);
|
|
158
204
|
}
|
|
159
205
|
}
|
|
160
206
|
else {
|
|
161
207
|
// No custom initializer - use generic initialization
|
|
162
|
-
instance.sdk = await this.genericInitialize(module,
|
|
208
|
+
instance.sdk = await this.genericInitialize(module, resolvedConfig);
|
|
163
209
|
}
|
|
164
210
|
}
|
|
165
211
|
return instance.sdk;
|
|
166
212
|
}
|
|
213
|
+
/**
|
|
214
|
+
* Resolve secret references in tool configuration.
|
|
215
|
+
*/
|
|
216
|
+
async resolveConfigSecrets(config) {
|
|
217
|
+
if (!this.secretManager || !config.auth) {
|
|
218
|
+
return config;
|
|
219
|
+
}
|
|
220
|
+
const resolvedAuth = {};
|
|
221
|
+
for (const [key, value] of Object.entries(config.auth)) {
|
|
222
|
+
if (typeof value === 'string' && SecretManager.isSecretReference(value)) {
|
|
223
|
+
// Resolve secret reference
|
|
224
|
+
resolvedAuth[key] = await this.secretManager.resolveSecrets(value);
|
|
225
|
+
}
|
|
226
|
+
else {
|
|
227
|
+
resolvedAuth[key] = value;
|
|
228
|
+
}
|
|
229
|
+
}
|
|
230
|
+
return {
|
|
231
|
+
...config,
|
|
232
|
+
auth: resolvedAuth,
|
|
233
|
+
};
|
|
234
|
+
}
|
|
167
235
|
isMcpModule(module) {
|
|
168
236
|
return typeof module.createMcpServer === 'function';
|
|
169
237
|
}
|
|
@@ -237,7 +305,7 @@ export class SDKRegistry {
|
|
|
237
305
|
* Create a step executor that invokes SDK methods.
|
|
238
306
|
*/
|
|
239
307
|
export function createSDKStepExecutor() {
|
|
240
|
-
return async (step,
|
|
308
|
+
return async (step, executionContext, sdkRegistry) => {
|
|
241
309
|
// Sub-workflows are handled by the engine, not by this executor
|
|
242
310
|
if (step.workflow) {
|
|
243
311
|
throw new Error('Sub-workflow steps should be handled by the engine, not the step executor');
|
|
@@ -255,18 +323,35 @@ export function createSDKStepExecutor() {
|
|
|
255
323
|
const sdk = await sdkRegistry.load(sdkName);
|
|
256
324
|
// Navigate to method
|
|
257
325
|
let current = sdk;
|
|
326
|
+
let parent = sdk;
|
|
258
327
|
for (const part of methodPath) {
|
|
259
328
|
if (current === null || current === undefined) {
|
|
260
329
|
throw new Error(`Cannot find ${part} in ${step.action}`);
|
|
261
330
|
}
|
|
331
|
+
parent = current;
|
|
262
332
|
current = current[part];
|
|
263
333
|
}
|
|
264
334
|
if (typeof current !== 'function') {
|
|
265
335
|
throw new Error(`${step.action} is not a function`);
|
|
266
336
|
}
|
|
267
|
-
//
|
|
337
|
+
// For script.execute, automatically inject workflow context variables
|
|
338
|
+
let inputs = step.inputs;
|
|
339
|
+
if (sdkName === 'script' && methodPath[0] === 'execute') {
|
|
340
|
+
const ctx = executionContext;
|
|
341
|
+
if (ctx && !inputs.context) {
|
|
342
|
+
// Inject workflow variables and inputs as context for the script
|
|
343
|
+
inputs = {
|
|
344
|
+
...inputs,
|
|
345
|
+
context: {
|
|
346
|
+
...ctx.variables,
|
|
347
|
+
inputs: ctx.inputs,
|
|
348
|
+
},
|
|
349
|
+
};
|
|
350
|
+
}
|
|
351
|
+
}
|
|
352
|
+
// Call the method with correct 'this' context (parent object, not root SDK)
|
|
268
353
|
const method = current;
|
|
269
|
-
return method.call(
|
|
354
|
+
return method.call(parent, inputs);
|
|
270
355
|
};
|
|
271
356
|
}
|
|
272
357
|
//# sourceMappingURL=sdk-registry.js.map
|
package/dist/sdk-registry.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sdk-registry.js","sourceRoot":"","sources":["../src/sdk-registry.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"sdk-registry.js","sourceRoot":"","sources":["../src/sdk-registry.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAE5C,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AA+BrE,+EAA+E;AAC/E,sCAAsC;AACtC,+EAA+E;AAE/E,MAAM,CAAC,MAAM,gBAAgB,GAAc;IACzC,KAAK,CAAC,IAAI,CAAC,WAAmB;QAC5B,IAAI,CAAC;YACH,gCAAgC;YAChC,OAAO,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,uBAAuB,WAAW,KAAK;gBACrC,yCAAyC,WAAW,IAAI;gBACxD,mBAAmB,KAAK,EAAE,CAC7B,CAAC;QACJ,CAAC;IACH,CAAC;CACF,CAAC;AAEF,+EAA+E;AAC/E,4BAA4B;AAC5B,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAA2B;IACzD,cAAc,EAAE,YAAY;IAC5B,eAAe,EAAE,YAAY;IAC7B,iBAAiB,EAAE,YAAY;IAC/B,cAAc,EAAE,YAAY;IAC5B,aAAa,EAAE,YAAY;CAC5B,CAAC;AAEF,+EAA+E;AAC/E,uCAAuC;AACvC,+EAA+E;AAE/E,MAAM,CAAC,MAAM,mBAAmB,GAAmC;IACjE,gBAAgB,EAAE;QAChB,KAAK,CAAC,UAAU,CAAC,MAAe,EAAE,MAAkB;YAClD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAuD,CAAC;YAC9E,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,OAAO,CAAW,CAAC;YAC/C,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;YACnD,CAAC;YACD,OAAO,IAAI,SAAS,CAAC,KAAK,CAAC,CAAC;QAC9B,CAAC;KACF;IAED,eAAe,EAAE;QACf,KAAK,CAAC,UAAU,CAAC,MAAe,EAAE,MAAkB;YAClD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAiE,CAAC;YACtF,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,OAAO,CAAW,CAAC;YAC/C,OAAO,IAAI,OAAO,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACtC,CAAC;KACF;IAED,mBAAmB,EAAE;QACnB,KAAK,CAAC,UAAU,CAAC,MAAe,EAAE,MAAkB;YAClD,MAAM,SAAS,GAAI,MAAoE;iBACpF,OAAO,CAAC;YACX,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,SAAS,CAAW,CAAC;YAClD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;YACzD,CAAC;YACD,OAAO,IAAI,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACnC,CAAC;KACF;IAED,MAAM,EAAE;QACN,KAAK,CAAC,UAAU,CAAC,MAAe,EAAE,MAAkB;YAClD,MAAM,MAAM,GAAI,MAAoE,CAAC,OAAO,CAAC;YAC7F,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,SAAS,CAAW,CAAC;YAClD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;YACtD,CAAC;YACD,OAAO,IAAI,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QAChC,CAAC;KACF;IAED,SAAS,EAAE;QACT,KAAK,CAAC,UAAU,CAAC,MAAe,EAAE,MAAkB;YAClD,MAAM,EAAE,cAAc,EAAE,cAAc,EAAE,GAAG,MAS1C,CAAC;YACF,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,CAAW,CAAC;YAC7C,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,OAAO,CAAW,CAAC;YAC/C,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,WAAW,CAAW,CAAC;YACtD,MAAM,UAAU,GAAI,MAAM,CAAC,IAAI,EAAE,CAAC,aAAa,CAAY,IAAI,MAAM,CAAC;YAEtE,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;YACjF,CAAC;YAED,wCAAwC;YACxC,uDAAuD;YACvD,IAAI,WAAW,GAAG,IAAI,CAAC;YACvB,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;gBAC1B,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;YAChD,CAAC;iBAAM,CAAC;gBACN,WAAW,GAAG,UAAU,KAAK,GAAG,IAAI,UAAU,KAAK,IAAI,CAAC;YAC1D,CAAC;YAED,MAAM,UAAU,GAAG;gBACjB,IAAI;gBACJ,cAAc,EAAE;oBACd,KAAK,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE;iBAC3B;aACF,CAAC;YAEF,OAAO,WAAW,CAAC,CAAC,CAAC,IAAI,cAAc,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,cAAc,CAAC,UAAU,CAAC,CAAC;QACvF,CAAC;KACF;CACF,CAAC;AAEF,+EAA+E;AAC/E,8BAA8B;AAC9B,+EAA+E;AAE/E,MAAM,OAAO,WAAW;IACd,IAAI,GAA6B,IAAI,GAAG,EAAE,CAAC;IAC3C,MAAM,CAAY;IAClB,YAAY,CAA8B;IAC1C,SAAS,CAAY;IACrB,aAAa,CAAiB;IAEtC,YACE,SAAoB,gBAAgB,EACpC,eAA+C,mBAAmB,EAClE,SAAqB,EACrB,aAA6B;QAE7B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,YAAY,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC;QAC1D,IAAI,CAAC,SAAS,GAAG,SAAS,IAAI,IAAI,SAAS,EAAE,CAAC;QAC9C,IAAI,aAAa,EAAE,CAAC;YAClB,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACrC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,KAAiC;QAC7C,4EAA4E;QAC5E,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAC1C,KAAK,MAAM,QAAQ,IAAI,YAAY,EAAE,CAAC;YACpC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE;oBACtB,IAAI,EAAE,QAAQ;oBACd,GAAG,EAAE,IAAI;oBACT,MAAM,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,oCAAoC;iBAChE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,mCAAmC;QACnC,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACnD,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzB,gCAAgC;gBAChC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;oBAClB,IAAI;oBACJ,GAAG,EAAE,IAAI;oBACT,MAAM;iBACP,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,GAAG,CAAC,IAAY;QACd,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,IAAY;QACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACrC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,QAAQ,IAAI,gDAAgD,CAAC,CAAC;QAChF,CAAC;QAED,sCAAsC;QACtC,IAAI,QAAQ,CAAC,GAAG,EAAE,CAAC;YACjB,OAAO,QAAQ,CAAC,GAAG,CAAC;QACtB,CAAC;QAED,+DAA+D;QAC/D,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAExE,sBAAsB;QACtB,iFAAiF;QACjF,MAAM,WAAW,GAAG,mBAAmB,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,cAAc,CAAC,GAAG,CAAC;QAElF,IAAI,MAAe,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC/C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,sFAAsF;YACtF,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC9C,MAAM,GAAG,IAAI,CAAC;YAChB,CAAC;iBAAM,CAAC;gBACN,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;QAED,kCAAkC;QAClC,MAAM,WAAW,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;QAC9D,IAAI,WAAW,EAAE,CAAC;YAChB,QAAQ,CAAC,GAAG,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;QACtE,CAAC;aAAM,CAAC;YACN,gBAAgB;YAChB,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC7B,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;oBAC1E,QAAQ,CAAC,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;gBAC7C,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,IAAI,KAAK,CAAC,oCAAoC,cAAc,CAAC,GAAG,MAAM,KAAK,EAAE,CAAC,CAAC;gBACvF,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,qDAAqD;gBACrD,QAAQ,CAAC,GAAG,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;YACtE,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC,GAAG,CAAC;IACtB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,oBAAoB,CAAC,MAAkB;QACnD,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YACxC,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,MAAM,YAAY,GAA2B,EAAE,CAAC;QAEhD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YACvD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,aAAa,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;gBACxE,2BAA2B;gBAC3B,YAAY,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;YACrE,CAAC;iBAAM,CAAC;gBACN,YAAY,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAC5B,CAAC;QACH,CAAC;QAED,OAAO;YACL,GAAG,MAAM;YACT,IAAI,EAAE,YAAY;SACnB,CAAC;IACJ,CAAC;IAEO,WAAW,CAAC,MAAe;QACjC,OAAO,OAAQ,MAAwC,CAAC,eAAe,KAAK,UAAU,CAAC;IACzF,CAAC;IAEO,cAAc,CAAC,MAAc;QACnC,OAAO,IAAI,KAAK,CAAC,MAAM,EAAE;YACvB,GAAG,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE;gBACpB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC7B,yCAAyC;oBACzC,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;wBACpB,OAAO,SAAS,CAAC;oBACnB,CAAC;oBAED,kDAAkD;oBAClD,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;wBACrB,OAAO,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBACnC,CAAC;oBAED,gCAAgC;oBAChC,OAAO,KAAK,EAAE,IAA6B,EAAE,EAAE;wBAC7C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC;4BACnC,IAAI,EAAE,IAAI;4BACV,SAAS,EAAE,IAAI;yBAChB,CAAC,CAAC;wBAEH,sEAAsE;wBACtE,2BAA2B;wBAC3B,yBAAyB;wBACzB,OAAO,MAAM,CAAC;oBAChB,CAAC,CAAC;gBACJ,CAAC;gBACD,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YACnC,CAAC;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB,CAAC,MAAe,EAAE,MAAkB;QACjE,sBAAsB;QACtB,MAAM,GAAG,GAAG,MAAiC,CAAC;QAE9C,uCAAuC;QACvC,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;YACtC,MAAM,WAAW,GAAG,GAAG,CAAC,OAA6C,CAAC;YACtE,OAAO,IAAI,WAAW,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC;QACxD,CAAC;QAED,mCAAmC;QACnC,IAAI,OAAO,GAAG,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YACrC,MAAM,MAAM,GAAG,GAAG,CAAC,MAA4C,CAAC;YAChE,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC;QACnD,CAAC;QAED,uDAAuD;QACvD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,OAAe,EAAE,WAA2B;QAC9D,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;IACpB,CAAC;CACF;AAmBD;;GAEG;AACH,MAAM,UAAU,qBAAqB;IACnC,OAAO,KAAK,EACV,IAA6E,EAC7E,gBAAyB,EACzB,WAA4B,EACV,EAAE;QACpB,gEAAgE;QAChE,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;QAC/F,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CACb,0BAA0B,IAAI,CAAC,MAAM,gDAAgD,CACtF,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACzB,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAElC,WAAW;QACX,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE5C,qBAAqB;QACrB,IAAI,OAAO,GAAY,GAAG,CAAC;QAC3B,IAAI,MAAM,GAAY,GAAG,CAAC;QAC1B,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;gBAC9C,MAAM,IAAI,KAAK,CAAC,eAAe,IAAI,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;YAC3D,CAAC;YACD,MAAM,GAAG,OAAO,CAAC;YACjB,OAAO,GAAI,OAAmC,CAAC,IAAI,CAAC,CAAC;QACvD,CAAC;QAED,IAAI,OAAO,OAAO,KAAK,UAAU,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,MAAM,oBAAoB,CAAC,CAAC;QACtD,CAAC;QAED,sEAAsE;QACtE,IAAI,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;QACzB,IAAI,OAAO,KAAK,QAAQ,IAAI,UAAU,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YACxD,MAAM,GAAG,GAAG,gBAAoD,CAAC;YACjE,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBAC3B,iEAAiE;gBACjE,MAAM,GAAG;oBACP,GAAG,MAAM;oBACT,OAAO,EAAE;wBACP,GAAG,GAAG,CAAC,SAAS;wBAChB,MAAM,EAAE,GAAG,CAAC,MAAM;qBACnB;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,4EAA4E;QAC5E,MAAM,MAAM,GAAG,OAAgD,CAAC;QAChE,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* External Secrets Management
|
|
3
|
+
*
|
|
4
|
+
* Provides integration with external secret managers.
|
|
5
|
+
*/
|
|
6
|
+
export { SecretManager, SecretNotFoundError, SecretProviderError } from './secret-manager.js';
|
|
7
|
+
export { VaultProvider } from './providers/vault.js';
|
|
8
|
+
export { AWSSecretsManagerProvider } from './providers/aws.js';
|
|
9
|
+
export { AzureKeyVaultProvider } from './providers/azure.js';
|
|
10
|
+
export { EnvProvider } from './providers/env.js';
|
|
11
|
+
export type { Secret, SecretMetadata, SecretProvider, SecretProviderConfig, SecretManagerOptions, SecretReference, CachedSecret, VaultConfig, AWSSecretsManagerConfig, AzureKeyVaultConfig, GCPSecretManagerConfig, } from './types.js';
|
|
12
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/secret-providers/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAE9F,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,yBAAyB,EAAE,MAAM,oBAAoB,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEjD,YAAY,EACV,MAAM,EACN,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,oBAAoB,EACpB,eAAe,EACf,YAAY,EACZ,WAAW,EACX,uBAAuB,EACvB,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,YAAY,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* External Secrets Management
|
|
3
|
+
*
|
|
4
|
+
* Provides integration with external secret managers.
|
|
5
|
+
*/
|
|
6
|
+
export { SecretManager, SecretNotFoundError, SecretProviderError } from './secret-manager.js';
|
|
7
|
+
export { VaultProvider } from './providers/vault.js';
|
|
8
|
+
export { AWSSecretsManagerProvider } from './providers/aws.js';
|
|
9
|
+
export { AzureKeyVaultProvider } from './providers/azure.js';
|
|
10
|
+
export { EnvProvider } from './providers/env.js';
|
|
11
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/secret-providers/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAE9F,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,yBAAyB,EAAE,MAAM,oBAAoB,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC"}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AWS Secrets Manager Provider
|
|
3
|
+
*
|
|
4
|
+
* Supports IAM authentication and explicit credentials.
|
|
5
|
+
*/
|
|
6
|
+
import type { SecretProvider, Secret, AWSSecretsManagerConfig } from '../types.js';
|
|
7
|
+
export declare class AWSSecretsManagerProvider implements SecretProvider {
|
|
8
|
+
private config;
|
|
9
|
+
private initialized;
|
|
10
|
+
constructor(config: AWSSecretsManagerConfig);
|
|
11
|
+
initialize(): Promise<void>;
|
|
12
|
+
/**
|
|
13
|
+
* Get a secret from AWS Secrets Manager
|
|
14
|
+
*/
|
|
15
|
+
getSecret(secretName: string): Promise<Secret>;
|
|
16
|
+
/**
|
|
17
|
+
* Check if a secret exists
|
|
18
|
+
*/
|
|
19
|
+
exists(secretName: string): Promise<boolean>;
|
|
20
|
+
/**
|
|
21
|
+
* List secrets (returns secret ARNs)
|
|
22
|
+
*/
|
|
23
|
+
listSecrets(): Promise<string[]>;
|
|
24
|
+
/**
|
|
25
|
+
* Call AWS Secrets Manager API
|
|
26
|
+
*
|
|
27
|
+
* This is a simplified implementation. In production, use @aws-sdk/client-secrets-manager
|
|
28
|
+
*/
|
|
29
|
+
private callAWSAPI;
|
|
30
|
+
destroy(): Promise<void>;
|
|
31
|
+
}
|
|
32
|
+
//# sourceMappingURL=aws.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"aws.d.ts","sourceRoot":"","sources":["../../../src/secret-providers/providers/aws.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAEnF,qBAAa,yBAA0B,YAAW,cAAc;IAC9D,OAAO,CAAC,MAAM,CAAoC;IAClD,OAAO,CAAC,WAAW,CAAS;gBAEhB,MAAM,EAAE,uBAAuB;IAUrC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAejC;;OAEG;IACG,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAuCpD;;OAEG;IACG,MAAM,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAYlD;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IActC;;;;OAIG;YACW,UAAU;IAelB,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAG/B"}
|
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AWS Secrets Manager Provider
|
|
3
|
+
*
|
|
4
|
+
* Supports IAM authentication and explicit credentials.
|
|
5
|
+
*/
|
|
6
|
+
export class AWSSecretsManagerProvider {
|
|
7
|
+
config;
|
|
8
|
+
initialized = false;
|
|
9
|
+
constructor(config) {
|
|
10
|
+
this.config = {
|
|
11
|
+
region: config.region ?? process.env.AWS_REGION ?? 'us-east-1',
|
|
12
|
+
accessKeyId: config.accessKeyId ?? process.env.AWS_ACCESS_KEY_ID ?? '',
|
|
13
|
+
secretAccessKey: config.secretAccessKey ?? process.env.AWS_SECRET_ACCESS_KEY ?? '',
|
|
14
|
+
sessionToken: config.sessionToken ?? process.env.AWS_SESSION_TOKEN ?? '',
|
|
15
|
+
useIAMRole: config.useIAMRole ?? false,
|
|
16
|
+
};
|
|
17
|
+
}
|
|
18
|
+
async initialize() {
|
|
19
|
+
if (this.initialized)
|
|
20
|
+
return;
|
|
21
|
+
// If using IAM role, credentials will be fetched automatically by AWS SDK
|
|
22
|
+
if (!this.config.useIAMRole) {
|
|
23
|
+
if (!this.config.accessKeyId || !this.config.secretAccessKey) {
|
|
24
|
+
throw new Error('AWS Secrets Manager requires accessKeyId and secretAccessKey, or useIAMRole must be true');
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
this.initialized = true;
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* Get a secret from AWS Secrets Manager
|
|
31
|
+
*/
|
|
32
|
+
async getSecret(secretName) {
|
|
33
|
+
if (!this.initialized) {
|
|
34
|
+
await this.initialize();
|
|
35
|
+
}
|
|
36
|
+
try {
|
|
37
|
+
// Use AWS SDK v3 style API call via fetch
|
|
38
|
+
const result = await this.callAWSAPI('GetSecretValue', { SecretId: secretName });
|
|
39
|
+
const secretString = String(result.SecretString || '');
|
|
40
|
+
let value;
|
|
41
|
+
// Try to parse as JSON
|
|
42
|
+
try {
|
|
43
|
+
value = JSON.parse(secretString);
|
|
44
|
+
}
|
|
45
|
+
catch {
|
|
46
|
+
value = secretString;
|
|
47
|
+
}
|
|
48
|
+
const metadata = {};
|
|
49
|
+
if (result.VersionId) {
|
|
50
|
+
metadata.version = String(result.VersionId);
|
|
51
|
+
}
|
|
52
|
+
if (result.CreatedDate && typeof result.CreatedDate === 'string') {
|
|
53
|
+
metadata.createdAt = new Date(result.CreatedDate);
|
|
54
|
+
}
|
|
55
|
+
return {
|
|
56
|
+
value,
|
|
57
|
+
metadata,
|
|
58
|
+
};
|
|
59
|
+
}
|
|
60
|
+
catch (error) {
|
|
61
|
+
if (error instanceof Error && error.message.includes('ResourceNotFoundException')) {
|
|
62
|
+
throw new Error(`Secret not found: ${secretName}`);
|
|
63
|
+
}
|
|
64
|
+
throw error;
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
/**
|
|
68
|
+
* Check if a secret exists
|
|
69
|
+
*/
|
|
70
|
+
async exists(secretName) {
|
|
71
|
+
try {
|
|
72
|
+
await this.callAWSAPI('DescribeSecret', { SecretId: secretName });
|
|
73
|
+
return true;
|
|
74
|
+
}
|
|
75
|
+
catch (error) {
|
|
76
|
+
if (error instanceof Error && error.message.includes('ResourceNotFoundException')) {
|
|
77
|
+
return false;
|
|
78
|
+
}
|
|
79
|
+
throw error;
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
/**
|
|
83
|
+
* List secrets (returns secret ARNs)
|
|
84
|
+
*/
|
|
85
|
+
async listSecrets() {
|
|
86
|
+
if (!this.initialized) {
|
|
87
|
+
await this.initialize();
|
|
88
|
+
}
|
|
89
|
+
try {
|
|
90
|
+
const result = await this.callAWSAPI('ListSecrets', {});
|
|
91
|
+
const secretList = result.SecretList;
|
|
92
|
+
return secretList?.map((s) => s.Name) || [];
|
|
93
|
+
}
|
|
94
|
+
catch (error) {
|
|
95
|
+
throw new Error(`Failed to list secrets: ${error instanceof Error ? error.message : 'Unknown error'}`);
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
/**
|
|
99
|
+
* Call AWS Secrets Manager API
|
|
100
|
+
*
|
|
101
|
+
* This is a simplified implementation. In production, use @aws-sdk/client-secrets-manager
|
|
102
|
+
*/
|
|
103
|
+
async callAWSAPI(_action, _params) {
|
|
104
|
+
// This is a placeholder - real implementation would use AWS SDK
|
|
105
|
+
// For now, throw an error indicating AWS SDK is needed
|
|
106
|
+
throw new Error(`AWS Secrets Manager integration requires @aws-sdk/client-secrets-manager package. ` +
|
|
107
|
+
`Install it with: npm install @aws-sdk/client-secrets-manager`);
|
|
108
|
+
// Production implementation would use:
|
|
109
|
+
// import { SecretsManagerClient, GetSecretValueCommand } from '@aws-sdk/client-secrets-manager';
|
|
110
|
+
// const client = new SecretsManagerClient({ region: this.config.region, credentials: this.credentials });
|
|
111
|
+
// const command = new GetSecretValueCommand({ SecretId: secretName });
|
|
112
|
+
// const response = await client.send(command);
|
|
113
|
+
}
|
|
114
|
+
async destroy() {
|
|
115
|
+
this.initialized = false;
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
//# sourceMappingURL=aws.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"aws.js","sourceRoot":"","sources":["../../../src/secret-providers/providers/aws.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,MAAM,OAAO,yBAAyB;IAC5B,MAAM,CAAoC;IAC1C,WAAW,GAAG,KAAK,CAAC;IAE5B,YAAY,MAA+B;QACzC,IAAI,CAAC,MAAM,GAAG;YACZ,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW;YAC9D,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,EAAE;YACtE,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,EAAE;YAClF,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,EAAE;YACxE,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,KAAK;SACvC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,0EAA0E;QAC1E,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;YAC5B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;gBAC7D,MAAM,IAAI,KAAK,CACb,0FAA0F,CAC3F,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,UAAkB;QAChC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,CAAC;QAED,IAAI,CAAC;YACH,0CAA0C;YAC1C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,gBAAgB,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,CAAC;YAEjF,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;YACvD,IAAI,KAAuC,CAAC;YAE5C,uBAAuB;YACvB,IAAI,CAAC;gBACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YACnC,CAAC;YAAC,MAAM,CAAC;gBACP,KAAK,GAAG,YAAY,CAAC;YACvB,CAAC;YAED,MAAM,QAAQ,GAA2C,EAAE,CAAC;YAC5D,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBACrB,QAAQ,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC9C,CAAC;YACD,IAAI,MAAM,CAAC,WAAW,IAAI,OAAO,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;gBACjE,QAAQ,CAAC,SAAS,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YACpD,CAAC;YAED,OAAO;gBACL,KAAK;gBACL,QAAQ;aACT,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAC,EAAE,CAAC;gBAClF,MAAM,IAAI,KAAK,CAAC,qBAAqB,UAAU,EAAE,CAAC,CAAC;YACrD,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,UAAkB;QAC7B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,UAAU,CAAC,gBAAgB,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,CAAC;YAClE,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAC,EAAE,CAAC;gBAClF,OAAO,KAAK,CAAC;YACf,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;YACxD,MAAM,UAAU,GAAG,MAAM,CAAC,UAAiD,CAAC;YAC5E,OAAO,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC9C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,2BAA2B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;QACzG,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,UAAU,CAAC,OAAe,EAAE,OAAgC;QACxE,gEAAgE;QAChE,uDAAuD;QACvD,MAAM,IAAI,KAAK,CACb,oFAAoF;YAClF,8DAA8D,CACjE,CAAC;QAEF,uCAAuC;QACvC,iGAAiG;QACjG,0GAA0G;QAC1G,uEAAuE;QACvE,+CAA+C;IACjD,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;IAC3B,CAAC;CACF"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Azure Key Vault Secret Provider
|
|
3
|
+
*
|
|
4
|
+
* Supports service principal and managed identity authentication.
|
|
5
|
+
*/
|
|
6
|
+
import type { SecretProvider, Secret, AzureKeyVaultConfig } from '../types.js';
|
|
7
|
+
export declare class AzureKeyVaultProvider implements SecretProvider {
|
|
8
|
+
private config;
|
|
9
|
+
private accessToken?;
|
|
10
|
+
private tokenExpiresAt?;
|
|
11
|
+
private initialized;
|
|
12
|
+
constructor(config: AzureKeyVaultConfig);
|
|
13
|
+
initialize(): Promise<void>;
|
|
14
|
+
/**
|
|
15
|
+
* Get or refresh access token
|
|
16
|
+
*/
|
|
17
|
+
private refreshAccessToken;
|
|
18
|
+
/**
|
|
19
|
+
* Authenticate using service principal
|
|
20
|
+
*/
|
|
21
|
+
private authenticateWithServicePrincipal;
|
|
22
|
+
/**
|
|
23
|
+
* Authenticate using managed identity
|
|
24
|
+
*/
|
|
25
|
+
private authenticateWithManagedIdentity;
|
|
26
|
+
/**
|
|
27
|
+
* Get a secret from Azure Key Vault
|
|
28
|
+
*/
|
|
29
|
+
getSecret(secretName: string): Promise<Secret>;
|
|
30
|
+
/**
|
|
31
|
+
* Check if a secret exists
|
|
32
|
+
*/
|
|
33
|
+
exists(secretName: string): Promise<boolean>;
|
|
34
|
+
/**
|
|
35
|
+
* List secrets
|
|
36
|
+
*/
|
|
37
|
+
listSecrets(): Promise<string[]>;
|
|
38
|
+
destroy(): Promise<void>;
|
|
39
|
+
}
|
|
40
|
+
//# sourceMappingURL=azure.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"azure.d.ts","sourceRoot":"","sources":["../../../src/secret-providers/providers/azure.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAE/E,qBAAa,qBAAsB,YAAW,cAAc;IAC1D,OAAO,CAAC,MAAM,CAAgC;IAC9C,OAAO,CAAC,WAAW,CAAC,CAAS;IAC7B,OAAO,CAAC,cAAc,CAAC,CAAO;IAC9B,OAAO,CAAC,WAAW,CAAS;gBAEhB,MAAM,EAAE,mBAAmB;IAUjC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAkBjC;;OAEG;YACW,kBAAkB;IAahC;;OAEG;YACW,gCAAgC;IA0B9C;;OAEG;YACW,+BAA+B;IAc7C;;OAEG;IACG,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAqDpD;;OAEG;IACG,MAAM,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAYlD;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IA2BhC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAI/B"}
|