@naturalcycles/nodejs-lib 12.65.3 → 12.67.1

package/dist/bin/secrets-decrypt.js

@@ -6,18 +6,22 @@ const colors_1 = require("../colors");
 const script_1 = require("../script");
 const secrets_decrypt_util_1 = require("../secret/secrets-decrypt.util");
 (0, script_1.runScript)(() => {
-    const { dir, encKey, algorithm, del } = getDecryptCLIOptions();
-    (0, secrets_decrypt_util_1.secretsDecrypt)(dir, encKey, algorithm, del);
+    const { dir, file, encKey, del, jsonMode } = getDecryptCLIOptions();
+    (0, secrets_decrypt_util_1.secretsDecrypt)(dir, file, encKey, del, jsonMode);
 });
 function getDecryptCLIOptions() {
     require('dotenv').config();
-    let { dir, encKey, encKeyVar, algorithm, del } = yargs.options({
+    let { dir, file, encKey, encKeyVar, del, jsonMode } = yargs.options({
         dir: {
             type: 'array',
             desc: 'Directory with secrets. Can be many',
             // demandOption: true,
             default: './secret',
         },
+        file: {
+            type: 'string',
+            desc: 'Single file to decrypt. Useful in jsonMode',
+        },
         encKey: {
             type: 'string',
             desc: 'Encryption key',
@@ -29,14 +33,19 @@ function getDecryptCLIOptions() {
             desc: 'Env variable name to get `encKey` from.',
             default: 'SECRET_ENCRYPTION_KEY',
         },
-        algorithm: {
-            type: 'string',
-            default: 'aes-256-cbc',
-        },
+        // algorithm: {
+        //   type: 'string',
+        //   default: 'aes-256-cbc',
+        // },
         del: {
             type: 'boolean',
             desc: 'Delete source files after encryption/decryption. Be careful!',
         },
+        jsonMode: {
+            type: 'boolean',
+            desc: 'JSON mode. Encrypts only json values, not the whole file',
+            default: false,
+        },
     }).argv;
     if (!encKey) {
         encKey = process.env[encKeyVar];
@@ -48,5 +57,5 @@ function getDecryptCLIOptions() {
         }
     }
     // `as any` because @types/yargs can't handle string[] type properly
-    return { dir: dir, encKey, algorithm, del };
+    return { dir: dir, file, encKey, del, jsonMode };
 }

package/dist/bin/secrets-encrypt.js

@@ -6,12 +6,12 @@ const colors_1 = require("../colors");
 const script_1 = require("../script");
 const secrets_encrypt_util_1 = require("../secret/secrets-encrypt.util");
 (0, script_1.runScript)(() => {
-    const { pattern, encKey, algorithm, del } = getEncryptCLIOptions();
-    (0, secrets_encrypt_util_1.secretsEncrypt)(pattern, encKey, algorithm, del);
+    const { pattern, file, encKey, del, jsonMode } = getEncryptCLIOptions();
+    (0, secrets_encrypt_util_1.secretsEncrypt)(pattern, file, encKey, del, jsonMode);
 });
 function getEncryptCLIOptions() {
     require('dotenv').config();
-    let { pattern, encKey, encKeyVar, algorithm, del } = yargs.options({
+    let { pattern, file, encKey, encKeyVar, del, jsonMode } = yargs.options({
         pattern: {
             type: 'string',
             array: true,
@@ -19,6 +19,10 @@ function getEncryptCLIOptions() {
             // demandOption: true,
             default: './secret/**',
         },
+        file: {
+            type: 'string',
+            desc: 'Single file to decrypt. Useful in jsonMode',
+        },
         encKey: {
             type: 'string',
             desc: 'Encryption key',
@@ -30,13 +34,19 @@ function getEncryptCLIOptions() {
             desc: 'Env variable name to get `encKey` from.',
             default: 'SECRET_ENCRYPTION_KEY',
         },
-        algorithm: {
-            type: 'string',
-            default: 'aes-256-cbc',
-        },
+        // algorithm: {
+        //   type: 'string',
+        //   default: 'aes-256-cbc',
+        // },
         del: {
             type: 'boolean',
             desc: 'Delete source files after encryption/decryption. Be careful!',
+            default: false,
+        },
+        jsonMode: {
+            type: 'boolean',
+            desc: 'JSON mode. Encrypts only json values, not the whole file',
+            default: false,
         },
     }).argv;
     if (!encKey) {
@@ -49,5 +59,5 @@ function getEncryptCLIOptions() {
         }
     }
     // `as any` because @types/yargs can't handle string[] type properly
-    return { pattern: pattern, encKey, algorithm, del };
+    return { pattern: pattern, file, encKey, del, jsonMode };
 }

package/dist/index.js

@@ -11,23 +11,23 @@ const buffer_util_1 = require("./buffer/buffer.util");
 Object.defineProperty(exports, "_chunkBuffer", { enumerable: true, get: function () { return buffer_util_1._chunkBuffer; } });
 const tableDiff_1 = require("./diff/tableDiff");
 Object.defineProperty(exports, "tableDiff", { enumerable: true, get: function () { return tableDiff_1.tableDiff; } });
-(0, tslib_1.__exportStar)(require("./got/getGot"), exports);
-(0, tslib_1.__exportStar)(require("./infra/process.util"), exports);
+tslib_1.__exportStar(require("./got/getGot"), exports);
+tslib_1.__exportStar(require("./infra/process.util"), exports);
 const debug_1 = require("./log/debug");
 Object.defineProperty(exports, "Debug", { enumerable: true, get: function () { return debug_1.Debug; } });
-(0, tslib_1.__exportStar)(require("./security/hash.util"), exports);
-(0, tslib_1.__exportStar)(require("./security/id.util"), exports);
-(0, tslib_1.__exportStar)(require("./security/secret.util"), exports);
-(0, tslib_1.__exportStar)(require("./colors/colors"), exports);
-(0, tslib_1.__exportStar)(require("./log/log.util"), exports);
+tslib_1.__exportStar(require("./security/hash.util"), exports);
+tslib_1.__exportStar(require("./security/id.util"), exports);
+tslib_1.__exportStar(require("./security/secret.util"), exports);
+tslib_1.__exportStar(require("./colors/colors"), exports);
+tslib_1.__exportStar(require("./log/log.util"), exports);
 const slack_service_1 = require("./slack/slack.service");
 Object.defineProperty(exports, "slackDefaultMessagePrefixHook", { enumerable: true, get: function () { return slack_service_1.slackDefaultMessagePrefixHook; } });
 Object.defineProperty(exports, "SlackService", { enumerable: true, get: function () { return slack_service_1.SlackService; } });
 const ndjson_model_1 = require("./stream/ndjson/ndjson.model");
 Object.defineProperty(exports, "NDJsonStats", { enumerable: true, get: function () { return ndjson_model_1.NDJsonStats; } });
-(0, tslib_1.__exportStar)(require("./stream/ndjson/ndJsonFileRead"), exports);
-(0, tslib_1.__exportStar)(require("./stream/ndjson/ndJsonFileWrite"), exports);
-(0, tslib_1.__exportStar)(require("./stream/ndjson/ndjsonMap"), exports);
+tslib_1.__exportStar(require("./stream/ndjson/ndJsonFileRead"), exports);
+tslib_1.__exportStar(require("./stream/ndjson/ndJsonFileWrite"), exports);
+tslib_1.__exportStar(require("./stream/ndjson/ndjsonMap"), exports);
 const ndjsonStreamForEach_1 = require("./stream/ndjson/ndjsonStreamForEach");
 Object.defineProperty(exports, "ndjsonStreamForEach", { enumerable: true, get: function () { return ndjsonStreamForEach_1.ndjsonStreamForEach; } });
 const pipelineFromNDJsonFile_1 = require("./stream/ndjson/pipelineFromNDJsonFile");
@@ -41,41 +41,41 @@ Object.defineProperty(exports, "bufferReviver", { enumerable: true, get: functio
 Object.defineProperty(exports, "transformJsonParse", { enumerable: true, get: function () { return transformJsonParse_1.transformJsonParse; } });
 const transformToNDJson_1 = require("./stream/ndjson/transformToNDJson");
 Object.defineProperty(exports, "transformToNDJson", { enumerable: true, get: function () { return transformToNDJson_1.transformToNDJson; } });
-(0, tslib_1.__exportStar)(require("./stream/pipeline/pipeline"), exports);
-(0, tslib_1.__exportStar)(require("./stream/readable/readableCreate"), exports);
-(0, tslib_1.__exportStar)(require("./stream/readable/readableForEach"), exports);
-(0, tslib_1.__exportStar)(require("./stream/readable/readableFromArray"), exports);
-(0, tslib_1.__exportStar)(require("./stream/readable/readableMap"), exports);
-(0, tslib_1.__exportStar)(require("./stream/readable/readableMapToArray"), exports);
-(0, tslib_1.__exportStar)(require("./stream/readable/readableToArray"), exports);
-(0, tslib_1.__exportStar)(require("./stream/transform/transformBuffer"), exports);
-(0, tslib_1.__exportStar)(require("./stream/transform/transformFilter"), exports);
-(0, tslib_1.__exportStar)(require("./stream/transform/transformLimit"), exports);
-(0, tslib_1.__exportStar)(require("./stream/transform/transformLogProgress"), exports);
+tslib_1.__exportStar(require("./stream/pipeline/pipeline"), exports);
+tslib_1.__exportStar(require("./stream/readable/readableCreate"), exports);
+tslib_1.__exportStar(require("./stream/readable/readableForEach"), exports);
+tslib_1.__exportStar(require("./stream/readable/readableFromArray"), exports);
+tslib_1.__exportStar(require("./stream/readable/readableMap"), exports);
+tslib_1.__exportStar(require("./stream/readable/readableMapToArray"), exports);
+tslib_1.__exportStar(require("./stream/readable/readableToArray"), exports);
+tslib_1.__exportStar(require("./stream/transform/transformBuffer"), exports);
+tslib_1.__exportStar(require("./stream/transform/transformFilter"), exports);
+tslib_1.__exportStar(require("./stream/transform/transformLimit"), exports);
+tslib_1.__exportStar(require("./stream/transform/transformLogProgress"), exports);
 const transformMap_1 = require("./stream/transform/transformMap");
 Object.defineProperty(exports, "transformMap", { enumerable: true, get: function () { return transformMap_1.transformMap; } });
-(0, tslib_1.__exportStar)(require("./stream/transform/transformMapSimple"), exports);
-(0, tslib_1.__exportStar)(require("./stream/transform/transformNoOp"), exports);
+tslib_1.__exportStar(require("./stream/transform/transformMapSimple"), exports);
+tslib_1.__exportStar(require("./stream/transform/transformNoOp"), exports);
 const transformMapSync_1 = require("./stream/transform/transformMapSync");
 Object.defineProperty(exports, "transformMapSync", { enumerable: true, get: function () { return transformMapSync_1.transformMapSync; } });
-(0, tslib_1.__exportStar)(require("./stream/transform/transformSplit"), exports);
-(0, tslib_1.__exportStar)(require("./stream/transform/transformTap"), exports);
-(0, tslib_1.__exportStar)(require("./stream/transform/transformToArray"), exports);
-(0, tslib_1.__exportStar)(require("./stream/transform/transformToString"), exports);
+tslib_1.__exportStar(require("./stream/transform/transformSplit"), exports);
+tslib_1.__exportStar(require("./stream/transform/transformTap"), exports);
+tslib_1.__exportStar(require("./stream/transform/transformToArray"), exports);
+tslib_1.__exportStar(require("./stream/transform/transformToString"), exports);
 const baseWorkerClass_1 = require("./stream/transform/worker/baseWorkerClass");
 Object.defineProperty(exports, "BaseWorkerClass", { enumerable: true, get: function () { return baseWorkerClass_1.BaseWorkerClass; } });
 const transformMultiThreaded_1 = require("./stream/transform/worker/transformMultiThreaded");
 Object.defineProperty(exports, "transformMultiThreaded", { enumerable: true, get: function () { return transformMultiThreaded_1.transformMultiThreaded; } });
-(0, tslib_1.__exportStar)(require("./stream/writable/writableForEach"), exports);
-(0, tslib_1.__exportStar)(require("./stream/writable/writableFork"), exports);
-(0, tslib_1.__exportStar)(require("./stream/writable/writablePushToArray"), exports);
-(0, tslib_1.__exportStar)(require("./stream/writable/writableVoid"), exports);
+tslib_1.__exportStar(require("./stream/writable/writableForEach"), exports);
+tslib_1.__exportStar(require("./stream/writable/writableFork"), exports);
+tslib_1.__exportStar(require("./stream/writable/writablePushToArray"), exports);
+tslib_1.__exportStar(require("./stream/writable/writableVoid"), exports);
 const inspectAny_1 = require("./string/inspectAny");
 Object.defineProperty(exports, "inspectAny", { enumerable: true, get: function () { return inspectAny_1.inspectAny; } });
 Object.defineProperty(exports, "inspectAnyStringifyFn", { enumerable: true, get: function () { return inspectAny_1.inspectAnyStringifyFn; } });
-(0, tslib_1.__exportStar)(require("./util/env.util"), exports);
-(0, tslib_1.__exportStar)(require("./util/lruMemoCache"), exports);
-(0, tslib_1.__exportStar)(require("./util/zip.util"), exports);
+tslib_1.__exportStar(require("./util/env.util"), exports);
+tslib_1.__exportStar(require("./util/lruMemoCache"), exports);
+tslib_1.__exportStar(require("./util/zip.util"), exports);
 const ajv_util_1 = require("./validation/ajv/ajv.util");
 Object.defineProperty(exports, "readAjvSchemas", { enumerable: true, get: function () { return ajv_util_1.readAjvSchemas; } });
 Object.defineProperty(exports, "readJsonSchemas", { enumerable: true, get: function () { return ajv_util_1.readJsonSchemas; } });
@@ -83,10 +83,10 @@ const ajvSchema_1 = require("./validation/ajv/ajvSchema");
 Object.defineProperty(exports, "AjvSchema", { enumerable: true, get: function () { return ajvSchema_1.AjvSchema; } });
 const ajvValidationError_1 = require("./validation/ajv/ajvValidationError");
 Object.defineProperty(exports, "AjvValidationError", { enumerable: true, get: function () { return ajvValidationError_1.AjvValidationError; } });
-(0, tslib_1.__exportStar)(require("./validation/ajv/getAjv"), exports);
+tslib_1.__exportStar(require("./validation/ajv/getAjv"), exports);
 const joi_extensions_1 = require("./validation/joi/joi.extensions");
 Object.defineProperty(exports, "Joi", { enumerable: true, get: function () { return joi_extensions_1.Joi; } });
-(0, tslib_1.__exportStar)(require("./validation/joi/joi.shared.schemas"), exports);
+tslib_1.__exportStar(require("./validation/joi/joi.shared.schemas"), exports);
 const joi_validation_error_1 = require("./validation/joi/joi.validation.error");
 Object.defineProperty(exports, "JoiValidationError", { enumerable: true, get: function () { return joi_validation_error_1.JoiValidationError; } });
 const joi_validation_util_1 = require("./validation/joi/joi.validation.util");

package/dist/secret/secrets-decrypt.util.d.ts

@@ -1,11 +1,12 @@
 export interface DecryptCLIOptions {
     dir: string[];
+    file?: string;
     encKey: string;
-    algorithm?: string;
     del?: boolean;
+    jsonMode?: boolean;
 }
 /**
  * Decrypts all files in given directory (*.enc), saves decrypted versions without ending `.enc`.
  * Using provided encKey.
  */
-export declare function secretsDecrypt(dir: string[], encKey: string, algorithm?: string, del?: boolean): void;
+export declare function secretsDecrypt(dir: string[], file: string | undefined, encKey: string, del?: boolean, jsonMode?: boolean): void;

package/dist/secret/secrets-decrypt.util.js

@@ -2,22 +2,40 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.secretsDecrypt = void 0;
 const path = require("path");
+const js_lib_1 = require("@naturalcycles/js-lib");
 const fs = require("fs-extra");
 const globby = require("globby");
 const colors_1 = require("../colors");
 const crypto_util_1 = require("../security/crypto.util");
+// Debug it like this:
+// yarn tsn ./src/bin/secrets-decrypt.ts --file ./src/test/secrets2.json --jsonMode --encKey MPd/30v0Zcce4I5mfwF4NSXrpTYD9OO4/fIqw6rjNiWp2b1GN9Xm8nQZqr7c9kKSsATqtwe0HkJFDUGzDSow44GDgDICgB1u1rGa5eNqtxnOVGRR+lIinCvN/1OnpjzeoJy2bStXPj1DKx8anMqgA8SoOZdlWRNSkEeZlolru8Ey0ujZo22dfwMyRIEniLcqvBm/iMiAkV82fn/TxYw05GarAoJcrfPeDBvuOXsARnMCyX18qTFL0iojxeTU8JHxr8TX3eXDq9cJJmridEKlwRIAzADwtetI4ttlP8lwJj1pmgsBIN3iqYssZYCkZ3HMV6BoEc7LTI5z/45rKrAT1A==
+// yarn tsn ./src/bin/secrets-encrypt.ts --file ./src/test/secrets2.plain.json --jsonMode --encKey MPd/30v0Zcce4I5mfwF4NSXrpTYD9OO4/fIqw6rjNiWp2b1GN9Xm8nQZqr7c9kKSsATqtwe0HkJFDUGzDSow44GDgDICgB1u1rGa5eNqtxnOVGRR+lIinCvN/1OnpjzeoJy2bStXPj1DKx8anMqgA8SoOZdlWRNSkEeZlolru8Ey0ujZo22dfwMyRIEniLcqvBm/iMiAkV82fn/TxYw05GarAoJcrfPeDBvuOXsARnMCyX18qTFL0iojxeTU8JHxr8TX3eXDq9cJJmridEKlwRIAzADwtetI4ttlP8lwJj1pmgsBIN3iqYssZYCkZ3HMV6BoEc7LTI5z/45rKrAT1A==
 /**
  * Decrypts all files in given directory (*.enc), saves decrypted versions without ending `.enc`.
  * Using provided encKey.
  */
-function secretsDecrypt(dir, encKey, algorithm, del) {
-    const patterns = dir.map(d => `${d}/**/*.enc`);
+function secretsDecrypt(dir, file, encKey, del = false, jsonMode = false) {
+    // If `file` is provided - only this one file is used
+    const patterns = file ? [file] : dir.map(d => `${d}/**/*.enc`);
     const filenames = globby.sync(patterns);
     filenames.forEach(filename => {
-        const enc = fs.readFileSync(filename);
-        const plain = (0, crypto_util_1.decryptRandomIVBuffer)(enc, encKey, algorithm);
-        const plainFilename = filename.slice(0, filename.length - '.enc'.length);
-        fs.writeFileSync(plainFilename, plain);
+        let plainFilename;
+        if (jsonMode) {
+            (0, js_lib_1._assert)(filename.endsWith('.json'), `${path.basename(filename)} MUST end with '.json'`);
+            (0, js_lib_1._assert)(!filename.endsWith('.plain.json'), `${path.basename(filename)} MUST NOT end with '.plain.json'`);
+            plainFilename = filename.replace('.json', '.plain.json');
+            const json = JSON.parse(fs.readFileSync(filename, 'utf8'));
+            (0, js_lib_1._stringMapEntries)(json).forEach(([k, v]) => {
+                json[k] = (0, crypto_util_1.decryptString)(v, encKey);
+            });
+            fs.writeFileSync(plainFilename, JSON.stringify(json, null, 2));
+        }
+        else {
+            const enc = fs.readFileSync(filename);
+            const plain = (0, crypto_util_1.decryptRandomIVBuffer)(enc, encKey);
+            plainFilename = filename.slice(0, filename.length - '.enc'.length);
+            fs.writeFileSync(plainFilename, plain);
+        }
         if (del) {
             fs.unlinkSync(filename);
         }

package/dist/secret/secrets-encrypt.util.d.ts

@@ -1,11 +1,12 @@
 export interface EncryptCLIOptions {
     pattern: string[];
+    file?: string;
     encKey: string;
-    algorithm?: string;
     del?: boolean;
+    jsonMode?: boolean;
 }
 /**
  * Encrypts all files in given directory (except *.enc), saves encrypted versions as filename.ext.enc.
  * Using provided encKey.
  */
-export declare function secretsEncrypt(pattern: string[], encKey: string, algorithm?: string, del?: boolean): void;
+export declare function secretsEncrypt(pattern: string[], file: string | undefined, encKey: string, del?: boolean, jsonMode?: boolean): void;

package/dist/secret/secrets-encrypt.util.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.secretsEncrypt = void 0;
 const path = require("path");
+const js_lib_1 = require("@naturalcycles/js-lib");
 const fs = require("fs-extra");
 const globby = require("globby");
 const colors_1 = require("../colors");
@@ -10,17 +11,31 @@ const crypto_util_1 = require("../security/crypto.util");
  * Encrypts all files in given directory (except *.enc), saves encrypted versions as filename.ext.enc.
  * Using provided encKey.
  */
-function secretsEncrypt(pattern, encKey, algorithm, del) {
-    const patterns = [
-        ...pattern,
-        `!**/*.enc`, // excluding already encoded
-    ];
+function secretsEncrypt(pattern, file, encKey, del = false, jsonMode = false) {
+    const patterns = file
+        ? [file]
+        : [
+            ...pattern,
+            `!**/*.enc`, // excluding already encoded
+        ];
     const filenames = globby.sync(patterns);
+    let encFilename;
     filenames.forEach(filename => {
-        const plain = fs.readFileSync(filename);
-        const enc = (0, crypto_util_1.encryptRandomIVBuffer)(plain, encKey, algorithm);
-        const encFilename = `${filename}.enc`;
-        fs.writeFileSync(encFilename, enc);
+        if (jsonMode) {
+            (0, js_lib_1._assert)(filename.endsWith('.plain.json'), `${path.basename(filename)} MUST end with '.plain.json'`);
+            encFilename = filename.replace('.plain', '');
+            const json = JSON.parse(fs.readFileSync(filename, 'utf8'));
+            (0, js_lib_1._stringMapEntries)(json).forEach(([k, plain]) => {
+                json[k] = (0, crypto_util_1.encryptString)(plain, encKey);
+            });
+            fs.writeFileSync(encFilename, JSON.stringify(json, null, 2));
+        }
+        else {
+            const plain = fs.readFileSync(filename);
+            const enc = (0, crypto_util_1.encryptRandomIVBuffer)(plain, encKey);
+            encFilename = `${filename}.enc`;
+            fs.writeFileSync(encFilename, enc);
+        }
         if (del) {
             fs.unlinkSync(filename);
         }

package/dist/security/crypto.util.d.ts

@@ -1,3 +1,17 @@
 /// <reference types="node" />
-export declare function encryptRandomIVBuffer(input: Buffer, secretKeyBase64: string, algorithm?: string): Buffer;
-export declare function decryptRandomIVBuffer(input: Buffer, secretKeyBase64: string, algorithm?: string): Buffer;
+/**
+ * Using aes-256-cbc
+ */
+export declare function encryptRandomIVBuffer(input: Buffer, secretKeyBase64: string): Buffer;
+/**
+ * Using aes-256-cbc
+ */
+export declare function decryptRandomIVBuffer(input: Buffer, secretKeyBase64: string): Buffer;
+/**
+ * Using aes-256-cbc
+ */
+export declare function decryptString(str: string, secretKey: string): string;
+/**
+ * Using aes-256-cbc
+ */
+export declare function encryptString(str: string, secretKey: string): string;

package/dist/security/crypto.util.js

@@ -1,14 +1,13 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.decryptRandomIVBuffer = exports.encryptRandomIVBuffer = void 0;
+exports.encryptString = exports.decryptString = exports.decryptRandomIVBuffer = exports.encryptRandomIVBuffer = void 0;
 const crypto = require("crypto");
 const hash_util_1 = require("./hash.util");
-// const randomBytes = promisify(crypto.randomBytes)
-function aes256Key(secretKeyBase64) {
-    // md5 to match aes-256 key length of 32 bytes
-    return (0, hash_util_1.md5)(Buffer.from(secretKeyBase64, 'base64'));
-}
-function encryptRandomIVBuffer(input, secretKeyBase64, algorithm = 'aes-256-cbc') {
+const algorithm = 'aes-256-cbc';
+/**
+ * Using aes-256-cbc
+ */
+function encryptRandomIVBuffer(input, secretKeyBase64) {
     const key = aes256Key(secretKeyBase64);
     // Random iv to achieve non-deterministic encryption (but deterministic decryption)
     // const iv = await randomBytes(16)
@@ -17,7 +16,10 @@ function encryptRandomIVBuffer(input, secretKeyBase64, algorithm = 'aes-256-cbc'
     return Buffer.concat([iv, cipher.update(input), cipher.final()]);
 }
 exports.encryptRandomIVBuffer = encryptRandomIVBuffer;
-function decryptRandomIVBuffer(input, secretKeyBase64, algorithm = 'aes-256-cbc') {
+/**
+ * Using aes-256-cbc
+ */
+function decryptRandomIVBuffer(input, secretKeyBase64) {
     const key = aes256Key(secretKeyBase64);
     // iv is first 16 bytes of encrypted buffer, the rest is payload
     const iv = input.slice(0, 16);
@@ -26,3 +28,32 @@ function decryptRandomIVBuffer(input, secretKeyBase64, algorithm = 'aes-256-cbc'
     return Buffer.concat([decipher.update(payload), decipher.final()]);
 }
 exports.decryptRandomIVBuffer = decryptRandomIVBuffer;
+/**
+ * Using aes-256-cbc
+ */
+function decryptString(str, secretKey) {
+    const { algorithm, key, iv } = getCryptoParams(secretKey);
+    const decipher = crypto.createDecipheriv(algorithm, key, iv);
+    let decrypted = decipher.update(str, 'base64', 'utf8');
+    return (decrypted += decipher.final('utf8'));
+}
+exports.decryptString = decryptString;
+/**
+ * Using aes-256-cbc
+ */
+function encryptString(str, secretKey) {
+    const { algorithm, key, iv } = getCryptoParams(secretKey);
+    const cipher = crypto.createCipheriv(algorithm, key, iv);
+    let encrypted = cipher.update(str, 'utf8', 'base64');
+    return (encrypted += cipher.final('base64'));
+}
+exports.encryptString = encryptString;
+function getCryptoParams(secretKey) {
+    const key = (0, hash_util_1.md5)(secretKey);
+    const iv = (0, hash_util_1.md5)(secretKey + key).slice(0, 16);
+    return { algorithm, key, iv };
+}
+function aes256Key(secretKeyBase64) {
+    // md5 to match aes-256 key length of 32 bytes
+    return (0, hash_util_1.md5)(Buffer.from(secretKeyBase64, 'base64'));
+}

package/dist/security/secret.util.d.ts

@@ -14,8 +14,16 @@ export declare function removeSecretsFromEnv(): void;
  * Does NOT delete previous secrets from secretMap.
  *
  * If SECRET_ENCRYPTION_KEY argument is passed - will decrypt the contents of the file first, before parsing it as JSON.
+ *
+ * Whole file is encrypted.
+ * For "json-values encrypted" style - use `loadSecretsFromEncryptedJsonFileValues`
+ */
+export declare function loadSecretsFromEncryptedJsonFile(filePath: string, secretEncryptionKey?: string): void;
+/**
+ * Whole file is NOT encrypted, but instead individual json values ARE encrypted..
+ * For whole-file encryption - use `loadSecretsFromEncryptedJsonFile`
  */
-export declare function loadSecretsFromJsonFile(filePath: string, SECRET_ENCRYPTION_KEY?: string): void;
+export declare function loadSecretsFromEncryptedJsonFileValues(filePath: string, secretEncryptionKey?: string): void;
 /**
  * json secrets are always base64'd
  */

package/dist/security/secret.util.js

@@ -1,7 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.setSecretMap = exports.getSecretMap = exports.secretOptional = exports.secret = exports.loadSecretsFromJsonFile = exports.removeSecretsFromEnv = exports.loadSecretsFromEnv = void 0;
+exports.setSecretMap = exports.getSecretMap = exports.secretOptional = exports.secret = exports.loadSecretsFromEncryptedJsonFileValues = exports.loadSecretsFromEncryptedJsonFile = exports.removeSecretsFromEnv = exports.loadSecretsFromEnv = void 0;
 const fs = require("fs");
+const js_lib_1 = require("@naturalcycles/js-lib");
 const __1 = require("..");
 const crypto_util_1 = require("./crypto.util");
 let loaded = false;
@@ -39,16 +40,17 @@ exports.removeSecretsFromEnv = removeSecretsFromEnv;
  * Does NOT delete previous secrets from secretMap.
  *
  * If SECRET_ENCRYPTION_KEY argument is passed - will decrypt the contents of the file first, before parsing it as JSON.
+ *
+ * Whole file is encrypted.
+ * For "json-values encrypted" style - use `loadSecretsFromEncryptedJsonFileValues`
  */
 // eslint-disable-next-line @typescript-eslint/naming-convention
-function loadSecretsFromJsonFile(filePath, SECRET_ENCRYPTION_KEY) {
-    if (!fs.existsSync(filePath)) {
-        throw new Error(`loadSecretsFromPlainJsonFile() cannot load from path: ${filePath}`);
-    }
+function loadSecretsFromEncryptedJsonFile(filePath, secretEncryptionKey) {
+    (0, js_lib_1._assert)(fs.existsSync(filePath), `loadSecretsFromEncryptedJsonFile() cannot load from path: ${filePath}`);
     let secrets;
-    if (SECRET_ENCRYPTION_KEY) {
+    if (secretEncryptionKey) {
         const buf = fs.readFileSync(filePath);
-        const plain = (0, crypto_util_1.decryptRandomIVBuffer)(buf, SECRET_ENCRYPTION_KEY).toString('utf8');
+        const plain = (0, crypto_util_1.decryptRandomIVBuffer)(buf, secretEncryptionKey).toString('utf8');
         secrets = JSON.parse(plain);
     }
     else {
@@ -60,7 +62,26 @@ function loadSecretsFromJsonFile(filePath, SECRET_ENCRYPTION_KEY) {
         .map(s => s.toUpperCase())
         .join(', ')}`);
 }
-exports.loadSecretsFromJsonFile = loadSecretsFromJsonFile;
+exports.loadSecretsFromEncryptedJsonFile = loadSecretsFromEncryptedJsonFile;
+/**
+ * Whole file is NOT encrypted, but instead individual json values ARE encrypted..
+ * For whole-file encryption - use `loadSecretsFromEncryptedJsonFile`
+ */
+function loadSecretsFromEncryptedJsonFileValues(filePath, secretEncryptionKey) {
+    (0, js_lib_1._assert)(fs.existsSync(filePath), `loadSecretsFromEncryptedJsonFileValues() cannot load from path: ${filePath}`);
+    const secrets = JSON.parse(fs.readFileSync(filePath, 'utf8'));
+    if (secretEncryptionKey) {
+        (0, js_lib_1._stringMapEntries)(secrets).forEach(([k, enc]) => {
+            secrets[k] = (0, crypto_util_1.decryptString)(enc, secretEncryptionKey);
+        });
+    }
+    Object.entries(secrets).forEach(([k, v]) => (secretMap[k.toUpperCase()] = v));
+    loaded = true;
+    console.log(`${Object.keys(secrets).length} secret(s) loaded from ${filePath}: ${Object.keys(secrets)
+        .map(s => s.toUpperCase())
+        .join(', ')}`);
+}
+exports.loadSecretsFromEncryptedJsonFileValues = loadSecretsFromEncryptedJsonFileValues;
 /**
  * json secrets are always base64'd
  */

package/dist/util/lruMemoCache.d.ts

@@ -1,7 +1,6 @@
 import { MemoCache } from '@naturalcycles/js-lib';
 import LRUCache = require('lru-cache');
-export interface LRUMemoCacheOptions<KEY, VALUE> extends Partial<LRUCache.Options<KEY, VALUE>> {
-}
+export declare type LRUMemoCacheOptions<KEY, VALUE> = Partial<LRUCache.Options<KEY, VALUE>>;
 /**
  * @example
  * Use it like this:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@naturalcycles/nodejs-lib",
-  "version": "12.65.3",
+  "version": "12.67.1",
   "scripts": {
     "prepare": "husky install",
     "docs-serve": "vuepress dev docs",

package/src/bin/secrets-decrypt.ts

@@ -6,21 +6,25 @@ import { runScript } from '../script'
 import { DecryptCLIOptions, secretsDecrypt } from '../secret/secrets-decrypt.util'
 
 runScript(() => {
-  const { dir, encKey, algorithm, del } = getDecryptCLIOptions()
+  const { dir, file, encKey, del, jsonMode } = getDecryptCLIOptions()
 
-  secretsDecrypt(dir, encKey, algorithm, del)
+  secretsDecrypt(dir, file, encKey, del, jsonMode)
 })
 
 function getDecryptCLIOptions(): DecryptCLIOptions {
   require('dotenv').config()
 
-  let { dir, encKey, encKeyVar, algorithm, del } = yargs.options({
+  let { dir, file, encKey, encKeyVar, del, jsonMode } = yargs.options({
     dir: {
       type: 'array',
       desc: 'Directory with secrets. Can be many',
       // demandOption: true,
       default: './secret',
     },
+    file: {
+      type: 'string',
+      desc: 'Single file to decrypt. Useful in jsonMode',
+    },
     encKey: {
       type: 'string',
       desc: 'Encryption key',
@@ -32,14 +36,19 @@ function getDecryptCLIOptions(): DecryptCLIOptions {
       desc: 'Env variable name to get `encKey` from.',
       default: 'SECRET_ENCRYPTION_KEY',
     },
-    algorithm: {
-      type: 'string',
-      default: 'aes-256-cbc',
-    },
+    // algorithm: {
+    //   type: 'string',
+    //   default: 'aes-256-cbc',
+    // },
     del: {
       type: 'boolean',
       desc: 'Delete source files after encryption/decryption. Be careful!',
     },
+    jsonMode: {
+      type: 'boolean',
+      desc: 'JSON mode. Encrypts only json values, not the whole file',
+      default: false,
+    },
   }).argv
 
   if (!encKey) {
@@ -55,5 +64,5 @@ function getDecryptCLIOptions(): DecryptCLIOptions {
   }
 
   // `as any` because @types/yargs can't handle string[] type properly
-  return { dir: dir as any, encKey, algorithm, del }
+  return { dir: dir as any, file, encKey, del, jsonMode }
 }

package/src/bin/secrets-encrypt.ts

@@ -6,15 +6,15 @@ import { runScript } from '../script'
 import { EncryptCLIOptions, secretsEncrypt } from '../secret/secrets-encrypt.util'
 
 runScript(() => {
-  const { pattern, encKey, algorithm, del } = getEncryptCLIOptions()
+  const { pattern, file, encKey, del, jsonMode } = getEncryptCLIOptions()
 
-  secretsEncrypt(pattern, encKey, algorithm, del)
+  secretsEncrypt(pattern, file, encKey, del, jsonMode)
 })
 
 function getEncryptCLIOptions(): EncryptCLIOptions {
   require('dotenv').config()
 
-  let { pattern, encKey, encKeyVar, algorithm, del } = yargs.options({
+  let { pattern, file, encKey, encKeyVar, del, jsonMode } = yargs.options({
     pattern: {
       type: 'string',
       array: true,
@@ -22,6 +22,10 @@ function getEncryptCLIOptions(): EncryptCLIOptions {
       // demandOption: true,
       default: './secret/**',
     },
+    file: {
+      type: 'string',
+      desc: 'Single file to decrypt. Useful in jsonMode',
+    },
     encKey: {
       type: 'string',
       desc: 'Encryption key',
@@ -33,13 +37,19 @@ function getEncryptCLIOptions(): EncryptCLIOptions {
       desc: 'Env variable name to get `encKey` from.',
       default: 'SECRET_ENCRYPTION_KEY',
     },
-    algorithm: {
-      type: 'string',
-      default: 'aes-256-cbc',
-    },
+    // algorithm: {
+    //   type: 'string',
+    //   default: 'aes-256-cbc',
+    // },
     del: {
       type: 'boolean',
       desc: 'Delete source files after encryption/decryption. Be careful!',
+      default: false,
+    },
+    jsonMode: {
+      type: 'boolean',
+      desc: 'JSON mode. Encrypts only json values, not the whole file',
+      default: false,
     },
   }).argv
 
@@ -56,5 +66,5 @@ function getEncryptCLIOptions(): EncryptCLIOptions {
   }
 
   // `as any` because @types/yargs can't handle string[] type properly
-  return { pattern: pattern as any, encKey, algorithm, del }
+  return { pattern: pattern as any, file, encKey, del, jsonMode }
 }

package/src/secret/secrets-decrypt.util.ts

@@ -1,36 +1,61 @@
 import * as path from 'path'
+import { _assert, _stringMapEntries, StringMap } from '@naturalcycles/js-lib'
 import * as fs from 'fs-extra'
 import globby = require('globby')
 import { dimGrey, yellow } from '../colors'
-import { decryptRandomIVBuffer } from '../security/crypto.util'
+import { decryptRandomIVBuffer, decryptString } from '../security/crypto.util'
 
 export interface DecryptCLIOptions {
   dir: string[]
+  file?: string
   encKey: string
-  algorithm?: string
   del?: boolean
+  jsonMode?: boolean
 }
 
+// Debug it like this:
+// yarn tsn ./src/bin/secrets-decrypt.ts --file ./src/test/secrets2.json --jsonMode --encKey MPd/30v0Zcce4I5mfwF4NSXrpTYD9OO4/fIqw6rjNiWp2b1GN9Xm8nQZqr7c9kKSsATqtwe0HkJFDUGzDSow44GDgDICgB1u1rGa5eNqtxnOVGRR+lIinCvN/1OnpjzeoJy2bStXPj1DKx8anMqgA8SoOZdlWRNSkEeZlolru8Ey0ujZo22dfwMyRIEniLcqvBm/iMiAkV82fn/TxYw05GarAoJcrfPeDBvuOXsARnMCyX18qTFL0iojxeTU8JHxr8TX3eXDq9cJJmridEKlwRIAzADwtetI4ttlP8lwJj1pmgsBIN3iqYssZYCkZ3HMV6BoEc7LTI5z/45rKrAT1A==
+// yarn tsn ./src/bin/secrets-encrypt.ts --file ./src/test/secrets2.plain.json --jsonMode --encKey MPd/30v0Zcce4I5mfwF4NSXrpTYD9OO4/fIqw6rjNiWp2b1GN9Xm8nQZqr7c9kKSsATqtwe0HkJFDUGzDSow44GDgDICgB1u1rGa5eNqtxnOVGRR+lIinCvN/1OnpjzeoJy2bStXPj1DKx8anMqgA8SoOZdlWRNSkEeZlolru8Ey0ujZo22dfwMyRIEniLcqvBm/iMiAkV82fn/TxYw05GarAoJcrfPeDBvuOXsARnMCyX18qTFL0iojxeTU8JHxr8TX3eXDq9cJJmridEKlwRIAzADwtetI4ttlP8lwJj1pmgsBIN3iqYssZYCkZ3HMV6BoEc7LTI5z/45rKrAT1A==
+
 /**
  * Decrypts all files in given directory (*.enc), saves decrypted versions without ending `.enc`.
  * Using provided encKey.
  */
 export function secretsDecrypt(
   dir: string[],
+  file: string | undefined,
   encKey: string,
-  algorithm?: string,
-  del?: boolean,
+  del = false,
+  jsonMode = false,
 ): void {
-  const patterns = dir.map(d => `${d}/**/*.enc`)
+  // If `file` is provided - only this one file is used
+  const patterns = file ? [file] : dir.map(d => `${d}/**/*.enc`)
 
   const filenames = globby.sync(patterns)
 
   filenames.forEach(filename => {
-    const enc = fs.readFileSync(filename)
-    const plain = decryptRandomIVBuffer(enc, encKey, algorithm)
+    let plainFilename
+
+    if (jsonMode) {
+      _assert(filename.endsWith('.json'), `${path.basename(filename)} MUST end with '.json'`)
+      _assert(
+        !filename.endsWith('.plain.json'),
+        `${path.basename(filename)} MUST NOT end with '.plain.json'`,
+      )
+      plainFilename = filename.replace('.json', '.plain.json')
 
-    const plainFilename = filename.slice(0, filename.length - '.enc'.length)
-    fs.writeFileSync(plainFilename, plain)
+      const json: StringMap = JSON.parse(fs.readFileSync(filename, 'utf8'))
+      _stringMapEntries(json).forEach(([k, v]) => {
+        json[k] = decryptString(v, encKey)
+      })
+
+      fs.writeFileSync(plainFilename, JSON.stringify(json, null, 2))
+    } else {
+      const enc = fs.readFileSync(filename)
+      const plain = decryptRandomIVBuffer(enc, encKey)
+      plainFilename = filename.slice(0, filename.length - '.enc'.length)
+      fs.writeFileSync(plainFilename, plain)
+    }
 
     if (del) {
       fs.unlinkSync(filename)

package/src/secret/secrets-encrypt.util.ts

@@ -1,14 +1,16 @@
 import * as path from 'path'
+import { _assert, _stringMapEntries, StringMap } from '@naturalcycles/js-lib'
 import * as fs from 'fs-extra'
 import globby = require('globby')
 import { dimGrey, yellow } from '../colors'
-import { encryptRandomIVBuffer } from '../security/crypto.util'
+import { encryptRandomIVBuffer, encryptString } from '../security/crypto.util'
 
 export interface EncryptCLIOptions {
   pattern: string[]
+  file?: string
   encKey: string
-  algorithm?: string
   del?: boolean
+  jsonMode?: boolean
 }
 
 /**
@@ -17,22 +19,41 @@ export interface EncryptCLIOptions {
  */
 export function secretsEncrypt(
   pattern: string[],
+  file: string | undefined,
   encKey: string,
-  algorithm?: string,
-  del?: boolean,
+  del = false,
+  jsonMode = false,
 ): void {
-  const patterns = [
-    ...pattern,
-    `!**/*.enc`, // excluding already encoded
-  ]
+  const patterns = file
+    ? [file]
+    : [
+        ...pattern,
+        `!**/*.enc`, // excluding already encoded
+      ]
   const filenames = globby.sync(patterns)
+  let encFilename
 
   filenames.forEach(filename => {
-    const plain = fs.readFileSync(filename)
-    const enc = encryptRandomIVBuffer(plain, encKey, algorithm)
+    if (jsonMode) {
+      _assert(
+        filename.endsWith('.plain.json'),
+        `${path.basename(filename)} MUST end with '.plain.json'`,
+      )
+      encFilename = filename.replace('.plain', '')
 
-    const encFilename = `${filename}.enc`
-    fs.writeFileSync(encFilename, enc)
+      const json: StringMap = JSON.parse(fs.readFileSync(filename, 'utf8'))
+
+      _stringMapEntries(json).forEach(([k, plain]) => {
+        json[k] = encryptString(plain, encKey)
+      })
+
+      fs.writeFileSync(encFilename, JSON.stringify(json, null, 2))
+    } else {
+      const plain = fs.readFileSync(filename)
+      const enc = encryptRandomIVBuffer(plain, encKey)
+      encFilename = `${filename}.enc`
+      fs.writeFileSync(encFilename, enc)
+    }
 
     if (del) {
       fs.unlinkSync(filename)

package/src/security/crypto.util.ts

@@ -1,18 +1,12 @@
 import * as crypto from 'crypto'
 import { md5 } from './hash.util'
 
-// const randomBytes = promisify(crypto.randomBytes)
+const algorithm = 'aes-256-cbc'
 
-function aes256Key(secretKeyBase64: string): string {
-  // md5 to match aes-256 key length of 32 bytes
-  return md5(Buffer.from(secretKeyBase64, 'base64'))
-}
-
-export function encryptRandomIVBuffer(
-  input: Buffer,
-  secretKeyBase64: string,
-  algorithm = 'aes-256-cbc',
-): Buffer {
+/**
+ * Using aes-256-cbc
+ */
+export function encryptRandomIVBuffer(input: Buffer, secretKeyBase64: string): Buffer {
   const key = aes256Key(secretKeyBase64)
 
   // Random iv to achieve non-deterministic encryption (but deterministic decryption)
@@ -24,11 +18,10 @@ export function encryptRandomIVBuffer(
   return Buffer.concat([iv, cipher.update(input), cipher.final()])
 }
 
-export function decryptRandomIVBuffer(
-  input: Buffer,
-  secretKeyBase64: string,
-  algorithm = 'aes-256-cbc',
-): Buffer {
+/**
+ * Using aes-256-cbc
+ */
+export function decryptRandomIVBuffer(input: Buffer, secretKeyBase64: string): Buffer {
   const key = aes256Key(secretKeyBase64)
 
   // iv is first 16 bytes of encrypted buffer, the rest is payload
@@ -39,3 +32,34 @@ export function decryptRandomIVBuffer(
 
   return Buffer.concat([decipher.update(payload), decipher.final()])
 }
+
+/**
+ * Using aes-256-cbc
+ */
+export function decryptString(str: string, secretKey: string): string {
+  const { algorithm, key, iv } = getCryptoParams(secretKey)
+  const decipher = crypto.createDecipheriv(algorithm, key, iv)
+  let decrypted = decipher.update(str, 'base64', 'utf8')
+  return (decrypted += decipher.final('utf8'))
+}
+
+/**
+ * Using aes-256-cbc
+ */
+export function encryptString(str: string, secretKey: string): string {
+  const { algorithm, key, iv } = getCryptoParams(secretKey)
+  const cipher = crypto.createCipheriv(algorithm, key, iv)
+  let encrypted = cipher.update(str, 'utf8', 'base64')
+  return (encrypted += cipher.final('base64'))
+}
+
+function getCryptoParams(secretKey: string): { algorithm: string; key: string; iv: string } {
+  const key = md5(secretKey)
+  const iv = md5(secretKey + key).slice(0, 16)
+  return { algorithm, key, iv }
+}
+
+function aes256Key(secretKeyBase64: string): string {
+  // md5 to match aes-256 key length of 32 bytes
+  return md5(Buffer.from(secretKeyBase64, 'base64'))
+}

package/src/security/secret.util.ts

@@ -1,7 +1,7 @@
 import * as fs from 'fs'
-import { StringMap } from '@naturalcycles/js-lib'
+import { _assert, _stringMapEntries, StringMap } from '@naturalcycles/js-lib'
 import { base64ToString } from '..'
-import { decryptRandomIVBuffer } from './crypto.util'
+import { decryptRandomIVBuffer, decryptString } from './crypto.util'
 
 let loaded = false
 
@@ -46,18 +46,25 @@ export function removeSecretsFromEnv(): void {
  * Does NOT delete previous secrets from secretMap.
  *
  * If SECRET_ENCRYPTION_KEY argument is passed - will decrypt the contents of the file first, before parsing it as JSON.
+ *
+ * Whole file is encrypted.
+ * For "json-values encrypted" style - use `loadSecretsFromEncryptedJsonFileValues`
  */
 // eslint-disable-next-line @typescript-eslint/naming-convention
-export function loadSecretsFromJsonFile(filePath: string, SECRET_ENCRYPTION_KEY?: string): void {
-  if (!fs.existsSync(filePath)) {
-    throw new Error(`loadSecretsFromPlainJsonFile() cannot load from path: ${filePath}`)
-  }
+export function loadSecretsFromEncryptedJsonFile(
+  filePath: string,
+  secretEncryptionKey?: string,
+): void {
+  _assert(
+    fs.existsSync(filePath),
+    `loadSecretsFromEncryptedJsonFile() cannot load from path: ${filePath}`,
+  )
 
   let secrets: StringMap
 
-  if (SECRET_ENCRYPTION_KEY) {
+  if (secretEncryptionKey) {
     const buf = fs.readFileSync(filePath)
-    const plain = decryptRandomIVBuffer(buf, SECRET_ENCRYPTION_KEY).toString('utf8')
+    const plain = decryptRandomIVBuffer(buf, secretEncryptionKey).toString('utf8')
     secrets = JSON.parse(plain)
   } else {
     secrets = JSON.parse(fs.readFileSync(filePath, 'utf8'))
@@ -73,6 +80,37 @@ export function loadSecretsFromJsonFile(filePath: string, SECRET_ENCRYPTION_KEY?
   )
 }
 
+/**
+ * Whole file is NOT encrypted, but instead individual json values ARE encrypted..
+ * For whole-file encryption - use `loadSecretsFromEncryptedJsonFile`
+ */
+export function loadSecretsFromEncryptedJsonFileValues(
+  filePath: string,
+  secretEncryptionKey?: string,
+): void {
+  _assert(
+    fs.existsSync(filePath),
+    `loadSecretsFromEncryptedJsonFileValues() cannot load from path: ${filePath}`,
+  )
+
+  const secrets: StringMap = JSON.parse(fs.readFileSync(filePath, 'utf8'))
+
+  if (secretEncryptionKey) {
+    _stringMapEntries(secrets).forEach(([k, enc]) => {
+      secrets[k] = decryptString(enc, secretEncryptionKey)
+    })
+  }
+
+  Object.entries(secrets).forEach(([k, v]) => (secretMap[k.toUpperCase()] = v))
+
+  loaded = true
+  console.log(
+    `${Object.keys(secrets).length} secret(s) loaded from ${filePath}: ${Object.keys(secrets)
+      .map(s => s.toUpperCase())
+      .join(', ')}`,
+  )
+}
+
 /**
  * json secrets are always base64'd
  */

package/src/util/lruMemoCache.ts

@@ -2,7 +2,7 @@ import { MemoCache } from '@naturalcycles/js-lib'
 import LRUCache = require('lru-cache')
 
 // Partial, to be able to provide default `max`
-export interface LRUMemoCacheOptions<KEY, VALUE> extends Partial<LRUCache.Options<KEY, VALUE>> {}
+export type LRUMemoCacheOptions<KEY, VALUE> = Partial<LRUCache.Options<KEY, VALUE>>
 
 /**
  * @example