@orion-js/env 4.2.0 → 4.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist-cli/index.cjs +113 -110
  2. package/dist-cli/index.cjs.map +1 -1
  3. package/dist-cli/index.js +113 -110
  4. package/dist-cli/index.js.map +1 -1
  5. package/package.json +1 -1
package/dist-cli/index.cjs CHANGED
@@ -23,11 +23,29 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
23
23
  ));
24
24
 
25
25
  // src/cli/index.ts
26
- var import_commander = require("commander");
27
26
  var import_chalk = __toESM(require("chalk"), 1);
27
+ var import_commander = require("commander");
28
28
 
29
- // src/cli/init/index.ts
30
- var import_yaml = __toESM(require("yaml"), 1);
29
+ // src/cli/add/index.ts
30
+ var import_yaml2 = __toESM(require("yaml"), 1);
31
+
32
+ // src/files/index.ts
33
+ var import_node_fs = __toESM(require("fs"), 1);
34
+ var import_node_path = __toESM(require("path"), 1);
35
+ function readFile(filePath) {
36
+ if (!import_node_fs.default.existsSync(filePath)) return null;
37
+ return import_node_fs.default.readFileSync(filePath).toString();
38
+ }
39
+ function writeFile(path2, content) {
40
+ ensureDirectory(path2);
41
+ import_node_fs.default.writeFileSync(path2, content);
42
+ }
43
+ function ensureDirectory(filePath) {
44
+ const dirname = import_node_path.default.dirname(filePath);
45
+ if (import_node_fs.default.existsSync(dirname)) return true;
46
+ ensureDirectory(dirname);
47
+ import_node_fs.default.mkdirSync(dirname);
48
+ }
31
49
 
32
50
  // src/crypto/tweetnacl.ts
33
51
  var import_tweetnacl_es6 = __toESM(require("tweetnacl-es6"), 1);
@@ -107,66 +125,27 @@ function decrypt2(decryptKey, encrypted) {
107
125
  return decrypt(decryptSecretKey, messagePubKey, encryptedMessage);
108
126
  }
109
127
 
110
- // src/files/index.ts
111
- var import_node_fs = __toESM(require("fs"), 1);
112
- var import_node_path = __toESM(require("path"), 1);
113
- function readFile(filePath) {
114
- if (!import_node_fs.default.existsSync(filePath)) return null;
115
- return import_node_fs.default.readFileSync(filePath).toString();
116
- }
117
- function writeFile(path2, content) {
118
- ensureDirectory(path2);
119
- import_node_fs.default.writeFileSync(path2, content);
120
- }
121
- function ensureDirectory(filePath) {
122
- const dirname = import_node_path.default.dirname(filePath);
123
- if (import_node_fs.default.existsSync(dirname)) return true;
124
- ensureDirectory(dirname);
125
- import_node_fs.default.mkdirSync(dirname);
126
- }
127
-
128
- // src/cli/init/index.ts
129
- async function envInit({ path: path2 }) {
130
- if (!path2) {
131
- path2 = ".env.local.yml";
132
- }
133
- const keypair = generateKeys();
134
- const envFile = {
135
- version: "1.0",
136
- publicKey: keypair.encryptKey,
137
- cleanKeys: {},
138
- encryptedKeys: {},
139
- readFromSecret: {}
140
- };
141
- const text = import_yaml.default.stringify(envFile);
142
- writeFile(path2, text);
143
- console.log("");
144
- console.log(
145
- `Environment file created. You need to use the following key to decrypt the environment variables:`
146
- );
147
- console.log("");
148
- console.log(keypair.decryptKey);
149
- console.log("");
150
- }
151
-
152
128
  // src/cli/add/encryptValue.ts
153
129
  var encryptValue = (key, value, config) => {
154
130
  config.encryptedKeys[key] = encrypt2(config.publicKey, value);
155
131
  };
156
132
 
157
133
  // src/cli/add/getConfig.ts
158
- var import_yaml2 = __toESM(require("yaml"), 1);
134
+ var import_yaml = __toESM(require("yaml"), 1);
159
135
  var getConfig = (envPath) => {
160
136
  const configFile = readFile(envPath);
161
137
  if (!configFile) {
162
138
  throw new Error("No config file found at path " + envPath);
163
139
  }
164
- return import_yaml2.default.parse(configFile);
140
+ return import_yaml.default.parse(configFile);
165
141
  };
166
142
 
167
143
  // src/cli/add/getParams.ts
168
144
  var import_prompts = __toESM(require("prompts"), 1);
169
- var getParams = async (config) => {
145
+ var getParams = async (config, opts) => {
146
+ if ((opts == null ? void 0 : opts.key) && (opts == null ? void 0 : opts.value)) {
147
+ return { key: opts.key, value: opts.value };
148
+ }
170
149
  const response = await (0, import_prompts.default)([
171
150
  {
172
151
  type: "text",
@@ -186,7 +165,6 @@ var getParams = async (config) => {
186
165
  };
187
166
 
188
167
  // src/cli/add/index.ts
189
- var import_yaml3 = __toESM(require("yaml"), 1);
190
168
  var sortObjectByKeys = (object) => {
191
169
  if (!object) return {};
192
170
  const sorted = {};
@@ -195,19 +173,101 @@ var sortObjectByKeys = (object) => {
195
173
  });
196
174
  return sorted;
197
175
  };
198
- async function envAdd({ path: path2 }) {
176
+ async function envAdd({ path: path2, key: optKey, value: optValue }) {
199
177
  if (!path2) {
200
178
  path2 = ".env.local.yml";
201
179
  }
202
180
  const config = getConfig(path2);
203
- const { key, value } = await getParams(config);
181
+ const { key, value } = await getParams(config, { key: optKey, value: optValue });
204
182
  if (!value) return;
205
183
  encryptValue(key, value, config);
206
184
  config.cleanKeys = sortObjectByKeys(config.cleanKeys);
207
185
  config.encryptedKeys = sortObjectByKeys(config.encryptedKeys);
208
186
  config.readFromSecret = sortObjectByKeys(config.readFromSecret);
209
- const text = import_yaml3.default.stringify(config);
187
+ const text = import_yaml2.default.stringify(config);
188
+ writeFile(path2, text);
189
+ }
190
+
191
+ // src/cli/init/index.ts
192
+ var import_yaml3 = __toESM(require("yaml"), 1);
193
+ async function envInit({ path: path2 }) {
194
+ if (!path2) {
195
+ path2 = ".env.local.yml";
196
+ }
197
+ const keypair = generateKeys();
198
+ const envFile = {
199
+ version: "1.0",
200
+ publicKey: keypair.encryptKey,
201
+ cleanKeys: {},
202
+ encryptedKeys: {},
203
+ readFromSecret: {}
204
+ };
205
+ const text = import_yaml3.default.stringify(envFile);
210
206
  writeFile(path2, text);
207
+ console.log("");
208
+ console.log(
209
+ `Environment file created. You need to use the following key to decrypt the environment variables:`
210
+ );
211
+ console.log("");
212
+ console.log(keypair.decryptKey);
213
+ console.log("");
214
+ }
215
+
216
+ // src/cli/migrate/index.ts
217
+ var import_yaml4 = __toESM(require("yaml"), 1);
218
+ var import_prompts2 = __toESM(require("prompts"), 1);
219
+ async function envMigrate({ path: path2, secret }) {
220
+ if (!path2) {
221
+ path2 = ".env.local.yml";
222
+ }
223
+ const config = getConfig(path2);
224
+ const currentSecret = secret ?? await promptForSecret();
225
+ const decryptedKeys = decryptAllKeys(config.encryptedKeys, currentSecret);
226
+ const newKeypair = generateKeys();
227
+ const newEncryptedKeys = reEncryptAllKeys(decryptedKeys, newKeypair.encryptKey);
228
+ const updatedConfig = {
229
+ ...config,
230
+ publicKey: newKeypair.encryptKey,
231
+ encryptedKeys: newEncryptedKeys
232
+ };
233
+ const text = import_yaml4.default.stringify(updatedConfig);
234
+ writeFile(path2, text);
235
+ console.log("");
236
+ console.log("Config file migrated successfully.");
237
+ console.log("");
238
+ console.log("New secret key (save this securely):");
239
+ console.log("");
240
+ console.log(newKeypair.decryptKey);
241
+ console.log("");
242
+ }
243
+ async function promptForSecret() {
244
+ const response = await (0, import_prompts2.default)({
245
+ type: "password",
246
+ name: "secret",
247
+ message: "Current secret key"
248
+ });
249
+ if (!response.secret) {
250
+ throw new Error("Secret is required");
251
+ }
252
+ return response.secret;
253
+ }
254
+ function decryptAllKeys(encryptedKeys, secretKey) {
255
+ const decrypted = {};
256
+ for (const key in encryptedKeys) {
257
+ try {
258
+ decrypted[key] = decrypt2(secretKey, encryptedKeys[key]);
259
+ } catch (error) {
260
+ throw new Error(`Failed to decrypt key "${key}". Is the secret key correct?`);
261
+ }
262
+ }
263
+ return decrypted;
264
+ }
265
+ function reEncryptAllKeys(decryptedKeys, newPublicKey) {
266
+ const encrypted = {};
267
+ for (const key in decryptedKeys) {
268
+ encrypted[key] = encrypt2(newPublicKey, decryptedKeys[key]);
269
+ }
270
+ return encrypted;
211
271
  }
212
272
 
213
273
  // src/environment/getVariables.ts
@@ -288,63 +348,6 @@ async function envRead({ path: path2, key, secret }) {
288
348
  }
289
349
  }
290
350
 
291
- // src/cli/migrate/index.ts
292
- var import_yaml4 = __toESM(require("yaml"), 1);
293
- var import_prompts2 = __toESM(require("prompts"), 1);
294
- async function envMigrate({ path: path2, secret }) {
295
- if (!path2) {
296
- path2 = ".env.local.yml";
297
- }
298
- const config = getConfig(path2);
299
- const currentSecret = secret ?? await promptForSecret();
300
- const decryptedKeys = decryptAllKeys(config.encryptedKeys, currentSecret);
301
- const newKeypair = generateKeys();
302
- const newEncryptedKeys = reEncryptAllKeys(decryptedKeys, newKeypair.encryptKey);
303
- const updatedConfig = {
304
- ...config,
305
- publicKey: newKeypair.encryptKey,
306
- encryptedKeys: newEncryptedKeys
307
- };
308
- const text = import_yaml4.default.stringify(updatedConfig);
309
- writeFile(path2, text);
310
- console.log("");
311
- console.log("Config file migrated successfully.");
312
- console.log("");
313
- console.log("New secret key (save this securely):");
314
- console.log("");
315
- console.log(newKeypair.decryptKey);
316
- console.log("");
317
- }
318
- async function promptForSecret() {
319
- const response = await (0, import_prompts2.default)({
320
- type: "password",
321
- name: "secret",
322
- message: "Current secret key"
323
- });
324
- if (!response.secret) {
325
- throw new Error("Secret is required");
326
- }
327
- return response.secret;
328
- }
329
- function decryptAllKeys(encryptedKeys, secretKey) {
330
- const decrypted = {};
331
- for (const key in encryptedKeys) {
332
- try {
333
- decrypted[key] = decrypt2(secretKey, encryptedKeys[key]);
334
- } catch (error) {
335
- throw new Error(`Failed to decrypt key "${key}". Is the secret key correct?`);
336
- }
337
- }
338
- return decrypted;
339
- }
340
- function reEncryptAllKeys(decryptedKeys, newPublicKey) {
341
- const encrypted = {};
342
- for (const key in decryptedKeys) {
343
- encrypted[key] = encrypt2(newPublicKey, decryptedKeys[key]);
344
- }
345
- return encrypted;
346
- }
347
-
348
351
  // src/cli/index.ts
349
352
  var program = new import_commander.Command();
350
353
  var run = (action) => async (...args) => {
@@ -355,7 +358,7 @@ var run = (action) => async (...args) => {
355
358
  }
356
359
  };
357
360
  program.command("init").description("Creates a new encrypted env file").option("--path <path>", "Specify the env file name").action(run(envInit));
358
- program.command("add").description("Adds a new environment to the encrypted env file").option("--path <path>", "Specify the env file name").action(run(envAdd));
361
+ program.command("add").description("Adds a new environment to the encrypted env file").option("--path <path>", "Specify the env file name").option("--key <key>", "The environment variable key").option("--value <value>", "The environment variable value").action(run(envAdd));
359
362
  program.command("read").description("Prints the value of the env file in JSON or a specific variable in plain text").option("--path <path>", "Specify the env file name").option("--key <key>", "Prints the value of a specific variable in plain text").option("--secret <secret>", "The password to decrypt the keys").action(run(envRead));
360
363
  program.command("migrate").description("Migrates the config file to a new keypair, re-encrypting all keys").option("--path <path>", "Specify the env file name").option("--secret <secret>", "The current secret key to decrypt existing keys").action(run(envMigrate));
361
364
  program.parse(process.argv);
package/dist-cli/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/cli/index.ts","../src/cli/init/index.ts","../src/crypto/tweetnacl.ts","../src/crypto/util.ts","../src/crypto/index.ts","../src/files/index.ts","../src/cli/add/encryptValue.ts","../src/cli/add/getConfig.ts","../src/cli/add/getParams.ts","../src/cli/add/index.ts","../src/environment/getVariables.ts","../src/cli/read/index.ts","../src/cli/migrate/index.ts"],"sourcesContent":["#!/usr/bin/env node\nimport {Command} from 'commander'\nimport chalk from 'chalk'\nimport envInit from './init'\nimport envAdd from './add'\nimport envRead from './read'\nimport envMigrate from './migrate'\n\nconst program = new Command()\n\nconst run =\n action =>\n async (...args) => {\n try {\n await action(...args)\n } catch (e) {\n console.error(chalk.red(`Error: ${e.message}`))\n }\n }\n\nprogram\n .command('init')\n .description('Creates a new encrypted env file')\n .option('--path <path>', 'Specify the env file name')\n .action(run(envInit))\n\nprogram\n .command('add')\n .description('Adds a new environment to the encrypted env file')\n .option('--path <path>', 'Specify the env file name')\n .action(run(envAdd))\n\nprogram\n .command('read')\n .description('Prints the value of the env file in JSON or a specific variable in plain text')\n .option('--path <path>', 'Specify the env file name')\n .option('--key <key>', 'Prints the value of a specific variable in plain text')\n .option('--secret <secret>', 'The password to decrypt the keys')\n .action(run(envRead))\n\nprogram\n .command('migrate')\n .description('Migrates the config file to a new keypair, re-encrypting all keys')\n .option('--path <path>', 'Specify the env file name')\n .option('--secret <secret>', 'The current secret key to decrypt existing keys')\n .action(run(envMigrate))\n\nprogram.parse(process.argv)\n\nif (!process.argv.slice(2).length) {\n program.outputHelp()\n}\n","import YAML from 'yaml'\nimport {generateKeys} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\nimport {writeFile} from '../../files'\n\nexport default async function envInit({path}) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const keypair = generateKeys()\n\n const envFile: Config = {\n version: '1.0',\n publicKey: keypair.encryptKey,\n cleanKeys: {},\n encryptedKeys: {},\n readFromSecret: {},\n }\n\n const text = YAML.stringify(envFile)\n\n writeFile(path, text)\n\n console.log('')\n\n console.log(\n `Environment file created. You need to use the following key to decrypt the environment variables:`,\n )\n\n console.log('')\n\n console.log(keypair.decryptKey)\n\n console.log('')\n}\n","import nacl from 'tweetnacl-es6'\nimport {decodeUTF8, encodeUTF8, encodeBase64, decodeBase64} from './util'\n\nconst newNonce = () => nacl.randomBytes(nacl.box.nonceLength)\nexport const generateKeyPair = () => nacl.box.keyPair()\n\nexport const encrypt = (bSecretKey: Uint8Array, aPublicKey: Uint8Array, message: string) => {\n const nonce = newNonce()\n const messageUint8 = decodeUTF8(message)\n const encrypted = nacl.box(messageUint8, nonce, aPublicKey, bSecretKey)\n\n const fullMessage = new Uint8Array(nonce.length + encrypted.length)\n fullMessage.set(nonce)\n fullMessage.set(encrypted, nonce.length)\n\n const base64FullMessage = encodeBase64(fullMessage)\n return base64FullMessage\n}\n\nexport const decrypt = (\n aSecretKey: Uint8Array,\n bPublicKey: Uint8Array,\n messageWithNonce: string,\n) => {\n const messageWithNonceAsUint8Array = decodeBase64(messageWithNonce)\n const nonce = messageWithNonceAsUint8Array.slice(0, nacl.box.nonceLength)\n const message = messageWithNonceAsUint8Array.slice(nacl.box.nonceLength, messageWithNonce.length)\n\n const decrypted = nacl.box.open(message, nonce, bPublicKey, aSecretKey)\n\n if (!decrypted) {\n throw new Error('Could not decrypt message')\n }\n\n const base64DecryptedMessage = encodeUTF8(decrypted)\n return base64DecryptedMessage\n}\n","// Written in 2014-2016 by Dmitry Chestnykh and Devi Mandiri.\n// Public domain.\n\nimport {WithImplicitCoercion} from 'node:buffer'\n\nfunction validateBase64(s: string) {\n if (!/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/.test(s)) {\n throw new TypeError('invalid encoding')\n }\n}\n\nexport const decodeUTF8 = (s: string | number | boolean) => {\n if (typeof s !== 'string') throw new TypeError('expected string')\n let i: number\n const d = unescape(encodeURIComponent(s))\n const b = new Uint8Array(d.length)\n for (i = 0; i < d.length; i++) b[i] = d.charCodeAt(i)\n return b\n}\n\nexport const encodeUTF8 = (arr: string | any[]) => {\n let i: number\n const s = []\n for (i = 0; i < arr.length; i++) s.push(String.fromCharCode(arr[i]))\n return decodeURIComponent(escape(s.join('')))\n}\n\nexport const encodeBase64 = (arr: Uint8Array<any>) => Buffer.from(arr).toString('base64')\n\nexport const decodeBase64 = (s: WithImplicitCoercion<string>) => {\n validateBase64(s as any)\n return new Uint8Array(Array.prototype.slice.call(Buffer.from(s, 'base64'), 0))\n}\n","import {generateKeyPair, encrypt as tweetEncrypt, decrypt as tweetDecrypt} from './tweetnacl'\nimport {encodeBase64, decodeBase64} from './util'\n\nexport function generateKeys() {\n const {publicKey, secretKey} = generateKeyPair()\n\n const encryptKeyHex = encodeBase64(publicKey)\n const decryptKeyHex = encodeBase64(secretKey)\n\n return {\n encryptKey: encryptKeyHex,\n decryptKey: decryptKeyHex,\n }\n}\n\n/**\n * Creates a temporal keypair just to encrypt one message.\n * Saves the public key in the result so that the message can be decrypted.\n */\nexport function encrypt(encryptKey: string, message: string) {\n const encryptPublicKey = decodeBase64(encryptKey)\n const tempPair = generateKeyPair()\n const encrypted = tweetEncrypt(tempPair.secretKey, encryptPublicKey, message)\n const hexTempPublic = encodeBase64(tempPair.publicKey)\n return `${hexTempPublic}:${encrypted}`\n}\n\n/**\n * Ecrypts a message using the decrypt key\n */\nexport function decrypt(decryptKey: string, encrypted: string) {\n const decryptSecretKey = decodeBase64(decryptKey)\n const [messagePubKeyHex, encryptedMessage] = encrypted.split(':')\n const messagePubKey = decodeBase64(messagePubKeyHex)\n\n return tweetDecrypt(decryptSecretKey, messagePubKey, encryptedMessage)\n}\n","import fs from 'node:fs'\nimport path from 'node:path'\n\nexport function readFile(filePath: string) {\n if (!fs.existsSync(filePath)) return null\n\n return fs.readFileSync(filePath).toString()\n}\n\nexport function writeFile(path: string, content: string) {\n ensureDirectory(path)\n fs.writeFileSync(path, content)\n}\n\nexport function ensureDirectory(filePath) {\n const dirname = path.dirname(filePath)\n if (fs.existsSync(dirname)) return true\n ensureDirectory(dirname)\n fs.mkdirSync(dirname)\n}\n","import {encrypt} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\n\nexport const encryptValue = (key: string, value: string, config: Config) => {\n config.encryptedKeys[key] = encrypt(config.publicKey, value)\n}\n","import YAML from 'yaml'\nimport {Config} from '../../environment/getVariables'\nimport {readFile} from '../../files'\n\nexport const getConfig = (envPath: string): Config => {\n const configFile = readFile(envPath)\n\n if (!configFile) {\n throw new Error('No config file found at path ' + envPath)\n }\n\n return YAML.parse(configFile)\n}\n","import prompts from 'prompts'\nimport {Config} from '../../environment/getVariables'\n\nexport const getParams = async (config: Config) => {\n const response = await prompts([\n {\n type: 'text',\n name: 'key',\n message: 'Key',\n },\n {\n type: 'text',\n name: 'value',\n message: 'Value',\n },\n ])\n\n return {\n key: response.key as string,\n value: response.value as string,\n }\n}\n","import {encryptValue} from './encryptValue'\nimport {getConfig} from './getConfig'\nimport {getParams} from './getParams'\nimport YAML from 'yaml'\nimport {writeFile} from '../../files'\n\nconst sortObjectByKeys = (object: any) => {\n if (!object) return {}\n const sorted = {}\n Object.keys(object)\n .sort()\n .forEach(key => {\n sorted[key] = object[key]\n })\n return sorted\n}\n\nexport default async function envAdd({path}) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const config = getConfig(path)\n const {key, value} = await getParams(config)\n if (!value) return\n\n encryptValue(key, value, config)\n\n // sort keys alphabetically\n config.cleanKeys = sortObjectByKeys(config.cleanKeys)\n config.encryptedKeys = sortObjectByKeys(config.encryptedKeys)\n config.readFromSecret = sortObjectByKeys(config.readFromSecret)\n\n const text = YAML.stringify(config)\n writeFile(path, text)\n}\n","import {decrypt} from '../crypto'\n\nexport interface Config {\n version: string\n publicKey: string\n cleanKeys: {\n [key: string]: string\n }\n encryptedKeys: {\n [key: string]: string\n }\n readFromSecret?: {\n [key: string]: string[]\n }\n}\n\nexport interface Variables {\n [key: string]: string\n}\n\nfunction readSecrets(readFromSecret): {variables: Variables; secretKey: string} {\n const variables: Variables = {}\n let secretKey = null\n if (!readFromSecret) return {variables, secretKey}\n for (const secretName in readFromSecret) {\n const keys = readFromSecret[secretName]\n if (!process.env[secretName]) {\n console.warn(\n `@orion/env could not find the secret \"${secretName}\" in the environment. Related variables will be undefined.`,\n )\n continue\n }\n\n try {\n const values = JSON.parse(process.env[secretName])\n if (values.ORION_ENV_SECRET_KEY) {\n secretKey = values.ORION_ENV_SECRET_KEY\n }\n for (const key of keys) {\n if (values[key]) {\n variables[key] = values[key]\n } else {\n console.warn(\n `@orion/env could not find the variable \"${key}\" in the secret \"${secretName}\". Related variables will be undefined.`,\n )\n }\n }\n } catch (error) {\n console.warn(\n `'@orion/env found a the secret \"${secretName}\" variable in the environment but it is not a valid JSON. Related variables will be undefined.'`,\n )\n }\n }\n return {variables, secretKey: secretKey}\n}\n\nexport function getVariables(config: Config, secretKey?: string): Variables {\n const {cleanKeys, encryptedKeys, readFromSecret} = config\n const {variables, secretKey: foundSecretKey} = readSecrets(readFromSecret)\n let decryptKey = foundSecretKey || secretKey\n if (!decryptKey) {\n throw new Error(\n 'Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not defined',\n )\n }\n\n for (const key in cleanKeys) {\n const value = cleanKeys[key]\n variables[key] = value\n }\n\n for (const key in encryptedKeys) {\n const encrypted = encryptedKeys[key]\n try {\n variables[key] = decrypt(decryptKey, encrypted)\n } catch (error) {\n throw new Error(\n `Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not the right key for \"${key}\"`,\n )\n }\n }\n return variables\n}\n","import {getVariables} from '../../environment/getVariables'\nimport {getConfig} from '../add/getConfig'\n\nexport default async function envRead({path, key, secret}) {\n if (!path) {\n path = '.env.local.yml'\n }\n if (!secret) {\n throw new Error('Secret is required')\n }\n\n const config = getConfig(path)\n const variables = getVariables(config, secret)\n\n if (key) {\n console.log(variables[key])\n } else {\n console.log(JSON.stringify(variables, null, 2))\n }\n}\n","import YAML from 'yaml'\nimport {decrypt, encrypt, generateKeys} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\nimport {writeFile} from '../../files'\nimport {getConfig} from '../add/getConfig'\nimport prompts from 'prompts'\n\ninterface MigrateOptions {\n path?: string\n secret?: string\n}\n\n/**\n * Migrates an env config file to a new keypair.\n * Re-encrypts all encrypted keys with the new public key.\n */\nexport default async function envMigrate({path, secret}: MigrateOptions) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const config = getConfig(path)\n\n // Get the current secret key if not provided\n const currentSecret = secret ?? (await promptForSecret())\n\n // Decrypt all encrypted keys using the old secret\n const decryptedKeys = decryptAllKeys(config.encryptedKeys, currentSecret)\n\n // Generate a new keypair\n const newKeypair = generateKeys()\n\n // Re-encrypt all keys with the new public key\n const newEncryptedKeys = reEncryptAllKeys(decryptedKeys, newKeypair.encryptKey)\n\n // Create the updated config\n const updatedConfig: Config = {\n ...config,\n publicKey: newKeypair.encryptKey,\n encryptedKeys: newEncryptedKeys,\n }\n\n // Write the updated config file\n const text = YAML.stringify(updatedConfig)\n writeFile(path, text)\n\n console.log('')\n console.log('Config file migrated successfully.')\n console.log('')\n console.log('New secret key (save this securely):')\n console.log('')\n console.log(newKeypair.decryptKey)\n console.log('')\n}\n\nasync function promptForSecret(): Promise<string> {\n const response = await prompts({\n type: 'password',\n name: 'secret',\n message: 'Current secret key',\n })\n\n if (!response.secret) {\n throw new Error('Secret is required')\n }\n\n return response.secret as string\n}\n\nfunction decryptAllKeys(\n encryptedKeys: Record<string, string>,\n secretKey: string,\n): Record<string, string> {\n const decrypted: Record<string, string> = {}\n\n for (const key in encryptedKeys) {\n try {\n decrypted[key] = decrypt(secretKey, encryptedKeys[key])\n } catch (error) {\n throw new Error(`Failed to decrypt key \"${key}\". Is the secret key correct?`)\n }\n }\n\n return decrypted\n}\n\nfunction reEncryptAllKeys(\n decryptedKeys: Record<string, string>,\n newPublicKey: string,\n): Record<string, string> {\n const encrypted: Record<string, string> = {}\n\n for (const key in decryptedKeys) {\n encrypted[key] = encrypt(newPublicKey, decryptedKeys[key])\n }\n\n return encrypted\n}\n\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AACA,uBAAsB;AACtB,mBAAkB;;;ACFlB,kBAAiB;;;ACAjB,2BAAiB;;;ACKjB,SAAS,eAAe,GAAW;AACjC,MAAI,CAAC,mEAAmE,KAAK,CAAC,GAAG;AAC/E,UAAM,IAAI,UAAU,kBAAkB;AAAA,EACxC;AACF;AAEO,IAAM,aAAa,CAAC,MAAiC;AAC1D,MAAI,OAAO,MAAM,SAAU,OAAM,IAAI,UAAU,iBAAiB;AAChE,MAAI;AACJ,QAAM,IAAI,SAAS,mBAAmB,CAAC,CAAC;AACxC,QAAM,IAAI,IAAI,WAAW,EAAE,MAAM;AACjC,OAAK,IAAI,GAAG,IAAI,EAAE,QAAQ,IAAK,GAAE,CAAC,IAAI,EAAE,WAAW,CAAC;AACpD,SAAO;AACT;AAEO,IAAM,aAAa,CAAC,QAAwB;AACjD,MAAI;AACJ,QAAM,IAAI,CAAC;AACX,OAAK,IAAI,GAAG,IAAI,IAAI,QAAQ,IAAK,GAAE,KAAK,OAAO,aAAa,IAAI,CAAC,CAAC,CAAC;AACnE,SAAO,mBAAmB,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;AAC9C;AAEO,IAAM,eAAe,CAAC,QAAyB,OAAO,KAAK,GAAG,EAAE,SAAS,QAAQ;AAEjF,IAAM,eAAe,CAAC,MAAoC;AAC/D,iBAAe,CAAQ;AACvB,SAAO,IAAI,WAAW,MAAM,UAAU,MAAM,KAAK,OAAO,KAAK,GAAG,QAAQ,GAAG,CAAC,CAAC;AAC/E;;;AD7BA,IAAM,WAAW,MAAM,qBAAAA,QAAK,YAAY,qBAAAA,QAAK,IAAI,WAAW;AACrD,IAAM,kBAAkB,MAAM,qBAAAA,QAAK,IAAI,QAAQ;AAE/C,IAAM,UAAU,CAAC,YAAwB,YAAwB,YAAoB;AAC1F,QAAM,QAAQ,SAAS;AACvB,QAAM,eAAe,WAAW,OAAO;AACvC,QAAM,YAAY,qBAAAA,QAAK,IAAI,cAAc,OAAO,YAAY,UAAU;AAEtE,QAAM,cAAc,IAAI,WAAW,MAAM,SAAS,UAAU,MAAM;AAClE,cAAY,IAAI,KAAK;AACrB,cAAY,IAAI,WAAW,MAAM,MAAM;AAEvC,QAAM,oBAAoB,aAAa,WAAW;AAClD,SAAO;AACT;AAEO,IAAM,UAAU,CACrB,YACA,YACA,qBACG;AACH,QAAM,+BAA+B,aAAa,gBAAgB;AAClE,QAAM,QAAQ,6BAA6B,MAAM,GAAG,qBAAAA,QAAK,IAAI,WAAW;AACxE,QAAM,UAAU,6BAA6B,MAAM,qBAAAA,QAAK,IAAI,aAAa,iBAAiB,MAAM;AAEhG,QAAM,YAAY,qBAAAA,QAAK,IAAI,KAAK,SAAS,OAAO,YAAY,UAAU;AAEtE,MAAI,CAAC,WAAW;AACd,UAAM,IAAI,MAAM,2BAA2B;AAAA,EAC7C;AAEA,QAAM,yBAAyB,WAAW,SAAS;AACnD,SAAO;AACT;;;AEjCO,SAAS,eAAe;AAC7B,QAAM,EAAC,WAAW,UAAS,IAAI,gBAAgB;AAE/C,QAAM,gBAAgB,aAAa,SAAS;AAC5C,QAAM,gBAAgB,aAAa,SAAS;AAE5C,SAAO;AAAA,IACL,YAAY;AAAA,IACZ,YAAY;AAAA,EACd;AACF;AAMO,SAASC,SAAQ,YAAoB,SAAiB;AAC3D,QAAM,mBAAmB,aAAa,UAAU;AAChD,QAAM,WAAW,gBAAgB;AACjC,QAAM,YAAY,QAAa,SAAS,WAAW,kBAAkB,OAAO;AAC5E,QAAM,gBAAgB,aAAa,SAAS,SAAS;AACrD,SAAO,GAAG,aAAa,IAAI,SAAS;AACtC;AAKO,SAASC,SAAQ,YAAoB,WAAmB;AAC7D,QAAM,mBAAmB,aAAa,UAAU;AAChD,QAAM,CAAC,kBAAkB,gBAAgB,IAAI,UAAU,MAAM,GAAG;AAChE,QAAM,gBAAgB,aAAa,gBAAgB;AAEnD,SAAO,QAAa,kBAAkB,eAAe,gBAAgB;AACvE;;;ACpCA,qBAAe;AACf,uBAAiB;AAEV,SAAS,SAAS,UAAkB;AACzC,MAAI,CAAC,eAAAC,QAAG,WAAW,QAAQ,EAAG,QAAO;AAErC,SAAO,eAAAA,QAAG,aAAa,QAAQ,EAAE,SAAS;AAC5C;AAEO,SAAS,UAAUC,OAAc,SAAiB;AACvD,kBAAgBA,KAAI;AACpB,iBAAAD,QAAG,cAAcC,OAAM,OAAO;AAChC;AAEO,SAAS,gBAAgB,UAAU;AACxC,QAAM,UAAU,iBAAAA,QAAK,QAAQ,QAAQ;AACrC,MAAI,eAAAD,QAAG,WAAW,OAAO,EAAG,QAAO;AACnC,kBAAgB,OAAO;AACvB,iBAAAA,QAAG,UAAU,OAAO;AACtB;;;AJdA,eAAO,QAA+B,EAAC,MAAAE,MAAI,GAAG;AAC5C,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,UAAU,aAAa;AAE7B,QAAM,UAAkB;AAAA,IACtB,SAAS;AAAA,IACT,WAAW,QAAQ;AAAA,IACnB,WAAW,CAAC;AAAA,IACZ,eAAe,CAAC;AAAA,IAChB,gBAAgB,CAAC;AAAA,EACnB;AAEA,QAAM,OAAO,YAAAC,QAAK,UAAU,OAAO;AAEnC,YAAUD,OAAM,IAAI;AAEpB,UAAQ,IAAI,EAAE;AAEd,UAAQ;AAAA,IACN;AAAA,EACF;AAEA,UAAQ,IAAI,EAAE;AAEd,UAAQ,IAAI,QAAQ,UAAU;AAE9B,UAAQ,IAAI,EAAE;AAChB;;;AKhCO,IAAM,eAAe,CAAC,KAAa,OAAe,WAAmB;AAC1E,SAAO,cAAc,GAAG,IAAIE,SAAQ,OAAO,WAAW,KAAK;AAC7D;;;ACLA,IAAAC,eAAiB;AAIV,IAAM,YAAY,CAAC,YAA4B;AACpD,QAAM,aAAa,SAAS,OAAO;AAEnC,MAAI,CAAC,YAAY;AACf,UAAM,IAAI,MAAM,kCAAkC,OAAO;AAAA,EAC3D;AAEA,SAAO,aAAAC,QAAK,MAAM,UAAU;AAC9B;;;ACZA,qBAAoB;AAGb,IAAM,YAAY,OAAO,WAAmB;AACjD,QAAM,WAAW,UAAM,eAAAC,SAAQ;AAAA,IAC7B;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,KAAK,SAAS;AAAA,IACd,OAAO,SAAS;AAAA,EAClB;AACF;;;AClBA,IAAAC,eAAiB;AAGjB,IAAM,mBAAmB,CAAC,WAAgB;AACxC,MAAI,CAAC,OAAQ,QAAO,CAAC;AACrB,QAAM,SAAS,CAAC;AAChB,SAAO,KAAK,MAAM,EACf,KAAK,EACL,QAAQ,SAAO;AACd,WAAO,GAAG,IAAI,OAAO,GAAG;AAAA,EAC1B,CAAC;AACH,SAAO;AACT;AAEA,eAAO,OAA8B,EAAC,MAAAC,MAAI,GAAG;AAC3C,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,SAAS,UAAUA,KAAI;AAC7B,QAAM,EAAC,KAAK,MAAK,IAAI,MAAM,UAAU,MAAM;AAC3C,MAAI,CAAC,MAAO;AAEZ,eAAa,KAAK,OAAO,MAAM;AAG/B,SAAO,YAAY,iBAAiB,OAAO,SAAS;AACpD,SAAO,gBAAgB,iBAAiB,OAAO,aAAa;AAC5D,SAAO,iBAAiB,iBAAiB,OAAO,cAAc;AAE9D,QAAM,OAAO,aAAAC,QAAK,UAAU,MAAM;AAClC,YAAUD,OAAM,IAAI;AACtB;;;ACfA,SAAS,YAAY,gBAA2D;AAC9E,QAAM,YAAuB,CAAC;AAC9B,MAAI,YAAY;AAChB,MAAI,CAAC,eAAgB,QAAO,EAAC,WAAW,UAAS;AACjD,aAAW,cAAc,gBAAgB;AACvC,UAAM,OAAO,eAAe,UAAU;AACtC,QAAI,CAAC,QAAQ,IAAI,UAAU,GAAG;AAC5B,cAAQ;AAAA,QACN,yCAAyC,UAAU;AAAA,MACrD;AACA;AAAA,IACF;AAEA,QAAI;AACF,YAAM,SAAS,KAAK,MAAM,QAAQ,IAAI,UAAU,CAAC;AACjD,UAAI,OAAO,sBAAsB;AAC/B,oBAAY,OAAO;AAAA,MACrB;AACA,iBAAW,OAAO,MAAM;AACtB,YAAI,OAAO,GAAG,GAAG;AACf,oBAAU,GAAG,IAAI,OAAO,GAAG;AAAA,QAC7B,OAAO;AACL,kBAAQ;AAAA,YACN,2CAA2C,GAAG,oBAAoB,UAAU;AAAA,UAC9E;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ;AAAA,QACN,mCAAmC,UAAU;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AACA,SAAO,EAAC,WAAW,UAAoB;AACzC;AAEO,SAAS,aAAa,QAAgB,WAA+B;AAC1E,QAAM,EAAC,WAAW,eAAe,eAAc,IAAI;AACnD,QAAM,EAAC,WAAW,WAAW,eAAc,IAAI,YAAY,cAAc;AACzE,MAAI,aAAa,kBAAkB;AACnC,MAAI,CAAC,YAAY;AACf,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,aAAW,OAAO,WAAW;AAC3B,UAAM,QAAQ,UAAU,GAAG;AAC3B,cAAU,GAAG,IAAI;AAAA,EACnB;AAEA,aAAW,OAAO,eAAe;AAC/B,UAAM,YAAY,cAAc,GAAG;AACnC,QAAI;AACF,gBAAU,GAAG,IAAIE,SAAQ,YAAY,SAAS;AAAA,IAChD,SAAS,OAAO;AACd,YAAM,IAAI;AAAA,QACR,iGAAiG,GAAG;AAAA,MACtG;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;;;AC/EA,eAAO,QAA+B,EAAC,MAAAC,OAAM,KAAK,OAAM,GAAG;AACzD,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AACA,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AAEA,QAAM,SAAS,UAAUA,KAAI;AAC7B,QAAM,YAAY,aAAa,QAAQ,MAAM;AAE7C,MAAI,KAAK;AACP,YAAQ,IAAI,UAAU,GAAG,CAAC;AAAA,EAC5B,OAAO;AACL,YAAQ,IAAI,KAAK,UAAU,WAAW,MAAM,CAAC,CAAC;AAAA,EAChD;AACF;;;ACnBA,IAAAC,eAAiB;AAKjB,IAAAC,kBAAoB;AAWpB,eAAO,WAAkC,EAAC,MAAAC,OAAM,OAAM,GAAmB;AACvE,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,SAAS,UAAUA,KAAI;AAG7B,QAAM,gBAAgB,UAAW,MAAM,gBAAgB;AAGvD,QAAM,gBAAgB,eAAe,OAAO,eAAe,aAAa;AAGxE,QAAM,aAAa,aAAa;AAGhC,QAAM,mBAAmB,iBAAiB,eAAe,WAAW,UAAU;AAG9E,QAAM,gBAAwB;AAAA,IAC5B,GAAG;AAAA,IACH,WAAW,WAAW;AAAA,IACtB,eAAe;AAAA,EACjB;AAGA,QAAM,OAAO,aAAAC,QAAK,UAAU,aAAa;AACzC,YAAUD,OAAM,IAAI;AAEpB,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,oCAAoC;AAChD,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,sCAAsC;AAClD,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,WAAW,UAAU;AACjC,UAAQ,IAAI,EAAE;AAChB;AAEA,eAAe,kBAAmC;AAChD,QAAM,WAAW,UAAM,gBAAAE,SAAQ;AAAA,IAC7B,MAAM;AAAA,IACN,MAAM;AAAA,IACN,SAAS;AAAA,EACX,CAAC;AAED,MAAI,CAAC,SAAS,QAAQ;AACpB,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AAEA,SAAO,SAAS;AAClB;AAEA,SAAS,eACP,eACA,WACwB;AACxB,QAAM,YAAoC,CAAC;AAE3C,aAAW,OAAO,eAAe;AAC/B,QAAI;AACF,gBAAU,GAAG,IAAIC,SAAQ,WAAW,cAAc,GAAG,CAAC;AAAA,IACxD,SAAS,OAAO;AACd,YAAM,IAAI,MAAM,0BAA0B,GAAG,+BAA+B;AAAA,IAC9E;AAAA,EACF;AAEA,SAAO;AACT;AAEA,SAAS,iBACP,eACA,cACwB;AACxB,QAAM,YAAoC,CAAC;AAE3C,aAAW,OAAO,eAAe;AAC/B,cAAU,GAAG,IAAIC,SAAQ,cAAc,cAAc,GAAG,CAAC;AAAA,EAC3D;AAEA,SAAO;AACT;;;AZzFA,IAAM,UAAU,IAAI,yBAAQ;AAE5B,IAAM,MACJ,YACA,UAAU,SAAS;AACjB,MAAI;AACF,UAAM,OAAO,GAAG,IAAI;AAAA,EACtB,SAAS,GAAG;AACV,YAAQ,MAAM,aAAAC,QAAM,IAAI,UAAU,EAAE,OAAO,EAAE,CAAC;AAAA,EAChD;AACF;AAEF,QACG,QAAQ,MAAM,EACd,YAAY,kCAAkC,EAC9C,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,IAAI,OAAO,CAAC;AAEtB,QACG,QAAQ,KAAK,EACb,YAAY,kDAAkD,EAC9D,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,IAAI,MAAM,CAAC;AAErB,QACG,QAAQ,MAAM,EACd,YAAY,+EAA+E,EAC3F,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,eAAe,uDAAuD,EAC7E,OAAO,qBAAqB,kCAAkC,EAC9D,OAAO,IAAI,OAAO,CAAC;AAEtB,QACG,QAAQ,SAAS,EACjB,YAAY,mEAAmE,EAC/E,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,qBAAqB,iDAAiD,EAC7E,OAAO,IAAI,UAAU,CAAC;AAEzB,QAAQ,MAAM,QAAQ,IAAI;AAE1B,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE,QAAQ;AACjC,UAAQ,WAAW;AACrB;","names":["nacl","encrypt","decrypt","fs","path","path","YAML","encrypt","import_yaml","YAML","prompts","import_yaml","path","YAML","decrypt","path","import_yaml","import_prompts","path","YAML","prompts","decrypt","encrypt","chalk"]}
1
+ {"version":3,"sources":["../src/cli/index.ts","../src/cli/add/index.ts","../src/files/index.ts","../src/crypto/tweetnacl.ts","../src/crypto/util.ts","../src/crypto/index.ts","../src/cli/add/encryptValue.ts","../src/cli/add/getConfig.ts","../src/cli/add/getParams.ts","../src/cli/init/index.ts","../src/cli/migrate/index.ts","../src/environment/getVariables.ts","../src/cli/read/index.ts"],"sourcesContent":["#!/usr/bin/env node\nimport chalk from 'chalk'\nimport {Command} from 'commander'\nimport envAdd from './add'\nimport envInit from './init'\nimport envMigrate from './migrate'\nimport envRead from './read'\n\nconst program = new Command()\n\nconst run =\n action =>\n async (...args) => {\n try {\n await action(...args)\n } catch (e) {\n console.error(chalk.red(`Error: ${e.message}`))\n }\n }\n\nprogram\n .command('init')\n .description('Creates a new encrypted env file')\n .option('--path <path>', 'Specify the env file name')\n .action(run(envInit))\n\nprogram\n .command('add')\n .description('Adds a new environment to the encrypted env file')\n .option('--path <path>', 'Specify the env file name')\n .option('--key <key>', 'The environment variable key')\n .option('--value <value>', 'The environment variable value')\n .action(run(envAdd))\n\nprogram\n .command('read')\n .description('Prints the value of the env file in JSON or a specific variable in plain text')\n .option('--path <path>', 'Specify the env file name')\n .option('--key <key>', 'Prints the value of a specific variable in plain text')\n .option('--secret <secret>', 'The password to decrypt the keys')\n .action(run(envRead))\n\nprogram\n .command('migrate')\n .description('Migrates the config file to a new keypair, re-encrypting all keys')\n .option('--path <path>', 'Specify the env file name')\n .option('--secret <secret>', 'The current secret key to decrypt existing keys')\n .action(run(envMigrate))\n\nprogram.parse(process.argv)\n\nif (!process.argv.slice(2).length) {\n program.outputHelp()\n}\n","import YAML from 'yaml'\nimport {writeFile} from '../../files'\nimport {encryptValue} from './encryptValue'\nimport {getConfig} from './getConfig'\nimport {getParams} from './getParams'\n\nconst sortObjectByKeys = (object: any) => {\n if (!object) return {}\n const sorted = {}\n Object.keys(object)\n .sort()\n .forEach(key => {\n sorted[key] = object[key]\n })\n return sorted\n}\n\nexport default async function envAdd({path, key: optKey, value: optValue}) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const config = getConfig(path)\n const {key, value} = await getParams(config, {key: optKey, value: optValue})\n if (!value) return\n\n encryptValue(key, value, config)\n\n // sort keys alphabetically\n config.cleanKeys = sortObjectByKeys(config.cleanKeys)\n config.encryptedKeys = sortObjectByKeys(config.encryptedKeys)\n config.readFromSecret = sortObjectByKeys(config.readFromSecret)\n\n const text = YAML.stringify(config)\n writeFile(path, text)\n}\n","import fs from 'node:fs'\nimport path from 'node:path'\n\nexport function readFile(filePath: string) {\n if (!fs.existsSync(filePath)) return null\n\n return fs.readFileSync(filePath).toString()\n}\n\nexport function writeFile(path: string, content: string) {\n ensureDirectory(path)\n fs.writeFileSync(path, content)\n}\n\nexport function ensureDirectory(filePath) {\n const dirname = path.dirname(filePath)\n if (fs.existsSync(dirname)) return true\n ensureDirectory(dirname)\n fs.mkdirSync(dirname)\n}\n","import nacl from 'tweetnacl-es6'\nimport {decodeUTF8, encodeUTF8, encodeBase64, decodeBase64} from './util'\n\nconst newNonce = () => nacl.randomBytes(nacl.box.nonceLength)\nexport const generateKeyPair = () => nacl.box.keyPair()\n\nexport const encrypt = (bSecretKey: Uint8Array, aPublicKey: Uint8Array, message: string) => {\n const nonce = newNonce()\n const messageUint8 = decodeUTF8(message)\n const encrypted = nacl.box(messageUint8, nonce, aPublicKey, bSecretKey)\n\n const fullMessage = new Uint8Array(nonce.length + encrypted.length)\n fullMessage.set(nonce)\n fullMessage.set(encrypted, nonce.length)\n\n const base64FullMessage = encodeBase64(fullMessage)\n return base64FullMessage\n}\n\nexport const decrypt = (\n aSecretKey: Uint8Array,\n bPublicKey: Uint8Array,\n messageWithNonce: string,\n) => {\n const messageWithNonceAsUint8Array = decodeBase64(messageWithNonce)\n const nonce = messageWithNonceAsUint8Array.slice(0, nacl.box.nonceLength)\n const message = messageWithNonceAsUint8Array.slice(nacl.box.nonceLength, messageWithNonce.length)\n\n const decrypted = nacl.box.open(message, nonce, bPublicKey, aSecretKey)\n\n if (!decrypted) {\n throw new Error('Could not decrypt message')\n }\n\n const base64DecryptedMessage = encodeUTF8(decrypted)\n return base64DecryptedMessage\n}\n","// Written in 2014-2016 by Dmitry Chestnykh and Devi Mandiri.\n// Public domain.\n\nimport {WithImplicitCoercion} from 'node:buffer'\n\nfunction validateBase64(s: string) {\n if (!/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/.test(s)) {\n throw new TypeError('invalid encoding')\n }\n}\n\nexport const decodeUTF8 = (s: string | number | boolean) => {\n if (typeof s !== 'string') throw new TypeError('expected string')\n let i: number\n const d = unescape(encodeURIComponent(s))\n const b = new Uint8Array(d.length)\n for (i = 0; i < d.length; i++) b[i] = d.charCodeAt(i)\n return b\n}\n\nexport const encodeUTF8 = (arr: string | any[]) => {\n let i: number\n const s = []\n for (i = 0; i < arr.length; i++) s.push(String.fromCharCode(arr[i]))\n return decodeURIComponent(escape(s.join('')))\n}\n\nexport const encodeBase64 = (arr: Uint8Array<any>) => Buffer.from(arr).toString('base64')\n\nexport const decodeBase64 = (s: WithImplicitCoercion<string>) => {\n validateBase64(s as any)\n return new Uint8Array(Array.prototype.slice.call(Buffer.from(s, 'base64'), 0))\n}\n","import {generateKeyPair, encrypt as tweetEncrypt, decrypt as tweetDecrypt} from './tweetnacl'\nimport {encodeBase64, decodeBase64} from './util'\n\nexport function generateKeys() {\n const {publicKey, secretKey} = generateKeyPair()\n\n const encryptKeyHex = encodeBase64(publicKey)\n const decryptKeyHex = encodeBase64(secretKey)\n\n return {\n encryptKey: encryptKeyHex,\n decryptKey: decryptKeyHex,\n }\n}\n\n/**\n * Creates a temporal keypair just to encrypt one message.\n * Saves the public key in the result so that the message can be decrypted.\n */\nexport function encrypt(encryptKey: string, message: string) {\n const encryptPublicKey = decodeBase64(encryptKey)\n const tempPair = generateKeyPair()\n const encrypted = tweetEncrypt(tempPair.secretKey, encryptPublicKey, message)\n const hexTempPublic = encodeBase64(tempPair.publicKey)\n return `${hexTempPublic}:${encrypted}`\n}\n\n/**\n * Ecrypts a message using the decrypt key\n */\nexport function decrypt(decryptKey: string, encrypted: string) {\n const decryptSecretKey = decodeBase64(decryptKey)\n const [messagePubKeyHex, encryptedMessage] = encrypted.split(':')\n const messagePubKey = decodeBase64(messagePubKeyHex)\n\n return tweetDecrypt(decryptSecretKey, messagePubKey, encryptedMessage)\n}\n","import {encrypt} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\n\nexport const encryptValue = (key: string, value: string, config: Config) => {\n config.encryptedKeys[key] = encrypt(config.publicKey, value)\n}\n","import YAML from 'yaml'\nimport {Config} from '../../environment/getVariables'\nimport {readFile} from '../../files'\n\nexport const getConfig = (envPath: string): Config => {\n const configFile = readFile(envPath)\n\n if (!configFile) {\n throw new Error('No config file found at path ' + envPath)\n }\n\n return YAML.parse(configFile)\n}\n","import prompts from 'prompts'\nimport {Config} from '../../environment/getVariables'\n\nexport const getParams = async (config: Config, opts?: {key?: string; value?: string}) => {\n if (opts?.key && opts?.value) {\n return {key: opts.key, value: opts.value}\n }\n\n const response = await prompts([\n {\n type: 'text',\n name: 'key',\n message: 'Key',\n },\n {\n type: 'text',\n name: 'value',\n message: 'Value',\n },\n ])\n\n return {\n key: response.key as string,\n value: response.value as string,\n }\n}\n","import YAML from 'yaml'\nimport {generateKeys} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\nimport {writeFile} from '../../files'\n\nexport default async function envInit({path}) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const keypair = generateKeys()\n\n const envFile: Config = {\n version: '1.0',\n publicKey: keypair.encryptKey,\n cleanKeys: {},\n encryptedKeys: {},\n readFromSecret: {},\n }\n\n const text = YAML.stringify(envFile)\n\n writeFile(path, text)\n\n console.log('')\n\n console.log(\n `Environment file created. You need to use the following key to decrypt the environment variables:`,\n )\n\n console.log('')\n\n console.log(keypair.decryptKey)\n\n console.log('')\n}\n","import YAML from 'yaml'\nimport {decrypt, encrypt, generateKeys} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\nimport {writeFile} from '../../files'\nimport {getConfig} from '../add/getConfig'\nimport prompts from 'prompts'\n\ninterface MigrateOptions {\n path?: string\n secret?: string\n}\n\n/**\n * Migrates an env config file to a new keypair.\n * Re-encrypts all encrypted keys with the new public key.\n */\nexport default async function envMigrate({path, secret}: MigrateOptions) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const config = getConfig(path)\n\n // Get the current secret key if not provided\n const currentSecret = secret ?? (await promptForSecret())\n\n // Decrypt all encrypted keys using the old secret\n const decryptedKeys = decryptAllKeys(config.encryptedKeys, currentSecret)\n\n // Generate a new keypair\n const newKeypair = generateKeys()\n\n // Re-encrypt all keys with the new public key\n const newEncryptedKeys = reEncryptAllKeys(decryptedKeys, newKeypair.encryptKey)\n\n // Create the updated config\n const updatedConfig: Config = {\n ...config,\n publicKey: newKeypair.encryptKey,\n encryptedKeys: newEncryptedKeys,\n }\n\n // Write the updated config file\n const text = YAML.stringify(updatedConfig)\n writeFile(path, text)\n\n console.log('')\n console.log('Config file migrated successfully.')\n console.log('')\n console.log('New secret key (save this securely):')\n console.log('')\n console.log(newKeypair.decryptKey)\n console.log('')\n}\n\nasync function promptForSecret(): Promise<string> {\n const response = await prompts({\n type: 'password',\n name: 'secret',\n message: 'Current secret key',\n })\n\n if (!response.secret) {\n throw new Error('Secret is required')\n }\n\n return response.secret as string\n}\n\nfunction decryptAllKeys(\n encryptedKeys: Record<string, string>,\n secretKey: string,\n): Record<string, string> {\n const decrypted: Record<string, string> = {}\n\n for (const key in encryptedKeys) {\n try {\n decrypted[key] = decrypt(secretKey, encryptedKeys[key])\n } catch (error) {\n throw new Error(`Failed to decrypt key \"${key}\". Is the secret key correct?`)\n }\n }\n\n return decrypted\n}\n\nfunction reEncryptAllKeys(\n decryptedKeys: Record<string, string>,\n newPublicKey: string,\n): Record<string, string> {\n const encrypted: Record<string, string> = {}\n\n for (const key in decryptedKeys) {\n encrypted[key] = encrypt(newPublicKey, decryptedKeys[key])\n }\n\n return encrypted\n}\n\n","import {decrypt} from '../crypto'\n\nexport interface Config {\n version: string\n publicKey: string\n cleanKeys: {\n [key: string]: string\n }\n encryptedKeys: {\n [key: string]: string\n }\n readFromSecret?: {\n [key: string]: string[]\n }\n}\n\nexport interface Variables {\n [key: string]: string\n}\n\nfunction readSecrets(readFromSecret): {variables: Variables; secretKey: string} {\n const variables: Variables = {}\n let secretKey = null\n if (!readFromSecret) return {variables, secretKey}\n for (const secretName in readFromSecret) {\n const keys = readFromSecret[secretName]\n if (!process.env[secretName]) {\n console.warn(\n `@orion/env could not find the secret \"${secretName}\" in the environment. Related variables will be undefined.`,\n )\n continue\n }\n\n try {\n const values = JSON.parse(process.env[secretName])\n if (values.ORION_ENV_SECRET_KEY) {\n secretKey = values.ORION_ENV_SECRET_KEY\n }\n for (const key of keys) {\n if (values[key]) {\n variables[key] = values[key]\n } else {\n console.warn(\n `@orion/env could not find the variable \"${key}\" in the secret \"${secretName}\". Related variables will be undefined.`,\n )\n }\n }\n } catch (error) {\n console.warn(\n `'@orion/env found a the secret \"${secretName}\" variable in the environment but it is not a valid JSON. Related variables will be undefined.'`,\n )\n }\n }\n return {variables, secretKey: secretKey}\n}\n\nexport function getVariables(config: Config, secretKey?: string): Variables {\n const {cleanKeys, encryptedKeys, readFromSecret} = config\n const {variables, secretKey: foundSecretKey} = readSecrets(readFromSecret)\n let decryptKey = foundSecretKey || secretKey\n if (!decryptKey) {\n throw new Error(\n 'Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not defined',\n )\n }\n\n for (const key in cleanKeys) {\n const value = cleanKeys[key]\n variables[key] = value\n }\n\n for (const key in encryptedKeys) {\n const encrypted = encryptedKeys[key]\n try {\n variables[key] = decrypt(decryptKey, encrypted)\n } catch (error) {\n throw new Error(\n `Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not the right key for \"${key}\"`,\n )\n }\n }\n return variables\n}\n","import {getVariables} from '../../environment/getVariables'\nimport {getConfig} from '../add/getConfig'\n\nexport default async function envRead({path, key, secret}) {\n if (!path) {\n path = '.env.local.yml'\n }\n if (!secret) {\n throw new Error('Secret is required')\n }\n\n const config = getConfig(path)\n const variables = getVariables(config, secret)\n\n if (key) {\n console.log(variables[key])\n } else {\n console.log(JSON.stringify(variables, null, 2))\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AACA,mBAAkB;AAClB,uBAAsB;;;ACFtB,IAAAA,eAAiB;;;ACAjB,qBAAe;AACf,uBAAiB;AAEV,SAAS,SAAS,UAAkB;AACzC,MAAI,CAAC,eAAAC,QAAG,WAAW,QAAQ,EAAG,QAAO;AAErC,SAAO,eAAAA,QAAG,aAAa,QAAQ,EAAE,SAAS;AAC5C;AAEO,SAAS,UAAUC,OAAc,SAAiB;AACvD,kBAAgBA,KAAI;AACpB,iBAAAD,QAAG,cAAcC,OAAM,OAAO;AAChC;AAEO,SAAS,gBAAgB,UAAU;AACxC,QAAM,UAAU,iBAAAA,QAAK,QAAQ,QAAQ;AACrC,MAAI,eAAAD,QAAG,WAAW,OAAO,EAAG,QAAO;AACnC,kBAAgB,OAAO;AACvB,iBAAAA,QAAG,UAAU,OAAO;AACtB;;;ACnBA,2BAAiB;;;ACKjB,SAAS,eAAe,GAAW;AACjC,MAAI,CAAC,mEAAmE,KAAK,CAAC,GAAG;AAC/E,UAAM,IAAI,UAAU,kBAAkB;AAAA,EACxC;AACF;AAEO,IAAM,aAAa,CAAC,MAAiC;AAC1D,MAAI,OAAO,MAAM,SAAU,OAAM,IAAI,UAAU,iBAAiB;AAChE,MAAI;AACJ,QAAM,IAAI,SAAS,mBAAmB,CAAC,CAAC;AACxC,QAAM,IAAI,IAAI,WAAW,EAAE,MAAM;AACjC,OAAK,IAAI,GAAG,IAAI,EAAE,QAAQ,IAAK,GAAE,CAAC,IAAI,EAAE,WAAW,CAAC;AACpD,SAAO;AACT;AAEO,IAAM,aAAa,CAAC,QAAwB;AACjD,MAAI;AACJ,QAAM,IAAI,CAAC;AACX,OAAK,IAAI,GAAG,IAAI,IAAI,QAAQ,IAAK,GAAE,KAAK,OAAO,aAAa,IAAI,CAAC,CAAC,CAAC;AACnE,SAAO,mBAAmB,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;AAC9C;AAEO,IAAM,eAAe,CAAC,QAAyB,OAAO,KAAK,GAAG,EAAE,SAAS,QAAQ;AAEjF,IAAM,eAAe,CAAC,MAAoC;AAC/D,iBAAe,CAAQ;AACvB,SAAO,IAAI,WAAW,MAAM,UAAU,MAAM,KAAK,OAAO,KAAK,GAAG,QAAQ,GAAG,CAAC,CAAC;AAC/E;;;AD7BA,IAAM,WAAW,MAAM,qBAAAE,QAAK,YAAY,qBAAAA,QAAK,IAAI,WAAW;AACrD,IAAM,kBAAkB,MAAM,qBAAAA,QAAK,IAAI,QAAQ;AAE/C,IAAM,UAAU,CAAC,YAAwB,YAAwB,YAAoB;AAC1F,QAAM,QAAQ,SAAS;AACvB,QAAM,eAAe,WAAW,OAAO;AACvC,QAAM,YAAY,qBAAAA,QAAK,IAAI,cAAc,OAAO,YAAY,UAAU;AAEtE,QAAM,cAAc,IAAI,WAAW,MAAM,SAAS,UAAU,MAAM;AAClE,cAAY,IAAI,KAAK;AACrB,cAAY,IAAI,WAAW,MAAM,MAAM;AAEvC,QAAM,oBAAoB,aAAa,WAAW;AAClD,SAAO;AACT;AAEO,IAAM,UAAU,CACrB,YACA,YACA,qBACG;AACH,QAAM,+BAA+B,aAAa,gBAAgB;AAClE,QAAM,QAAQ,6BAA6B,MAAM,GAAG,qBAAAA,QAAK,IAAI,WAAW;AACxE,QAAM,UAAU,6BAA6B,MAAM,qBAAAA,QAAK,IAAI,aAAa,iBAAiB,MAAM;AAEhG,QAAM,YAAY,qBAAAA,QAAK,IAAI,KAAK,SAAS,OAAO,YAAY,UAAU;AAEtE,MAAI,CAAC,WAAW;AACd,UAAM,IAAI,MAAM,2BAA2B;AAAA,EAC7C;AAEA,QAAM,yBAAyB,WAAW,SAAS;AACnD,SAAO;AACT;;;AEjCO,SAAS,eAAe;AAC7B,QAAM,EAAC,WAAW,UAAS,IAAI,gBAAgB;AAE/C,QAAM,gBAAgB,aAAa,SAAS;AAC5C,QAAM,gBAAgB,aAAa,SAAS;AAE5C,SAAO;AAAA,IACL,YAAY;AAAA,IACZ,YAAY;AAAA,EACd;AACF;AAMO,SAASC,SAAQ,YAAoB,SAAiB;AAC3D,QAAM,mBAAmB,aAAa,UAAU;AAChD,QAAM,WAAW,gBAAgB;AACjC,QAAM,YAAY,QAAa,SAAS,WAAW,kBAAkB,OAAO;AAC5E,QAAM,gBAAgB,aAAa,SAAS,SAAS;AACrD,SAAO,GAAG,aAAa,IAAI,SAAS;AACtC;AAKO,SAASC,SAAQ,YAAoB,WAAmB;AAC7D,QAAM,mBAAmB,aAAa,UAAU;AAChD,QAAM,CAAC,kBAAkB,gBAAgB,IAAI,UAAU,MAAM,GAAG;AAChE,QAAM,gBAAgB,aAAa,gBAAgB;AAEnD,SAAO,QAAa,kBAAkB,eAAe,gBAAgB;AACvE;;;ACjCO,IAAM,eAAe,CAAC,KAAa,OAAe,WAAmB;AAC1E,SAAO,cAAc,GAAG,IAAIC,SAAQ,OAAO,WAAW,KAAK;AAC7D;;;ACLA,kBAAiB;AAIV,IAAM,YAAY,CAAC,YAA4B;AACpD,QAAM,aAAa,SAAS,OAAO;AAEnC,MAAI,CAAC,YAAY;AACf,UAAM,IAAI,MAAM,kCAAkC,OAAO;AAAA,EAC3D;AAEA,SAAO,YAAAC,QAAK,MAAM,UAAU;AAC9B;;;ACZA,qBAAoB;AAGb,IAAM,YAAY,OAAO,QAAgB,SAA0C;AACxF,OAAI,6BAAM,SAAO,6BAAM,QAAO;AAC5B,WAAO,EAAC,KAAK,KAAK,KAAK,OAAO,KAAK,MAAK;AAAA,EAC1C;AAEA,QAAM,WAAW,UAAM,eAAAC,SAAQ;AAAA,IAC7B;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,KAAK,SAAS;AAAA,IACd,OAAO,SAAS;AAAA,EAClB;AACF;;;APnBA,IAAM,mBAAmB,CAAC,WAAgB;AACxC,MAAI,CAAC,OAAQ,QAAO,CAAC;AACrB,QAAM,SAAS,CAAC;AAChB,SAAO,KAAK,MAAM,EACf,KAAK,EACL,QAAQ,SAAO;AACd,WAAO,GAAG,IAAI,OAAO,GAAG;AAAA,EAC1B,CAAC;AACH,SAAO;AACT;AAEA,eAAO,OAA8B,EAAC,MAAAC,OAAM,KAAK,QAAQ,OAAO,SAAQ,GAAG;AACzE,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,SAAS,UAAUA,KAAI;AAC7B,QAAM,EAAC,KAAK,MAAK,IAAI,MAAM,UAAU,QAAQ,EAAC,KAAK,QAAQ,OAAO,SAAQ,CAAC;AAC3E,MAAI,CAAC,MAAO;AAEZ,eAAa,KAAK,OAAO,MAAM;AAG/B,SAAO,YAAY,iBAAiB,OAAO,SAAS;AACpD,SAAO,gBAAgB,iBAAiB,OAAO,aAAa;AAC5D,SAAO,iBAAiB,iBAAiB,OAAO,cAAc;AAE9D,QAAM,OAAO,aAAAC,QAAK,UAAU,MAAM;AAClC,YAAUD,OAAM,IAAI;AACtB;;;AQnCA,IAAAE,eAAiB;AAKjB,eAAO,QAA+B,EAAC,MAAAC,MAAI,GAAG;AAC5C,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,UAAU,aAAa;AAE7B,QAAM,UAAkB;AAAA,IACtB,SAAS;AAAA,IACT,WAAW,QAAQ;AAAA,IACnB,WAAW,CAAC;AAAA,IACZ,eAAe,CAAC;AAAA,IAChB,gBAAgB,CAAC;AAAA,EACnB;AAEA,QAAM,OAAO,aAAAC,QAAK,UAAU,OAAO;AAEnC,YAAUD,OAAM,IAAI;AAEpB,UAAQ,IAAI,EAAE;AAEd,UAAQ;AAAA,IACN;AAAA,EACF;AAEA,UAAQ,IAAI,EAAE;AAEd,UAAQ,IAAI,QAAQ,UAAU;AAE9B,UAAQ,IAAI,EAAE;AAChB;;;ACnCA,IAAAE,eAAiB;AAKjB,IAAAC,kBAAoB;AAWpB,eAAO,WAAkC,EAAC,MAAAC,OAAM,OAAM,GAAmB;AACvE,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,SAAS,UAAUA,KAAI;AAG7B,QAAM,gBAAgB,UAAW,MAAM,gBAAgB;AAGvD,QAAM,gBAAgB,eAAe,OAAO,eAAe,aAAa;AAGxE,QAAM,aAAa,aAAa;AAGhC,QAAM,mBAAmB,iBAAiB,eAAe,WAAW,UAAU;AAG9E,QAAM,gBAAwB;AAAA,IAC5B,GAAG;AAAA,IACH,WAAW,WAAW;AAAA,IACtB,eAAe;AAAA,EACjB;AAGA,QAAM,OAAO,aAAAC,QAAK,UAAU,aAAa;AACzC,YAAUD,OAAM,IAAI;AAEpB,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,oCAAoC;AAChD,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,sCAAsC;AAClD,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,WAAW,UAAU;AACjC,UAAQ,IAAI,EAAE;AAChB;AAEA,eAAe,kBAAmC;AAChD,QAAM,WAAW,UAAM,gBAAAE,SAAQ;AAAA,IAC7B,MAAM;AAAA,IACN,MAAM;AAAA,IACN,SAAS;AAAA,EACX,CAAC;AAED,MAAI,CAAC,SAAS,QAAQ;AACpB,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AAEA,SAAO,SAAS;AAClB;AAEA,SAAS,eACP,eACA,WACwB;AACxB,QAAM,YAAoC,CAAC;AAE3C,aAAW,OAAO,eAAe;AAC/B,QAAI;AACF,gBAAU,GAAG,IAAIC,SAAQ,WAAW,cAAc,GAAG,CAAC;AAAA,IACxD,SAAS,OAAO;AACd,YAAM,IAAI,MAAM,0BAA0B,GAAG,+BAA+B;AAAA,IAC9E;AAAA,EACF;AAEA,SAAO;AACT;AAEA,SAAS,iBACP,eACA,cACwB;AACxB,QAAM,YAAoC,CAAC;AAE3C,aAAW,OAAO,eAAe;AAC/B,cAAU,GAAG,IAAIC,SAAQ,cAAc,cAAc,GAAG,CAAC;AAAA,EAC3D;AAEA,SAAO;AACT;;;AC7EA,SAAS,YAAY,gBAA2D;AAC9E,QAAM,YAAuB,CAAC;AAC9B,MAAI,YAAY;AAChB,MAAI,CAAC,eAAgB,QAAO,EAAC,WAAW,UAAS;AACjD,aAAW,cAAc,gBAAgB;AACvC,UAAM,OAAO,eAAe,UAAU;AACtC,QAAI,CAAC,QAAQ,IAAI,UAAU,GAAG;AAC5B,cAAQ;AAAA,QACN,yCAAyC,UAAU;AAAA,MACrD;AACA;AAAA,IACF;AAEA,QAAI;AACF,YAAM,SAAS,KAAK,MAAM,QAAQ,IAAI,UAAU,CAAC;AACjD,UAAI,OAAO,sBAAsB;AAC/B,oBAAY,OAAO;AAAA,MACrB;AACA,iBAAW,OAAO,MAAM;AACtB,YAAI,OAAO,GAAG,GAAG;AACf,oBAAU,GAAG,IAAI,OAAO,GAAG;AAAA,QAC7B,OAAO;AACL,kBAAQ;AAAA,YACN,2CAA2C,GAAG,oBAAoB,UAAU;AAAA,UAC9E;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ;AAAA,QACN,mCAAmC,UAAU;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AACA,SAAO,EAAC,WAAW,UAAoB;AACzC;AAEO,SAAS,aAAa,QAAgB,WAA+B;AAC1E,QAAM,EAAC,WAAW,eAAe,eAAc,IAAI;AACnD,QAAM,EAAC,WAAW,WAAW,eAAc,IAAI,YAAY,cAAc;AACzE,MAAI,aAAa,kBAAkB;AACnC,MAAI,CAAC,YAAY;AACf,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,aAAW,OAAO,WAAW;AAC3B,UAAM,QAAQ,UAAU,GAAG;AAC3B,cAAU,GAAG,IAAI;AAAA,EACnB;AAEA,aAAW,OAAO,eAAe;AAC/B,UAAM,YAAY,cAAc,GAAG;AACnC,QAAI;AACF,gBAAU,GAAG,IAAIC,SAAQ,YAAY,SAAS;AAAA,IAChD,SAAS,OAAO;AACd,YAAM,IAAI;AAAA,QACR,iGAAiG,GAAG;AAAA,MACtG;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;;;AC/EA,eAAO,QAA+B,EAAC,MAAAC,OAAM,KAAK,OAAM,GAAG;AACzD,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AACA,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AAEA,QAAM,SAAS,UAAUA,KAAI;AAC7B,QAAM,YAAY,aAAa,QAAQ,MAAM;AAE7C,MAAI,KAAK;AACP,YAAQ,IAAI,UAAU,GAAG,CAAC;AAAA,EAC5B,OAAO;AACL,YAAQ,IAAI,KAAK,UAAU,WAAW,MAAM,CAAC,CAAC;AAAA,EAChD;AACF;;;AZXA,IAAM,UAAU,IAAI,yBAAQ;AAE5B,IAAM,MACJ,YACA,UAAU,SAAS;AACjB,MAAI;AACF,UAAM,OAAO,GAAG,IAAI;AAAA,EACtB,SAAS,GAAG;AACV,YAAQ,MAAM,aAAAC,QAAM,IAAI,UAAU,EAAE,OAAO,EAAE,CAAC;AAAA,EAChD;AACF;AAEF,QACG,QAAQ,MAAM,EACd,YAAY,kCAAkC,EAC9C,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,IAAI,OAAO,CAAC;AAEtB,QACG,QAAQ,KAAK,EACb,YAAY,kDAAkD,EAC9D,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,eAAe,8BAA8B,EACpD,OAAO,mBAAmB,gCAAgC,EAC1D,OAAO,IAAI,MAAM,CAAC;AAErB,QACG,QAAQ,MAAM,EACd,YAAY,+EAA+E,EAC3F,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,eAAe,uDAAuD,EAC7E,OAAO,qBAAqB,kCAAkC,EAC9D,OAAO,IAAI,OAAO,CAAC;AAEtB,QACG,QAAQ,SAAS,EACjB,YAAY,mEAAmE,EAC/E,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,qBAAqB,iDAAiD,EAC7E,OAAO,IAAI,UAAU,CAAC;AAEzB,QAAQ,MAAM,QAAQ,IAAI;AAE1B,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE,QAAQ;AACjC,UAAQ,WAAW;AACrB;","names":["import_yaml","fs","path","nacl","encrypt","decrypt","encrypt","YAML","prompts","path","YAML","import_yaml","path","YAML","import_yaml","import_prompts","path","YAML","prompts","decrypt","encrypt","decrypt","path","chalk"]}
package/dist-cli/index.js CHANGED
@@ -1,11 +1,29 @@
1
1
  #!/usr/bin/env node
2
2
 
3
3
  // src/cli/index.ts
4
- import { Command } from "commander";
5
4
  import chalk from "chalk";
5
+ import { Command } from "commander";
6
6
 
7
- // src/cli/init/index.ts
8
- import YAML from "yaml";
7
+ // src/cli/add/index.ts
8
+ import YAML2 from "yaml";
9
+
10
+ // src/files/index.ts
11
+ import fs from "node:fs";
12
+ import path from "node:path";
13
+ function readFile(filePath) {
14
+ if (!fs.existsSync(filePath)) return null;
15
+ return fs.readFileSync(filePath).toString();
16
+ }
17
+ function writeFile(path2, content) {
18
+ ensureDirectory(path2);
19
+ fs.writeFileSync(path2, content);
20
+ }
21
+ function ensureDirectory(filePath) {
22
+ const dirname = path.dirname(filePath);
23
+ if (fs.existsSync(dirname)) return true;
24
+ ensureDirectory(dirname);
25
+ fs.mkdirSync(dirname);
26
+ }
9
27
 
10
28
  // src/crypto/tweetnacl.ts
11
29
  import nacl from "tweetnacl-es6";
@@ -85,66 +103,27 @@ function decrypt2(decryptKey, encrypted) {
85
103
  return decrypt(decryptSecretKey, messagePubKey, encryptedMessage);
86
104
  }
87
105
 
88
- // src/files/index.ts
89
- import fs from "node:fs";
90
- import path from "node:path";
91
- function readFile(filePath) {
92
- if (!fs.existsSync(filePath)) return null;
93
- return fs.readFileSync(filePath).toString();
94
- }
95
- function writeFile(path2, content) {
96
- ensureDirectory(path2);
97
- fs.writeFileSync(path2, content);
98
- }
99
- function ensureDirectory(filePath) {
100
- const dirname = path.dirname(filePath);
101
- if (fs.existsSync(dirname)) return true;
102
- ensureDirectory(dirname);
103
- fs.mkdirSync(dirname);
104
- }
105
-
106
- // src/cli/init/index.ts
107
- async function envInit({ path: path2 }) {
108
- if (!path2) {
109
- path2 = ".env.local.yml";
110
- }
111
- const keypair = generateKeys();
112
- const envFile = {
113
- version: "1.0",
114
- publicKey: keypair.encryptKey,
115
- cleanKeys: {},
116
- encryptedKeys: {},
117
- readFromSecret: {}
118
- };
119
- const text = YAML.stringify(envFile);
120
- writeFile(path2, text);
121
- console.log("");
122
- console.log(
123
- `Environment file created. You need to use the following key to decrypt the environment variables:`
124
- );
125
- console.log("");
126
- console.log(keypair.decryptKey);
127
- console.log("");
128
- }
129
-
130
106
  // src/cli/add/encryptValue.ts
131
107
  var encryptValue = (key, value, config) => {
132
108
  config.encryptedKeys[key] = encrypt2(config.publicKey, value);
133
109
  };
134
110
 
135
111
  // src/cli/add/getConfig.ts
136
- import YAML2 from "yaml";
112
+ import YAML from "yaml";
137
113
  var getConfig = (envPath) => {
138
114
  const configFile = readFile(envPath);
139
115
  if (!configFile) {
140
116
  throw new Error("No config file found at path " + envPath);
141
117
  }
142
- return YAML2.parse(configFile);
118
+ return YAML.parse(configFile);
143
119
  };
144
120
 
145
121
  // src/cli/add/getParams.ts
146
122
  import prompts from "prompts";
147
- var getParams = async (config) => {
123
+ var getParams = async (config, opts) => {
124
+ if ((opts == null ? void 0 : opts.key) && (opts == null ? void 0 : opts.value)) {
125
+ return { key: opts.key, value: opts.value };
126
+ }
148
127
  const response = await prompts([
149
128
  {
150
129
  type: "text",
@@ -164,7 +143,6 @@ var getParams = async (config) => {
164
143
  };
165
144
 
166
145
  // src/cli/add/index.ts
167
- import YAML3 from "yaml";
168
146
  var sortObjectByKeys = (object) => {
169
147
  if (!object) return {};
170
148
  const sorted = {};
@@ -173,19 +151,101 @@ var sortObjectByKeys = (object) => {
173
151
  });
174
152
  return sorted;
175
153
  };
176
- async function envAdd({ path: path2 }) {
154
+ async function envAdd({ path: path2, key: optKey, value: optValue }) {
177
155
  if (!path2) {
178
156
  path2 = ".env.local.yml";
179
157
  }
180
158
  const config = getConfig(path2);
181
- const { key, value } = await getParams(config);
159
+ const { key, value } = await getParams(config, { key: optKey, value: optValue });
182
160
  if (!value) return;
183
161
  encryptValue(key, value, config);
184
162
  config.cleanKeys = sortObjectByKeys(config.cleanKeys);
185
163
  config.encryptedKeys = sortObjectByKeys(config.encryptedKeys);
186
164
  config.readFromSecret = sortObjectByKeys(config.readFromSecret);
187
- const text = YAML3.stringify(config);
165
+ const text = YAML2.stringify(config);
166
+ writeFile(path2, text);
167
+ }
168
+
169
+ // src/cli/init/index.ts
170
+ import YAML3 from "yaml";
171
+ async function envInit({ path: path2 }) {
172
+ if (!path2) {
173
+ path2 = ".env.local.yml";
174
+ }
175
+ const keypair = generateKeys();
176
+ const envFile = {
177
+ version: "1.0",
178
+ publicKey: keypair.encryptKey,
179
+ cleanKeys: {},
180
+ encryptedKeys: {},
181
+ readFromSecret: {}
182
+ };
183
+ const text = YAML3.stringify(envFile);
188
184
  writeFile(path2, text);
185
+ console.log("");
186
+ console.log(
187
+ `Environment file created. You need to use the following key to decrypt the environment variables:`
188
+ );
189
+ console.log("");
190
+ console.log(keypair.decryptKey);
191
+ console.log("");
192
+ }
193
+
194
+ // src/cli/migrate/index.ts
195
+ import YAML4 from "yaml";
196
+ import prompts2 from "prompts";
197
+ async function envMigrate({ path: path2, secret }) {
198
+ if (!path2) {
199
+ path2 = ".env.local.yml";
200
+ }
201
+ const config = getConfig(path2);
202
+ const currentSecret = secret ?? await promptForSecret();
203
+ const decryptedKeys = decryptAllKeys(config.encryptedKeys, currentSecret);
204
+ const newKeypair = generateKeys();
205
+ const newEncryptedKeys = reEncryptAllKeys(decryptedKeys, newKeypair.encryptKey);
206
+ const updatedConfig = {
207
+ ...config,
208
+ publicKey: newKeypair.encryptKey,
209
+ encryptedKeys: newEncryptedKeys
210
+ };
211
+ const text = YAML4.stringify(updatedConfig);
212
+ writeFile(path2, text);
213
+ console.log("");
214
+ console.log("Config file migrated successfully.");
215
+ console.log("");
216
+ console.log("New secret key (save this securely):");
217
+ console.log("");
218
+ console.log(newKeypair.decryptKey);
219
+ console.log("");
220
+ }
221
+ async function promptForSecret() {
222
+ const response = await prompts2({
223
+ type: "password",
224
+ name: "secret",
225
+ message: "Current secret key"
226
+ });
227
+ if (!response.secret) {
228
+ throw new Error("Secret is required");
229
+ }
230
+ return response.secret;
231
+ }
232
+ function decryptAllKeys(encryptedKeys, secretKey) {
233
+ const decrypted = {};
234
+ for (const key in encryptedKeys) {
235
+ try {
236
+ decrypted[key] = decrypt2(secretKey, encryptedKeys[key]);
237
+ } catch (error) {
238
+ throw new Error(`Failed to decrypt key "${key}". Is the secret key correct?`);
239
+ }
240
+ }
241
+ return decrypted;
242
+ }
243
+ function reEncryptAllKeys(decryptedKeys, newPublicKey) {
244
+ const encrypted = {};
245
+ for (const key in decryptedKeys) {
246
+ encrypted[key] = encrypt2(newPublicKey, decryptedKeys[key]);
247
+ }
248
+ return encrypted;
189
249
  }
190
250
 
191
251
  // src/environment/getVariables.ts
@@ -266,63 +326,6 @@ async function envRead({ path: path2, key, secret }) {
266
326
  }
267
327
  }
268
328
 
269
- // src/cli/migrate/index.ts
270
- import YAML4 from "yaml";
271
- import prompts2 from "prompts";
272
- async function envMigrate({ path: path2, secret }) {
273
- if (!path2) {
274
- path2 = ".env.local.yml";
275
- }
276
- const config = getConfig(path2);
277
- const currentSecret = secret ?? await promptForSecret();
278
- const decryptedKeys = decryptAllKeys(config.encryptedKeys, currentSecret);
279
- const newKeypair = generateKeys();
280
- const newEncryptedKeys = reEncryptAllKeys(decryptedKeys, newKeypair.encryptKey);
281
- const updatedConfig = {
282
- ...config,
283
- publicKey: newKeypair.encryptKey,
284
- encryptedKeys: newEncryptedKeys
285
- };
286
- const text = YAML4.stringify(updatedConfig);
287
- writeFile(path2, text);
288
- console.log("");
289
- console.log("Config file migrated successfully.");
290
- console.log("");
291
- console.log("New secret key (save this securely):");
292
- console.log("");
293
- console.log(newKeypair.decryptKey);
294
- console.log("");
295
- }
296
- async function promptForSecret() {
297
- const response = await prompts2({
298
- type: "password",
299
- name: "secret",
300
- message: "Current secret key"
301
- });
302
- if (!response.secret) {
303
- throw new Error("Secret is required");
304
- }
305
- return response.secret;
306
- }
307
- function decryptAllKeys(encryptedKeys, secretKey) {
308
- const decrypted = {};
309
- for (const key in encryptedKeys) {
310
- try {
311
- decrypted[key] = decrypt2(secretKey, encryptedKeys[key]);
312
- } catch (error) {
313
- throw new Error(`Failed to decrypt key "${key}". Is the secret key correct?`);
314
- }
315
- }
316
- return decrypted;
317
- }
318
- function reEncryptAllKeys(decryptedKeys, newPublicKey) {
319
- const encrypted = {};
320
- for (const key in decryptedKeys) {
321
- encrypted[key] = encrypt2(newPublicKey, decryptedKeys[key]);
322
- }
323
- return encrypted;
324
- }
325
-
326
329
  // src/cli/index.ts
327
330
  var program = new Command();
328
331
  var run = (action) => async (...args) => {
@@ -333,7 +336,7 @@ var run = (action) => async (...args) => {
333
336
  }
334
337
  };
335
338
  program.command("init").description("Creates a new encrypted env file").option("--path <path>", "Specify the env file name").action(run(envInit));
336
- program.command("add").description("Adds a new environment to the encrypted env file").option("--path <path>", "Specify the env file name").action(run(envAdd));
339
+ program.command("add").description("Adds a new environment to the encrypted env file").option("--path <path>", "Specify the env file name").option("--key <key>", "The environment variable key").option("--value <value>", "The environment variable value").action(run(envAdd));
337
340
  program.command("read").description("Prints the value of the env file in JSON or a specific variable in plain text").option("--path <path>", "Specify the env file name").option("--key <key>", "Prints the value of a specific variable in plain text").option("--secret <secret>", "The password to decrypt the keys").action(run(envRead));
338
341
  program.command("migrate").description("Migrates the config file to a new keypair, re-encrypting all keys").option("--path <path>", "Specify the env file name").option("--secret <secret>", "The current secret key to decrypt existing keys").action(run(envMigrate));
339
342
  program.parse(process.argv);
package/dist-cli/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/cli/index.ts","../src/cli/init/index.ts","../src/crypto/tweetnacl.ts","../src/crypto/util.ts","../src/crypto/index.ts","../src/files/index.ts","../src/cli/add/encryptValue.ts","../src/cli/add/getConfig.ts","../src/cli/add/getParams.ts","../src/cli/add/index.ts","../src/environment/getVariables.ts","../src/cli/read/index.ts","../src/cli/migrate/index.ts"],"sourcesContent":["#!/usr/bin/env node\nimport {Command} from 'commander'\nimport chalk from 'chalk'\nimport envInit from './init'\nimport envAdd from './add'\nimport envRead from './read'\nimport envMigrate from './migrate'\n\nconst program = new Command()\n\nconst run =\n action =>\n async (...args) => {\n try {\n await action(...args)\n } catch (e) {\n console.error(chalk.red(`Error: ${e.message}`))\n }\n }\n\nprogram\n .command('init')\n .description('Creates a new encrypted env file')\n .option('--path <path>', 'Specify the env file name')\n .action(run(envInit))\n\nprogram\n .command('add')\n .description('Adds a new environment to the encrypted env file')\n .option('--path <path>', 'Specify the env file name')\n .action(run(envAdd))\n\nprogram\n .command('read')\n .description('Prints the value of the env file in JSON or a specific variable in plain text')\n .option('--path <path>', 'Specify the env file name')\n .option('--key <key>', 'Prints the value of a specific variable in plain text')\n .option('--secret <secret>', 'The password to decrypt the keys')\n .action(run(envRead))\n\nprogram\n .command('migrate')\n .description('Migrates the config file to a new keypair, re-encrypting all keys')\n .option('--path <path>', 'Specify the env file name')\n .option('--secret <secret>', 'The current secret key to decrypt existing keys')\n .action(run(envMigrate))\n\nprogram.parse(process.argv)\n\nif (!process.argv.slice(2).length) {\n program.outputHelp()\n}\n","import YAML from 'yaml'\nimport {generateKeys} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\nimport {writeFile} from '../../files'\n\nexport default async function envInit({path}) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const keypair = generateKeys()\n\n const envFile: Config = {\n version: '1.0',\n publicKey: keypair.encryptKey,\n cleanKeys: {},\n encryptedKeys: {},\n readFromSecret: {},\n }\n\n const text = YAML.stringify(envFile)\n\n writeFile(path, text)\n\n console.log('')\n\n console.log(\n `Environment file created. You need to use the following key to decrypt the environment variables:`,\n )\n\n console.log('')\n\n console.log(keypair.decryptKey)\n\n console.log('')\n}\n","import nacl from 'tweetnacl-es6'\nimport {decodeUTF8, encodeUTF8, encodeBase64, decodeBase64} from './util'\n\nconst newNonce = () => nacl.randomBytes(nacl.box.nonceLength)\nexport const generateKeyPair = () => nacl.box.keyPair()\n\nexport const encrypt = (bSecretKey: Uint8Array, aPublicKey: Uint8Array, message: string) => {\n const nonce = newNonce()\n const messageUint8 = decodeUTF8(message)\n const encrypted = nacl.box(messageUint8, nonce, aPublicKey, bSecretKey)\n\n const fullMessage = new Uint8Array(nonce.length + encrypted.length)\n fullMessage.set(nonce)\n fullMessage.set(encrypted, nonce.length)\n\n const base64FullMessage = encodeBase64(fullMessage)\n return base64FullMessage\n}\n\nexport const decrypt = (\n aSecretKey: Uint8Array,\n bPublicKey: Uint8Array,\n messageWithNonce: string,\n) => {\n const messageWithNonceAsUint8Array = decodeBase64(messageWithNonce)\n const nonce = messageWithNonceAsUint8Array.slice(0, nacl.box.nonceLength)\n const message = messageWithNonceAsUint8Array.slice(nacl.box.nonceLength, messageWithNonce.length)\n\n const decrypted = nacl.box.open(message, nonce, bPublicKey, aSecretKey)\n\n if (!decrypted) {\n throw new Error('Could not decrypt message')\n }\n\n const base64DecryptedMessage = encodeUTF8(decrypted)\n return base64DecryptedMessage\n}\n","// Written in 2014-2016 by Dmitry Chestnykh and Devi Mandiri.\n// Public domain.\n\nimport {WithImplicitCoercion} from 'node:buffer'\n\nfunction validateBase64(s: string) {\n if (!/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/.test(s)) {\n throw new TypeError('invalid encoding')\n }\n}\n\nexport const decodeUTF8 = (s: string | number | boolean) => {\n if (typeof s !== 'string') throw new TypeError('expected string')\n let i: number\n const d = unescape(encodeURIComponent(s))\n const b = new Uint8Array(d.length)\n for (i = 0; i < d.length; i++) b[i] = d.charCodeAt(i)\n return b\n}\n\nexport const encodeUTF8 = (arr: string | any[]) => {\n let i: number\n const s = []\n for (i = 0; i < arr.length; i++) s.push(String.fromCharCode(arr[i]))\n return decodeURIComponent(escape(s.join('')))\n}\n\nexport const encodeBase64 = (arr: Uint8Array<any>) => Buffer.from(arr).toString('base64')\n\nexport const decodeBase64 = (s: WithImplicitCoercion<string>) => {\n validateBase64(s as any)\n return new Uint8Array(Array.prototype.slice.call(Buffer.from(s, 'base64'), 0))\n}\n","import {generateKeyPair, encrypt as tweetEncrypt, decrypt as tweetDecrypt} from './tweetnacl'\nimport {encodeBase64, decodeBase64} from './util'\n\nexport function generateKeys() {\n const {publicKey, secretKey} = generateKeyPair()\n\n const encryptKeyHex = encodeBase64(publicKey)\n const decryptKeyHex = encodeBase64(secretKey)\n\n return {\n encryptKey: encryptKeyHex,\n decryptKey: decryptKeyHex,\n }\n}\n\n/**\n * Creates a temporal keypair just to encrypt one message.\n * Saves the public key in the result so that the message can be decrypted.\n */\nexport function encrypt(encryptKey: string, message: string) {\n const encryptPublicKey = decodeBase64(encryptKey)\n const tempPair = generateKeyPair()\n const encrypted = tweetEncrypt(tempPair.secretKey, encryptPublicKey, message)\n const hexTempPublic = encodeBase64(tempPair.publicKey)\n return `${hexTempPublic}:${encrypted}`\n}\n\n/**\n * Ecrypts a message using the decrypt key\n */\nexport function decrypt(decryptKey: string, encrypted: string) {\n const decryptSecretKey = decodeBase64(decryptKey)\n const [messagePubKeyHex, encryptedMessage] = encrypted.split(':')\n const messagePubKey = decodeBase64(messagePubKeyHex)\n\n return tweetDecrypt(decryptSecretKey, messagePubKey, encryptedMessage)\n}\n","import fs from 'node:fs'\nimport path from 'node:path'\n\nexport function readFile(filePath: string) {\n if (!fs.existsSync(filePath)) return null\n\n return fs.readFileSync(filePath).toString()\n}\n\nexport function writeFile(path: string, content: string) {\n ensureDirectory(path)\n fs.writeFileSync(path, content)\n}\n\nexport function ensureDirectory(filePath) {\n const dirname = path.dirname(filePath)\n if (fs.existsSync(dirname)) return true\n ensureDirectory(dirname)\n fs.mkdirSync(dirname)\n}\n","import {encrypt} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\n\nexport const encryptValue = (key: string, value: string, config: Config) => {\n config.encryptedKeys[key] = encrypt(config.publicKey, value)\n}\n","import YAML from 'yaml'\nimport {Config} from '../../environment/getVariables'\nimport {readFile} from '../../files'\n\nexport const getConfig = (envPath: string): Config => {\n const configFile = readFile(envPath)\n\n if (!configFile) {\n throw new Error('No config file found at path ' + envPath)\n }\n\n return YAML.parse(configFile)\n}\n","import prompts from 'prompts'\nimport {Config} from '../../environment/getVariables'\n\nexport const getParams = async (config: Config) => {\n const response = await prompts([\n {\n type: 'text',\n name: 'key',\n message: 'Key',\n },\n {\n type: 'text',\n name: 'value',\n message: 'Value',\n },\n ])\n\n return {\n key: response.key as string,\n value: response.value as string,\n }\n}\n","import {encryptValue} from './encryptValue'\nimport {getConfig} from './getConfig'\nimport {getParams} from './getParams'\nimport YAML from 'yaml'\nimport {writeFile} from '../../files'\n\nconst sortObjectByKeys = (object: any) => {\n if (!object) return {}\n const sorted = {}\n Object.keys(object)\n .sort()\n .forEach(key => {\n sorted[key] = object[key]\n })\n return sorted\n}\n\nexport default async function envAdd({path}) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const config = getConfig(path)\n const {key, value} = await getParams(config)\n if (!value) return\n\n encryptValue(key, value, config)\n\n // sort keys alphabetically\n config.cleanKeys = sortObjectByKeys(config.cleanKeys)\n config.encryptedKeys = sortObjectByKeys(config.encryptedKeys)\n config.readFromSecret = sortObjectByKeys(config.readFromSecret)\n\n const text = YAML.stringify(config)\n writeFile(path, text)\n}\n","import {decrypt} from '../crypto'\n\nexport interface Config {\n version: string\n publicKey: string\n cleanKeys: {\n [key: string]: string\n }\n encryptedKeys: {\n [key: string]: string\n }\n readFromSecret?: {\n [key: string]: string[]\n }\n}\n\nexport interface Variables {\n [key: string]: string\n}\n\nfunction readSecrets(readFromSecret): {variables: Variables; secretKey: string} {\n const variables: Variables = {}\n let secretKey = null\n if (!readFromSecret) return {variables, secretKey}\n for (const secretName in readFromSecret) {\n const keys = readFromSecret[secretName]\n if (!process.env[secretName]) {\n console.warn(\n `@orion/env could not find the secret \"${secretName}\" in the environment. Related variables will be undefined.`,\n )\n continue\n }\n\n try {\n const values = JSON.parse(process.env[secretName])\n if (values.ORION_ENV_SECRET_KEY) {\n secretKey = values.ORION_ENV_SECRET_KEY\n }\n for (const key of keys) {\n if (values[key]) {\n variables[key] = values[key]\n } else {\n console.warn(\n `@orion/env could not find the variable \"${key}\" in the secret \"${secretName}\". Related variables will be undefined.`,\n )\n }\n }\n } catch (error) {\n console.warn(\n `'@orion/env found a the secret \"${secretName}\" variable in the environment but it is not a valid JSON. Related variables will be undefined.'`,\n )\n }\n }\n return {variables, secretKey: secretKey}\n}\n\nexport function getVariables(config: Config, secretKey?: string): Variables {\n const {cleanKeys, encryptedKeys, readFromSecret} = config\n const {variables, secretKey: foundSecretKey} = readSecrets(readFromSecret)\n let decryptKey = foundSecretKey || secretKey\n if (!decryptKey) {\n throw new Error(\n 'Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not defined',\n )\n }\n\n for (const key in cleanKeys) {\n const value = cleanKeys[key]\n variables[key] = value\n }\n\n for (const key in encryptedKeys) {\n const encrypted = encryptedKeys[key]\n try {\n variables[key] = decrypt(decryptKey, encrypted)\n } catch (error) {\n throw new Error(\n `Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not the right key for \"${key}\"`,\n )\n }\n }\n return variables\n}\n","import {getVariables} from '../../environment/getVariables'\nimport {getConfig} from '../add/getConfig'\n\nexport default async function envRead({path, key, secret}) {\n if (!path) {\n path = '.env.local.yml'\n }\n if (!secret) {\n throw new Error('Secret is required')\n }\n\n const config = getConfig(path)\n const variables = getVariables(config, secret)\n\n if (key) {\n console.log(variables[key])\n } else {\n console.log(JSON.stringify(variables, null, 2))\n }\n}\n","import YAML from 'yaml'\nimport {decrypt, encrypt, generateKeys} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\nimport {writeFile} from '../../files'\nimport {getConfig} from '../add/getConfig'\nimport prompts from 'prompts'\n\ninterface MigrateOptions {\n path?: string\n secret?: string\n}\n\n/**\n * Migrates an env config file to a new keypair.\n * Re-encrypts all encrypted keys with the new public key.\n */\nexport default async function envMigrate({path, secret}: MigrateOptions) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const config = getConfig(path)\n\n // Get the current secret key if not provided\n const currentSecret = secret ?? (await promptForSecret())\n\n // Decrypt all encrypted keys using the old secret\n const decryptedKeys = decryptAllKeys(config.encryptedKeys, currentSecret)\n\n // Generate a new keypair\n const newKeypair = generateKeys()\n\n // Re-encrypt all keys with the new public key\n const newEncryptedKeys = reEncryptAllKeys(decryptedKeys, newKeypair.encryptKey)\n\n // Create the updated config\n const updatedConfig: Config = {\n ...config,\n publicKey: newKeypair.encryptKey,\n encryptedKeys: newEncryptedKeys,\n }\n\n // Write the updated config file\n const text = YAML.stringify(updatedConfig)\n writeFile(path, text)\n\n console.log('')\n console.log('Config file migrated successfully.')\n console.log('')\n console.log('New secret key (save this securely):')\n console.log('')\n console.log(newKeypair.decryptKey)\n console.log('')\n}\n\nasync function promptForSecret(): Promise<string> {\n const response = await prompts({\n type: 'password',\n name: 'secret',\n message: 'Current secret key',\n })\n\n if (!response.secret) {\n throw new Error('Secret is required')\n }\n\n return response.secret as string\n}\n\nfunction decryptAllKeys(\n encryptedKeys: Record<string, string>,\n secretKey: string,\n): Record<string, string> {\n const decrypted: Record<string, string> = {}\n\n for (const key in encryptedKeys) {\n try {\n decrypted[key] = decrypt(secretKey, encryptedKeys[key])\n } catch (error) {\n throw new Error(`Failed to decrypt key \"${key}\". Is the secret key correct?`)\n }\n }\n\n return decrypted\n}\n\nfunction reEncryptAllKeys(\n decryptedKeys: Record<string, string>,\n newPublicKey: string,\n): Record<string, string> {\n const encrypted: Record<string, string> = {}\n\n for (const key in decryptedKeys) {\n encrypted[key] = encrypt(newPublicKey, decryptedKeys[key])\n }\n\n return encrypted\n}\n\n"],"mappings":";;;AACA,SAAQ,eAAc;AACtB,OAAO,WAAW;;;ACFlB,OAAO,UAAU;;;ACAjB,OAAO,UAAU;;;ACKjB,SAAS,eAAe,GAAW;AACjC,MAAI,CAAC,mEAAmE,KAAK,CAAC,GAAG;AAC/E,UAAM,IAAI,UAAU,kBAAkB;AAAA,EACxC;AACF;AAEO,IAAM,aAAa,CAAC,MAAiC;AAC1D,MAAI,OAAO,MAAM,SAAU,OAAM,IAAI,UAAU,iBAAiB;AAChE,MAAI;AACJ,QAAM,IAAI,SAAS,mBAAmB,CAAC,CAAC;AACxC,QAAM,IAAI,IAAI,WAAW,EAAE,MAAM;AACjC,OAAK,IAAI,GAAG,IAAI,EAAE,QAAQ,IAAK,GAAE,CAAC,IAAI,EAAE,WAAW,CAAC;AACpD,SAAO;AACT;AAEO,IAAM,aAAa,CAAC,QAAwB;AACjD,MAAI;AACJ,QAAM,IAAI,CAAC;AACX,OAAK,IAAI,GAAG,IAAI,IAAI,QAAQ,IAAK,GAAE,KAAK,OAAO,aAAa,IAAI,CAAC,CAAC,CAAC;AACnE,SAAO,mBAAmB,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;AAC9C;AAEO,IAAM,eAAe,CAAC,QAAyB,OAAO,KAAK,GAAG,EAAE,SAAS,QAAQ;AAEjF,IAAM,eAAe,CAAC,MAAoC;AAC/D,iBAAe,CAAQ;AACvB,SAAO,IAAI,WAAW,MAAM,UAAU,MAAM,KAAK,OAAO,KAAK,GAAG,QAAQ,GAAG,CAAC,CAAC;AAC/E;;;AD7BA,IAAM,WAAW,MAAM,KAAK,YAAY,KAAK,IAAI,WAAW;AACrD,IAAM,kBAAkB,MAAM,KAAK,IAAI,QAAQ;AAE/C,IAAM,UAAU,CAAC,YAAwB,YAAwB,YAAoB;AAC1F,QAAM,QAAQ,SAAS;AACvB,QAAM,eAAe,WAAW,OAAO;AACvC,QAAM,YAAY,KAAK,IAAI,cAAc,OAAO,YAAY,UAAU;AAEtE,QAAM,cAAc,IAAI,WAAW,MAAM,SAAS,UAAU,MAAM;AAClE,cAAY,IAAI,KAAK;AACrB,cAAY,IAAI,WAAW,MAAM,MAAM;AAEvC,QAAM,oBAAoB,aAAa,WAAW;AAClD,SAAO;AACT;AAEO,IAAM,UAAU,CACrB,YACA,YACA,qBACG;AACH,QAAM,+BAA+B,aAAa,gBAAgB;AAClE,QAAM,QAAQ,6BAA6B,MAAM,GAAG,KAAK,IAAI,WAAW;AACxE,QAAM,UAAU,6BAA6B,MAAM,KAAK,IAAI,aAAa,iBAAiB,MAAM;AAEhG,QAAM,YAAY,KAAK,IAAI,KAAK,SAAS,OAAO,YAAY,UAAU;AAEtE,MAAI,CAAC,WAAW;AACd,UAAM,IAAI,MAAM,2BAA2B;AAAA,EAC7C;AAEA,QAAM,yBAAyB,WAAW,SAAS;AACnD,SAAO;AACT;;;AEjCO,SAAS,eAAe;AAC7B,QAAM,EAAC,WAAW,UAAS,IAAI,gBAAgB;AAE/C,QAAM,gBAAgB,aAAa,SAAS;AAC5C,QAAM,gBAAgB,aAAa,SAAS;AAE5C,SAAO;AAAA,IACL,YAAY;AAAA,IACZ,YAAY;AAAA,EACd;AACF;AAMO,SAASA,SAAQ,YAAoB,SAAiB;AAC3D,QAAM,mBAAmB,aAAa,UAAU;AAChD,QAAM,WAAW,gBAAgB;AACjC,QAAM,YAAY,QAAa,SAAS,WAAW,kBAAkB,OAAO;AAC5E,QAAM,gBAAgB,aAAa,SAAS,SAAS;AACrD,SAAO,GAAG,aAAa,IAAI,SAAS;AACtC;AAKO,SAASC,SAAQ,YAAoB,WAAmB;AAC7D,QAAM,mBAAmB,aAAa,UAAU;AAChD,QAAM,CAAC,kBAAkB,gBAAgB,IAAI,UAAU,MAAM,GAAG;AAChE,QAAM,gBAAgB,aAAa,gBAAgB;AAEnD,SAAO,QAAa,kBAAkB,eAAe,gBAAgB;AACvE;;;ACpCA,OAAO,QAAQ;AACf,OAAO,UAAU;AAEV,SAAS,SAAS,UAAkB;AACzC,MAAI,CAAC,GAAG,WAAW,QAAQ,EAAG,QAAO;AAErC,SAAO,GAAG,aAAa,QAAQ,EAAE,SAAS;AAC5C;AAEO,SAAS,UAAUC,OAAc,SAAiB;AACvD,kBAAgBA,KAAI;AACpB,KAAG,cAAcA,OAAM,OAAO;AAChC;AAEO,SAAS,gBAAgB,UAAU;AACxC,QAAM,UAAU,KAAK,QAAQ,QAAQ;AACrC,MAAI,GAAG,WAAW,OAAO,EAAG,QAAO;AACnC,kBAAgB,OAAO;AACvB,KAAG,UAAU,OAAO;AACtB;;;AJdA,eAAO,QAA+B,EAAC,MAAAC,MAAI,GAAG;AAC5C,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,UAAU,aAAa;AAE7B,QAAM,UAAkB;AAAA,IACtB,SAAS;AAAA,IACT,WAAW,QAAQ;AAAA,IACnB,WAAW,CAAC;AAAA,IACZ,eAAe,CAAC;AAAA,IAChB,gBAAgB,CAAC;AAAA,EACnB;AAEA,QAAM,OAAO,KAAK,UAAU,OAAO;AAEnC,YAAUA,OAAM,IAAI;AAEpB,UAAQ,IAAI,EAAE;AAEd,UAAQ;AAAA,IACN;AAAA,EACF;AAEA,UAAQ,IAAI,EAAE;AAEd,UAAQ,IAAI,QAAQ,UAAU;AAE9B,UAAQ,IAAI,EAAE;AAChB;;;AKhCO,IAAM,eAAe,CAAC,KAAa,OAAe,WAAmB;AAC1E,SAAO,cAAc,GAAG,IAAIC,SAAQ,OAAO,WAAW,KAAK;AAC7D;;;ACLA,OAAOC,WAAU;AAIV,IAAM,YAAY,CAAC,YAA4B;AACpD,QAAM,aAAa,SAAS,OAAO;AAEnC,MAAI,CAAC,YAAY;AACf,UAAM,IAAI,MAAM,kCAAkC,OAAO;AAAA,EAC3D;AAEA,SAAOC,MAAK,MAAM,UAAU;AAC9B;;;ACZA,OAAO,aAAa;AAGb,IAAM,YAAY,OAAO,WAAmB;AACjD,QAAM,WAAW,MAAM,QAAQ;AAAA,IAC7B;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,KAAK,SAAS;AAAA,IACd,OAAO,SAAS;AAAA,EAClB;AACF;;;AClBA,OAAOC,WAAU;AAGjB,IAAM,mBAAmB,CAAC,WAAgB;AACxC,MAAI,CAAC,OAAQ,QAAO,CAAC;AACrB,QAAM,SAAS,CAAC;AAChB,SAAO,KAAK,MAAM,EACf,KAAK,EACL,QAAQ,SAAO;AACd,WAAO,GAAG,IAAI,OAAO,GAAG;AAAA,EAC1B,CAAC;AACH,SAAO;AACT;AAEA,eAAO,OAA8B,EAAC,MAAAC,MAAI,GAAG;AAC3C,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,SAAS,UAAUA,KAAI;AAC7B,QAAM,EAAC,KAAK,MAAK,IAAI,MAAM,UAAU,MAAM;AAC3C,MAAI,CAAC,MAAO;AAEZ,eAAa,KAAK,OAAO,MAAM;AAG/B,SAAO,YAAY,iBAAiB,OAAO,SAAS;AACpD,SAAO,gBAAgB,iBAAiB,OAAO,aAAa;AAC5D,SAAO,iBAAiB,iBAAiB,OAAO,cAAc;AAE9D,QAAM,OAAOC,MAAK,UAAU,MAAM;AAClC,YAAUD,OAAM,IAAI;AACtB;;;ACfA,SAAS,YAAY,gBAA2D;AAC9E,QAAM,YAAuB,CAAC;AAC9B,MAAI,YAAY;AAChB,MAAI,CAAC,eAAgB,QAAO,EAAC,WAAW,UAAS;AACjD,aAAW,cAAc,gBAAgB;AACvC,UAAM,OAAO,eAAe,UAAU;AACtC,QAAI,CAAC,QAAQ,IAAI,UAAU,GAAG;AAC5B,cAAQ;AAAA,QACN,yCAAyC,UAAU;AAAA,MACrD;AACA;AAAA,IACF;AAEA,QAAI;AACF,YAAM,SAAS,KAAK,MAAM,QAAQ,IAAI,UAAU,CAAC;AACjD,UAAI,OAAO,sBAAsB;AAC/B,oBAAY,OAAO;AAAA,MACrB;AACA,iBAAW,OAAO,MAAM;AACtB,YAAI,OAAO,GAAG,GAAG;AACf,oBAAU,GAAG,IAAI,OAAO,GAAG;AAAA,QAC7B,OAAO;AACL,kBAAQ;AAAA,YACN,2CAA2C,GAAG,oBAAoB,UAAU;AAAA,UAC9E;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ;AAAA,QACN,mCAAmC,UAAU;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AACA,SAAO,EAAC,WAAW,UAAoB;AACzC;AAEO,SAAS,aAAa,QAAgB,WAA+B;AAC1E,QAAM,EAAC,WAAW,eAAe,eAAc,IAAI;AACnD,QAAM,EAAC,WAAW,WAAW,eAAc,IAAI,YAAY,cAAc;AACzE,MAAI,aAAa,kBAAkB;AACnC,MAAI,CAAC,YAAY;AACf,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,aAAW,OAAO,WAAW;AAC3B,UAAM,QAAQ,UAAU,GAAG;AAC3B,cAAU,GAAG,IAAI;AAAA,EACnB;AAEA,aAAW,OAAO,eAAe;AAC/B,UAAM,YAAY,cAAc,GAAG;AACnC,QAAI;AACF,gBAAU,GAAG,IAAIE,SAAQ,YAAY,SAAS;AAAA,IAChD,SAAS,OAAO;AACd,YAAM,IAAI;AAAA,QACR,iGAAiG,GAAG;AAAA,MACtG;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;;;AC/EA,eAAO,QAA+B,EAAC,MAAAC,OAAM,KAAK,OAAM,GAAG;AACzD,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AACA,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AAEA,QAAM,SAAS,UAAUA,KAAI;AAC7B,QAAM,YAAY,aAAa,QAAQ,MAAM;AAE7C,MAAI,KAAK;AACP,YAAQ,IAAI,UAAU,GAAG,CAAC;AAAA,EAC5B,OAAO;AACL,YAAQ,IAAI,KAAK,UAAU,WAAW,MAAM,CAAC,CAAC;AAAA,EAChD;AACF;;;ACnBA,OAAOC,WAAU;AAKjB,OAAOC,cAAa;AAWpB,eAAO,WAAkC,EAAC,MAAAC,OAAM,OAAM,GAAmB;AACvE,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,SAAS,UAAUA,KAAI;AAG7B,QAAM,gBAAgB,UAAW,MAAM,gBAAgB;AAGvD,QAAM,gBAAgB,eAAe,OAAO,eAAe,aAAa;AAGxE,QAAM,aAAa,aAAa;AAGhC,QAAM,mBAAmB,iBAAiB,eAAe,WAAW,UAAU;AAG9E,QAAM,gBAAwB;AAAA,IAC5B,GAAG;AAAA,IACH,WAAW,WAAW;AAAA,IACtB,eAAe;AAAA,EACjB;AAGA,QAAM,OAAOC,MAAK,UAAU,aAAa;AACzC,YAAUD,OAAM,IAAI;AAEpB,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,oCAAoC;AAChD,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,sCAAsC;AAClD,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,WAAW,UAAU;AACjC,UAAQ,IAAI,EAAE;AAChB;AAEA,eAAe,kBAAmC;AAChD,QAAM,WAAW,MAAMD,SAAQ;AAAA,IAC7B,MAAM;AAAA,IACN,MAAM;AAAA,IACN,SAAS;AAAA,EACX,CAAC;AAED,MAAI,CAAC,SAAS,QAAQ;AACpB,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AAEA,SAAO,SAAS;AAClB;AAEA,SAAS,eACP,eACA,WACwB;AACxB,QAAM,YAAoC,CAAC;AAE3C,aAAW,OAAO,eAAe;AAC/B,QAAI;AACF,gBAAU,GAAG,IAAIG,SAAQ,WAAW,cAAc,GAAG,CAAC;AAAA,IACxD,SAAS,OAAO;AACd,YAAM,IAAI,MAAM,0BAA0B,GAAG,+BAA+B;AAAA,IAC9E;AAAA,EACF;AAEA,SAAO;AACT;AAEA,SAAS,iBACP,eACA,cACwB;AACxB,QAAM,YAAoC,CAAC;AAE3C,aAAW,OAAO,eAAe;AAC/B,cAAU,GAAG,IAAIC,SAAQ,cAAc,cAAc,GAAG,CAAC;AAAA,EAC3D;AAEA,SAAO;AACT;;;AZzFA,IAAM,UAAU,IAAI,QAAQ;AAE5B,IAAM,MACJ,YACA,UAAU,SAAS;AACjB,MAAI;AACF,UAAM,OAAO,GAAG,IAAI;AAAA,EACtB,SAAS,GAAG;AACV,YAAQ,MAAM,MAAM,IAAI,UAAU,EAAE,OAAO,EAAE,CAAC;AAAA,EAChD;AACF;AAEF,QACG,QAAQ,MAAM,EACd,YAAY,kCAAkC,EAC9C,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,IAAI,OAAO,CAAC;AAEtB,QACG,QAAQ,KAAK,EACb,YAAY,kDAAkD,EAC9D,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,IAAI,MAAM,CAAC;AAErB,QACG,QAAQ,MAAM,EACd,YAAY,+EAA+E,EAC3F,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,eAAe,uDAAuD,EAC7E,OAAO,qBAAqB,kCAAkC,EAC9D,OAAO,IAAI,OAAO,CAAC;AAEtB,QACG,QAAQ,SAAS,EACjB,YAAY,mEAAmE,EAC/E,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,qBAAqB,iDAAiD,EAC7E,OAAO,IAAI,UAAU,CAAC;AAEzB,QAAQ,MAAM,QAAQ,IAAI;AAE1B,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE,QAAQ;AACjC,UAAQ,WAAW;AACrB;","names":["encrypt","decrypt","path","path","encrypt","YAML","YAML","YAML","path","YAML","decrypt","path","YAML","prompts","path","YAML","decrypt","encrypt"]}
1
+ {"version":3,"sources":["../src/cli/index.ts","../src/cli/add/index.ts","../src/files/index.ts","../src/crypto/tweetnacl.ts","../src/crypto/util.ts","../src/crypto/index.ts","../src/cli/add/encryptValue.ts","../src/cli/add/getConfig.ts","../src/cli/add/getParams.ts","../src/cli/init/index.ts","../src/cli/migrate/index.ts","../src/environment/getVariables.ts","../src/cli/read/index.ts"],"sourcesContent":["#!/usr/bin/env node\nimport chalk from 'chalk'\nimport {Command} from 'commander'\nimport envAdd from './add'\nimport envInit from './init'\nimport envMigrate from './migrate'\nimport envRead from './read'\n\nconst program = new Command()\n\nconst run =\n action =>\n async (...args) => {\n try {\n await action(...args)\n } catch (e) {\n console.error(chalk.red(`Error: ${e.message}`))\n }\n }\n\nprogram\n .command('init')\n .description('Creates a new encrypted env file')\n .option('--path <path>', 'Specify the env file name')\n .action(run(envInit))\n\nprogram\n .command('add')\n .description('Adds a new environment to the encrypted env file')\n .option('--path <path>', 'Specify the env file name')\n .option('--key <key>', 'The environment variable key')\n .option('--value <value>', 'The environment variable value')\n .action(run(envAdd))\n\nprogram\n .command('read')\n .description('Prints the value of the env file in JSON or a specific variable in plain text')\n .option('--path <path>', 'Specify the env file name')\n .option('--key <key>', 'Prints the value of a specific variable in plain text')\n .option('--secret <secret>', 'The password to decrypt the keys')\n .action(run(envRead))\n\nprogram\n .command('migrate')\n .description('Migrates the config file to a new keypair, re-encrypting all keys')\n .option('--path <path>', 'Specify the env file name')\n .option('--secret <secret>', 'The current secret key to decrypt existing keys')\n .action(run(envMigrate))\n\nprogram.parse(process.argv)\n\nif (!process.argv.slice(2).length) {\n program.outputHelp()\n}\n","import YAML from 'yaml'\nimport {writeFile} from '../../files'\nimport {encryptValue} from './encryptValue'\nimport {getConfig} from './getConfig'\nimport {getParams} from './getParams'\n\nconst sortObjectByKeys = (object: any) => {\n if (!object) return {}\n const sorted = {}\n Object.keys(object)\n .sort()\n .forEach(key => {\n sorted[key] = object[key]\n })\n return sorted\n}\n\nexport default async function envAdd({path, key: optKey, value: optValue}) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const config = getConfig(path)\n const {key, value} = await getParams(config, {key: optKey, value: optValue})\n if (!value) return\n\n encryptValue(key, value, config)\n\n // sort keys alphabetically\n config.cleanKeys = sortObjectByKeys(config.cleanKeys)\n config.encryptedKeys = sortObjectByKeys(config.encryptedKeys)\n config.readFromSecret = sortObjectByKeys(config.readFromSecret)\n\n const text = YAML.stringify(config)\n writeFile(path, text)\n}\n","import fs from 'node:fs'\nimport path from 'node:path'\n\nexport function readFile(filePath: string) {\n if (!fs.existsSync(filePath)) return null\n\n return fs.readFileSync(filePath).toString()\n}\n\nexport function writeFile(path: string, content: string) {\n ensureDirectory(path)\n fs.writeFileSync(path, content)\n}\n\nexport function ensureDirectory(filePath) {\n const dirname = path.dirname(filePath)\n if (fs.existsSync(dirname)) return true\n ensureDirectory(dirname)\n fs.mkdirSync(dirname)\n}\n","import nacl from 'tweetnacl-es6'\nimport {decodeUTF8, encodeUTF8, encodeBase64, decodeBase64} from './util'\n\nconst newNonce = () => nacl.randomBytes(nacl.box.nonceLength)\nexport const generateKeyPair = () => nacl.box.keyPair()\n\nexport const encrypt = (bSecretKey: Uint8Array, aPublicKey: Uint8Array, message: string) => {\n const nonce = newNonce()\n const messageUint8 = decodeUTF8(message)\n const encrypted = nacl.box(messageUint8, nonce, aPublicKey, bSecretKey)\n\n const fullMessage = new Uint8Array(nonce.length + encrypted.length)\n fullMessage.set(nonce)\n fullMessage.set(encrypted, nonce.length)\n\n const base64FullMessage = encodeBase64(fullMessage)\n return base64FullMessage\n}\n\nexport const decrypt = (\n aSecretKey: Uint8Array,\n bPublicKey: Uint8Array,\n messageWithNonce: string,\n) => {\n const messageWithNonceAsUint8Array = decodeBase64(messageWithNonce)\n const nonce = messageWithNonceAsUint8Array.slice(0, nacl.box.nonceLength)\n const message = messageWithNonceAsUint8Array.slice(nacl.box.nonceLength, messageWithNonce.length)\n\n const decrypted = nacl.box.open(message, nonce, bPublicKey, aSecretKey)\n\n if (!decrypted) {\n throw new Error('Could not decrypt message')\n }\n\n const base64DecryptedMessage = encodeUTF8(decrypted)\n return base64DecryptedMessage\n}\n","// Written in 2014-2016 by Dmitry Chestnykh and Devi Mandiri.\n// Public domain.\n\nimport {WithImplicitCoercion} from 'node:buffer'\n\nfunction validateBase64(s: string) {\n if (!/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/.test(s)) {\n throw new TypeError('invalid encoding')\n }\n}\n\nexport const decodeUTF8 = (s: string | number | boolean) => {\n if (typeof s !== 'string') throw new TypeError('expected string')\n let i: number\n const d = unescape(encodeURIComponent(s))\n const b = new Uint8Array(d.length)\n for (i = 0; i < d.length; i++) b[i] = d.charCodeAt(i)\n return b\n}\n\nexport const encodeUTF8 = (arr: string | any[]) => {\n let i: number\n const s = []\n for (i = 0; i < arr.length; i++) s.push(String.fromCharCode(arr[i]))\n return decodeURIComponent(escape(s.join('')))\n}\n\nexport const encodeBase64 = (arr: Uint8Array<any>) => Buffer.from(arr).toString('base64')\n\nexport const decodeBase64 = (s: WithImplicitCoercion<string>) => {\n validateBase64(s as any)\n return new Uint8Array(Array.prototype.slice.call(Buffer.from(s, 'base64'), 0))\n}\n","import {generateKeyPair, encrypt as tweetEncrypt, decrypt as tweetDecrypt} from './tweetnacl'\nimport {encodeBase64, decodeBase64} from './util'\n\nexport function generateKeys() {\n const {publicKey, secretKey} = generateKeyPair()\n\n const encryptKeyHex = encodeBase64(publicKey)\n const decryptKeyHex = encodeBase64(secretKey)\n\n return {\n encryptKey: encryptKeyHex,\n decryptKey: decryptKeyHex,\n }\n}\n\n/**\n * Creates a temporal keypair just to encrypt one message.\n * Saves the public key in the result so that the message can be decrypted.\n */\nexport function encrypt(encryptKey: string, message: string) {\n const encryptPublicKey = decodeBase64(encryptKey)\n const tempPair = generateKeyPair()\n const encrypted = tweetEncrypt(tempPair.secretKey, encryptPublicKey, message)\n const hexTempPublic = encodeBase64(tempPair.publicKey)\n return `${hexTempPublic}:${encrypted}`\n}\n\n/**\n * Ecrypts a message using the decrypt key\n */\nexport function decrypt(decryptKey: string, encrypted: string) {\n const decryptSecretKey = decodeBase64(decryptKey)\n const [messagePubKeyHex, encryptedMessage] = encrypted.split(':')\n const messagePubKey = decodeBase64(messagePubKeyHex)\n\n return tweetDecrypt(decryptSecretKey, messagePubKey, encryptedMessage)\n}\n","import {encrypt} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\n\nexport const encryptValue = (key: string, value: string, config: Config) => {\n config.encryptedKeys[key] = encrypt(config.publicKey, value)\n}\n","import YAML from 'yaml'\nimport {Config} from '../../environment/getVariables'\nimport {readFile} from '../../files'\n\nexport const getConfig = (envPath: string): Config => {\n const configFile = readFile(envPath)\n\n if (!configFile) {\n throw new Error('No config file found at path ' + envPath)\n }\n\n return YAML.parse(configFile)\n}\n","import prompts from 'prompts'\nimport {Config} from '../../environment/getVariables'\n\nexport const getParams = async (config: Config, opts?: {key?: string; value?: string}) => {\n if (opts?.key && opts?.value) {\n return {key: opts.key, value: opts.value}\n }\n\n const response = await prompts([\n {\n type: 'text',\n name: 'key',\n message: 'Key',\n },\n {\n type: 'text',\n name: 'value',\n message: 'Value',\n },\n ])\n\n return {\n key: response.key as string,\n value: response.value as string,\n }\n}\n","import YAML from 'yaml'\nimport {generateKeys} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\nimport {writeFile} from '../../files'\n\nexport default async function envInit({path}) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const keypair = generateKeys()\n\n const envFile: Config = {\n version: '1.0',\n publicKey: keypair.encryptKey,\n cleanKeys: {},\n encryptedKeys: {},\n readFromSecret: {},\n }\n\n const text = YAML.stringify(envFile)\n\n writeFile(path, text)\n\n console.log('')\n\n console.log(\n `Environment file created. You need to use the following key to decrypt the environment variables:`,\n )\n\n console.log('')\n\n console.log(keypair.decryptKey)\n\n console.log('')\n}\n","import YAML from 'yaml'\nimport {decrypt, encrypt, generateKeys} from '../../crypto'\nimport {Config} from '../../environment/getVariables'\nimport {writeFile} from '../../files'\nimport {getConfig} from '../add/getConfig'\nimport prompts from 'prompts'\n\ninterface MigrateOptions {\n path?: string\n secret?: string\n}\n\n/**\n * Migrates an env config file to a new keypair.\n * Re-encrypts all encrypted keys with the new public key.\n */\nexport default async function envMigrate({path, secret}: MigrateOptions) {\n if (!path) {\n path = '.env.local.yml'\n }\n\n const config = getConfig(path)\n\n // Get the current secret key if not provided\n const currentSecret = secret ?? (await promptForSecret())\n\n // Decrypt all encrypted keys using the old secret\n const decryptedKeys = decryptAllKeys(config.encryptedKeys, currentSecret)\n\n // Generate a new keypair\n const newKeypair = generateKeys()\n\n // Re-encrypt all keys with the new public key\n const newEncryptedKeys = reEncryptAllKeys(decryptedKeys, newKeypair.encryptKey)\n\n // Create the updated config\n const updatedConfig: Config = {\n ...config,\n publicKey: newKeypair.encryptKey,\n encryptedKeys: newEncryptedKeys,\n }\n\n // Write the updated config file\n const text = YAML.stringify(updatedConfig)\n writeFile(path, text)\n\n console.log('')\n console.log('Config file migrated successfully.')\n console.log('')\n console.log('New secret key (save this securely):')\n console.log('')\n console.log(newKeypair.decryptKey)\n console.log('')\n}\n\nasync function promptForSecret(): Promise<string> {\n const response = await prompts({\n type: 'password',\n name: 'secret',\n message: 'Current secret key',\n })\n\n if (!response.secret) {\n throw new Error('Secret is required')\n }\n\n return response.secret as string\n}\n\nfunction decryptAllKeys(\n encryptedKeys: Record<string, string>,\n secretKey: string,\n): Record<string, string> {\n const decrypted: Record<string, string> = {}\n\n for (const key in encryptedKeys) {\n try {\n decrypted[key] = decrypt(secretKey, encryptedKeys[key])\n } catch (error) {\n throw new Error(`Failed to decrypt key \"${key}\". Is the secret key correct?`)\n }\n }\n\n return decrypted\n}\n\nfunction reEncryptAllKeys(\n decryptedKeys: Record<string, string>,\n newPublicKey: string,\n): Record<string, string> {\n const encrypted: Record<string, string> = {}\n\n for (const key in decryptedKeys) {\n encrypted[key] = encrypt(newPublicKey, decryptedKeys[key])\n }\n\n return encrypted\n}\n\n","import {decrypt} from '../crypto'\n\nexport interface Config {\n version: string\n publicKey: string\n cleanKeys: {\n [key: string]: string\n }\n encryptedKeys: {\n [key: string]: string\n }\n readFromSecret?: {\n [key: string]: string[]\n }\n}\n\nexport interface Variables {\n [key: string]: string\n}\n\nfunction readSecrets(readFromSecret): {variables: Variables; secretKey: string} {\n const variables: Variables = {}\n let secretKey = null\n if (!readFromSecret) return {variables, secretKey}\n for (const secretName in readFromSecret) {\n const keys = readFromSecret[secretName]\n if (!process.env[secretName]) {\n console.warn(\n `@orion/env could not find the secret \"${secretName}\" in the environment. Related variables will be undefined.`,\n )\n continue\n }\n\n try {\n const values = JSON.parse(process.env[secretName])\n if (values.ORION_ENV_SECRET_KEY) {\n secretKey = values.ORION_ENV_SECRET_KEY\n }\n for (const key of keys) {\n if (values[key]) {\n variables[key] = values[key]\n } else {\n console.warn(\n `@orion/env could not find the variable \"${key}\" in the secret \"${secretName}\". Related variables will be undefined.`,\n )\n }\n }\n } catch (error) {\n console.warn(\n `'@orion/env found a the secret \"${secretName}\" variable in the environment but it is not a valid JSON. Related variables will be undefined.'`,\n )\n }\n }\n return {variables, secretKey: secretKey}\n}\n\nexport function getVariables(config: Config, secretKey?: string): Variables {\n const {cleanKeys, encryptedKeys, readFromSecret} = config\n const {variables, secretKey: foundSecretKey} = readSecrets(readFromSecret)\n let decryptKey = foundSecretKey || secretKey\n if (!decryptKey) {\n throw new Error(\n 'Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not defined',\n )\n }\n\n for (const key in cleanKeys) {\n const value = cleanKeys[key]\n variables[key] = value\n }\n\n for (const key in encryptedKeys) {\n const encrypted = encryptedKeys[key]\n try {\n variables[key] = decrypt(decryptKey, encrypted)\n } catch (error) {\n throw new Error(\n `Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not the right key for \"${key}\"`,\n )\n }\n }\n return variables\n}\n","import {getVariables} from '../../environment/getVariables'\nimport {getConfig} from '../add/getConfig'\n\nexport default async function envRead({path, key, secret}) {\n if (!path) {\n path = '.env.local.yml'\n }\n if (!secret) {\n throw new Error('Secret is required')\n }\n\n const config = getConfig(path)\n const variables = getVariables(config, secret)\n\n if (key) {\n console.log(variables[key])\n } else {\n console.log(JSON.stringify(variables, null, 2))\n }\n}\n"],"mappings":";;;AACA,OAAO,WAAW;AAClB,SAAQ,eAAc;;;ACFtB,OAAOA,WAAU;;;ACAjB,OAAO,QAAQ;AACf,OAAO,UAAU;AAEV,SAAS,SAAS,UAAkB;AACzC,MAAI,CAAC,GAAG,WAAW,QAAQ,EAAG,QAAO;AAErC,SAAO,GAAG,aAAa,QAAQ,EAAE,SAAS;AAC5C;AAEO,SAAS,UAAUC,OAAc,SAAiB;AACvD,kBAAgBA,KAAI;AACpB,KAAG,cAAcA,OAAM,OAAO;AAChC;AAEO,SAAS,gBAAgB,UAAU;AACxC,QAAM,UAAU,KAAK,QAAQ,QAAQ;AACrC,MAAI,GAAG,WAAW,OAAO,EAAG,QAAO;AACnC,kBAAgB,OAAO;AACvB,KAAG,UAAU,OAAO;AACtB;;;ACnBA,OAAO,UAAU;;;ACKjB,SAAS,eAAe,GAAW;AACjC,MAAI,CAAC,mEAAmE,KAAK,CAAC,GAAG;AAC/E,UAAM,IAAI,UAAU,kBAAkB;AAAA,EACxC;AACF;AAEO,IAAM,aAAa,CAAC,MAAiC;AAC1D,MAAI,OAAO,MAAM,SAAU,OAAM,IAAI,UAAU,iBAAiB;AAChE,MAAI;AACJ,QAAM,IAAI,SAAS,mBAAmB,CAAC,CAAC;AACxC,QAAM,IAAI,IAAI,WAAW,EAAE,MAAM;AACjC,OAAK,IAAI,GAAG,IAAI,EAAE,QAAQ,IAAK,GAAE,CAAC,IAAI,EAAE,WAAW,CAAC;AACpD,SAAO;AACT;AAEO,IAAM,aAAa,CAAC,QAAwB;AACjD,MAAI;AACJ,QAAM,IAAI,CAAC;AACX,OAAK,IAAI,GAAG,IAAI,IAAI,QAAQ,IAAK,GAAE,KAAK,OAAO,aAAa,IAAI,CAAC,CAAC,CAAC;AACnE,SAAO,mBAAmB,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;AAC9C;AAEO,IAAM,eAAe,CAAC,QAAyB,OAAO,KAAK,GAAG,EAAE,SAAS,QAAQ;AAEjF,IAAM,eAAe,CAAC,MAAoC;AAC/D,iBAAe,CAAQ;AACvB,SAAO,IAAI,WAAW,MAAM,UAAU,MAAM,KAAK,OAAO,KAAK,GAAG,QAAQ,GAAG,CAAC,CAAC;AAC/E;;;AD7BA,IAAM,WAAW,MAAM,KAAK,YAAY,KAAK,IAAI,WAAW;AACrD,IAAM,kBAAkB,MAAM,KAAK,IAAI,QAAQ;AAE/C,IAAM,UAAU,CAAC,YAAwB,YAAwB,YAAoB;AAC1F,QAAM,QAAQ,SAAS;AACvB,QAAM,eAAe,WAAW,OAAO;AACvC,QAAM,YAAY,KAAK,IAAI,cAAc,OAAO,YAAY,UAAU;AAEtE,QAAM,cAAc,IAAI,WAAW,MAAM,SAAS,UAAU,MAAM;AAClE,cAAY,IAAI,KAAK;AACrB,cAAY,IAAI,WAAW,MAAM,MAAM;AAEvC,QAAM,oBAAoB,aAAa,WAAW;AAClD,SAAO;AACT;AAEO,IAAM,UAAU,CACrB,YACA,YACA,qBACG;AACH,QAAM,+BAA+B,aAAa,gBAAgB;AAClE,QAAM,QAAQ,6BAA6B,MAAM,GAAG,KAAK,IAAI,WAAW;AACxE,QAAM,UAAU,6BAA6B,MAAM,KAAK,IAAI,aAAa,iBAAiB,MAAM;AAEhG,QAAM,YAAY,KAAK,IAAI,KAAK,SAAS,OAAO,YAAY,UAAU;AAEtE,MAAI,CAAC,WAAW;AACd,UAAM,IAAI,MAAM,2BAA2B;AAAA,EAC7C;AAEA,QAAM,yBAAyB,WAAW,SAAS;AACnD,SAAO;AACT;;;AEjCO,SAAS,eAAe;AAC7B,QAAM,EAAC,WAAW,UAAS,IAAI,gBAAgB;AAE/C,QAAM,gBAAgB,aAAa,SAAS;AAC5C,QAAM,gBAAgB,aAAa,SAAS;AAE5C,SAAO;AAAA,IACL,YAAY;AAAA,IACZ,YAAY;AAAA,EACd;AACF;AAMO,SAASC,SAAQ,YAAoB,SAAiB;AAC3D,QAAM,mBAAmB,aAAa,UAAU;AAChD,QAAM,WAAW,gBAAgB;AACjC,QAAM,YAAY,QAAa,SAAS,WAAW,kBAAkB,OAAO;AAC5E,QAAM,gBAAgB,aAAa,SAAS,SAAS;AACrD,SAAO,GAAG,aAAa,IAAI,SAAS;AACtC;AAKO,SAASC,SAAQ,YAAoB,WAAmB;AAC7D,QAAM,mBAAmB,aAAa,UAAU;AAChD,QAAM,CAAC,kBAAkB,gBAAgB,IAAI,UAAU,MAAM,GAAG;AAChE,QAAM,gBAAgB,aAAa,gBAAgB;AAEnD,SAAO,QAAa,kBAAkB,eAAe,gBAAgB;AACvE;;;ACjCO,IAAM,eAAe,CAAC,KAAa,OAAe,WAAmB;AAC1E,SAAO,cAAc,GAAG,IAAIC,SAAQ,OAAO,WAAW,KAAK;AAC7D;;;ACLA,OAAO,UAAU;AAIV,IAAM,YAAY,CAAC,YAA4B;AACpD,QAAM,aAAa,SAAS,OAAO;AAEnC,MAAI,CAAC,YAAY;AACf,UAAM,IAAI,MAAM,kCAAkC,OAAO;AAAA,EAC3D;AAEA,SAAO,KAAK,MAAM,UAAU;AAC9B;;;ACZA,OAAO,aAAa;AAGb,IAAM,YAAY,OAAO,QAAgB,SAA0C;AACxF,OAAI,6BAAM,SAAO,6BAAM,QAAO;AAC5B,WAAO,EAAC,KAAK,KAAK,KAAK,OAAO,KAAK,MAAK;AAAA,EAC1C;AAEA,QAAM,WAAW,MAAM,QAAQ;AAAA,IAC7B;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS;AAAA,IACX;AAAA,EACF,CAAC;AAED,SAAO;AAAA,IACL,KAAK,SAAS;AAAA,IACd,OAAO,SAAS;AAAA,EAClB;AACF;;;APnBA,IAAM,mBAAmB,CAAC,WAAgB;AACxC,MAAI,CAAC,OAAQ,QAAO,CAAC;AACrB,QAAM,SAAS,CAAC;AAChB,SAAO,KAAK,MAAM,EACf,KAAK,EACL,QAAQ,SAAO;AACd,WAAO,GAAG,IAAI,OAAO,GAAG;AAAA,EAC1B,CAAC;AACH,SAAO;AACT;AAEA,eAAO,OAA8B,EAAC,MAAAC,OAAM,KAAK,QAAQ,OAAO,SAAQ,GAAG;AACzE,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,SAAS,UAAUA,KAAI;AAC7B,QAAM,EAAC,KAAK,MAAK,IAAI,MAAM,UAAU,QAAQ,EAAC,KAAK,QAAQ,OAAO,SAAQ,CAAC;AAC3E,MAAI,CAAC,MAAO;AAEZ,eAAa,KAAK,OAAO,MAAM;AAG/B,SAAO,YAAY,iBAAiB,OAAO,SAAS;AACpD,SAAO,gBAAgB,iBAAiB,OAAO,aAAa;AAC5D,SAAO,iBAAiB,iBAAiB,OAAO,cAAc;AAE9D,QAAM,OAAOC,MAAK,UAAU,MAAM;AAClC,YAAUD,OAAM,IAAI;AACtB;;;AQnCA,OAAOE,WAAU;AAKjB,eAAO,QAA+B,EAAC,MAAAC,MAAI,GAAG;AAC5C,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,UAAU,aAAa;AAE7B,QAAM,UAAkB;AAAA,IACtB,SAAS;AAAA,IACT,WAAW,QAAQ;AAAA,IACnB,WAAW,CAAC;AAAA,IACZ,eAAe,CAAC;AAAA,IAChB,gBAAgB,CAAC;AAAA,EACnB;AAEA,QAAM,OAAOC,MAAK,UAAU,OAAO;AAEnC,YAAUD,OAAM,IAAI;AAEpB,UAAQ,IAAI,EAAE;AAEd,UAAQ;AAAA,IACN;AAAA,EACF;AAEA,UAAQ,IAAI,EAAE;AAEd,UAAQ,IAAI,QAAQ,UAAU;AAE9B,UAAQ,IAAI,EAAE;AAChB;;;ACnCA,OAAOE,WAAU;AAKjB,OAAOC,cAAa;AAWpB,eAAO,WAAkC,EAAC,MAAAC,OAAM,OAAM,GAAmB;AACvE,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AAEA,QAAM,SAAS,UAAUA,KAAI;AAG7B,QAAM,gBAAgB,UAAW,MAAM,gBAAgB;AAGvD,QAAM,gBAAgB,eAAe,OAAO,eAAe,aAAa;AAGxE,QAAM,aAAa,aAAa;AAGhC,QAAM,mBAAmB,iBAAiB,eAAe,WAAW,UAAU;AAG9E,QAAM,gBAAwB;AAAA,IAC5B,GAAG;AAAA,IACH,WAAW,WAAW;AAAA,IACtB,eAAe;AAAA,EACjB;AAGA,QAAM,OAAOC,MAAK,UAAU,aAAa;AACzC,YAAUD,OAAM,IAAI;AAEpB,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,oCAAoC;AAChD,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,sCAAsC;AAClD,UAAQ,IAAI,EAAE;AACd,UAAQ,IAAI,WAAW,UAAU;AACjC,UAAQ,IAAI,EAAE;AAChB;AAEA,eAAe,kBAAmC;AAChD,QAAM,WAAW,MAAMD,SAAQ;AAAA,IAC7B,MAAM;AAAA,IACN,MAAM;AAAA,IACN,SAAS;AAAA,EACX,CAAC;AAED,MAAI,CAAC,SAAS,QAAQ;AACpB,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AAEA,SAAO,SAAS;AAClB;AAEA,SAAS,eACP,eACA,WACwB;AACxB,QAAM,YAAoC,CAAC;AAE3C,aAAW,OAAO,eAAe;AAC/B,QAAI;AACF,gBAAU,GAAG,IAAIG,SAAQ,WAAW,cAAc,GAAG,CAAC;AAAA,IACxD,SAAS,OAAO;AACd,YAAM,IAAI,MAAM,0BAA0B,GAAG,+BAA+B;AAAA,IAC9E;AAAA,EACF;AAEA,SAAO;AACT;AAEA,SAAS,iBACP,eACA,cACwB;AACxB,QAAM,YAAoC,CAAC;AAE3C,aAAW,OAAO,eAAe;AAC/B,cAAU,GAAG,IAAIC,SAAQ,cAAc,cAAc,GAAG,CAAC;AAAA,EAC3D;AAEA,SAAO;AACT;;;AC7EA,SAAS,YAAY,gBAA2D;AAC9E,QAAM,YAAuB,CAAC;AAC9B,MAAI,YAAY;AAChB,MAAI,CAAC,eAAgB,QAAO,EAAC,WAAW,UAAS;AACjD,aAAW,cAAc,gBAAgB;AACvC,UAAM,OAAO,eAAe,UAAU;AACtC,QAAI,CAAC,QAAQ,IAAI,UAAU,GAAG;AAC5B,cAAQ;AAAA,QACN,yCAAyC,UAAU;AAAA,MACrD;AACA;AAAA,IACF;AAEA,QAAI;AACF,YAAM,SAAS,KAAK,MAAM,QAAQ,IAAI,UAAU,CAAC;AACjD,UAAI,OAAO,sBAAsB;AAC/B,oBAAY,OAAO;AAAA,MACrB;AACA,iBAAW,OAAO,MAAM;AACtB,YAAI,OAAO,GAAG,GAAG;AACf,oBAAU,GAAG,IAAI,OAAO,GAAG;AAAA,QAC7B,OAAO;AACL,kBAAQ;AAAA,YACN,2CAA2C,GAAG,oBAAoB,UAAU;AAAA,UAC9E;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ;AAAA,QACN,mCAAmC,UAAU;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AACA,SAAO,EAAC,WAAW,UAAoB;AACzC;AAEO,SAAS,aAAa,QAAgB,WAA+B;AAC1E,QAAM,EAAC,WAAW,eAAe,eAAc,IAAI;AACnD,QAAM,EAAC,WAAW,WAAW,eAAc,IAAI,YAAY,cAAc;AACzE,MAAI,aAAa,kBAAkB;AACnC,MAAI,CAAC,YAAY;AACf,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,aAAW,OAAO,WAAW;AAC3B,UAAM,QAAQ,UAAU,GAAG;AAC3B,cAAU,GAAG,IAAI;AAAA,EACnB;AAEA,aAAW,OAAO,eAAe;AAC/B,UAAM,YAAY,cAAc,GAAG;AACnC,QAAI;AACF,gBAAU,GAAG,IAAIC,SAAQ,YAAY,SAAS;AAAA,IAChD,SAAS,OAAO;AACd,YAAM,IAAI;AAAA,QACR,iGAAiG,GAAG;AAAA,MACtG;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;;;AC/EA,eAAO,QAA+B,EAAC,MAAAC,OAAM,KAAK,OAAM,GAAG;AACzD,MAAI,CAACA,OAAM;AACT,IAAAA,QAAO;AAAA,EACT;AACA,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,oBAAoB;AAAA,EACtC;AAEA,QAAM,SAAS,UAAUA,KAAI;AAC7B,QAAM,YAAY,aAAa,QAAQ,MAAM;AAE7C,MAAI,KAAK;AACP,YAAQ,IAAI,UAAU,GAAG,CAAC;AAAA,EAC5B,OAAO;AACL,YAAQ,IAAI,KAAK,UAAU,WAAW,MAAM,CAAC,CAAC;AAAA,EAChD;AACF;;;AZXA,IAAM,UAAU,IAAI,QAAQ;AAE5B,IAAM,MACJ,YACA,UAAU,SAAS;AACjB,MAAI;AACF,UAAM,OAAO,GAAG,IAAI;AAAA,EACtB,SAAS,GAAG;AACV,YAAQ,MAAM,MAAM,IAAI,UAAU,EAAE,OAAO,EAAE,CAAC;AAAA,EAChD;AACF;AAEF,QACG,QAAQ,MAAM,EACd,YAAY,kCAAkC,EAC9C,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,IAAI,OAAO,CAAC;AAEtB,QACG,QAAQ,KAAK,EACb,YAAY,kDAAkD,EAC9D,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,eAAe,8BAA8B,EACpD,OAAO,mBAAmB,gCAAgC,EAC1D,OAAO,IAAI,MAAM,CAAC;AAErB,QACG,QAAQ,MAAM,EACd,YAAY,+EAA+E,EAC3F,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,eAAe,uDAAuD,EAC7E,OAAO,qBAAqB,kCAAkC,EAC9D,OAAO,IAAI,OAAO,CAAC;AAEtB,QACG,QAAQ,SAAS,EACjB,YAAY,mEAAmE,EAC/E,OAAO,iBAAiB,2BAA2B,EACnD,OAAO,qBAAqB,iDAAiD,EAC7E,OAAO,IAAI,UAAU,CAAC;AAEzB,QAAQ,MAAM,QAAQ,IAAI;AAE1B,IAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE,QAAQ;AACjC,UAAQ,WAAW;AACrB;","names":["YAML","path","encrypt","decrypt","encrypt","path","YAML","YAML","path","YAML","YAML","prompts","path","YAML","decrypt","encrypt","decrypt","path"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@orion-js/env",
3
- "version": "4.2.0",
3
+ "version": "4.2.2",
4
4
  "main": "./dist/index.cjs",
5
5
  "author": "nicolaslopezj",
6
6
  "license": "MIT",