@quarry-systems/drift-secrets-ssm 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +135 -0
- package/package.json +45 -0
- package/src/index.d.ts +41 -0
- package/src/index.js +157 -0
- package/src/index.js.map +1 -0
- package/src/plugin.manifest.d.ts +9 -0
- package/src/plugin.manifest.js +48 -0
- package/src/plugin.manifest.js.map +1 -0
package/README.md
ADDED
|
@@ -0,0 +1,135 @@
|
|
|
1
|
+
# @quarry-systems/mcg-secrets-ssm
|
|
2
|
+
|
|
3
|
+
 
|
|
4
|
+
|
|
5
|
+
AWS Systems Manager Parameter Store secrets adapter for MCG.
|
|
6
|
+
|
|
7
|
+
## Features
|
|
8
|
+
|
|
9
|
+
- **AWS SSM integration**: Read secrets from Parameter Store
|
|
10
|
+
- **Automatic decryption**: SecureString parameters are decrypted automatically
|
|
11
|
+
- **Caching**: Optional in-memory cache with TTL
|
|
12
|
+
- **Type-safe**: Full TypeScript support
|
|
13
|
+
- **Peer dependency**: AWS SDK is a peer dependency (you control the version)
|
|
14
|
+
|
|
15
|
+
## Installation
|
|
16
|
+
|
|
17
|
+
```bash
|
|
18
|
+
npm install @quarry-systems/mcg-secrets-ssm @aws-sdk/client-ssm
|
|
19
|
+
```
|
|
20
|
+
|
|
21
|
+
## Usage
|
|
22
|
+
|
|
23
|
+
```typescript
|
|
24
|
+
import { SSMClient } from '@aws-sdk/client-ssm';
|
|
25
|
+
import { createSSMSecretsAdapter } from '@quarry-systems/mcg-secrets-ssm';
|
|
26
|
+
|
|
27
|
+
// Create SSM client
|
|
28
|
+
const ssmClient = new SSMClient({ region: 'us-east-1' });
|
|
29
|
+
|
|
30
|
+
// Create adapter
|
|
31
|
+
const secrets = createSSMSecretsAdapter({
|
|
32
|
+
client: ssmClient,
|
|
33
|
+
prefix: '/myapp/', // Optional: prepend to all keys
|
|
34
|
+
cache: true, // Optional: enable caching
|
|
35
|
+
cacheTtlMs: 300000 // Optional: cache TTL (5 min)
|
|
36
|
+
});
|
|
37
|
+
|
|
38
|
+
// Read parameter
|
|
39
|
+
// Fetches from /myapp/database/password
|
|
40
|
+
const dbPassword = await secrets.get({ key: 'database/password' });
|
|
41
|
+
```
|
|
42
|
+
|
|
43
|
+
### Integration with MCG
|
|
44
|
+
|
|
45
|
+
```typescript
|
|
46
|
+
import { ManagedCyclicGraph } from '@quarry-systems/managed-cyclic-graph';
|
|
47
|
+
import { SSMClient } from '@aws-sdk/client-ssm';
|
|
48
|
+
import { createSSMSecretsAdapter } from '@quarry-systems/mcg-secrets-ssm';
|
|
49
|
+
|
|
50
|
+
// Create secrets adapter
|
|
51
|
+
const ssmClient = new SSMClient({ region: 'us-east-1' });
|
|
52
|
+
const secrets = createSSMSecretsAdapter({
|
|
53
|
+
client: ssmClient,
|
|
54
|
+
prefix: '/myapp/'
|
|
55
|
+
});
|
|
56
|
+
|
|
57
|
+
// Build graph with secrets plugin
|
|
58
|
+
const graph = new ManagedCyclicGraph()
|
|
59
|
+
.use({ services: { secrets } })
|
|
60
|
+
.node('fetchData', {
|
|
61
|
+
type: 'action',
|
|
62
|
+
action: async (ctx, services) => {
|
|
63
|
+
// Access secrets via services
|
|
64
|
+
const apiKey = await services.secrets.get({ key: 'api/key' });
|
|
65
|
+
|
|
66
|
+
const response = await fetch('https://api.example.com/data', {
|
|
67
|
+
headers: { 'Authorization': `Bearer ${apiKey}` }
|
|
68
|
+
});
|
|
69
|
+
|
|
70
|
+
return { data: await response.json() };
|
|
71
|
+
}
|
|
72
|
+
})
|
|
73
|
+
.build();
|
|
74
|
+
|
|
75
|
+
// Execute
|
|
76
|
+
await graph.run({ input: 'test' });
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
## Configuration
|
|
80
|
+
|
|
81
|
+
```typescript
|
|
82
|
+
interface SSMSecretsConfig {
|
|
83
|
+
/** AWS SSM client instance */
|
|
84
|
+
client: SSMClient;
|
|
85
|
+
|
|
86
|
+
/** Optional prefix to prepend to all parameter names */
|
|
87
|
+
prefix?: string;
|
|
88
|
+
|
|
89
|
+
/** Enable in-memory caching (default: false) */
|
|
90
|
+
cache?: boolean;
|
|
91
|
+
|
|
92
|
+
/** Cache TTL in milliseconds (default: 300000 = 5 min) */
|
|
93
|
+
cacheTtlMs?: number;
|
|
94
|
+
}
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
## AWS Permissions
|
|
98
|
+
|
|
99
|
+
The IAM role/user needs:
|
|
100
|
+
|
|
101
|
+
```json
|
|
102
|
+
{
|
|
103
|
+
"Version": "2012-10-17",
|
|
104
|
+
"Statement": [
|
|
105
|
+
{
|
|
106
|
+
"Effect": "Allow",
|
|
107
|
+
"Action": [
|
|
108
|
+
"ssm:GetParameter",
|
|
109
|
+
"ssm:GetParameters",
|
|
110
|
+
"ssm:DescribeParameters"
|
|
111
|
+
],
|
|
112
|
+
"Resource": "arn:aws:ssm:*:*:parameter/myapp/*"
|
|
113
|
+
},
|
|
114
|
+
{
|
|
115
|
+
"Effect": "Allow",
|
|
116
|
+
"Action": [
|
|
117
|
+
"kms:Decrypt"
|
|
118
|
+
],
|
|
119
|
+
"Resource": "arn:aws:kms:*:*:key/*"
|
|
120
|
+
}
|
|
121
|
+
]
|
|
122
|
+
}
|
|
123
|
+
```
|
|
124
|
+
|
|
125
|
+
## Testing
|
|
126
|
+
|
|
127
|
+
Tests use mocked SSM client:
|
|
128
|
+
|
|
129
|
+
```bash
|
|
130
|
+
npm test
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
## License
|
|
134
|
+
|
|
135
|
+
MIT
|
package/package.json
ADDED
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@quarry-systems/drift-secrets-ssm",
|
|
3
|
+
"version": "0.1.0",
|
|
4
|
+
"description": "AWS SSM Parameter Store secrets adapter for Drift",
|
|
5
|
+
"main": "./src/index.js",
|
|
6
|
+
"types": "./src/index.d.ts",
|
|
7
|
+
"scripts": {
|
|
8
|
+
"build": "tsc -p .",
|
|
9
|
+
"test": "vitest run",
|
|
10
|
+
"test:watch": "vitest"
|
|
11
|
+
},
|
|
12
|
+
"keywords": [
|
|
13
|
+
"drift",
|
|
14
|
+
"secrets",
|
|
15
|
+
"aws",
|
|
16
|
+
"ssm",
|
|
17
|
+
"parameter-store",
|
|
18
|
+
"backend",
|
|
19
|
+
"node"
|
|
20
|
+
],
|
|
21
|
+
"author": "Quarry Systems",
|
|
22
|
+
"license": "MIT",
|
|
23
|
+
"engines": {
|
|
24
|
+
"node": ">=18.0.0"
|
|
25
|
+
},
|
|
26
|
+
"browser": false,
|
|
27
|
+
"peerDependencies": {
|
|
28
|
+
"@aws-sdk/client-ssm": "^3.0.0"
|
|
29
|
+
},
|
|
30
|
+
"peerDependenciesMeta": {
|
|
31
|
+
"@aws-sdk/client-ssm": {
|
|
32
|
+
"optional": false
|
|
33
|
+
}
|
|
34
|
+
},
|
|
35
|
+
"devDependencies": {
|
|
36
|
+
"@aws-sdk/client-ssm": "^3.700.0",
|
|
37
|
+
"typescript": "^5.3.0",
|
|
38
|
+
"vitest": "^2.1.0"
|
|
39
|
+
},
|
|
40
|
+
"files": [
|
|
41
|
+
"dist",
|
|
42
|
+
"src"
|
|
43
|
+
],
|
|
44
|
+
"type": "commonjs"
|
|
45
|
+
}
|
package/src/index.d.ts
ADDED
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* MCG Secrets SSM Adapter
|
|
3
|
+
*
|
|
4
|
+
* AWS SSM Parameter Store secrets adapter for MCG.
|
|
5
|
+
* Requires @aws-sdk/client-ssm as a peer dependency.
|
|
6
|
+
*
|
|
7
|
+
* @packageDocumentation
|
|
8
|
+
*/
|
|
9
|
+
import type { SecretsAdapter } from '@quarry-systems/drift-contracts';
|
|
10
|
+
/**
|
|
11
|
+
* SSM adapter configuration
|
|
12
|
+
*/
|
|
13
|
+
export interface SSMSecretsConfig {
|
|
14
|
+
/** AWS region (defaults to AWS_REGION env var or us-east-1) */
|
|
15
|
+
region?: string;
|
|
16
|
+
/** Cache TTL in milliseconds (default: 5 minutes, 0 to disable) */
|
|
17
|
+
cacheTtlMs?: number;
|
|
18
|
+
}
|
|
19
|
+
/**
|
|
20
|
+
* AWS SSM Parameter Store secrets adapter.
|
|
21
|
+
*
|
|
22
|
+
* Resolves references in the format `ssm:/path/to/parameter`.
|
|
23
|
+
* Includes an in-memory cache to reduce SSM API calls.
|
|
24
|
+
*
|
|
25
|
+
* @example
|
|
26
|
+
* ```typescript
|
|
27
|
+
* import { ssmSecretsAdapter } from '@quarry-systems/mcg-secrets-ssm';
|
|
28
|
+
* import { createSecretsAdapter } from '@quarry-systems/mcg-secrets';
|
|
29
|
+
*
|
|
30
|
+
* const secrets = createSecretsAdapter()
|
|
31
|
+
* .use(ssmSecretsAdapter({ region: 'us-west-2' }));
|
|
32
|
+
*
|
|
33
|
+
* const dbPassword = await secrets.resolve('ssm:/prod/db/password');
|
|
34
|
+
* ```
|
|
35
|
+
*/
|
|
36
|
+
export declare function ssmSecretsAdapter(config?: SSMSecretsConfig): SecretsAdapter;
|
|
37
|
+
/**
|
|
38
|
+
* Clear the SSM cache (useful for testing)
|
|
39
|
+
*/
|
|
40
|
+
export declare function clearSSMCache(adapter: SecretsAdapter): void;
|
|
41
|
+
export type { SecretsAdapter, SecretRef } from '@quarry-systems/drift-contracts';
|
package/src/index.js
ADDED
|
@@ -0,0 +1,157 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* MCG Secrets SSM Adapter
|
|
4
|
+
*
|
|
5
|
+
* AWS SSM Parameter Store secrets adapter for MCG.
|
|
6
|
+
* Requires @aws-sdk/client-ssm as a peer dependency.
|
|
7
|
+
*
|
|
8
|
+
* @packageDocumentation
|
|
9
|
+
*/
|
|
10
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
11
|
+
exports.ssmSecretsAdapter = ssmSecretsAdapter;
|
|
12
|
+
exports.clearSSMCache = clearSSMCache;
|
|
13
|
+
const client_ssm_1 = require("@aws-sdk/client-ssm");
|
|
14
|
+
// ============================================================================
|
|
15
|
+
// SSM Adapter
|
|
16
|
+
// ============================================================================
|
|
17
|
+
/**
|
|
18
|
+
* AWS SSM Parameter Store secrets adapter.
|
|
19
|
+
*
|
|
20
|
+
* Resolves references in the format `ssm:/path/to/parameter`.
|
|
21
|
+
* Includes an in-memory cache to reduce SSM API calls.
|
|
22
|
+
*
|
|
23
|
+
* @example
|
|
24
|
+
* ```typescript
|
|
25
|
+
* import { ssmSecretsAdapter } from '@quarry-systems/mcg-secrets-ssm';
|
|
26
|
+
* import { createSecretsAdapter } from '@quarry-systems/mcg-secrets';
|
|
27
|
+
*
|
|
28
|
+
* const secrets = createSecretsAdapter()
|
|
29
|
+
* .use(ssmSecretsAdapter({ region: 'us-west-2' }));
|
|
30
|
+
*
|
|
31
|
+
* const dbPassword = await secrets.resolve('ssm:/prod/db/password');
|
|
32
|
+
* ```
|
|
33
|
+
*/
|
|
34
|
+
function ssmSecretsAdapter(config = {}) {
|
|
35
|
+
const region = config.region ?? process.env.AWS_REGION ?? 'us-east-1';
|
|
36
|
+
const cacheTtlMs = config.cacheTtlMs ?? 5 * 60 * 1000; // 5 minutes default
|
|
37
|
+
const client = new client_ssm_1.SSMClient({ region });
|
|
38
|
+
const cache = new Map();
|
|
39
|
+
function getCached(path) {
|
|
40
|
+
const entry = cache.get(path);
|
|
41
|
+
if (!entry)
|
|
42
|
+
return null; // not in cache
|
|
43
|
+
if (Date.now() > entry.expiresAt) {
|
|
44
|
+
cache.delete(path);
|
|
45
|
+
return null; // expired
|
|
46
|
+
}
|
|
47
|
+
return entry.value;
|
|
48
|
+
}
|
|
49
|
+
function setCache(path, value) {
|
|
50
|
+
if (cacheTtlMs <= 0)
|
|
51
|
+
return;
|
|
52
|
+
cache.set(path, {
|
|
53
|
+
value,
|
|
54
|
+
expiresAt: Date.now() + cacheTtlMs,
|
|
55
|
+
});
|
|
56
|
+
}
|
|
57
|
+
return {
|
|
58
|
+
name: 'ssm',
|
|
59
|
+
canResolve(ref) {
|
|
60
|
+
return ref.startsWith('ssm:');
|
|
61
|
+
},
|
|
62
|
+
async resolve(ref) {
|
|
63
|
+
if (!this.canResolve(ref))
|
|
64
|
+
return undefined;
|
|
65
|
+
const path = ref.slice(4); // Remove 'ssm:'
|
|
66
|
+
// Check cache first
|
|
67
|
+
const cached = getCached(path);
|
|
68
|
+
if (cached !== null)
|
|
69
|
+
return cached;
|
|
70
|
+
try {
|
|
71
|
+
const response = await client.send(new client_ssm_1.GetParameterCommand({
|
|
72
|
+
Name: path,
|
|
73
|
+
WithDecryption: true,
|
|
74
|
+
}));
|
|
75
|
+
const value = response.Parameter?.Value;
|
|
76
|
+
setCache(path, value);
|
|
77
|
+
return value;
|
|
78
|
+
}
|
|
79
|
+
catch (err) {
|
|
80
|
+
if (err instanceof Error && err.name === 'ParameterNotFound') {
|
|
81
|
+
setCache(path, undefined);
|
|
82
|
+
return undefined;
|
|
83
|
+
}
|
|
84
|
+
throw err;
|
|
85
|
+
}
|
|
86
|
+
},
|
|
87
|
+
async resolveMany(refs) {
|
|
88
|
+
const results = new Map();
|
|
89
|
+
const ssmRefs = refs.filter(r => this.canResolve(r));
|
|
90
|
+
if (ssmRefs.length === 0)
|
|
91
|
+
return results;
|
|
92
|
+
// Check cache and collect uncached paths
|
|
93
|
+
const uncachedRefs = [];
|
|
94
|
+
const uncachedPaths = [];
|
|
95
|
+
for (const ref of ssmRefs) {
|
|
96
|
+
const path = ref.slice(4);
|
|
97
|
+
const cached = getCached(path);
|
|
98
|
+
if (cached !== null) {
|
|
99
|
+
results.set(ref, cached);
|
|
100
|
+
}
|
|
101
|
+
else {
|
|
102
|
+
uncachedRefs.push(ref);
|
|
103
|
+
uncachedPaths.push(path);
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
if (uncachedPaths.length === 0)
|
|
107
|
+
return results;
|
|
108
|
+
// SSM GetParameters has a limit of 10 parameters per call
|
|
109
|
+
const BATCH_SIZE = 10;
|
|
110
|
+
for (let i = 0; i < uncachedPaths.length; i += BATCH_SIZE) {
|
|
111
|
+
const batchPaths = uncachedPaths.slice(i, i + BATCH_SIZE);
|
|
112
|
+
const batchRefs = uncachedRefs.slice(i, i + BATCH_SIZE);
|
|
113
|
+
try {
|
|
114
|
+
const response = await client.send(new client_ssm_1.GetParametersCommand({
|
|
115
|
+
Names: batchPaths,
|
|
116
|
+
WithDecryption: true,
|
|
117
|
+
}));
|
|
118
|
+
// Map found parameters
|
|
119
|
+
const foundPaths = new Set();
|
|
120
|
+
for (const param of response.Parameters ?? []) {
|
|
121
|
+
if (param.Name) {
|
|
122
|
+
foundPaths.add(param.Name);
|
|
123
|
+
const ref = `ssm:${param.Name}`;
|
|
124
|
+
results.set(ref, param.Value);
|
|
125
|
+
setCache(param.Name, param.Value);
|
|
126
|
+
}
|
|
127
|
+
}
|
|
128
|
+
// Mark not found as undefined
|
|
129
|
+
for (let j = 0; j < batchPaths.length; j++) {
|
|
130
|
+
const path = batchPaths[j];
|
|
131
|
+
if (!foundPaths.has(path)) {
|
|
132
|
+
results.set(batchRefs[j], undefined);
|
|
133
|
+
setCache(path, undefined);
|
|
134
|
+
}
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
catch (err) {
|
|
138
|
+
// On error, mark all in batch as undefined
|
|
139
|
+
for (const ref of batchRefs) {
|
|
140
|
+
results.set(ref, undefined);
|
|
141
|
+
}
|
|
142
|
+
throw err;
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
return results;
|
|
146
|
+
},
|
|
147
|
+
};
|
|
148
|
+
}
|
|
149
|
+
/**
|
|
150
|
+
* Clear the SSM cache (useful for testing)
|
|
151
|
+
*/
|
|
152
|
+
function clearSSMCache(adapter) {
|
|
153
|
+
// This is a no-op for the public interface
|
|
154
|
+
// The cache is internal to each adapter instance
|
|
155
|
+
// Users should create a new adapter if they need a fresh cache
|
|
156
|
+
}
|
|
157
|
+
//# sourceMappingURL=index.js.map
|
package/src/index.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../libs/drift/drift-plugins/mcg-secrets-ssm/src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AAsDH,8CA8HC;AAKD,sCAIC;AA3LD,oDAI6B;AA2B7B,+EAA+E;AAC/E,cAAc;AACd,+EAA+E;AAE/E;;;;;;;;;;;;;;;;GAgBG;AACH,SAAgB,iBAAiB,CAAC,SAA2B,EAAE;IAC7D,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW,CAAC;IACtE,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,oBAAoB;IAE3E,MAAM,MAAM,GAAG,IAAI,sBAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IACzC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAsB,CAAC;IAE5C,SAAS,SAAS,CAAC,IAAY;QAC7B,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC9B,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC,CAAC,eAAe;QACxC,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;YACjC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACnB,OAAO,IAAI,CAAC,CAAC,UAAU;QACzB,CAAC;QACD,OAAO,KAAK,CAAC,KAAK,CAAC;IACrB,CAAC;IAED,SAAS,QAAQ,CAAC,IAAY,EAAE,KAAyB;QACvD,IAAI,UAAU,IAAI,CAAC;YAAE,OAAO;QAC5B,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE;YACd,KAAK;YACL,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU;SACnC,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,IAAI,EAAE,KAAK;QAEX,UAAU,CAAC,GAAc;YACvB,OAAO,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAChC,CAAC;QAED,KAAK,CAAC,OAAO,CAAC,GAAc;YAC1B,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,OAAO,SAAS,CAAC;YAE5C,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB;YAE3C,oBAAoB;YACpB,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;YAC/B,IAAI,MAAM,KAAK,IAAI;gBAAE,OAAO,MAAM,CAAC;YAEnC,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,gCAAmB,CAAC;oBACzD,IAAI,EAAE,IAAI;oBACV,cAAc,EAAE,IAAI;iBACrB,CAAC,CAAC,CAAC;gBAEJ,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,EAAE,KAAK,CAAC;gBACxC,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;gBACtB,OAAO,KAAK,CAAC;YACf,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;oBAC7D,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;oBAC1B,OAAO,SAAS,CAAC;gBACnB,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,KAAK,CAAC,WAAW,CAAC,IAAiB;YACjC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAiC,CAAC;YACzD,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;YAErD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,OAAO,CAAC;YAEzC,yCAAyC;YACzC,MAAM,YAAY,GAAgB,EAAE,CAAC;YACrC,MAAM,aAAa,GAAa,EAAE,CAAC;YAEnC,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC1B,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC1B,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;gBAC/B,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;oBACpB,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;gBAC3B,CAAC;qBAAM,CAAC;oBACN,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBACvB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC3B,CAAC;YACH,CAAC;YAED,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,OAAO,CAAC;YAE/C,0DAA0D;YAC1D,MAAM,UAAU,GAAG,EAAE,CAAC;YAEtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,MAAM,EAAE,CAAC,IAAI,UAAU,EAAE,CAAC;gBAC1D,MAAM,UAAU,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,CAAC;gBAC1D,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,CAAC;gBAExD,IAAI,CAAC;oBACH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,iCAAoB,CAAC;wBAC1D,KAAK,EAAE,UAAU;wBACjB,cAAc,EAAE,IAAI;qBACrB,CAAC,CAAC,CAAC;oBAEJ,uBAAuB;oBACvB,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;oBACrC,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,UAAU,IAAI,EAAE,EAAE,CAAC;wBAC9C,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;4BACf,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;4BAC3B,MAAM,GAAG,GAAG,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;4BAChC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;4BAC9B,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;wBACpC,CAAC;oBACH,CAAC;oBAED,8BAA8B;oBAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;wBAC3C,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;wBAC3B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;4BAC1B,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;4BACrC,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;wBAC5B,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,OAAO,GAAY,EAAE,CAAC;oBACtB,2CAA2C;oBAC3C,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;wBAC5B,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;oBAC9B,CAAC;oBACD,MAAM,GAAG,CAAC;gBACZ,CAAC;YACH,CAAC;YAED,OAAO,OAAO,CAAC;QACjB,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa,CAAC,OAAuB;IACnD,2CAA2C;IAC3C,iDAAiD;IACjD,+DAA+D;AACjE,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Plugin Manifest for @quarry-systems/mcg-secrets-ssm
|
|
3
|
+
*
|
|
4
|
+
* This manifest declares the plugin's metadata, capabilities, and requirements.
|
|
5
|
+
* It enables future security policies, sandboxing, and hosted execution.
|
|
6
|
+
*/
|
|
7
|
+
import type { PluginManifest } from '@quarry-systems/drift-contracts';
|
|
8
|
+
export declare const manifest: PluginManifest;
|
|
9
|
+
export default manifest;
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Plugin Manifest for @quarry-systems/mcg-secrets-ssm
|
|
4
|
+
*
|
|
5
|
+
* This manifest declares the plugin's metadata, capabilities, and requirements.
|
|
6
|
+
* It enables future security policies, sandboxing, and hosted execution.
|
|
7
|
+
*/
|
|
8
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
+
exports.manifest = void 0;
|
|
10
|
+
exports.manifest = {
|
|
11
|
+
name: '@quarry-systems/mcg-secrets-ssm',
|
|
12
|
+
version: '0.6.0',
|
|
13
|
+
apiVersion: '1.0',
|
|
14
|
+
description: 'AWS Systems Manager Parameter Store secrets plugin for Managed Cyclic Graph (MCG)',
|
|
15
|
+
author: {
|
|
16
|
+
name: 'Quarry Systems',
|
|
17
|
+
email: 'support@quarrysystems.com',
|
|
18
|
+
},
|
|
19
|
+
license: 'ISC',
|
|
20
|
+
type: ['node'],
|
|
21
|
+
capabilities: {
|
|
22
|
+
network: true, // Makes AWS API calls
|
|
23
|
+
filesystem: false,
|
|
24
|
+
secrets: true, // Manages secrets from AWS SSM
|
|
25
|
+
subprocess: false,
|
|
26
|
+
},
|
|
27
|
+
nodes: [],
|
|
28
|
+
services: [
|
|
29
|
+
{
|
|
30
|
+
id: 'ssmSecrets',
|
|
31
|
+
name: 'SSM Secrets Service',
|
|
32
|
+
description: 'AWS Systems Manager Parameter Store integration',
|
|
33
|
+
},
|
|
34
|
+
],
|
|
35
|
+
peerDependencies: {
|
|
36
|
+
'@quarry-systems/drift-core': '^0.6.0',
|
|
37
|
+
'@quarry-systems/drift-contracts': '^0.6.0',
|
|
38
|
+
'@quarry-systems/mcg-secrets': '^0.6.0',
|
|
39
|
+
},
|
|
40
|
+
keywords: ['drift', 'mcg', 'managed-cyclic-graph', 'plugin', 'secrets', 'aws', 'ssm', 'parameter-store'],
|
|
41
|
+
repository: {
|
|
42
|
+
type: 'git',
|
|
43
|
+
url: 'https://github.com/quarry-systems/quarry-systems',
|
|
44
|
+
directory: 'libs/drift/drift-plugins/mcg-secrets-ssm',
|
|
45
|
+
},
|
|
46
|
+
};
|
|
47
|
+
exports.default = exports.manifest;
|
|
48
|
+
//# sourceMappingURL=plugin.manifest.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"plugin.manifest.js","sourceRoot":"","sources":["../../../../../../libs/drift/drift-plugins/mcg-secrets-ssm/src/plugin.manifest.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAIU,QAAA,QAAQ,GAAmB;IACtC,IAAI,EAAE,iCAAiC;IACvC,OAAO,EAAE,OAAO;IAChB,UAAU,EAAE,KAAK;IAEjB,WAAW,EAAE,mFAAmF;IAEhG,MAAM,EAAE;QACN,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,2BAA2B;KACnC;IAED,OAAO,EAAE,KAAK;IAEd,IAAI,EAAE,CAAC,MAAM,CAAC;IAEd,YAAY,EAAE;QACZ,OAAO,EAAE,IAAI,EAAO,sBAAsB;QAC1C,UAAU,EAAE,KAAK;QACjB,OAAO,EAAE,IAAI,EAAO,+BAA+B;QACnD,UAAU,EAAE,KAAK;KAClB;IAED,KAAK,EAAE,EAAE;IAET,QAAQ,EAAE;QACR;YACE,EAAE,EAAE,YAAY;YAChB,IAAI,EAAE,qBAAqB;YAC3B,WAAW,EAAE,iDAAiD;SAC/D;KACF;IAED,gBAAgB,EAAE;QAChB,4BAA4B,EAAE,QAAQ;QACtC,iCAAiC,EAAE,QAAQ;QAC3C,6BAA6B,EAAE,QAAQ;KACxC;IAED,QAAQ,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,CAAC;IAExG,UAAU,EAAE;QACV,IAAI,EAAE,KAAK;QACX,GAAG,EAAE,kDAAkD;QACvD,SAAS,EAAE,0CAA0C;KACtD;CACF,CAAC;AAEF,kBAAe,gBAAQ,CAAC"}
|