@replayio/app-building 1.16.0 → 1.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -1
- package/dist/secrets.d.ts +5 -0
- package/dist/secrets.js +40 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -77,7 +77,7 @@ exec-secrets NETLIFY_AUTH_TOKEN NETLIFY_ACCOUNT_SLUG -- netlify deploy --prod
|
|
|
77
77
|
|
|
78
78
|
The secrets server spawns the command with the requested secrets in its environment and **redacts all secret values** from the output.
|
|
79
79
|
|
|
80
|
-
The agent can also run `list-secrets` to see which secrets are available.
|
|
80
|
+
The agent can also run `list-secrets` to see which secrets are available, and `set-branch-secret` to store new branch-level secrets (e.g., `DATABASE_URL` created at deploy time). The server rejects values that have already appeared in logs.
|
|
81
81
|
|
|
82
82
|
## Exported API
|
|
83
83
|
|
|
@@ -149,9 +149,11 @@ The agent can also run `list-secrets` to see which secrets are available.
|
|
|
149
149
|
|
|
150
150
|
| Export | Description |
|
|
151
151
|
|---|---|
|
|
152
|
+
| `infisicalLogin(clientId, clientSecret)` | Log in via Universal Auth, returns a short-lived access token. |
|
|
152
153
|
| `getInfisicalConfig(envVars)` | Extract `InfisicalConfig` from env vars and log in. Requires `INFISICAL_CLIENT_ID`, `INFISICAL_CLIENT_SECRET`, `INFISICAL_PROJECT_ID`, `INFISICAL_ENVIRONMENT`. |
|
|
153
154
|
| `fetchGlobalSecrets(config)` | Fetch secrets from the `/global/` path. |
|
|
154
155
|
| `fetchBranchSecrets(config, branch)` | Fetch secrets from `/branches/<branch>/`. |
|
|
156
|
+
| `createBranchSecret(config, branch, name, value)` | Create or update a secret in `/branches/<branch>/`. |
|
|
155
157
|
| `fetchInfisicalSecrets(config, path)` | Raw fetch from any Infisical folder path. |
|
|
156
158
|
|
|
157
159
|
**Types:** `InfisicalConfig`
|
package/dist/secrets.d.ts
CHANGED
|
@@ -21,6 +21,11 @@ export declare function fetchGlobalSecrets(config: InfisicalConfig): Promise<Rec
|
|
|
21
21
|
* Fetch per-branch deployment secrets from `/branches/<branch>/`.
|
|
22
22
|
*/
|
|
23
23
|
export declare function fetchBranchSecrets(config: InfisicalConfig, branch: string): Promise<Record<string, string>>;
|
|
24
|
+
/**
|
|
25
|
+
* Create or update a branch secret in Infisical.
|
|
26
|
+
* Uses POST to create, falls back to PATCH if it already exists.
|
|
27
|
+
*/
|
|
28
|
+
export declare function createBranchSecret(config: InfisicalConfig, branch: string, name: string, value: string): Promise<void>;
|
|
24
29
|
/**
|
|
25
30
|
* Extract Infisical config from environment variables and log in.
|
|
26
31
|
* Reads INFISICAL_CLIENT_ID, INFISICAL_CLIENT_SECRET, INFISICAL_PROJECT_ID,
|
package/dist/secrets.js
CHANGED
|
@@ -59,6 +59,46 @@ export async function fetchGlobalSecrets(config) {
|
|
|
59
59
|
export async function fetchBranchSecrets(config, branch) {
|
|
60
60
|
return fetchInfisicalSecrets(config, `/branches/${branch}/`);
|
|
61
61
|
}
|
|
62
|
+
/**
|
|
63
|
+
* Create or update a branch secret in Infisical.
|
|
64
|
+
* Uses POST to create, falls back to PATCH if it already exists.
|
|
65
|
+
*/
|
|
66
|
+
export async function createBranchSecret(config, branch, name, value) {
|
|
67
|
+
const secretPath = `/branches/${branch}/`;
|
|
68
|
+
const url = `${INFISICAL_API_BASE}/api/v3/secrets/raw/${encodeURIComponent(name)}`;
|
|
69
|
+
const body = {
|
|
70
|
+
workspaceId: config.projectId,
|
|
71
|
+
environment: config.environment,
|
|
72
|
+
secretPath,
|
|
73
|
+
secretValue: value,
|
|
74
|
+
type: "shared",
|
|
75
|
+
};
|
|
76
|
+
const headers = {
|
|
77
|
+
Authorization: `Bearer ${config.token}`,
|
|
78
|
+
"Content-Type": "application/json",
|
|
79
|
+
};
|
|
80
|
+
const res = await fetch(url, {
|
|
81
|
+
method: "POST",
|
|
82
|
+
headers,
|
|
83
|
+
body: JSON.stringify(body),
|
|
84
|
+
});
|
|
85
|
+
if (res.ok)
|
|
86
|
+
return;
|
|
87
|
+
// If conflict (already exists), try PATCH to update
|
|
88
|
+
if (res.status === 400 || res.status === 409) {
|
|
89
|
+
const patchRes = await fetch(url, {
|
|
90
|
+
method: "PATCH",
|
|
91
|
+
headers,
|
|
92
|
+
body: JSON.stringify(body),
|
|
93
|
+
});
|
|
94
|
+
if (patchRes.ok)
|
|
95
|
+
return;
|
|
96
|
+
const text = await patchRes.text().catch(() => "");
|
|
97
|
+
throw new Error(`Infisical PATCH ${name} → ${patchRes.status}: ${text}`);
|
|
98
|
+
}
|
|
99
|
+
const text = await res.text().catch(() => "");
|
|
100
|
+
throw new Error(`Infisical POST ${name} → ${res.status}: ${text}`);
|
|
101
|
+
}
|
|
62
102
|
/**
|
|
63
103
|
* Extract Infisical config from environment variables and log in.
|
|
64
104
|
* Reads INFISICAL_CLIENT_ID, INFISICAL_CLIENT_SECRET, INFISICAL_PROJECT_ID,
|