@saws/secrets 1.0.11 → 2.0.0-beta.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/.tsbuildinfo +1 -0
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +1 -0
- package/dist/secrets-manager.d.ts +41 -0
- package/dist/secrets-manager.d.ts.map +1 -0
- package/dist/secrets-manager.js +262 -0
- package/dist/secrets-manager.test.d.ts +2 -0
- package/dist/secrets-manager.test.d.ts.map +1 -0
- package/dist/secrets-manager.test.js +72 -0
- package/package.json +22 -21
- package/README.md +0 -122
- package/dist/src/SecretsManager.d.ts +0 -10
- package/dist/src/SecretsManager.js +0 -79
- package/dist/src/SecretsService.d.ts +0 -5
- package/dist/src/SecretsService.js +0 -29
- package/dist/tsconfig.tsbuildinfo +0 -1
package/README.md
DELETED
|
@@ -1,122 +0,0 @@
|
|
|
1
|
-
<div align='center'>
|
|
2
|
-
|
|
3
|
-
# Secrets
|
|
4
|
-
|
|
5
|
-
Service and library managing Secrets in AWS SSM Parameter store.
|
|
6
|
-
|
|
7
|
-
</div>
|
|
8
|
-
|
|
9
|
-
## Table of Contents
|
|
10
|
-
- [Installation](#installation)
|
|
11
|
-
- [Development](#development)
|
|
12
|
-
- [Deployment](#deployment)
|
|
13
|
-
- [Services](#services)
|
|
14
|
-
- [SecretsService](#secrets-service)
|
|
15
|
-
- [When used as a dependency](#when-used-as-a-dependency)
|
|
16
|
-
- [Libraries](#libraries)
|
|
17
|
-
- [SecretsManager](#secrets-manager)
|
|
18
|
-
- [Commands](#commands)
|
|
19
|
-
|
|
20
|
-
## Installation <a id='installation'>
|
|
21
|
-
|
|
22
|
-
From the command line run:
|
|
23
|
-
```bash
|
|
24
|
-
npm install @saws/secrets
|
|
25
|
-
```
|
|
26
|
-
|
|
27
|
-
Then add the [`SecretsService`](#secrets-service) to your `saws.js` file.
|
|
28
|
-
|
|
29
|
-
## Development <a id='development'>
|
|
30
|
-
|
|
31
|
-
When running your SAWS application in development, this service will store and retrieve local secrets out of a .gitignored file located at `.saws/.secrets`. This file is in the same format as a `.env` file.
|
|
32
|
-
|
|
33
|
-
## Deployment <a id='deployment'>
|
|
34
|
-
|
|
35
|
-
When you deploy a `SecretsService` it will not create any additional AWS resources for you. The way to set secrets in a specific stage would be to use the `@saws/cli` `secrets` command.
|
|
36
|
-
|
|
37
|
-
## Services <a id='services'>
|
|
38
|
-
|
|
39
|
-
`@saws/secrets` includes one service, `SecretsService`.
|
|
40
|
-
|
|
41
|
-
### `SecretsService` <a id='secrets-service'>
|
|
42
|
-
|
|
43
|
-
You can require the `SecretsService` and use it in your `saws.js` file like so:
|
|
44
|
-
```js
|
|
45
|
-
const { SecretsService } = require('@saws/secrets/secrets-service')
|
|
46
|
-
|
|
47
|
-
// will almost exclusively be used as a dependency to other services
|
|
48
|
-
const secrets = new SecretsService({
|
|
49
|
-
name: 'my-secrets',
|
|
50
|
-
})
|
|
51
|
-
```
|
|
52
|
-
|
|
53
|
-
The `SecretsService` constructor accepts the following options:
|
|
54
|
-
|
|
55
|
-
#### `name: string`
|
|
56
|
-
The name of your service. This should be unique across all of your services.
|
|
57
|
-
|
|
58
|
-
#### `dependencies: ServiceDefinition[]`
|
|
59
|
-
An array of all of the other services this service depends on. This will ensure that permissions, environment variables, and execution order are all set up.
|
|
60
|
-
|
|
61
|
-
## When used as a dependency <a id='when-used-as-a-dependency'>
|
|
62
|
-
|
|
63
|
-
When a `SecretsService` is used as a dependency, it will not attach any environment variables to the dependant service.
|
|
64
|
-
|
|
65
|
-
## Libraries <a id='libraries'>
|
|
66
|
-
|
|
67
|
-
`@saws/secrets` includes a `SecretsManager` class that can be used to get and set secrets in the current stage.
|
|
68
|
-
|
|
69
|
-
### `SecretsManager` <a id='secrets-manager'>
|
|
70
|
-
|
|
71
|
-
The `SecretsManager` class can be used as follows:
|
|
72
|
-
|
|
73
|
-
```ts
|
|
74
|
-
import { SecretsManager } from '@saws/secrets/secrets-manager'
|
|
75
|
-
|
|
76
|
-
const manager = new SecretsManager()
|
|
77
|
-
|
|
78
|
-
await manager.get('secret-name')
|
|
79
|
-
|
|
80
|
-
await manager.set('secret-name', 'value')
|
|
81
|
-
```
|
|
82
|
-
|
|
83
|
-
#### `get(name: string): Promise<string>`
|
|
84
|
-
This function will get a secret value from either your `.secrets` file when running locally, or from SSM Parameter Store when running in a production environment.
|
|
85
|
-
|
|
86
|
-
#### `set(name: string, value: string): Promise<void>`
|
|
87
|
-
This function will set a secret value either in your `.secrets` file when running locally, or to SSM Parameter Store when running in a production environment. The secret will be set as an encrypted string in Parameter Store.
|
|
88
|
-
|
|
89
|
-
## Commands <a id='commands'>
|
|
90
|
-
|
|
91
|
-
When you have a `SecretsService` in your `saw.js` config file, it will add the following commands to the `saws` cli command:
|
|
92
|
-
|
|
93
|
-
### `secrets`
|
|
94
|
-
|
|
95
|
-
The `saws secrets` command is used for managing secrets within the application. It requires a secret name and supports various operations such as setting and getting secrets.
|
|
96
|
-
|
|
97
|
-
#### Usage
|
|
98
|
-
|
|
99
|
-
```bash
|
|
100
|
-
saws secrets [options] <name>
|
|
101
|
-
```
|
|
102
|
-
**Arguments**
|
|
103
|
-
<name>: The name of the secret. This is a required argument.
|
|
104
|
-
|
|
105
|
-
**Options**
|
|
106
|
-
--stage <string>: Specifies the stage environment (e.g., local, dev, prod). Default is local.
|
|
107
|
-
--set <string>: Sets the secret to the specified value.
|
|
108
|
-
--get: Retrieves the current value of the secret.
|
|
109
|
-
|
|
110
|
-
**Examples**
|
|
111
|
-
|
|
112
|
-
Set a secret:
|
|
113
|
-
This command sets the value of mySecret in the prod stage to mySecretValue.
|
|
114
|
-
```bash
|
|
115
|
-
saws secrets --stage prod --set "mySecretValue" mySecret
|
|
116
|
-
```
|
|
117
|
-
|
|
118
|
-
Get a secret:
|
|
119
|
-
This command retrieves the value of mySecret in the dev stage.
|
|
120
|
-
```bash
|
|
121
|
-
saws secrets --stage dev --get mySecret
|
|
122
|
-
```
|
|
@@ -1,10 +0,0 @@
|
|
|
1
|
-
export interface SecretsManagerInterface {
|
|
2
|
-
get(name: string): Promise<string>;
|
|
3
|
-
set(name: string, value: string): Promise<void>;
|
|
4
|
-
}
|
|
5
|
-
export declare class SecretsManager implements SecretsManagerInterface {
|
|
6
|
-
manager: SecretsManagerInterface;
|
|
7
|
-
constructor(stage?: string);
|
|
8
|
-
get(name: string): Promise<string>;
|
|
9
|
-
set(name: string, value: string): Promise<void>;
|
|
10
|
-
}
|
|
@@ -1,79 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.SecretsManager = void 0;
|
|
4
|
-
const ssm_1 = require("@saws/aws/ssm");
|
|
5
|
-
const constants_1 = require("@saws/utils/constants");
|
|
6
|
-
const node_path_1 = require("node:path");
|
|
7
|
-
const fs_1 = require("fs");
|
|
8
|
-
let cache = {};
|
|
9
|
-
class LocalSecretsManager {
|
|
10
|
-
secretsFilePath = (0, node_path_1.resolve)(constants_1.SAWS_DIR, ".secrets");
|
|
11
|
-
async ensureSecretsFileExists() {
|
|
12
|
-
try {
|
|
13
|
-
await fs_1.promises.stat(this.secretsFilePath);
|
|
14
|
-
}
|
|
15
|
-
catch (err) {
|
|
16
|
-
await fs_1.promises.writeFile(this.secretsFilePath, "");
|
|
17
|
-
}
|
|
18
|
-
}
|
|
19
|
-
async fillCache() {
|
|
20
|
-
await this.ensureSecretsFileExists();
|
|
21
|
-
if (Object.keys(cache).length === 0) {
|
|
22
|
-
const secretsFile = await fs_1.promises.readFile(this.secretsFilePath, {
|
|
23
|
-
encoding: "utf-8",
|
|
24
|
-
});
|
|
25
|
-
cache = (await import("envfile")).parse(secretsFile);
|
|
26
|
-
}
|
|
27
|
-
}
|
|
28
|
-
async get(name) {
|
|
29
|
-
await this.fillCache();
|
|
30
|
-
if (cache[name] == null) {
|
|
31
|
-
const error = new Error("Missing");
|
|
32
|
-
error.name = "ParameterNotFound";
|
|
33
|
-
throw error;
|
|
34
|
-
}
|
|
35
|
-
return cache[name];
|
|
36
|
-
}
|
|
37
|
-
async set(name, value) {
|
|
38
|
-
await this.fillCache();
|
|
39
|
-
cache[name] = value;
|
|
40
|
-
await fs_1.promises.writeFile(this.secretsFilePath, (await import("envfile")).stringify(cache));
|
|
41
|
-
}
|
|
42
|
-
}
|
|
43
|
-
class ParameterStoreSecretsManager {
|
|
44
|
-
stage;
|
|
45
|
-
ssmClient;
|
|
46
|
-
constructor(stage) {
|
|
47
|
-
this.stage = stage ?? process.env.STAGE;
|
|
48
|
-
this.ssmClient = new ssm_1.SSM();
|
|
49
|
-
}
|
|
50
|
-
async get(name) {
|
|
51
|
-
if (cache[name] != null) {
|
|
52
|
-
return cache[name];
|
|
53
|
-
}
|
|
54
|
-
const value = await this.ssmClient.getParameter(`/${this.stage}/${name}`, true);
|
|
55
|
-
cache[name] = value;
|
|
56
|
-
return value;
|
|
57
|
-
}
|
|
58
|
-
async set(name, value) {
|
|
59
|
-
cache[name] = value;
|
|
60
|
-
await this.ssmClient.putParameter(`/${this.stage}/${name}`, value, true);
|
|
61
|
-
}
|
|
62
|
-
}
|
|
63
|
-
class SecretsManager {
|
|
64
|
-
manager;
|
|
65
|
-
constructor(stage = String(process.env.STAGE)) {
|
|
66
|
-
this.manager =
|
|
67
|
-
stage === "local"
|
|
68
|
-
? new LocalSecretsManager()
|
|
69
|
-
: new ParameterStoreSecretsManager(stage);
|
|
70
|
-
}
|
|
71
|
-
get(name) {
|
|
72
|
-
return this.manager.get(name);
|
|
73
|
-
}
|
|
74
|
-
set(name, value) {
|
|
75
|
-
return this.manager.set(name, value);
|
|
76
|
-
}
|
|
77
|
-
}
|
|
78
|
-
exports.SecretsManager = SecretsManager;
|
|
79
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiU2VjcmV0c01hbmFnZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvU2VjcmV0c01hbmFnZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsdUNBQW9DO0FBQ3BDLHFEQUFpRDtBQUNqRCx5Q0FBb0M7QUFDcEMsMkJBQW9DO0FBT3BDLElBQUksS0FBSyxHQUEyQixFQUFFLENBQUM7QUFFdkMsTUFBTSxtQkFBbUI7SUFDdkIsZUFBZSxHQUFHLElBQUEsbUJBQU8sRUFBQyxvQkFBUSxFQUFFLFVBQVUsQ0FBQyxDQUFDO0lBRWhELEtBQUssQ0FBQyx1QkFBdUI7UUFDM0IsSUFBSSxDQUFDO1lBQ0gsTUFBTSxhQUFFLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsQ0FBQztRQUN0QyxDQUFDO1FBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztZQUNiLE1BQU0sYUFBRSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsZUFBZSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQy9DLENBQUM7SUFDSCxDQUFDO0lBRUQsS0FBSyxDQUFDLFNBQVM7UUFDYixNQUFNLElBQUksQ0FBQyx1QkFBdUIsRUFBRSxDQUFDO1FBQ3JDLElBQUksTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDcEMsTUFBTSxXQUFXLEdBQUcsTUFBTSxhQUFFLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxlQUFlLEVBQUU7Z0JBQzFELFFBQVEsRUFBRSxPQUFPO2FBQ2xCLENBQUMsQ0FBQztZQUNILEtBQUssR0FBRyxDQUFDLE1BQU0sTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQ3ZELENBQUM7SUFDSCxDQUFDO0lBRUQsS0FBSyxDQUFDLEdBQUcsQ0FBQyxJQUFZO1FBQ3BCLE1BQU0sSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO1FBQ3ZCLElBQUksS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLElBQUksRUFBRSxDQUFDO1lBQ3hCLE1BQU0sS0FBSyxHQUFHLElBQUksS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQ25DLEtBQUssQ0FBQyxJQUFJLEdBQUcsbUJBQW1CLENBQUM7WUFDakMsTUFBTSxLQUFLLENBQUM7UUFDZCxDQUFDO1FBQ0QsT0FBTyxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDckIsQ0FBQztJQUVELEtBQUssQ0FBQyxHQUFHLENBQUMsSUFBWSxFQUFFLEtBQWE7UUFDbkMsTUFBTSxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7UUFDdkIsS0FBSyxDQUFDLElBQUksQ0FBQyxHQUFHLEtBQUssQ0FBQztRQUNwQixNQUFNLGFBQUUsQ0FBQyxTQUFTLENBQ2hCLElBQUksQ0FBQyxlQUFlLEVBQ3BCLENBQUMsTUFBTSxNQUFNLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLENBQzNDLENBQUM7SUFDSixDQUFDO0NBQ0Y7QUFFRCxNQUFNLDRCQUE0QjtJQUNoQyxLQUFLLENBQVM7SUFDZCxTQUFTLENBQU07SUFFZixZQUFZLEtBQWM7UUFDeEIsSUFBSSxDQUFDLEtBQUssR0FBRyxLQUFLLElBQUssT0FBTyxDQUFDLEdBQUcsQ0FBQyxLQUFnQixDQUFDO1FBQ3BELElBQUksQ0FBQyxTQUFTLEdBQUcsSUFBSSxTQUFHLEVBQUUsQ0FBQztJQUM3QixDQUFDO0lBRUQsS0FBSyxDQUFDLEdBQUcsQ0FBQyxJQUFZO1FBQ3BCLElBQUksS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLElBQUksRUFBRSxDQUFDO1lBQ3hCLE9BQU8sS0FBSyxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ3JCLENBQUM7UUFFRCxNQUFNLEtBQUssR0FBRyxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsWUFBWSxDQUM3QyxJQUFJLElBQUksQ0FBQyxLQUFLLElBQUksSUFBSSxFQUFFLEVBQ3hCLElBQUksQ0FDTCxDQUFDO1FBQ0YsS0FBSyxDQUFDLElBQUksQ0FBQyxHQUFHLEtBQUssQ0FBQztRQUNwQixPQUFPLEtBQUssQ0FBQztJQUNmLENBQUM7SUFFRCxLQUFLLENBQUMsR0FBRyxDQUFDLElBQVksRUFBRSxLQUFhO1FBQ25DLEtBQUssQ0FBQyxJQUFJLENBQUMsR0FBRyxLQUFLLENBQUM7UUFDcEIsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLFlBQVksQ0FBQyxJQUFJLElBQUksQ0FBQyxLQUFLLElBQUksSUFBSSxFQUFFLEVBQUUsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDO0lBQzNFLENBQUM7Q0FDRjtBQUVELE1BQWEsY0FBYztJQUN6QixPQUFPLENBQTBCO0lBRWpDLFlBQVksUUFBZ0IsTUFBTSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDO1FBQ25ELElBQUksQ0FBQyxPQUFPO1lBQ1YsS0FBSyxLQUFLLE9BQU87Z0JBQ2YsQ0FBQyxDQUFDLElBQUksbUJBQW1CLEVBQUU7Z0JBQzNCLENBQUMsQ0FBQyxJQUFJLDRCQUE0QixDQUFDLEtBQUssQ0FBQyxDQUFDO0lBQ2hELENBQUM7SUFFRCxHQUFHLENBQUMsSUFBWTtRQUNkLE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDaEMsQ0FBQztJQUVELEdBQUcsQ0FBQyxJQUFZLEVBQUUsS0FBYTtRQUM3QixPQUFPLElBQUksQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksRUFBRSxLQUFLLENBQUMsQ0FBQztJQUN2QyxDQUFDO0NBQ0Y7QUFqQkQsd0NBaUJDIn0=
|
|
@@ -1,29 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.SecretsService = void 0;
|
|
4
|
-
const core_1 = require("@saws/core");
|
|
5
|
-
const SecretsManager_1 = require("./SecretsManager");
|
|
6
|
-
const commander_1 = require("commander");
|
|
7
|
-
class SecretsService extends core_1.ServiceDefinition {
|
|
8
|
-
static getCommands() {
|
|
9
|
-
const command = new commander_1.Command("secrets")
|
|
10
|
-
.option("--stage <string>", "Stage")
|
|
11
|
-
.option("--set <string>", "Set a secret as value")
|
|
12
|
-
.option("--get", "Get a secret")
|
|
13
|
-
.argument("<string>", "The name of the secret")
|
|
14
|
-
.action(async (name, { stage = 'local', set, get }) => {
|
|
15
|
-
const secretsManager = new SecretsManager_1.SecretsManager(stage);
|
|
16
|
-
if (get) {
|
|
17
|
-
const secret = await secretsManager.get(name);
|
|
18
|
-
console.log(secret);
|
|
19
|
-
}
|
|
20
|
-
else {
|
|
21
|
-
await secretsManager.set(name, set);
|
|
22
|
-
console.log("Set secret");
|
|
23
|
-
}
|
|
24
|
-
});
|
|
25
|
-
return [command];
|
|
26
|
-
}
|
|
27
|
-
}
|
|
28
|
-
exports.SecretsService = SecretsService;
|
|
29
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiU2VjcmV0c1NlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvU2VjcmV0c1NlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEscUNBQStDO0FBQy9DLHFEQUFrRDtBQUNsRCx5Q0FBb0M7QUFFcEMsTUFBYSxjQUFlLFNBQVEsd0JBQWlCO0lBQ25ELE1BQU0sQ0FBQyxXQUFXO1FBQ2hCLE1BQU0sT0FBTyxHQUFHLElBQUksbUJBQU8sQ0FBQyxTQUFTLENBQUM7YUFDbkMsTUFBTSxDQUFDLGtCQUFrQixFQUFFLE9BQU8sQ0FBQzthQUNuQyxNQUFNLENBQUMsZ0JBQWdCLEVBQUUsdUJBQXVCLENBQUM7YUFDakQsTUFBTSxDQUFDLE9BQU8sRUFBRSxjQUFjLENBQUM7YUFDL0IsUUFBUSxDQUFDLFVBQVUsRUFBRSx3QkFBd0IsQ0FBQzthQUM5QyxNQUFNLENBQ0wsS0FBSyxFQUNILElBQVksRUFDWixFQUFFLEtBQUssR0FBRyxPQUFPLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBZ0QsRUFDM0UsRUFBRTtZQUNGLE1BQU0sY0FBYyxHQUFHLElBQUksK0JBQWMsQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUVqRCxJQUFJLEdBQUcsRUFBRSxDQUFDO2dCQUNSLE1BQU0sTUFBTSxHQUFHLE1BQU0sY0FBYyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsQ0FBQztnQkFDOUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUN0QixDQUFDO2lCQUFNLENBQUM7Z0JBQ04sTUFBTSxjQUFjLENBQUMsR0FBRyxDQUFDLElBQUksRUFBRSxHQUFHLENBQUMsQ0FBQztnQkFDcEMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxZQUFZLENBQUMsQ0FBQztZQUM1QixDQUFDO1FBQ0gsQ0FBQyxDQUNGLENBQUM7UUFFSixPQUFPLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDbkIsQ0FBQztDQUNGO0FBMUJELHdDQTBCQyJ9
|