@super-protocol/pki-sync-client 2.0.5 → 2.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +340 -0
- package/dist/sync-client.js +5 -10
- package/package.json +4 -3
package/README.md
ADDED
|
@@ -0,0 +1,340 @@
|
|
|
1
|
+
# PKI Sync Client
|
|
2
|
+
|
|
3
|
+
A secure client utility for synchronizing secrets from a PKI (Public Key Infrastructure) server with support for Trusted Execution Environments (TEE) including Intel TDX and AMD SEV-SNP.
|
|
4
|
+
|
|
5
|
+
## Features
|
|
6
|
+
|
|
7
|
+
- **Secure Secret Synchronization**: Fetch and save secrets from PKI servers with mutual TLS authentication
|
|
8
|
+
- **TEE Support**: Automatic detection and support for Intel TDX and AMD SEV-SNP environments
|
|
9
|
+
- **High Availability**: Automatic failover across multiple PKI servers
|
|
10
|
+
- **Certificate Management**: Optionally save client certificates for external use
|
|
11
|
+
- **Flexible Configuration**: YAML-based configuration for secrets and server endpoints
|
|
12
|
+
- **CLI & Programmatic API**: Use as a command-line tool or integrate into your application
|
|
13
|
+
|
|
14
|
+
## Installation
|
|
15
|
+
|
|
16
|
+
### As a CLI Tool
|
|
17
|
+
|
|
18
|
+
```bash
|
|
19
|
+
npm install -g @super-protocol/pki-sync-client
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
### As a Library
|
|
23
|
+
|
|
24
|
+
```bash
|
|
25
|
+
npm install @super-protocol/pki-sync-client
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
## Configuration
|
|
29
|
+
|
|
30
|
+
### Secrets Configuration File
|
|
31
|
+
|
|
32
|
+
Create a YAML file (e.g., `secrets.yaml`) that defines which secrets to sync and where to save them:
|
|
33
|
+
|
|
34
|
+
```yaml
|
|
35
|
+
secrets:
|
|
36
|
+
- secretName: database-password
|
|
37
|
+
saveTo: /etc/app/db-password.txt
|
|
38
|
+
- secretName: api-key
|
|
39
|
+
saveTo: /var/secrets/api-key.txt
|
|
40
|
+
- secretName: tls-certificate
|
|
41
|
+
saveTo: /etc/app/certs/server.crt
|
|
42
|
+
```
|
|
43
|
+
|
|
44
|
+
**Schema:**
|
|
45
|
+
- `secretName` (string, required): Name of the secret on the PKI server
|
|
46
|
+
- `saveTo` (string, required): Absolute path where the secret should be saved
|
|
47
|
+
|
|
48
|
+
### Swarm Environment File
|
|
49
|
+
|
|
50
|
+
Create a YAML file (e.g., `swarm-env.yaml`) that defines PKI server connection details:
|
|
51
|
+
|
|
52
|
+
```yaml
|
|
53
|
+
pki-authority:
|
|
54
|
+
networkID: my-network-id
|
|
55
|
+
caBundle: |
|
|
56
|
+
-----BEGIN CERTIFICATE-----
|
|
57
|
+
MIIDXTCCAkWgAwIBAgIJAKL0UG+mRkSvMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
|
|
58
|
+
... (certificate content) ...
|
|
59
|
+
-----END CERTIFICATE-----
|
|
60
|
+
servers:
|
|
61
|
+
- pki-server-1.example.com
|
|
62
|
+
- pki-server-2.example.com
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
**Schema:**
|
|
66
|
+
- `pki-authority.networkID` (string, required): Network identifier for PKI authentication
|
|
67
|
+
- `pki-authority.caBundle` (string, required): PEM-encoded CA certificate bundle for server verification
|
|
68
|
+
- `pki-authority.servers` (array of strings, required): List of PKI server addresses (with automatic failover)
|
|
69
|
+
|
|
70
|
+
## CLI Usage
|
|
71
|
+
|
|
72
|
+
### Basic Sync Command
|
|
73
|
+
|
|
74
|
+
```bash
|
|
75
|
+
pki-sync-client sync --config secrets.yaml --swarm-env swarm-env.yaml
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
### Complete Options
|
|
79
|
+
|
|
80
|
+
```bash
|
|
81
|
+
pki-sync-client sync [options]
|
|
82
|
+
```
|
|
83
|
+
|
|
84
|
+
#### Options
|
|
85
|
+
|
|
86
|
+
| Option | Alias | Type | Default | Description |
|
|
87
|
+
|--------|-------|------|---------|-------------|
|
|
88
|
+
| `--config` | `-c` | string | *required* | Path to secrets configuration file (YAML) |
|
|
89
|
+
| `--swarm-env` | | string | `/sp/swarm/swarm-env.yaml` | Path to swarm environment config (YAML) |
|
|
90
|
+
| `--own-challenge` | | string | `auto` | Authentication challenge type: `auto`, `tdx`, `sev`, or `untrusted` |
|
|
91
|
+
| `--verbose` | `-v` | boolean | `false` | Enable verbose logging output |
|
|
92
|
+
| `--disable-server-identity-check` | | boolean | `false` | Disable server identity verification (not recommended) |
|
|
93
|
+
| `--save-certs-to-dir` | | string | | Directory to save client certificates (`key.pem`, `ca.pem`, `cert.pem`) |
|
|
94
|
+
| `--save-certs-prefix` | | string | | Prefix for certificate filenames (e.g., `client` → `client_key.pem`) |
|
|
95
|
+
|
|
96
|
+
### Examples
|
|
97
|
+
|
|
98
|
+
**Simple sync with verbose output:**
|
|
99
|
+
```bash
|
|
100
|
+
pki-sync-client sync -c secrets.yaml -v
|
|
101
|
+
```
|
|
102
|
+
|
|
103
|
+
**Sync with custom swarm environment:**
|
|
104
|
+
```bash
|
|
105
|
+
pki-sync-client sync -c secrets.yaml --swarm-env /custom/path/swarm-env.yaml
|
|
106
|
+
```
|
|
107
|
+
|
|
108
|
+
**Sync and save client certificates:**
|
|
109
|
+
```bash
|
|
110
|
+
pki-sync-client sync -c secrets.yaml --save-certs-to-dir /etc/app/certs
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
**Sync with certificate prefix:**
|
|
114
|
+
```bash
|
|
115
|
+
pki-sync-client sync -c secrets.yaml \
|
|
116
|
+
--save-certs-to-dir /etc/app/certs \
|
|
117
|
+
--save-certs-prefix myapp
|
|
118
|
+
# Creates: myapp_key.pem, myapp_ca.pem, myapp_cert.pem
|
|
119
|
+
```
|
|
120
|
+
|
|
121
|
+
**Force specific challenge type:**
|
|
122
|
+
```bash
|
|
123
|
+
pki-sync-client sync -c secrets.yaml --own-challenge tdx
|
|
124
|
+
```
|
|
125
|
+
|
|
126
|
+
**Development/testing (untrusted mode):**
|
|
127
|
+
```bash
|
|
128
|
+
pki-sync-client sync -c secrets.yaml --own-challenge untrusted
|
|
129
|
+
```
|
|
130
|
+
|
|
131
|
+
## Programmatic API
|
|
132
|
+
|
|
133
|
+
### Basic Usage
|
|
134
|
+
|
|
135
|
+
```typescript
|
|
136
|
+
import { SyncClient, parseConfig, parseSwarmEnv } from '@super-protocol/pki-sync-client';
|
|
137
|
+
|
|
138
|
+
async function syncSecrets() {
|
|
139
|
+
// Parse configuration files
|
|
140
|
+
const config = parseConfig('./secrets.yaml');
|
|
141
|
+
const swarmEnv = parseSwarmEnv('./swarm-env.yaml');
|
|
142
|
+
|
|
143
|
+
// Create sync client
|
|
144
|
+
const client = new SyncClient({
|
|
145
|
+
servers: swarmEnv['pki-authority'].servers,
|
|
146
|
+
networkID: swarmEnv['pki-authority'].networkID,
|
|
147
|
+
caBundle: swarmEnv['pki-authority'].caBundle,
|
|
148
|
+
ownChallenge: 'auto',
|
|
149
|
+
verbose: true,
|
|
150
|
+
});
|
|
151
|
+
|
|
152
|
+
// Perform sync
|
|
153
|
+
await client.sync(config);
|
|
154
|
+
console.log('Secrets synced successfully');
|
|
155
|
+
}
|
|
156
|
+
|
|
157
|
+
syncSecrets().catch(console.error);
|
|
158
|
+
```
|
|
159
|
+
|
|
160
|
+
### Advanced Usage with Certificate Saving
|
|
161
|
+
|
|
162
|
+
```typescript
|
|
163
|
+
import { SyncClient, SyncConfig } from '@super-protocol/pki-sync-client';
|
|
164
|
+
|
|
165
|
+
const client = new SyncClient({
|
|
166
|
+
servers: ['pki1.example.com', 'pki2.example.com'],
|
|
167
|
+
networkID: 'my-network',
|
|
168
|
+
caBundle: fs.readFileSync('./ca-bundle.pem', 'utf-8'),
|
|
169
|
+
ownChallenge: 'tdx',
|
|
170
|
+
verbose: true,
|
|
171
|
+
disableServerIdentityCheck: false,
|
|
172
|
+
saveCertsToDir: '/etc/app/certs',
|
|
173
|
+
saveCertsPrefix: 'myapp',
|
|
174
|
+
});
|
|
175
|
+
|
|
176
|
+
const config: SyncConfig = {
|
|
177
|
+
secrets: [
|
|
178
|
+
{ secretName: 'db-password', saveTo: '/etc/app/db-password' },
|
|
179
|
+
{ secretName: 'api-key', saveTo: '/etc/app/api-key' },
|
|
180
|
+
],
|
|
181
|
+
};
|
|
182
|
+
|
|
183
|
+
await client.sync(config);
|
|
184
|
+
```
|
|
185
|
+
|
|
186
|
+
### API Reference
|
|
187
|
+
|
|
188
|
+
#### `SyncClient`
|
|
189
|
+
|
|
190
|
+
**Constructor Options:**
|
|
191
|
+
|
|
192
|
+
```typescript
|
|
193
|
+
interface SyncClientOptions {
|
|
194
|
+
servers: string[]; // List of PKI server addresses
|
|
195
|
+
networkID: string; // Network identifier
|
|
196
|
+
caBundle: string; // PEM-encoded CA certificate bundle
|
|
197
|
+
ownChallenge: string; // Challenge type: 'auto', 'tdx', 'sev', 'untrusted'
|
|
198
|
+
verbose?: boolean; // Enable verbose logging (default: false)
|
|
199
|
+
disableServerIdentityCheck?: boolean; // Disable server verification (default: false)
|
|
200
|
+
saveCertsToDir?: string; // Directory to save certificates
|
|
201
|
+
saveCertsPrefix?: string; // Prefix for certificate filenames
|
|
202
|
+
}
|
|
203
|
+
```
|
|
204
|
+
|
|
205
|
+
**Methods:**
|
|
206
|
+
|
|
207
|
+
- `async sync(config: SyncConfig): Promise<void>` - Synchronize secrets from PKI server
|
|
208
|
+
|
|
209
|
+
#### `parseConfig(configPath: string): SyncConfig`
|
|
210
|
+
|
|
211
|
+
Parse and validate a secrets configuration file.
|
|
212
|
+
|
|
213
|
+
**Throws:**
|
|
214
|
+
- Error if file not found
|
|
215
|
+
- Error if configuration schema is invalid
|
|
216
|
+
|
|
217
|
+
#### `parseSwarmEnv(swarmEnvPath: string): SwarmEnv`
|
|
218
|
+
|
|
219
|
+
Parse and validate a swarm environment configuration file.
|
|
220
|
+
|
|
221
|
+
**Throws:**
|
|
222
|
+
- Error if file not found
|
|
223
|
+
- Error if configuration schema is invalid
|
|
224
|
+
|
|
225
|
+
## Challenge Types
|
|
226
|
+
|
|
227
|
+
The sync client supports different authentication challenge types:
|
|
228
|
+
|
|
229
|
+
### `auto` (Default)
|
|
230
|
+
Automatically detects the environment by checking for:
|
|
231
|
+
- `/dev/tdx_guest` → Uses TDX challenge
|
|
232
|
+
- `/dev/sev-guest` → Uses SEV-SNP challenge
|
|
233
|
+
- Neither found → Falls back to untrusted mode
|
|
234
|
+
|
|
235
|
+
### `tdx`
|
|
236
|
+
Explicitly use Intel TDX attestation for authentication.
|
|
237
|
+
|
|
238
|
+
### `sev`
|
|
239
|
+
Explicitly use AMD SEV-SNP attestation for authentication.
|
|
240
|
+
|
|
241
|
+
### `untrusted`
|
|
242
|
+
Use a static identifier for non-TEE environments (development/testing only).
|
|
243
|
+
|
|
244
|
+
## How It Works
|
|
245
|
+
|
|
246
|
+
1. **Configuration Loading**: Parses YAML configuration files for secrets and server details
|
|
247
|
+
2. **Challenge Selection**: Determines authentication method based on environment or user specification
|
|
248
|
+
3. **PKI Client Creation**: Establishes mutual TLS connection with PKI server
|
|
249
|
+
4. **Secret Retrieval**: Requests specified secrets via authenticated API call
|
|
250
|
+
5. **Secret Storage**: Saves Base64-decoded secrets to specified file paths with secure permissions (0600)
|
|
251
|
+
6. **Certificate Export** (optional): Saves client certificates for external use
|
|
252
|
+
7. **Failover**: Automatically tries next server if connection fails
|
|
253
|
+
|
|
254
|
+
## Error Handling
|
|
255
|
+
|
|
256
|
+
The sync client provides clear error messages for common issues:
|
|
257
|
+
|
|
258
|
+
```typescript
|
|
259
|
+
try {
|
|
260
|
+
await client.sync(config);
|
|
261
|
+
} catch (error) {
|
|
262
|
+
if (error.message.includes('not found')) {
|
|
263
|
+
// Secret doesn't exist on server
|
|
264
|
+
} else if (error.message.includes('Failed to sync from all servers')) {
|
|
265
|
+
// All servers unreachable
|
|
266
|
+
} else {
|
|
267
|
+
// Other errors (network, authentication, etc.)
|
|
268
|
+
}
|
|
269
|
+
}
|
|
270
|
+
```
|
|
271
|
+
|
|
272
|
+
### Common Exit Codes (CLI)
|
|
273
|
+
|
|
274
|
+
- `0`: Success
|
|
275
|
+
- `1`: Sync failed (configuration error, network error, authentication failure, etc.)
|
|
276
|
+
|
|
277
|
+
## File Permissions
|
|
278
|
+
|
|
279
|
+
- **Secrets**: Saved with mode `0600` (read/write for owner only)
|
|
280
|
+
- **Private keys**: Saved with mode `0600` (read/write for owner only)
|
|
281
|
+
- **Certificates**: Saved with mode `0644` (readable by all, writable by owner)
|
|
282
|
+
|
|
283
|
+
## Security Considerations
|
|
284
|
+
|
|
285
|
+
1. **Server Identity Verification**: Always enabled by default. Only disable with `--disable-server-identity-check` in trusted development environments.
|
|
286
|
+
2. **Certificate Validation**: CA bundle is used to verify server certificates during TLS handshake.
|
|
287
|
+
3. **Mutual TLS**: Both client and server authenticate each other using certificates.
|
|
288
|
+
4. **TEE Attestation**: In TDX/SEV environments, hardware-backed attestation proves client identity.
|
|
289
|
+
5. **Secure Storage**: Secrets are saved with restrictive file permissions to prevent unauthorized access.
|
|
290
|
+
|
|
291
|
+
## Development
|
|
292
|
+
|
|
293
|
+
### Building from Source
|
|
294
|
+
|
|
295
|
+
```bash
|
|
296
|
+
npm install
|
|
297
|
+
npm run build
|
|
298
|
+
```
|
|
299
|
+
|
|
300
|
+
### Running Without Building
|
|
301
|
+
|
|
302
|
+
```bash
|
|
303
|
+
npm start -- sync -c conf/secrets-example.yaml
|
|
304
|
+
```
|
|
305
|
+
|
|
306
|
+
### Linting
|
|
307
|
+
|
|
308
|
+
```bash
|
|
309
|
+
npm run lint
|
|
310
|
+
npm run lint:fix
|
|
311
|
+
```
|
|
312
|
+
|
|
313
|
+
## Example Configuration Files
|
|
314
|
+
|
|
315
|
+
Example files are provided in the `conf/` directory:
|
|
316
|
+
|
|
317
|
+
- [`conf/secrets-example.yaml`](conf/secrets-example.yaml) - Example secrets configuration
|
|
318
|
+
- [`conf/swarm-env.example.yaml`](conf/swarm-env.example.yaml) - Example swarm environment configuration
|
|
319
|
+
|
|
320
|
+
## Dependencies
|
|
321
|
+
|
|
322
|
+
- **[@super-protocol/pki-client](https://www.npmjs.com/package/@super-protocol/pki-client)** - PKI client library with TEE support
|
|
323
|
+
- **[@super-protocol/pki-common](https://www.npmjs.com/package/@super-protocol/pki-common)** - Common PKI utilities and types
|
|
324
|
+
- **axios** - HTTP client for API requests
|
|
325
|
+
- **js-yaml** - YAML parser for configuration files
|
|
326
|
+
- **yargs** - Command-line argument parser
|
|
327
|
+
|
|
328
|
+
## License
|
|
329
|
+
|
|
330
|
+
ISC
|
|
331
|
+
|
|
332
|
+
## Author
|
|
333
|
+
|
|
334
|
+
Super Protocol
|
|
335
|
+
|
|
336
|
+
## Related Packages
|
|
337
|
+
|
|
338
|
+
- [@super-protocol/pki-client](../pki-client) - PKI client library
|
|
339
|
+
- [@super-protocol/pki-common](../pki-common) - Common PKI utilities
|
|
340
|
+
- [@super-protocol/pki-authority-service](../pki-authority-service) - PKI Authority Service
|
package/dist/sync-client.js
CHANGED
|
@@ -71,8 +71,7 @@ class SyncClient {
|
|
|
71
71
|
else if (challengeType === 'untrusted') {
|
|
72
72
|
this.challenge = {
|
|
73
73
|
type: pki_common_1.ChallengeType.Untrusted,
|
|
74
|
-
idHex: '
|
|
75
|
-
commonIdHex: 'aaaaaa',
|
|
74
|
+
idHex: Buffer.from('pki-sync-client-untrusted-id').toString('hex'),
|
|
76
75
|
};
|
|
77
76
|
}
|
|
78
77
|
else {
|
|
@@ -86,9 +85,7 @@ class SyncClient {
|
|
|
86
85
|
}
|
|
87
86
|
async saveCertificates(pkiClientFactory, certsDir, prefix) {
|
|
88
87
|
// Ensure directory exists
|
|
89
|
-
|
|
90
|
-
await fs.promises.mkdir(certsDir, { recursive: true });
|
|
91
|
-
}
|
|
88
|
+
await fs.promises.mkdir(certsDir, { recursive: true });
|
|
92
89
|
const cert = await pkiClientFactory.getCert();
|
|
93
90
|
const { cert: clientCert, intermediateCertificates, ca, } = (0, pki_common_1.extractIntermediateCertificates)(cert);
|
|
94
91
|
const prefixStr = prefix ? `${prefix}_` : '';
|
|
@@ -134,15 +131,13 @@ class SyncClient {
|
|
|
134
131
|
// Write secrets to files
|
|
135
132
|
for (const secret of config.secrets) {
|
|
136
133
|
const base64Content = result.secrets[secret.secretName];
|
|
137
|
-
if (
|
|
134
|
+
if (base64Content == null) {
|
|
138
135
|
throw new Error(`Secret "${secret.secretName}" not found in response`);
|
|
139
136
|
}
|
|
140
137
|
const content = Buffer.from(base64Content, 'base64');
|
|
141
138
|
// Ensure directory exists
|
|
142
139
|
const dir = path.dirname(secret.saveTo);
|
|
143
|
-
|
|
144
|
-
await fs.promises.mkdir(dir, { recursive: true });
|
|
145
|
-
}
|
|
140
|
+
await fs.promises.mkdir(dir, { recursive: true });
|
|
146
141
|
await fs.promises.writeFile(secret.saveTo, content, {
|
|
147
142
|
mode: 0o600,
|
|
148
143
|
});
|
|
@@ -164,4 +159,4 @@ class SyncClient {
|
|
|
164
159
|
}
|
|
165
160
|
}
|
|
166
161
|
exports.SyncClient = SyncClient;
|
|
167
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
162
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3luYy1jbGllbnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvc3luYy1jbGllbnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFDQSwyREFJb0M7QUFDcEMsMkRBR29DO0FBQ3BDLGtEQUEwQjtBQUMxQix1Q0FBeUI7QUFDekIsMkNBQTZCO0FBYTdCLE1BQWEsVUFBVTtJQUNYLE9BQU8sQ0FBb0I7SUFDM0IsU0FBUyxDQUFrQjtJQUUzQixNQUFNLENBQUMsYUFBYTtRQUN4QixJQUFJLENBQUM7WUFDRCxNQUFNLE9BQU8sR0FBRyxnQkFBZ0IsQ0FBQztZQUNqQyxNQUFNLE9BQU8sR0FBRyxnQkFBZ0IsQ0FBQztZQUVqQyxJQUFJLEVBQUUsQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztnQkFDekIsTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQztnQkFDbkMsSUFBSSxLQUFLLENBQUMsaUJBQWlCLEVBQUUsRUFBRSxDQUFDO29CQUM1QixPQUFPLEtBQUssQ0FBQztnQkFDakIsQ0FBQztZQUNMLENBQUM7WUFFRCxJQUFJLEVBQUUsQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztnQkFDekIsTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQztnQkFDbkMsSUFBSSxLQUFLLENBQUMsaUJBQWlCLEVBQUUsRUFBRSxDQUFDO29CQUM1QixPQUFPLEtBQUssQ0FBQztnQkFDakIsQ0FBQztZQUNMLENBQUM7UUFDTCxDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNiLG9EQUFvRDtRQUN4RCxDQUFDO1FBRUQsT0FBTyxXQUFXLENBQUM7SUFDdkIsQ0FBQztJQUVELFlBQVksT0FBMEI7UUFDbEMsSUFBSSxDQUFDLE9BQU8sR0FBRyxPQUFPLENBQUM7UUFFdkIsTUFBTSxhQUFhLEdBQ2YsT0FBTyxDQUFDLFlBQVksS0FBSyxNQUFNO1lBQzNCLENBQUMsQ0FBQyxVQUFVLENBQUMsYUFBYSxFQUFFO1lBQzVCLENBQUMsQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDO1FBRS9CLElBQUksYUFBYSxLQUFLLEtBQUssRUFBRSxDQUFDO1lBQzFCLElBQUksQ0FBQyxTQUFTLEdBQUcsRUFBRSxJQUFJLEVBQUUsMEJBQWEsQ0FBQyxHQUFHLEVBQUUsQ0FBQztRQUNqRCxDQUFDO2FBQU0sSUFBSSxhQUFhLEtBQUssS0FBSyxFQUFFLENBQUM7WUFDakMsSUFBSSxDQUFDLFNBQVMsR0FBRyxFQUFFLElBQUksRUFBRSwwQkFBYSxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBQ3BELENBQUM7YUFBTSxJQUFJLGFBQWEsS0FBSyxXQUFXLEVBQUUsQ0FBQztZQUN2QyxJQUFJLENBQUMsU0FBUyxHQUFHO2dCQUNiLElBQUksRUFBRSwwQkFBYSxDQUFDLFNBQVM7Z0JBQzdCLEtBQUssRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLDhCQUE4QixDQUFDLENBQUMsUUFBUSxDQUN2RCxLQUFLLENBQ1I7YUFDSixDQUFDO1FBQ04sQ0FBQzthQUFNLENBQUM7WUFDSixNQUFNLElBQUksS0FBSyxDQUNYLCtCQUErQixhQUFhLHdDQUF3QyxDQUN2RixDQUFDO1FBQ04sQ0FBQztJQUNMLENBQUM7SUFFTyxHQUFHLENBQUMsT0FBZTtRQUN2QixJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsT0FBTyxJQUFJLEtBQUssRUFBRSxDQUFDO1lBQ2hDLE9BQU8sQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDekIsQ0FBQztJQUNMLENBQUM7SUFFTyxLQUFLLENBQUMsZ0JBQWdCLENBQzFCLGdCQUFrQyxFQUNsQyxRQUFnQixFQUNoQixNQUFlO1FBRWYsMEJBQTBCO1FBQzFCLE1BQU0sRUFBRSxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsUUFBUSxFQUFFLEVBQUUsU0FBUyxFQUFFLElBQUksRUFBRSxDQUFDLENBQUM7UUFFdkQsTUFBTSxJQUFJLEdBQUcsTUFBTSxnQkFBZ0IsQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUM5QyxNQUFNLEVBQ0YsSUFBSSxFQUFFLFVBQVUsRUFDaEIsd0JBQXdCLEVBQ3hCLEVBQUUsR0FDTCxHQUFHLElBQUEsNENBQStCLEVBQUMsSUFBSSxDQUFDLENBQUM7UUFFMUMsTUFBTSxTQUFTLEdBQUcsTUFBTSxDQUFDLENBQUMsQ0FBQyxHQUFHLE1BQU0sR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7UUFFN0MsbUJBQW1CO1FBQ25CLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsUUFBUSxFQUFFLEdBQUcsU0FBUyxTQUFTLENBQUMsQ0FBQztRQUMzRCxNQUFNLEVBQUUsQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLGFBQWEsRUFBRTtZQUM3RCxJQUFJLEVBQUUsS0FBSztTQUNkLENBQUMsQ0FBQztRQUNILElBQUksQ0FBQyxHQUFHLENBQUMsd0JBQXdCLE9BQU8sRUFBRSxDQUFDLENBQUM7UUFFNUMsc0JBQXNCO1FBQ3RCLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsUUFBUSxFQUFFLEdBQUcsU0FBUyxRQUFRLENBQUMsQ0FBQztRQUN6RCxNQUFNLEVBQUUsQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLE1BQU0sRUFBRSxFQUFFLEVBQUUsRUFBRSxJQUFJLEVBQUUsS0FBSyxFQUFFLENBQUMsQ0FBQztRQUN6RCxJQUFJLENBQUMsR0FBRyxDQUFDLDJCQUEyQixNQUFNLEVBQUUsQ0FBQyxDQUFDO1FBRTlDLGtEQUFrRDtRQUNsRCxNQUFNLG9CQUFvQixHQUFHLFVBQVUsR0FBRyx3QkFBd0IsQ0FBQztRQUNuRSxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLFFBQVEsRUFBRSxHQUFHLFNBQVMsVUFBVSxDQUFDLENBQUM7UUFDN0QsTUFBTSxFQUFFLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQyxRQUFRLEVBQUUsb0JBQW9CLEVBQUU7WUFDeEQsSUFBSSxFQUFFLEtBQUs7U0FDZCxDQUFDLENBQUM7UUFDSCxJQUFJLENBQUMsR0FBRyxDQUFDLDhCQUE4QixRQUFRLEVBQUUsQ0FBQyxDQUFDO0lBQ3ZELENBQUM7SUFFRCxLQUFLLENBQUMsSUFBSSxDQUFDLE1BQWtCO1FBQ3pCLEtBQUssTUFBTSxNQUFNLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUN4QyxJQUFJLENBQUM7Z0JBQ0QsSUFBSSxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsTUFBTSxFQUFFLENBQUMsQ0FBQztnQkFFckMsTUFBTSxTQUFTLEdBQW9CO29CQUMvQixrQkFBa0IsRUFBRTt3QkFDaEIsSUFBSSxFQUFFLFFBQVE7d0JBQ2QsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO3dCQUN6QixPQUFPLEVBQUUsV0FBVyxNQUFNLGFBQWE7d0JBQ3ZDLFFBQVEsRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVE7d0JBQy9CLDBCQUEwQixFQUN0QixJQUFJLENBQUMsT0FBTyxDQUFDLDBCQUEwQixJQUFJLEtBQUs7cUJBQ3ZEO29CQUNELFNBQVMsRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVM7aUJBQ3BDLENBQUM7Z0JBRUYsTUFBTSxnQkFBZ0IsR0FBRyxJQUFJLDZCQUFnQixDQUFDLFNBQVMsQ0FBQyxDQUFDO2dCQUN6RCxNQUFNLFVBQVUsR0FBRyxNQUFNLGdCQUFnQixDQUFDLGFBQWEsRUFBRSxDQUFDO2dCQUUxRCwyQkFBMkI7Z0JBQzNCLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsVUFBVSxDQUFDLENBQUM7Z0JBRTVELHFDQUFxQztnQkFDckMsTUFBTSxRQUFRLEdBQUcsTUFBTSxlQUFLLENBQUMsSUFBSSxDQUM3QixXQUFXLE1BQU0scUJBQXFCLEVBQ3RDLEVBQUUsT0FBTyxFQUFFLFdBQVcsRUFBRSxFQUN4QixFQUFFLFVBQVUsRUFBRSxDQUNqQixDQUFDO2dCQUVGLE1BQU0sTUFBTSxHQUFHLFFBQVEsQ0FBQyxJQUFJLENBQUM7Z0JBRTdCLHlCQUF5QjtnQkFDekIsS0FBSyxNQUFNLE1BQU0sSUFBSSxNQUFNLENBQUMsT0FBTyxFQUFFLENBQUM7b0JBQ2xDLE1BQU0sYUFBYSxHQUFHLE1BQU0sQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLFVBQVUsQ0FBQyxDQUFDO29CQUN4RCxJQUFJLGFBQWEsSUFBSSxJQUFJLEVBQUUsQ0FBQzt3QkFDeEIsTUFBTSxJQUFJLEtBQUssQ0FDWCxXQUFXLE1BQU0sQ0FBQyxVQUFVLHlCQUF5QixDQUN4RCxDQUFDO29CQUNOLENBQUM7b0JBQ0QsTUFBTSxPQUFPLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxhQUFhLEVBQUUsUUFBUSxDQUFDLENBQUM7b0JBRXJELDBCQUEwQjtvQkFDMUIsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUM7b0JBQ3hDLE1BQU0sRUFBRSxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsR0FBRyxFQUFFLEVBQUUsU0FBUyxFQUFFLElBQUksRUFBRSxDQUFDLENBQUM7b0JBRWxELE1BQU0sRUFBRSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLE1BQU0sRUFBRSxPQUFPLEVBQUU7d0JBQ2hELElBQUksRUFBRSxLQUFLO3FCQUNkLENBQUMsQ0FBQztvQkFFSCxJQUFJLENBQUMsR0FBRyxDQUNKLGlCQUFpQixNQUFNLENBQUMsVUFBVSxRQUFRLE1BQU0sQ0FBQyxNQUFNLEVBQUUsQ0FDNUQsQ0FBQztnQkFDTixDQUFDO2dCQUVELDhDQUE4QztnQkFDOUMsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLGNBQWMsRUFBRSxDQUFDO29CQUM5QixNQUFNLElBQUksQ0FBQyxnQkFBZ0IsQ0FDdkIsZ0JBQWdCLEVBQ2hCLElBQUksQ0FBQyxPQUFPLENBQUMsY0FBYyxFQUMzQixJQUFJLENBQUMsT0FBTyxDQUFDLGVBQWUsQ0FDL0IsQ0FBQztnQkFDTixDQUFDO2dCQUVELElBQUksQ0FBQyxHQUFHLENBQUMsb0NBQW9DLE1BQU0sRUFBRSxDQUFDLENBQUM7Z0JBQ3ZELE9BQU8sQ0FBQyw2QkFBNkI7WUFDekMsQ0FBQztZQUFDLE9BQU8sS0FBVSxFQUFFLENBQUM7Z0JBQ2xCLElBQUksQ0FBQyxHQUFHLENBQ0osOEJBQThCLE1BQU0sS0FBSyxLQUFLLENBQUMsT0FBTyxFQUFFLENBQzNELENBQUM7Z0JBQ0YsMEJBQTBCO1lBQzlCLENBQUM7UUFDTCxDQUFDO1FBRUQsTUFBTSxJQUFJLEtBQUssQ0FBQyxpQ0FBaUMsQ0FBQyxDQUFDO0lBQ3ZELENBQUM7Q0FDSjtBQS9LRCxnQ0ErS0MifQ==
|
package/package.json
CHANGED
|
@@ -1,13 +1,14 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@super-protocol/pki-sync-client",
|
|
3
|
-
"version": "2.0.
|
|
3
|
+
"version": "2.0.7",
|
|
4
4
|
"description": "PKI sync client utility",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"bin": {
|
|
7
7
|
"pki-sync-client": "dist/cli.js"
|
|
8
8
|
},
|
|
9
9
|
"files": [
|
|
10
|
-
"dist"
|
|
10
|
+
"dist",
|
|
11
|
+
"README.md"
|
|
11
12
|
],
|
|
12
13
|
"directories": {
|
|
13
14
|
"lib": "dist"
|
|
@@ -22,7 +23,7 @@
|
|
|
22
23
|
"license": "ISC",
|
|
23
24
|
"dependencies": {
|
|
24
25
|
"@sinclair/typebox": "0.33.22",
|
|
25
|
-
"@super-protocol/pki-client": "^2.1.
|
|
26
|
+
"@super-protocol/pki-client": "^2.1.4",
|
|
26
27
|
"@super-protocol/pki-common": "^2.0.2",
|
|
27
28
|
"axios": "^1.7.0",
|
|
28
29
|
"js-yaml": "^4.1.0",
|