@suronai/sdk 0.1.10 → 0.1.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/package.json +1 -1
  2. package/src/decrypt.js +20 -16
  3. package/src/vault.js +1 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@suronai/sdk",
3
- "version": "0.1.10",
3
+ "version": "0.1.11",
4
4
  "description": "App SDK for Suron — await vault() to load secrets",
5
5
  "type": "module",
6
6
  "main": "./src/index.js",
package/src/decrypt.js CHANGED
@@ -1,21 +1,25 @@
1
- import { config as dotenvxConfig } from "@dotenvx/dotenvx";
1
+ import { parse as dotenvxParse } from "@dotenvx/dotenvx";
2
+ import { readFileSync } from "fs";
3
+ import { join } from "path";
2
4
 
3
5
  /**
4
- * Decrypts the encrypted .env into process.env using dotenvx.
5
- * dotenvx reads DOTENV_PRIVATE_KEY from process.env, so we set it
6
- * temporarily, call config(), then restore the previous value.
7
- * @param {string} privateKey
6
+ * Decrypts the encrypted .env (in envDir) into process.env using dotenvx.
7
+ *
8
+ * We use dotenvx.parse(src, { privateKey }) rather than config():
9
+ * - parse() is the documented API that accepts privateKey directly
10
+ * - It decrypts in-memory without touching process.env or requiring
11
+ * DOTENV_PRIVATE_KEY to be set anywhere
12
+ * - We then assign the decrypted values into process.env ourselves,
13
+ * which is explicit and race-condition-free
14
+ *
15
+ * @param {string} privateKey - 64-char hex secp256k1 private key from Suron
16
+ * @param {string} envDir - Directory containing the encrypted .env file
8
17
  */
9
- export function decryptEnv(privateKey) {
10
- const prev = process.env.DOTENV_PRIVATE_KEY;
11
- process.env.DOTENV_PRIVATE_KEY = privateKey;
12
- try {
13
- dotenvxConfig();
14
- } finally {
15
- if (prev === undefined) {
16
- delete process.env.DOTENV_PRIVATE_KEY;
17
- } else {
18
- process.env.DOTENV_PRIVATE_KEY = prev;
19
- }
18
+ export function decryptEnv(privateKey, envDir = process.cwd()) {
19
+ const envPath = join(envDir, ".env");
20
+ const src = readFileSync(envPath, "utf-8");
21
+ const parsed = dotenvxParse(src, { privateKey });
22
+ for (const [key, value] of Object.entries(parsed)) {
23
+ process.env[key] = value;
20
24
  }
21
25
  }
package/src/vault.js CHANGED
@@ -114,7 +114,7 @@ export async function vault(options = {}) {
114
114
  await pollUntilApproved(apiUrl, requestId, timeout, pollInterval);
115
115
 
116
116
  const privateKey = await fetchKey(apiUrl, requestId);
117
- decryptEnv(privateKey);
117
+ decryptEnv(privateKey, configPath);
118
118
  // Note: JS strings are immutable — there is no way to scrub the value from
119
119
  // heap memory. The reference is dropped here and will be GC'd normally.
120
120