@typinghare/trick 1.0.0

package/.prettierrc.yml

@@ -0,0 +1,6 @@
+trailingComma: es5
+tabWidth: 4
+semi: false
+singleQuote: true
+endOfLine: lf
+printWidth: 80

package/.wander/jameschan312.cn@gmail.com/.idea/codeStyles/Project.xml

@@ -0,0 +1,52 @@
+<component name="ProjectCodeStyleConfiguration">
+  <code_scheme name="Project" version="173">
+    <option name="LINE_SEPARATOR" value="&#10;" />
+    <option name="RIGHT_MARGIN" value="80" />
+    <HTMLCodeStyleSettings>
+      <option name="HTML_SPACE_INSIDE_EMPTY_TAG" value="true" />
+    </HTMLCodeStyleSettings>
+    <JSCodeStyleSettings version="0">
+      <option name="USE_SEMICOLON_AFTER_STATEMENT" value="false" />
+      <option name="FORCE_SEMICOLON_STYLE" value="true" />
+      <option name="SPACE_BEFORE_FUNCTION_LEFT_PARENTH" value="false" />
+      <option name="USE_DOUBLE_QUOTES" value="false" />
+      <option name="FORCE_QUOTE_STYlE" value="true" />
+      <option name="ENFORCE_TRAILING_COMMA" value="WhenMultiline" />
+      <option name="SPACES_WITHIN_OBJECT_LITERAL_BRACES" value="true" />
+      <option name="SPACES_WITHIN_IMPORTS" value="true" />
+    </JSCodeStyleSettings>
+    <TypeScriptCodeStyleSettings version="0">
+      <option name="USE_SEMICOLON_AFTER_STATEMENT" value="false" />
+      <option name="FORCE_SEMICOLON_STYLE" value="true" />
+      <option name="SPACE_BEFORE_FUNCTION_LEFT_PARENTH" value="false" />
+      <option name="USE_DOUBLE_QUOTES" value="false" />
+      <option name="FORCE_QUOTE_STYlE" value="true" />
+      <option name="ENFORCE_TRAILING_COMMA" value="WhenMultiline" />
+      <option name="SPACES_WITHIN_OBJECT_LITERAL_BRACES" value="true" />
+      <option name="SPACES_WITHIN_IMPORTS" value="true" />
+    </TypeScriptCodeStyleSettings>
+    <VueCodeStyleSettings>
+      <option name="INTERPOLATION_NEW_LINE_AFTER_START_DELIMITER" value="false" />
+      <option name="INTERPOLATION_NEW_LINE_BEFORE_END_DELIMITER" value="false" />
+    </VueCodeStyleSettings>
+    <codeStyleSettings language="HTML">
+      <option name="SOFT_MARGINS" value="80" />
+      <indentOptions>
+        <option name="CONTINUATION_INDENT_SIZE" value="4" />
+      </indentOptions>
+    </codeStyleSettings>
+    <codeStyleSettings language="JavaScript">
+      <option name="SOFT_MARGINS" value="80" />
+    </codeStyleSettings>
+    <codeStyleSettings language="TypeScript">
+      <option name="SOFT_MARGINS" value="80" />
+    </codeStyleSettings>
+    <codeStyleSettings language="Vue">
+      <option name="SOFT_MARGINS" value="80" />
+      <indentOptions>
+        <option name="INDENT_SIZE" value="4" />
+        <option name="TAB_SIZE" value="4" />
+      </indentOptions>
+    </codeStyleSettings>
+  </code_scheme>
+</component>

package/.wander/jameschan312.cn@gmail.com/.idea/codeStyles/codeStyleConfig.xml

@@ -0,0 +1,5 @@
+<component name="ProjectCodeStyleConfiguration">
+  <state>
+    <option name="USE_PER_PROJECT_SETTINGS" value="true" />
+  </state>
+</component>

package/.wander/jameschan312.cn@gmail.com/.idea/jsLibraryMappings.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="JavaScriptLibraryMappings">
+    <includedPredefinedLibrary name="Node.js Core" />
+  </component>
+</project>

package/.wander/jameschan312.cn@gmail.com/.idea/misc.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="MarkdownSettingsMigration">
+    <option name="stateVersion" value="1" />
+  </component>
+</project>

package/.wander/jameschan312.cn@gmail.com/.idea/modules.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/trick.iml" filepath="$PROJECT_DIR$/.idea/trick.iml" />
+    </modules>
+  </component>
+</project>

package/.wander/jameschan312.cn@gmail.com/.idea/prettier.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="PrettierConfiguration">
+    <option name="myConfigurationMode" value="AUTOMATIC" />
+  </component>
+</project>

package/.wander/jameschan312.cn@gmail.com/.idea/trick.iml

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$">
+      <sourceFolder url="file://$MODULE_DIR$/test" isTestSource="true" />
+      <excludeFolder url="file://$MODULE_DIR$/.tmp" />
+      <excludeFolder url="file://$MODULE_DIR$/dist" />
+      <excludeFolder url="file://$MODULE_DIR$/temp" />
+      <excludeFolder url="file://$MODULE_DIR$/tmp" />
+    </content>
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

package/.wander/jameschan312.cn@gmail.com/.idea/vcs.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="$PROJECT_DIR$" vcs="Git" />
+  </component>
+</project>

package/.wander/jameschan312.cn@gmail.com/.idea/webResources.xml

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="WebResourcesPaths">
+    <contentEntries>
+      <entry url="file://$PROJECT_DIR$">
+        <entryData>
+          <resourceRoots>
+            <path value="file://$PROJECT_DIR$/src" />
+          </resourceRoots>
+        </entryData>
+      </entry>
+    </contentEntries>
+  </component>
+</project>

package/README.md

@@ -0,0 +1,7 @@
+# [Trick](https://github.com/typinghare/trick)
+
+# Install
+
+```shell
+pnpm add -g @typinghare/trick
+```

package/bin/trick

@@ -0,0 +1,3 @@
+#! /usr/bin/env node
+
+import '../dist/index.js'

package/dist/app.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/app.js

@@ -0,0 +1,65 @@
+import { Command } from 'commander';
+import { getTargetFromConfig, updateConfig } from './config.js';
+import { decryptFiles, encryptFiles } from './encrypt.js';
+import { getSecret } from './secret.js';
+import { TRICK_ENCRYPTED_DIR } from './constant.js';
+import fsExtra from 'fs-extra';
+import { resolve_error } from './utility.js';
+const program = new Command();
+program.version('Trick v1.0.0 \nby James Chen (jameschan312.cn@gmail.com)');
+program.description('Save credential files to remote safely.');
+program
+    .command('add')
+    .description('Adds a target.')
+    .argument('<secret-name>', 'The name of secret in the environment')
+    .argument('[files...]', 'Files this target will encrypt')
+    .action(async (secretName, files) => {
+    await updateConfig((config) => {
+        try {
+            getTargetFromConfig(config, secretName);
+        }
+        catch (err) {
+            config.targets.push({
+                secret_name: secretName,
+                files,
+            });
+            return true;
+        }
+        console.error(`Target with the secret name already exists: ${secretName}`);
+        console.error('Abort adding target');
+        process.exit(1);
+    });
+});
+program
+    .command('encrypt')
+    .description('Encrypt the credential files.')
+    .argument('<secret-name>', 'The name of secret in the environment')
+    .action(async (secretName) => {
+    await updateConfig((config) => {
+        const target = getTargetFromConfig(config, secretName);
+        const secret = getSecret(target.secret_name);
+        const srcFilePaths = target.files;
+        fsExtra.ensureDir(TRICK_ENCRYPTED_DIR);
+        encryptFiles(srcFilePaths, TRICK_ENCRYPTED_DIR, secret, config.iteration_count);
+        return false;
+    });
+});
+program
+    .command('decrypt')
+    .description('Decrypt the credential files.')
+    .argument('<secret-name>', 'The name of secret in the environment')
+    .action(async (secretName) => {
+    await updateConfig((config) => {
+        const target = getTargetFromConfig(config, secretName);
+        const secret = getSecret(target.secret_name);
+        const srcFilePaths = target.files;
+        fsExtra.ensureDir(TRICK_ENCRYPTED_DIR);
+        decryptFiles(srcFilePaths, TRICK_ENCRYPTED_DIR, secret, config.iteration_count);
+        return false;
+    });
+});
+program.parse();
+process.on('uncaughtException', (err) => {
+    resolve_error(err);
+    process.exit(1);
+});

package/dist/config.d.ts

@@ -0,0 +1,22 @@
+export declare const CONFIG_FILE_NAME: string;
+export interface Config {
+    iteration_count: number;
+    targets: Target[];
+}
+export interface Target {
+    secret_name: string;
+    files: string[];
+}
+export declare class WriteConfigError extends Error {
+}
+export declare class ReadConfigError extends Error {
+}
+export declare function writeConfig(config: Config): Promise<void>;
+export declare function readConfig(): Promise<Config | null>;
+export declare function updateConfig(callback: UpdateConfigCallback): Promise<void>;
+export type UpdateConfigCallback = (config: Config) => boolean;
+export declare class TargetNotFoundError extends Error {
+    readonly secretName: string;
+    constructor(secretName: string);
+}
+export declare function getTargetFromConfig(config: Config, secretName: string): Target;

package/dist/config.js

@@ -0,0 +1,51 @@
+import fsExtra from 'fs-extra';
+export const CONFIG_FILE_NAME = 'trick.config.json';
+const defaultConfig = {
+    iteration_count: 114514,
+    targets: [],
+};
+export class WriteConfigError extends Error {
+}
+export class ReadConfigError extends Error {
+}
+export async function writeConfig(config) {
+    try {
+        await fsExtra.writeJson(CONFIG_FILE_NAME, config);
+    }
+    catch (err) {
+        throw new WriteConfigError();
+    }
+}
+export async function readConfig() {
+    if (!fsExtra.existsSync(CONFIG_FILE_NAME)) {
+        return null;
+    }
+    try {
+        return (await fsExtra.readJSON(CONFIG_FILE_NAME));
+    }
+    catch (err) {
+        throw new ReadConfigError();
+    }
+}
+export async function updateConfig(callback) {
+    const config = (await readConfig()) || defaultConfig;
+    if (callback(config)) {
+        await writeConfig(config);
+    }
+}
+export class TargetNotFoundError extends Error {
+    secretName;
+    constructor(secretName) {
+        super(`Target not found: ${secretName}`);
+        this.secretName = secretName;
+    }
+}
+export function getTargetFromConfig(config, secretName) {
+    const targets = config.targets;
+    for (const target of targets) {
+        if (target.secret_name === secretName) {
+            return target;
+        }
+    }
+    throw new TargetNotFoundError(secretName);
+}

package/dist/constant.d.ts

@@ -0,0 +1,2 @@
+export declare const TRICK_ROOT_DIR = ".trick";
+export declare const TRICK_ENCRYPTED_DIR: string;

package/dist/constant.js

@@ -0,0 +1,3 @@
+import * as path from 'node:path';
+export const TRICK_ROOT_DIR = '.trick';
+export const TRICK_ENCRYPTED_DIR = path.join(TRICK_ROOT_DIR, 'encrypted');

package/dist/encrypt.d.ts

@@ -0,0 +1,12 @@
+export declare class FailToEncryptFileError extends Error {
+    readonly srcFilePath: string;
+    constructor(srcFilePath: string);
+}
+export declare class FailToDecryptFileError extends Error {
+    readonly destFilePath: string;
+    constructor(destFilePath: string);
+}
+export declare function encryptFile(srcFilePath: string, destFilePath: string, secret: string, iteration_count: number): Promise<void>;
+export declare function decryptFile(srcFilePath: string, destFilePath: string, secret: string, iteration_count: number): Promise<void>;
+export declare function encryptFiles(srcFilePaths: string[], destDir: string, secret: string, iteration_count: number): Promise<void>;
+export declare function decryptFiles(srcFilePaths: string[], destDir: string, secret: string, iteration_count: number): Promise<void>;

package/dist/encrypt.js

@@ -0,0 +1,86 @@
+import { execa } from 'execa';
+import * as path from 'node:path';
+import fsExtra from 'fs-extra';
+export class FailToEncryptFileError extends Error {
+    srcFilePath;
+    constructor(srcFilePath) {
+        super(`Fail to encrypt source file: ${srcFilePath}`);
+        this.srcFilePath = srcFilePath;
+    }
+}
+export class FailToDecryptFileError extends Error {
+    destFilePath;
+    constructor(destFilePath) {
+        super(`Fail to decrypt destination file: ${destFilePath}`);
+        this.destFilePath = destFilePath;
+    }
+}
+export async function encryptFile(srcFilePath, destFilePath, secret, iteration_count) {
+    if (!(await fsExtra.pathExists(srcFilePath))) {
+        throw new FailToEncryptFileError(srcFilePath);
+    }
+    const command = [
+        'openssl',
+        'enc',
+        '-aes-256-cbc',
+        '-salt',
+        '-pbkdf2',
+        '-iter',
+        iteration_count,
+        '-in',
+        srcFilePath,
+        '-out',
+        destFilePath,
+        '-pass',
+        `pass:${secret}`,
+    ].join(' ');
+    await fsExtra.ensureDir(path.dirname(destFilePath));
+    try {
+        await execa(`${command}`, { shell: true });
+    }
+    catch (err) {
+        throw new FailToEncryptFileError(srcFilePath);
+    }
+}
+export async function decryptFile(srcFilePath, destFilePath, secret, iteration_count) {
+    if (!(await fsExtra.pathExists(destFilePath))) {
+        throw new FailToDecryptFileError(destFilePath);
+    }
+    const command = [
+        'openssl',
+        'enc',
+        '-d',
+        '-aes-256-cbc',
+        '-salt',
+        '-pbkdf2',
+        '-iter',
+        iteration_count,
+        '-in',
+        destFilePath,
+        '-out',
+        srcFilePath,
+        '-pass',
+        `pass:${secret}`,
+    ].join(' ');
+    await fsExtra.ensureDir(path.dirname(srcFilePath));
+    try {
+        await execa(`${command}`, { shell: true });
+    }
+    catch (err) {
+        throw new FailToDecryptFileError(destFilePath);
+    }
+}
+export async function encryptFiles(srcFilePaths, destDir, secret, iteration_count) {
+    for (const srcFilePath of srcFilePaths) {
+        const destFilePath = path.join(destDir, srcFilePath);
+        await encryptFile(srcFilePath, destFilePath, secret, iteration_count);
+        console.log(`[ENCRYPTED] ${srcFilePath} -> ${destFilePath}`);
+    }
+}
+export async function decryptFiles(srcFilePaths, destDir, secret, iteration_count) {
+    for (const srcFilePath of srcFilePaths) {
+        const destFilePath = path.join(destDir, srcFilePath);
+        await decryptFile(srcFilePath, destFilePath, secret, iteration_count);
+        console.log(`[DECRYPTED] ${destFilePath} -> ${srcFilePath}`);
+    }
+}

package/dist/index.d.ts

@@ -0,0 +1,6 @@
+export * from './app.js';
+export * from './config.js';
+export * from './constant.js';
+export * from './encrypt.js';
+export * from './utility.js';
+export * from './secret.js';

package/dist/index.js

@@ -0,0 +1,6 @@
+export * from './app.js';
+export * from './config.js';
+export * from './constant.js';
+export * from './encrypt.js';
+export * from './utility.js';
+export * from './secret.js';

package/dist/secret.d.ts

@@ -0,0 +1,5 @@
+export declare class SecretNotFoundError extends Error {
+    readonly secretName: string;
+    constructor(secretName: string);
+}
+export declare function getSecret(secretName: string): string;

package/dist/secret.js

@@ -0,0 +1,14 @@
+export class SecretNotFoundError extends Error {
+    secretName;
+    constructor(secretName) {
+        super(`Secret ${secretName} is not presented in the environment`);
+        this.secretName = secretName;
+    }
+}
+export function getSecret(secretName) {
+    const secret = process.env[secretName];
+    if (secret === undefined) {
+        throw new SecretNotFoundError(secretName);
+    }
+    return secret;
+}

package/dist/utility.d.ts

@@ -0,0 +1 @@
+export declare function resolve_error(err: any): void;

package/dist/utility.js

@@ -0,0 +1,27 @@
+import { ReadConfigError, TargetNotFoundError, WriteConfigError, } from './config.js';
+import { FailToDecryptFileError, FailToEncryptFileError } from './encrypt.js';
+import chalk from 'chalk';
+export function resolve_error(err) {
+    if (!(err instanceof Error)) {
+        console.error(`Unknown error: ${err}`);
+        process.exit(2);
+    }
+    if (err instanceof WriteConfigError) {
+        console.error(chalk.red('Fail to write Trick config file'));
+    }
+    else if (err instanceof ReadConfigError) {
+        console.error(chalk.red('Fail to read Trick config file'));
+    }
+    else if (err instanceof TargetNotFoundError) {
+        console.error(chalk.red(err.message));
+    }
+    else if (err instanceof FailToEncryptFileError) {
+        console.error(chalk.red(err.message));
+        console.error(chalk.yellow('Make sure the file exists and you have enough permission to access'));
+    }
+    else if (err instanceof FailToDecryptFileError) {
+        console.error(chalk.red(err.message));
+        console.error(chalk.yellow('Make sure the file exists and you have enough permission to access'));
+    }
+    process.exit(1);
+}

package/package.json

@@ -0,0 +1,27 @@
+{
+  "name": "@typinghare/trick",
+  "description": "Save credential files to remote safely.",
+  "version": "1.0.0",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "type": "module",
+  "author": {
+    "name": "James Chen",
+    "email": "jameschan312.cn@gmail.com"
+  },
+  "homepage": "https://github.com/typinghare/trick",
+  "license": "MIT",
+  "dependencies": {
+    "chalk": "^5.3.0",
+    "commander": "^12.1.0",
+    "execa": "^9.3.0",
+    "fs-extra": "^11.2.0"
+  },
+  "devDependencies": {
+    "@types/fs-extra": "^11.0.4",
+    "prettier": "^3.3.3"
+  },
+  "scripts": {
+    "build": "tsc"
+  }
+}

package/src/app.ts

@@ -0,0 +1,84 @@
+import { Command } from 'commander'
+import { getTargetFromConfig, Target, updateConfig } from './config.js'
+import { decryptFiles, encryptFiles } from './encrypt.js'
+import { getSecret } from './secret.js'
+import { TRICK_ENCRYPTED_DIR } from './constant.js'
+import fsExtra from 'fs-extra'
+import { resolve_error } from './utility.js'
+
+const program = new Command()
+
+program.version('Trick v1.0.0 \nby James Chen (jameschan312.cn@gmail.com)')
+program.description('Save credential files to remote safely.')
+
+program
+    .command('add')
+    .description('Adds a target.')
+    .argument('<secret-name>', 'The name of secret in the environment')
+    .argument('[files...]', 'Files this target will encrypt')
+    .action(async (secretName: string, files: string[]): Promise<void> => {
+        await updateConfig((config) => {
+            try {
+                getTargetFromConfig(config, secretName)
+            } catch (err) {
+                config.targets.push({
+                    secret_name: secretName,
+                    files,
+                })
+                return true
+            }
+
+            console.error(
+                `Target with the secret name already exists: ${secretName}`
+            )
+            console.error('Abort adding target')
+            process.exit(1)
+        })
+    })
+
+program
+    .command('encrypt')
+    .description('Encrypt the credential files.')
+    .argument('<secret-name>', 'The name of secret in the environment')
+    .action(async (secretName: string): Promise<void> => {
+        await updateConfig((config) => {
+            const target: Target = getTargetFromConfig(config, secretName)
+            const secret: string = getSecret(target.secret_name)
+            const srcFilePaths: string[] = target.files
+            fsExtra.ensureDir(TRICK_ENCRYPTED_DIR)
+            encryptFiles(
+                srcFilePaths,
+                TRICK_ENCRYPTED_DIR,
+                secret,
+                config.iteration_count
+            )
+            return false
+        })
+    })
+
+program
+    .command('decrypt')
+    .description('Decrypt the credential files.')
+    .argument('<secret-name>', 'The name of secret in the environment')
+    .action(async (secretName: string): Promise<void> => {
+        await updateConfig((config) => {
+            const target: Target = getTargetFromConfig(config, secretName)
+            const secret: string = getSecret(target.secret_name)
+            const srcFilePaths: string[] = target.files
+            fsExtra.ensureDir(TRICK_ENCRYPTED_DIR)
+            decryptFiles(
+                srcFilePaths,
+                TRICK_ENCRYPTED_DIR,
+                secret,
+                config.iteration_count
+            )
+            return false
+        })
+    })
+
+program.parse()
+
+process.on('uncaughtException', (err) => {
+    resolve_error(err)
+    process.exit(1)
+})

package/src/config.ts

@@ -0,0 +1,73 @@
+import fsExtra from 'fs-extra'
+
+export const CONFIG_FILE_NAME: string = 'trick.config.json'
+
+export interface Config {
+    iteration_count: number
+    targets: Target[]
+}
+
+export interface Target {
+    secret_name: string
+    files: string[]
+}
+
+const defaultConfig: Config = {
+    iteration_count: 114514,
+    targets: [],
+}
+
+export class WriteConfigError extends Error {}
+
+export class ReadConfigError extends Error {}
+
+export async function writeConfig(config: Config): Promise<void> {
+    try {
+        await fsExtra.writeJson(CONFIG_FILE_NAME, config)
+    } catch (err) {
+        throw new WriteConfigError()
+    }
+}
+
+export async function readConfig(): Promise<Config | null> {
+    if (!fsExtra.existsSync(CONFIG_FILE_NAME)) {
+        return null
+    }
+
+    try {
+        return (await fsExtra.readJSON(CONFIG_FILE_NAME)) as Config
+    } catch (err) {
+        throw new ReadConfigError()
+    }
+}
+
+export async function updateConfig(
+    callback: UpdateConfigCallback
+): Promise<void> {
+    const config: Config = (await readConfig()) || defaultConfig
+    if (callback(config)) {
+        await writeConfig(config)
+    }
+}
+
+export type UpdateConfigCallback = (config: Config) => boolean
+
+export class TargetNotFoundError extends Error {
+    public constructor(public readonly secretName: string) {
+        super(`Target not found: ${secretName}`)
+    }
+}
+
+export function getTargetFromConfig(
+    config: Config,
+    secretName: string
+): Target {
+    const targets = config.targets
+    for (const target of targets) {
+        if (target.secret_name === secretName) {
+            return target
+        }
+    }
+
+    throw new TargetNotFoundError(secretName)
+}

package/src/constant.ts

@@ -0,0 +1,4 @@
+import * as path from 'node:path'
+
+export const TRICK_ROOT_DIR = '.trick'
+export const TRICK_ENCRYPTED_DIR = path.join(TRICK_ROOT_DIR, 'encrypted')

package/src/encrypt.ts

@@ -0,0 +1,112 @@
+import { execa } from 'execa'
+import * as path from 'node:path'
+import fsExtra from 'fs-extra'
+
+export class FailToEncryptFileError extends Error {
+    public constructor(public readonly srcFilePath: string) {
+        super(`Fail to encrypt source file: ${srcFilePath}`)
+    }
+}
+
+export class FailToDecryptFileError extends Error {
+    public constructor(public readonly destFilePath: string) {
+        super(`Fail to decrypt destination file: ${destFilePath}`)
+    }
+}
+
+export async function encryptFile(
+    srcFilePath: string,
+    destFilePath: string,
+    secret: string,
+    iteration_count: number
+): Promise<void> {
+    if (!(await fsExtra.pathExists(srcFilePath))) {
+        throw new FailToEncryptFileError(srcFilePath)
+    }
+
+    const command: string = [
+        'openssl',
+        'enc',
+        '-aes-256-cbc',
+        '-salt',
+        '-pbkdf2',
+        '-iter',
+        iteration_count,
+        '-in',
+        srcFilePath,
+        '-out',
+        destFilePath,
+        '-pass',
+        `pass:${secret}`,
+    ].join(' ')
+
+    await fsExtra.ensureDir(path.dirname(destFilePath))
+
+    try {
+        await execa(`${command}`, { shell: true })
+    } catch (err) {
+        throw new FailToEncryptFileError(srcFilePath)
+    }
+}
+
+export async function decryptFile(
+    srcFilePath: string,
+    destFilePath: string,
+    secret: string,
+    iteration_count: number
+): Promise<void> {
+    if (!(await fsExtra.pathExists(destFilePath))) {
+        throw new FailToDecryptFileError(destFilePath)
+    }
+
+    const command: string = [
+        'openssl',
+        'enc',
+        '-d',
+        '-aes-256-cbc',
+        '-salt',
+        '-pbkdf2',
+        '-iter',
+        iteration_count,
+        '-in',
+        destFilePath,
+        '-out',
+        srcFilePath,
+        '-pass',
+        `pass:${secret}`,
+    ].join(' ')
+
+    await fsExtra.ensureDir(path.dirname(srcFilePath))
+
+    try {
+        await execa(`${command}`, { shell: true })
+    } catch (err) {
+        throw new FailToDecryptFileError(destFilePath)
+    }
+}
+
+export async function encryptFiles(
+    srcFilePaths: string[],
+    destDir: string,
+    secret: string,
+    iteration_count: number
+): Promise<void> {
+    for (const srcFilePath of srcFilePaths) {
+        const destFilePath: string = path.join(destDir, srcFilePath)
+        await encryptFile(srcFilePath, destFilePath, secret, iteration_count)
+        console.log(`[ENCRYPTED] ${srcFilePath} -> ${destFilePath}`)
+    }
+}
+
+export async function decryptFiles(
+    srcFilePaths: string[],
+    destDir: string,
+    secret: string,
+    iteration_count: number
+): Promise<void> {
+    for (const srcFilePath of srcFilePaths) {
+        const destFilePath: string = path.join(destDir, srcFilePath)
+        await decryptFile(srcFilePath, destFilePath, secret, iteration_count)
+        console.log(`[DECRYPTED] ${destFilePath} -> ${srcFilePath}`)
+    }
+}

package/src/index.ts

@@ -0,0 +1,6 @@
+export * from './app.js'
+export * from './config.js'
+export * from './constant.js'
+export * from './encrypt.js'
+export * from './utility.js'
+export * from './secret.js'

package/src/secret.ts

@@ -0,0 +1,14 @@
+export class SecretNotFoundError extends Error {
+    public constructor(public readonly secretName: string) {
+        super(`Secret ${secretName} is not presented in the environment`)
+    }
+}
+
+export function getSecret(secretName: string): string {
+    const secret = process.env[secretName]
+    if (secret === undefined) {
+        throw new SecretNotFoundError(secretName)
+    }
+
+    return secret
+}

package/src/utility.ts

@@ -0,0 +1,38 @@
+import {
+    ReadConfigError,
+    TargetNotFoundError,
+    WriteConfigError,
+} from './config.js'
+import { FailToDecryptFileError, FailToEncryptFileError } from './encrypt.js'
+import chalk from 'chalk'
+
+export function resolve_error(err: any): void {
+    if (!(err instanceof Error)) {
+        console.error(`Unknown error: ${err}`)
+        process.exit(2)
+    }
+
+    if (err instanceof WriteConfigError) {
+        console.error(chalk.red('Fail to write Trick config file'))
+    } else if (err instanceof ReadConfigError) {
+        console.error(chalk.red('Fail to read Trick config file'))
+    } else if (err instanceof TargetNotFoundError) {
+        console.error(chalk.red(err.message))
+    } else if (err instanceof FailToEncryptFileError) {
+        console.error(chalk.red(err.message))
+        console.error(
+            chalk.yellow(
+                'Make sure the file exists and you have enough permission to access'
+            )
+        )
+    } else if (err instanceof FailToDecryptFileError) {
+        console.error(chalk.red(err.message))
+        console.error(
+            chalk.yellow(
+                'Make sure the file exists and you have enough permission to access'
+            )
+        )
+    }
+
+    process.exit(1)
+}

package/test/resources/really.json

@@ -0,0 +1,4 @@
+{
+  "message": "Ok",
+  "userId": 123
+}

package/test/resources/task.yml

@@ -0,0 +1,4 @@
+my_task:
+  name: My Task
+  time_unit: milliseconds
+  time: 350

package/trick.config.json

@@ -0,0 +1,12 @@
+{
+  "iteration_count": 114514,
+  "targets": [
+    {
+      "secret_name": "TEST_SECRET",
+      "files": [
+        "test/resources/really.json",
+        "test/resources/task.yml"
+      ]
+    }
+  ]
+}

package/tsconfig.json

@@ -0,0 +1,17 @@
+{
+  "compilerOptions": {
+    "target": "ESNext",
+    "module": "NodeNext",
+    "outDir": "dist",
+    "esModuleInterop": true,
+    "forceConsistentCasingInFileNames": true,
+    "strict": true,
+    "skipDefaultLibCheck": true,
+    "skipLibCheck": true,
+    "moduleResolution": "NodeNext",
+    "declaration": true
+  },
+  "include": [
+    "src/**/*.ts"
+  ]
+}