@zincapp/zn-vault-agent 1.3.0

package/dist/lib/config.d.ts

@@ -0,0 +1,164 @@
+/**
+ * Certificate target configuration
+ */
+export interface CertTarget {
+    /** Certificate ID in vault */
+    certId: string;
+    /** Human-readable name */
+    name: string;
+    /** Output paths for certificate components */
+    outputs: {
+        /** Combined cert+key (for HAProxy) */
+        combined?: string;
+        /** Certificate only */
+        cert?: string;
+        /** Private key only */
+        key?: string;
+        /** CA chain */
+        chain?: string;
+        /** Full chain (cert + chain) */
+        fullchain?: string;
+    };
+    /** File ownership (user:group) */
+    owner?: string;
+    /** File permissions (e.g., "0640") */
+    mode?: string;
+    /** Command to run after cert update */
+    reloadCmd?: string;
+    /** Health check command (must return 0 for success) */
+    healthCheckCmd?: string;
+    /** Last known fingerprint */
+    lastFingerprint?: string;
+    /** Last sync timestamp */
+    lastSync?: string;
+}
+/**
+ * Secret target configuration
+ */
+export interface SecretTarget {
+    /** Secret ID or alias in vault (e.g., "alias:db/credentials") */
+    secretId: string;
+    /** Human-readable name */
+    name: string;
+    /** Output format */
+    format: 'env' | 'json' | 'yaml' | 'raw' | 'template';
+    /** Output file path */
+    output: string;
+    /** For 'raw' format: which key from the secret data to extract */
+    key?: string;
+    /** For 'template' format: path to template file */
+    templatePath?: string;
+    /** For 'env' format: prefix for variable names */
+    envPrefix?: string;
+    /** File ownership (user:group) */
+    owner?: string;
+    /** File permissions (e.g., "0600") */
+    mode?: string;
+    /** Command to run after secret update */
+    reloadCmd?: string;
+    /** Last known version */
+    lastVersion?: number;
+    /** Last sync timestamp */
+    lastSync?: string;
+}
+/**
+ * Agent configuration
+ */
+export interface AgentConfig {
+    /** Vault server URL */
+    vaultUrl: string;
+    /** Tenant ID */
+    tenantId: string;
+    /** Authentication */
+    auth: {
+        /** API key (preferred) */
+        apiKey?: string;
+        /** Or username/password */
+        username?: string;
+        password?: string;
+    };
+    /** Skip TLS verification */
+    insecure?: boolean;
+    /** Certificate targets */
+    targets: CertTarget[];
+    /** Secret targets */
+    secretTargets?: SecretTarget[];
+    /** Global reload command (if not set per-target) */
+    globalReloadCmd?: string;
+    /** Polling interval in seconds (fallback if WebSocket disconnects) */
+    pollInterval?: number;
+    /** Enable verbose logging */
+    verbose?: boolean;
+}
+/**
+ * Load configuration from file or user config, with environment variable overrides
+ *
+ * Environment variables:
+ * - ZNVAULT_URL: Override vault URL
+ * - ZNVAULT_TENANT_ID: Override tenant ID
+ * - ZNVAULT_API_KEY: Override API key (preferred over config file)
+ * - ZNVAULT_USERNAME: Override username
+ * - ZNVAULT_PASSWORD: Override password (preferred over config file)
+ * - ZNVAULT_INSECURE: Set to "true" to skip TLS verification
+ */
+export declare function loadConfig(): AgentConfig;
+/**
+ * Save configuration
+ */
+export declare function saveConfig(config: AgentConfig): void;
+/**
+ * Get a specific config value
+ */
+export declare function getConfig<K extends keyof AgentConfig>(key: K): AgentConfig[K];
+/**
+ * Set a specific config value
+ */
+export declare function setConfig<K extends keyof AgentConfig>(key: K, value: AgentConfig[K]): void;
+/**
+ * Check if agent is configured
+ * Considers both config file and environment variables
+ */
+export declare function isConfigured(): boolean;
+/**
+ * Get config file path for display
+ */
+export declare function getConfigPath(): string;
+/**
+ * Add a certificate target
+ */
+export declare function addTarget(target: CertTarget): void;
+/**
+ * Remove a certificate target
+ */
+export declare function removeTarget(certIdOrName: string): boolean;
+/**
+ * Get all targets
+ */
+export declare function getTargets(): CertTarget[];
+/**
+ * Update target fingerprint after successful sync
+ */
+export declare function updateTargetFingerprint(certId: string, fingerprint: string): void;
+/**
+ * Add a secret target
+ */
+export declare function addSecretTarget(target: SecretTarget): void;
+/**
+ * Remove a secret target
+ */
+export declare function removeSecretTarget(secretIdOrName: string): boolean;
+/**
+ * Get all secret targets
+ */
+export declare function getSecretTargets(): SecretTarget[];
+/**
+ * Update secret target version after successful sync
+ */
+export declare function updateSecretTargetVersion(secretId: string, version: number): void;
+/**
+ * Update API key in config file after rotation
+ * This directly modifies the config file without going through loadConfig
+ * to avoid environment variable overrides being persisted.
+ */
+export declare function updateApiKey(newKey: string): void;
+//# sourceMappingURL=config.d.ts.map

package/dist/lib/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,8BAA8B;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,8CAA8C;IAC9C,OAAO,EAAE;QACP,sCAAsC;QACtC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,uBAAuB;QACvB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,uBAAuB;QACvB,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,eAAe;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,gCAAgC;QAChC,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,kCAAkC;IAClC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sCAAsC;IACtC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,uCAAuC;IACvC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,uDAAuD;IACvD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,6BAA6B;IAC7B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,iEAAiE;IACjE,QAAQ,EAAE,MAAM,CAAC;IACjB,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,oBAAoB;IACpB,MAAM,EAAE,KAAK,GAAG,MAAM,GAAG,MAAM,GAAG,KAAK,GAAG,UAAU,CAAC;IACrD,uBAAuB;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,kEAAkE;IAClE,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,mDAAmD;IACnD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,kDAAkD;IAClD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,kCAAkC;IAClC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sCAAsC;IACtC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,yCAAyC;IACzC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,yBAAyB;IACzB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,uBAAuB;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,gBAAgB;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB;IACrB,IAAI,EAAE;QACJ,0BAA0B;QAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,2BAA2B;QAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,4BAA4B;IAC5B,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,0BAA0B;IAC1B,OAAO,EAAE,UAAU,EAAE,CAAC;IACtB,qBAAqB;IACrB,aAAa,CAAC,EAAE,YAAY,EAAE,CAAC;IAC/B,oDAAoD;IACpD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,sEAAsE;IACtE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,6BAA6B;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAyBD;;;;;;;;;;GAUG;AACH,wBAAgB,UAAU,IAAI,WAAW,CA8DxC;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI,CAwBpD;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,CAAC,SAAS,MAAM,WAAW,EAAE,GAAG,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAG7E;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,CAAC,SAAS,MAAM,WAAW,EAAE,GAAG,EAAE,CAAC,EAAE,KAAK,EAAE,WAAW,CAAC,CAAC,CAAC,GAAG,IAAI,CAI1F;AAED;;;GAGG;AACH,wBAAgB,YAAY,IAAI,OAAO,CAStC;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,MAAM,CAMtC;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,MAAM,EAAE,UAAU,GAAG,IAAI,CAYlD;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAa1D;AAED;;GAEG;AACH,wBAAgB,UAAU,IAAI,UAAU,EAAE,CAEzC;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,IAAI,CAQjF;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI,CAa1D;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAclE;AAED;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,YAAY,EAAE,CAEjD;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI,CAQjF;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAqCjD"}

package/dist/lib/config.js

@@ -0,0 +1,299 @@
+import Conf from 'conf';
+import fs from 'node:fs';
+import path from 'node:path';
+import { configLogger as log } from './logger.js';
+// Default config location - computed dynamically to support test isolation
+function getConfigDir() {
+    return process.env.ZNVAULT_AGENT_CONFIG_DIR || '/etc/zn-vault-agent';
+}
+function getConfigFile() {
+    return path.join(getConfigDir(), 'config.json');
+}
+// Use Conf for user-level config (development), file for system-level (production)
+const userConfig = new Conf({
+    projectName: 'zn-vault-agent',
+    defaults: {
+        vaultUrl: '',
+        tenantId: '',
+        auth: {},
+        targets: [],
+        secretTargets: [],
+        pollInterval: 3600,
+        verbose: false,
+    },
+});
+/**
+ * Load configuration from file or user config, with environment variable overrides
+ *
+ * Environment variables:
+ * - ZNVAULT_URL: Override vault URL
+ * - ZNVAULT_TENANT_ID: Override tenant ID
+ * - ZNVAULT_API_KEY: Override API key (preferred over config file)
+ * - ZNVAULT_USERNAME: Override username
+ * - ZNVAULT_PASSWORD: Override password (preferred over config file)
+ * - ZNVAULT_INSECURE: Set to "true" to skip TLS verification
+ */
+export function loadConfig() {
+    let config;
+    // Default empty config (used when custom config dir is set but file doesn't exist)
+    const emptyConfig = {
+        vaultUrl: '',
+        tenantId: '',
+        auth: {},
+        targets: [],
+        secretTargets: [],
+        pollInterval: 3600,
+        verbose: false,
+    };
+    // Try system config first
+    const configFile = getConfigFile();
+    if (fs.existsSync(configFile)) {
+        try {
+            const content = fs.readFileSync(configFile, 'utf-8');
+            config = JSON.parse(content);
+            log.debug({ path: configFile }, 'Loaded system config');
+        }
+        catch (err) {
+            log.error({ err, path: configFile }, 'Failed to load system config');
+            // If custom config dir is set, use empty config instead of userConfig
+            // This ensures test isolation and custom deployments work correctly
+            config = process.env.ZNVAULT_AGENT_CONFIG_DIR ? emptyConfig : userConfig.store;
+        }
+    }
+    else if (process.env.ZNVAULT_AGENT_CONFIG_DIR) {
+        // Custom config dir is set but file doesn't exist yet - use empty config
+        // Don't fall back to userConfig to ensure isolation
+        config = emptyConfig;
+        log.debug({ path: configFile }, 'Using empty config for custom config dir');
+    }
+    else {
+        // Fall back to user config
+        config = userConfig.store;
+        log.debug({ path: userConfig.path }, 'Loaded user config');
+    }
+    // Apply environment variable overrides
+    if (process.env.ZNVAULT_URL) {
+        config.vaultUrl = process.env.ZNVAULT_URL;
+    }
+    if (process.env.ZNVAULT_TENANT_ID) {
+        config.tenantId = process.env.ZNVAULT_TENANT_ID;
+    }
+    if (process.env.ZNVAULT_API_KEY) {
+        config.auth = config.auth || {};
+        config.auth.apiKey = process.env.ZNVAULT_API_KEY;
+    }
+    if (process.env.ZNVAULT_USERNAME) {
+        config.auth = config.auth || {};
+        config.auth.username = process.env.ZNVAULT_USERNAME;
+    }
+    if (process.env.ZNVAULT_PASSWORD) {
+        config.auth = config.auth || {};
+        config.auth.password = process.env.ZNVAULT_PASSWORD;
+    }
+    if (process.env.ZNVAULT_INSECURE === 'true') {
+        config.insecure = true;
+    }
+    return config;
+}
+/**
+ * Save configuration
+ */
+export function saveConfig(config) {
+    const configDir = getConfigDir();
+    const configFile = getConfigFile();
+    // If ZNVAULT_AGENT_CONFIG_DIR is set, always use that directory
+    // This allows tests and custom deployments to override the default behavior
+    if (process.env.ZNVAULT_AGENT_CONFIG_DIR) {
+        if (!fs.existsSync(configDir)) {
+            fs.mkdirSync(configDir, { recursive: true, mode: 0o700 });
+        }
+        fs.writeFileSync(configFile, JSON.stringify(config, null, 2), { mode: 0o600 });
+        return;
+    }
+    // If running as root, save to system config
+    if (process.getuid?.() === 0) {
+        if (!fs.existsSync(configDir)) {
+            fs.mkdirSync(configDir, { recursive: true, mode: 0o700 });
+        }
+        fs.writeFileSync(configFile, JSON.stringify(config, null, 2), { mode: 0o600 });
+    }
+    else {
+        // Save to user config
+        userConfig.store = config;
+    }
+}
+/**
+ * Get a specific config value
+ */
+export function getConfig(key) {
+    const config = loadConfig();
+    return config[key];
+}
+/**
+ * Set a specific config value
+ */
+export function setConfig(key, value) {
+    const config = loadConfig();
+    config[key] = value;
+    saveConfig(config);
+}
+/**
+ * Check if agent is configured
+ * Considers both config file and environment variables
+ */
+export function isConfigured() {
+    const config = loadConfig();
+    const hasAuth = !!(config.auth.apiKey ||
+        process.env.ZNVAULT_API_KEY ||
+        config.auth.username ||
+        process.env.ZNVAULT_USERNAME);
+    return !!(config.vaultUrl && config.tenantId && hasAuth);
+}
+/**
+ * Get config file path for display
+ */
+export function getConfigPath() {
+    const configFile = getConfigFile();
+    if (process.getuid?.() === 0 && fs.existsSync(configFile)) {
+        return configFile;
+    }
+    return userConfig.path;
+}
+/**
+ * Add a certificate target
+ */
+export function addTarget(target) {
+    const config = loadConfig();
+    // Check if target with same certId exists
+    const existingIndex = config.targets.findIndex(t => t.certId === target.certId);
+    if (existingIndex >= 0) {
+        config.targets[existingIndex] = target;
+    }
+    else {
+        config.targets.push(target);
+    }
+    saveConfig(config);
+}
+/**
+ * Remove a certificate target
+ */
+export function removeTarget(certIdOrName) {
+    const config = loadConfig();
+    const initialLength = config.targets.length;
+    config.targets = config.targets.filter(t => t.certId !== certIdOrName && t.name !== certIdOrName);
+    if (config.targets.length < initialLength) {
+        saveConfig(config);
+        return true;
+    }
+    return false;
+}
+/**
+ * Get all targets
+ */
+export function getTargets() {
+    return loadConfig().targets;
+}
+/**
+ * Update target fingerprint after successful sync
+ */
+export function updateTargetFingerprint(certId, fingerprint) {
+    const config = loadConfig();
+    const target = config.targets.find(t => t.certId === certId);
+    if (target) {
+        target.lastFingerprint = fingerprint;
+        target.lastSync = new Date().toISOString();
+        saveConfig(config);
+    }
+}
+/**
+ * Add a secret target
+ */
+export function addSecretTarget(target) {
+    const config = loadConfig();
+    config.secretTargets = config.secretTargets || [];
+    // Check if target with same name exists (allows same secret with different output configs)
+    const existingIndex = config.secretTargets.findIndex(t => t.name === target.name);
+    if (existingIndex >= 0) {
+        config.secretTargets[existingIndex] = target;
+    }
+    else {
+        config.secretTargets.push(target);
+    }
+    saveConfig(config);
+}
+/**
+ * Remove a secret target
+ */
+export function removeSecretTarget(secretIdOrName) {
+    const config = loadConfig();
+    if (!config.secretTargets)
+        return false;
+    const initialLength = config.secretTargets.length;
+    config.secretTargets = config.secretTargets.filter(t => t.secretId !== secretIdOrName && t.name !== secretIdOrName);
+    if (config.secretTargets.length < initialLength) {
+        saveConfig(config);
+        return true;
+    }
+    return false;
+}
+/**
+ * Get all secret targets
+ */
+export function getSecretTargets() {
+    return loadConfig().secretTargets || [];
+}
+/**
+ * Update secret target version after successful sync
+ */
+export function updateSecretTargetVersion(secretId, version) {
+    const config = loadConfig();
+    const target = config.secretTargets?.find(t => t.secretId === secretId);
+    if (target) {
+        target.lastVersion = version;
+        target.lastSync = new Date().toISOString();
+        saveConfig(config);
+    }
+}
+/**
+ * Update API key in config file after rotation
+ * This directly modifies the config file without going through loadConfig
+ * to avoid environment variable overrides being persisted.
+ */
+export function updateApiKey(newKey) {
+    let configPath;
+    let config;
+    const configFile = getConfigFile();
+    // Determine which config file to update
+    if (process.getuid?.() === 0 && fs.existsSync(configFile)) {
+        configPath = configFile;
+    }
+    else if (fs.existsSync(configFile)) {
+        configPath = configFile;
+    }
+    else {
+        // User config via Conf
+        const currentConfig = userConfig.store;
+        currentConfig.auth = currentConfig.auth || {};
+        currentConfig.auth.apiKey = newKey;
+        userConfig.store = currentConfig;
+        log.info({ path: userConfig.path }, 'API key updated in user config');
+        return;
+    }
+    // Load and update system config file
+    try {
+        const content = fs.readFileSync(configPath, 'utf-8');
+        config = JSON.parse(content);
+        config.auth = config.auth || {};
+        config.auth.apiKey = newKey;
+        // Write back with atomic rename
+        const tempPath = `${configPath}.tmp`;
+        fs.writeFileSync(tempPath, JSON.stringify(config, null, 2), { mode: 0o600 });
+        fs.renameSync(tempPath, configPath);
+        log.info({ path: configPath }, 'API key updated in config file');
+    }
+    catch (err) {
+        log.error({ err, path: configPath }, 'Failed to update API key in config');
+        throw err;
+    }
+}
+//# sourceMappingURL=config.js.map

package/dist/lib/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,IAAI,GAAG,EAAE,MAAM,aAAa,CAAC;AAiGlD,2EAA2E;AAC3E,SAAS,YAAY;IACnB,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,qBAAqB,CAAC;AACvE,CAAC;AAED,SAAS,aAAa;IACpB,OAAO,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,aAAa,CAAC,CAAC;AAClD,CAAC;AAED,mFAAmF;AACnF,MAAM,UAAU,GAAG,IAAI,IAAI,CAAc;IACvC,WAAW,EAAE,gBAAgB;IAC7B,QAAQ,EAAE;QACR,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,EAAE;QACZ,IAAI,EAAE,EAAE;QACR,OAAO,EAAE,EAAE;QACX,aAAa,EAAE,EAAE;QACjB,YAAY,EAAE,IAAI;QAClB,OAAO,EAAE,KAAK;KACf;CACF,CAAC,CAAC;AAEH;;;;;;;;;;GAUG;AACH,MAAM,UAAU,UAAU;IACxB,IAAI,MAAmB,CAAC;IAExB,mFAAmF;IACnF,MAAM,WAAW,GAAgB;QAC/B,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE,EAAE;QACZ,IAAI,EAAE,EAAE;QACR,OAAO,EAAE,EAAE;QACX,aAAa,EAAE,EAAE;QACjB,YAAY,EAAE,IAAI;QAClB,OAAO,EAAE,KAAK;KACf,CAAC;IAEF,0BAA0B;IAC1B,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YACrD,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAgB,CAAC;YAC5C,GAAG,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,sBAAsB,CAAC,CAAC;QAC1D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,8BAA8B,CAAC,CAAC;YACrE,sEAAsE;YACtE,oEAAoE;YACpE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC;QACjF,CAAC;IACH,CAAC;SAAM,IAAI,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,CAAC;QAChD,yEAAyE;QACzE,oDAAoD;QACpD,MAAM,GAAG,WAAW,CAAC;QACrB,GAAG,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,0CAA0C,CAAC,CAAC;IAC9E,CAAC;SAAM,CAAC;QACN,2BAA2B;QAC3B,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC;QAC1B,GAAG,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,EAAE,EAAE,oBAAoB,CAAC,CAAC;IAC7D,CAAC;IAED,uCAAuC;IACvC,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;QAC5B,MAAM,CAAC,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;IAC5C,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC;QAClC,MAAM,CAAC,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IAClD,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC;QAChC,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IACnD,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QACjC,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IACtD,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QACjC,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IACtD,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,MAAM,EAAE,CAAC;QAC5C,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAC;IACzB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,MAAmB;IAC5C,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IAEnC,gEAAgE;IAChE,4EAA4E;IAC5E,IAAI,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,CAAC;QACzC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC5D,CAAC;QACD,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC/E,OAAO;IACT,CAAC;IAED,4CAA4C;IAC5C,IAAI,OAAO,CAAC,MAAM,EAAE,EAAE,KAAK,CAAC,EAAE,CAAC;QAC7B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC5D,CAAC;QACD,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACjF,CAAC;SAAM,CAAC;QACN,sBAAsB;QACtB,UAAU,CAAC,KAAK,GAAG,MAAM,CAAC;IAC5B,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAA8B,GAAM;IAC3D,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAA8B,GAAM,EAAE,KAAqB;IAClF,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACpB,UAAU,CAAC,MAAM,CAAC,CAAC;AACrB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY;IAC1B,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,OAAO,GAAG,CAAC,CAAC,CAChB,MAAM,CAAC,IAAI,CAAC,MAAM;QAClB,OAAO,CAAC,GAAG,CAAC,eAAe;QAC3B,MAAM,CAAC,IAAI,CAAC,QAAQ;QACpB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAC7B,CAAC;IACF,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,IAAI,OAAO,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,IAAI,OAAO,CAAC,MAAM,EAAE,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1D,OAAO,UAAU,CAAC;IACpB,CAAC;IACD,OAAO,UAAU,CAAC,IAAI,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,MAAkB;IAC1C,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAE5B,0CAA0C;IAC1C,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,CAAC;IAChF,IAAI,aAAa,IAAI,CAAC,EAAE,CAAC;QACvB,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;IACzC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC;IAED,UAAU,CAAC,MAAM,CAAC,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,YAAoB;IAC/C,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;IAE5C,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CACpC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,YAAY,IAAI,CAAC,CAAC,IAAI,KAAK,YAAY,CAC1D,CAAC;IAEF,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,aAAa,EAAE,CAAC;QAC1C,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU;IACxB,OAAO,UAAU,EAAE,CAAC,OAAO,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,MAAc,EAAE,WAAmB;IACzE,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;IAC7D,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,CAAC,eAAe,GAAG,WAAW,CAAC;QACrC,MAAM,CAAC,QAAQ,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC3C,UAAU,CAAC,MAAM,CAAC,CAAC;IACrB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,MAAoB;IAClD,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC,aAAa,IAAI,EAAE,CAAC;IAElD,2FAA2F;IAC3F,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC;IAClF,IAAI,aAAa,IAAI,CAAC,EAAE,CAAC;QACvB,MAAM,CAAC,aAAa,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;IAC/C,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACpC,CAAC;IAED,UAAU,CAAC,MAAM,CAAC,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,cAAsB;IACvD,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,IAAI,CAAC,MAAM,CAAC,aAAa;QAAE,OAAO,KAAK,CAAC;IAExC,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC;IAClD,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC,MAAM,CAChD,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,cAAc,IAAI,CAAC,CAAC,IAAI,KAAK,cAAc,CAChE,CAAC;IAEF,IAAI,MAAM,CAAC,aAAa,CAAC,MAAM,GAAG,aAAa,EAAE,CAAC;QAChD,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB;IAC9B,OAAO,UAAU,EAAE,CAAC,aAAa,IAAI,EAAE,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,QAAgB,EAAE,OAAe;IACzE,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;IACxE,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,CAAC,WAAW,GAAG,OAAO,CAAC;QAC7B,MAAM,CAAC,QAAQ,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC3C,UAAU,CAAC,MAAM,CAAC,CAAC;IACrB,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,MAAc;IACzC,IAAI,UAAkB,CAAC;IACvB,IAAI,MAAmB,CAAC;IACxB,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IAEnC,wCAAwC;IACxC,IAAI,OAAO,CAAC,MAAM,EAAE,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1D,UAAU,GAAG,UAAU,CAAC;IAC1B,CAAC;SAAM,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QACrC,UAAU,GAAG,UAAU,CAAC;IAC1B,CAAC;SAAM,CAAC;QACN,uBAAuB;QACvB,MAAM,aAAa,GAAG,UAAU,CAAC,KAAK,CAAC;QACvC,aAAa,CAAC,IAAI,GAAG,aAAa,CAAC,IAAI,IAAI,EAAE,CAAC;QAC9C,aAAa,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACnC,UAAU,CAAC,KAAK,GAAG,aAAa,CAAC;QACjC,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,EAAE,EAAE,gCAAgC,CAAC,CAAC;QACtE,OAAO;IACT,CAAC;IAED,qCAAqC;IACrC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACrD,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAgB,CAAC;QAC5C,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAE5B,gCAAgC;QAChC,MAAM,QAAQ,GAAG,GAAG,UAAU,MAAM,CAAC;QACrC,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC7E,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QAEpC,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,gCAAgC,CAAC,CAAC;IACnE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,oCAAoC,CAAC,CAAC;QAC3E,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/lib/deployer.d.ts

@@ -0,0 +1,22 @@
+import type { CertTarget } from './config.js';
+export interface DeployResult {
+    success: boolean;
+    certId: string;
+    name: string;
+    message: string;
+    fingerprint?: string;
+    filesWritten?: string[];
+    reloadOutput?: string;
+    healthCheckPassed?: boolean;
+    rolledBack?: boolean;
+    durationMs?: number;
+}
+/**
+ * Deploy a certificate to its target locations
+ */
+export declare function deployCertificate(target: CertTarget, force?: boolean): Promise<DeployResult>;
+/**
+ * Deploy all configured certificate targets
+ */
+export declare function deployAllCertificates(force?: boolean): Promise<DeployResult[]>;
+//# sourceMappingURL=deployer.d.ts.map

package/dist/lib/deployer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"deployer.d.ts","sourceRoot":"","sources":["../../src/lib/deployer.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAO9C,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAsMD;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,UAAU,EAClB,KAAK,GAAE,OAAe,GACrB,OAAO,CAAC,YAAY,CAAC,CAoNvB;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CAAC,KAAK,GAAE,OAAe,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAyB3F"}