azure-pipelines-task-lib 4.0.1-preview → 4.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +22 -22
- package/internal.d.ts +130 -130
- package/internal.js +885 -885
- package/mock-answer.d.ts +55 -55
- package/mock-answer.js +41 -41
- package/mock-run.d.ts +44 -44
- package/mock-run.js +92 -92
- package/mock-task.d.ts +111 -111
- package/mock-task.js +447 -447
- package/mock-test.d.ts +28 -28
- package/mock-test.js +295 -295
- package/mock-toolrunner.d.ts +41 -41
- package/mock-toolrunner.js +268 -268
- package/package.json +3 -3
- package/task.d.ts +718 -718
- package/task.js +2003 -2003
- package/taskcommand.d.ts +10 -10
- package/taskcommand.js +103 -103
- package/toolrunner.d.ts +159 -159
- package/toolrunner.js +968 -968
- package/vault.d.ts +10 -10
- package/vault.js +71 -71
package/vault.d.ts
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
export declare class Vault {
|
|
2
|
-
constructor(keyPath: string);
|
|
3
|
-
private _keyFile;
|
|
4
|
-
private _store;
|
|
5
|
-
initialize(): void;
|
|
6
|
-
storeSecret(name: string, data: string): boolean;
|
|
7
|
-
retrieveSecret(name: string): string | undefined;
|
|
8
|
-
private getKey;
|
|
9
|
-
private genKey;
|
|
10
|
-
}
|
|
1
|
+
export declare class Vault {
|
|
2
|
+
constructor(keyPath: string);
|
|
3
|
+
private _keyFile;
|
|
4
|
+
private _store;
|
|
5
|
+
initialize(): void;
|
|
6
|
+
storeSecret(name: string, data: string): boolean;
|
|
7
|
+
retrieveSecret(name: string): string | undefined;
|
|
8
|
+
private getKey;
|
|
9
|
+
private genKey;
|
|
10
|
+
}
|
package/vault.js
CHANGED
|
@@ -1,71 +1,71 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.Vault = void 0;
|
|
4
|
-
var fs = require("fs");
|
|
5
|
-
var path = require("path");
|
|
6
|
-
var crypto = require("crypto");
|
|
7
|
-
var uuidV4 = require('uuid/v4');
|
|
8
|
-
var algorithm = "aes-256-ctr";
|
|
9
|
-
var encryptEncoding = 'hex';
|
|
10
|
-
var unencryptedEncoding = 'utf8';
|
|
11
|
-
//
|
|
12
|
-
// Store sensitive data in proc.
|
|
13
|
-
// Main goal: Protects tasks which would dump envvars from leaking secrets inadvertently
|
|
14
|
-
// the task lib clears after storing.
|
|
15
|
-
// Also protects against a dump of a process getting the secrets
|
|
16
|
-
// The secret is generated and stored externally for the lifetime of the task.
|
|
17
|
-
//
|
|
18
|
-
var Vault = /** @class */ (function () {
|
|
19
|
-
function Vault(keyPath) {
|
|
20
|
-
this._keyFile = path.join(keyPath, '.taskkey');
|
|
21
|
-
this._store = {};
|
|
22
|
-
this.genKey();
|
|
23
|
-
}
|
|
24
|
-
Vault.prototype.initialize = function () {
|
|
25
|
-
};
|
|
26
|
-
Vault.prototype.storeSecret = function (name, data) {
|
|
27
|
-
if (!name || name.length == 0) {
|
|
28
|
-
return false;
|
|
29
|
-
}
|
|
30
|
-
name = name.toLowerCase();
|
|
31
|
-
if (!data || data.length == 0) {
|
|
32
|
-
if (this._store.hasOwnProperty(name)) {
|
|
33
|
-
delete this._store[name];
|
|
34
|
-
}
|
|
35
|
-
return false;
|
|
36
|
-
}
|
|
37
|
-
var key = this.getKey();
|
|
38
|
-
var iv = crypto.randomBytes(16);
|
|
39
|
-
var cipher = crypto.createCipheriv(algorithm, key, iv);
|
|
40
|
-
var crypted = cipher.update(data, unencryptedEncoding, encryptEncoding);
|
|
41
|
-
var cryptedFinal = cipher.final(encryptEncoding);
|
|
42
|
-
this._store[name] = iv.toString(encryptEncoding) + crypted + cryptedFinal;
|
|
43
|
-
return true;
|
|
44
|
-
};
|
|
45
|
-
Vault.prototype.retrieveSecret = function (name) {
|
|
46
|
-
var secret;
|
|
47
|
-
name = (name || '').toLowerCase();
|
|
48
|
-
if (this._store.hasOwnProperty(name)) {
|
|
49
|
-
var key = this.getKey();
|
|
50
|
-
var data = this._store[name];
|
|
51
|
-
var ivDataBuffer = Buffer.from(data, encryptEncoding);
|
|
52
|
-
var iv = ivDataBuffer.slice(0, 16);
|
|
53
|
-
var encryptedText = ivDataBuffer.slice(16);
|
|
54
|
-
var decipher = crypto.createDecipheriv(algorithm, key, iv);
|
|
55
|
-
var dec = decipher.update(encryptedText);
|
|
56
|
-
var decFinal = decipher.final(unencryptedEncoding);
|
|
57
|
-
secret = dec + decFinal;
|
|
58
|
-
}
|
|
59
|
-
return secret;
|
|
60
|
-
};
|
|
61
|
-
Vault.prototype.getKey = function () {
|
|
62
|
-
var key = fs.readFileSync(this._keyFile).toString('utf8');
|
|
63
|
-
// Key needs to be hashed to correct length to match algorithm (aes-256-ctr)
|
|
64
|
-
return crypto.createHash('sha256').update(key).digest();
|
|
65
|
-
};
|
|
66
|
-
Vault.prototype.genKey = function () {
|
|
67
|
-
fs.writeFileSync(this._keyFile, uuidV4(), { encoding: 'utf8' });
|
|
68
|
-
};
|
|
69
|
-
return Vault;
|
|
70
|
-
}());
|
|
71
|
-
exports.Vault = Vault;
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.Vault = void 0;
|
|
4
|
+
var fs = require("fs");
|
|
5
|
+
var path = require("path");
|
|
6
|
+
var crypto = require("crypto");
|
|
7
|
+
var uuidV4 = require('uuid/v4');
|
|
8
|
+
var algorithm = "aes-256-ctr";
|
|
9
|
+
var encryptEncoding = 'hex';
|
|
10
|
+
var unencryptedEncoding = 'utf8';
|
|
11
|
+
//
|
|
12
|
+
// Store sensitive data in proc.
|
|
13
|
+
// Main goal: Protects tasks which would dump envvars from leaking secrets inadvertently
|
|
14
|
+
// the task lib clears after storing.
|
|
15
|
+
// Also protects against a dump of a process getting the secrets
|
|
16
|
+
// The secret is generated and stored externally for the lifetime of the task.
|
|
17
|
+
//
|
|
18
|
+
var Vault = /** @class */ (function () {
|
|
19
|
+
function Vault(keyPath) {
|
|
20
|
+
this._keyFile = path.join(keyPath, '.taskkey');
|
|
21
|
+
this._store = {};
|
|
22
|
+
this.genKey();
|
|
23
|
+
}
|
|
24
|
+
Vault.prototype.initialize = function () {
|
|
25
|
+
};
|
|
26
|
+
Vault.prototype.storeSecret = function (name, data) {
|
|
27
|
+
if (!name || name.length == 0) {
|
|
28
|
+
return false;
|
|
29
|
+
}
|
|
30
|
+
name = name.toLowerCase();
|
|
31
|
+
if (!data || data.length == 0) {
|
|
32
|
+
if (this._store.hasOwnProperty(name)) {
|
|
33
|
+
delete this._store[name];
|
|
34
|
+
}
|
|
35
|
+
return false;
|
|
36
|
+
}
|
|
37
|
+
var key = this.getKey();
|
|
38
|
+
var iv = crypto.randomBytes(16);
|
|
39
|
+
var cipher = crypto.createCipheriv(algorithm, key, iv);
|
|
40
|
+
var crypted = cipher.update(data, unencryptedEncoding, encryptEncoding);
|
|
41
|
+
var cryptedFinal = cipher.final(encryptEncoding);
|
|
42
|
+
this._store[name] = iv.toString(encryptEncoding) + crypted + cryptedFinal;
|
|
43
|
+
return true;
|
|
44
|
+
};
|
|
45
|
+
Vault.prototype.retrieveSecret = function (name) {
|
|
46
|
+
var secret;
|
|
47
|
+
name = (name || '').toLowerCase();
|
|
48
|
+
if (this._store.hasOwnProperty(name)) {
|
|
49
|
+
var key = this.getKey();
|
|
50
|
+
var data = this._store[name];
|
|
51
|
+
var ivDataBuffer = Buffer.from(data, encryptEncoding);
|
|
52
|
+
var iv = ivDataBuffer.slice(0, 16);
|
|
53
|
+
var encryptedText = ivDataBuffer.slice(16);
|
|
54
|
+
var decipher = crypto.createDecipheriv(algorithm, key, iv);
|
|
55
|
+
var dec = decipher.update(encryptedText);
|
|
56
|
+
var decFinal = decipher.final(unencryptedEncoding);
|
|
57
|
+
secret = dec + decFinal;
|
|
58
|
+
}
|
|
59
|
+
return secret;
|
|
60
|
+
};
|
|
61
|
+
Vault.prototype.getKey = function () {
|
|
62
|
+
var key = fs.readFileSync(this._keyFile).toString('utf8');
|
|
63
|
+
// Key needs to be hashed to correct length to match algorithm (aes-256-ctr)
|
|
64
|
+
return crypto.createHash('sha256').update(key).digest();
|
|
65
|
+
};
|
|
66
|
+
Vault.prototype.genKey = function () {
|
|
67
|
+
fs.writeFileSync(this._keyFile, uuidV4(), { encoding: 'utf8' });
|
|
68
|
+
};
|
|
69
|
+
return Vault;
|
|
70
|
+
}());
|
|
71
|
+
exports.Vault = Vault;
|