dotsec 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/README.md +3 -0
  2. package/bin/dotsec.js +3 -0
  3. package/dist/cli.d.ts +1 -0
  4. package/dist/cli.js +384 -0
  5. package/dist/cli.js.map +7 -0
  6. package/dist/esm/cli.js +369 -0
  7. package/dist/esm/cli.js.map +7 -0
  8. package/dist/esm/index.js +7 -0
  9. package/dist/esm/index.js.map +7 -0
  10. package/dist/index.d.ts +3 -0
  11. package/dist/index.js +17 -0
  12. package/dist/index.js.map +7 -0
  13. package/package.json +56 -0
package/README.md ADDED
@@ -0,0 +1,3 @@
1
+ # dotsec
2
+
3
+ Secure dot env. Check back soon.
package/bin/dotsec.js ADDED
@@ -0,0 +1,3 @@
1
+ #!/usr/bin/env node
2
+
3
+ require('../dist/cli');
package/dist/cli.d.ts ADDED
@@ -0,0 +1 @@
1
+
package/dist/cli.js ADDED
@@ -0,0 +1,384 @@
1
+ var __create = Object.create;
2
+ var __defProp = Object.defineProperty;
3
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
+ var __getOwnPropNames = Object.getOwnPropertyNames;
5
+ var __getOwnPropSymbols = Object.getOwnPropertySymbols;
6
+ var __getProtoOf = Object.getPrototypeOf;
7
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
8
+ var __propIsEnum = Object.prototype.propertyIsEnumerable;
9
+ var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
10
+ var __spreadValues = (a, b) => {
11
+ for (var prop in b || (b = {}))
12
+ if (__hasOwnProp.call(b, prop))
13
+ __defNormalProp(a, prop, b[prop]);
14
+ if (__getOwnPropSymbols)
15
+ for (var prop of __getOwnPropSymbols(b)) {
16
+ if (__propIsEnum.call(b, prop))
17
+ __defNormalProp(a, prop, b[prop]);
18
+ }
19
+ return a;
20
+ };
21
+ var __markAsModule = (target) => __defProp(target, "__esModule", { value: true });
22
+ var __export = (target, all) => {
23
+ __markAsModule(target);
24
+ for (var name in all)
25
+ __defProp(target, name, { get: all[name], enumerable: true });
26
+ };
27
+ var __reExport = (target, module2, desc4) => {
28
+ if (module2 && typeof module2 === "object" || typeof module2 === "function") {
29
+ for (let key of __getOwnPropNames(module2))
30
+ if (!__hasOwnProp.call(target, key) && key !== "default")
31
+ __defProp(target, key, { get: () => module2[key], enumerable: !(desc4 = __getOwnPropDesc(module2, key)) || desc4.enumerable });
32
+ }
33
+ return target;
34
+ };
35
+ var __toModule = (module2) => {
36
+ return __reExport(__markAsModule(__defProp(module2 != null ? __create(__getProtoOf(module2)) : {}, "default", module2 && module2.__esModule && "default" in module2 ? { get: () => module2.default, enumerable: true } : { value: module2, enumerable: true })), module2);
37
+ };
38
+
39
+ // src/cli.ts
40
+ var import_helpers = __toModule(require("yargs/helpers"));
41
+ var import_yargs = __toModule(require("yargs/yargs"));
42
+
43
+ // src/commands/decryptSecCommand.ts
44
+ var decryptSecCommand_exports = {};
45
+ __export(decryptSecCommand_exports, {
46
+ builder: () => builder,
47
+ command: () => command,
48
+ desc: () => desc,
49
+ handler: () => handler
50
+ });
51
+ var import_client_kms = __toModule(require("@aws-sdk/client-kms"));
52
+ var import_chalk2 = __toModule(require("chalk"));
53
+ var import_dotenv = __toModule(require("dotenv"));
54
+ var import_node_fs = __toModule(require("node:fs"));
55
+ var import_node_path = __toModule(require("node:path"));
56
+
57
+ // src/commonCliOptions.ts
58
+ var commonCliOptions = {
59
+ awsProfile: {
60
+ string: true,
61
+ describe: "AWS profile"
62
+ },
63
+ awsRegion: {
64
+ string: true,
65
+ describe: "AWS region"
66
+ },
67
+ awsKeyAlias: {
68
+ string: true,
69
+ describe: "AWS KMS asymmetric key alias"
70
+ },
71
+ awsKey: {
72
+ string: true,
73
+ describe: "AWS KMS asymmetric key arn"
74
+ },
75
+ verbose: {
76
+ boolean: true,
77
+ describe: "Be verbose"
78
+ },
79
+ yes: {
80
+ boolean: true,
81
+ describe: "Proceeds without confirmation"
82
+ },
83
+ dryRun: {
84
+ boolean: true,
85
+ describe: "Do a dry run"
86
+ }
87
+ };
88
+
89
+ // src/utils/getCredentialsProfileRegion.ts
90
+ var import_credential_providers = __toModule(require("@aws-sdk/credential-providers"));
91
+ var import_shared_ini_file_loader = __toModule(require("@aws-sdk/shared-ini-file-loader"));
92
+
93
+ // src/utils/logger.ts
94
+ var import_chalk = __toModule(require("chalk"));
95
+ var bold = (str) => import_chalk.default.yellowBright.bold(str);
96
+ var underline = (str) => import_chalk.default.cyanBright.bold(str);
97
+
98
+ // src/utils/getCredentialsProfileRegion.ts
99
+ var getCredentialsProfileRegion = async ({
100
+ argv,
101
+ env
102
+ }) => {
103
+ var _a, _b, _c;
104
+ const sharedConfigFiles = await (0, import_shared_ini_file_loader.loadSharedConfigFiles)();
105
+ let credentialsAndOrigin = void 0;
106
+ let profileAndOrigin = void 0;
107
+ let regionAndOrigin = void 0;
108
+ if (argv.profile) {
109
+ profileAndOrigin = { value: argv.profile, origin: `command line option: ${bold(argv.profile)}` };
110
+ credentialsAndOrigin = { value: await (0, import_credential_providers.fromIni)({ profile: argv.profile })(), origin: `${bold(`[${argv.profile}]`)} in credentials file` };
111
+ } else if (env.AWS_PROFILE) {
112
+ profileAndOrigin = { value: env.AWS_PROFILE, origin: `env variable ${bold("AWS_PROFILE")}: ${underline(env.AWS_PROFILE)}` };
113
+ credentialsAndOrigin = {
114
+ value: await (0, import_credential_providers.fromIni)({ profile: env.AWS_PROFILE })(),
115
+ origin: `env variable ${underline("AWS_PROFILE")}: ${bold(env.AWS_PROFILE)}`
116
+ };
117
+ } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {
118
+ credentialsAndOrigin = {
119
+ value: await (0, import_credential_providers.fromEnv)()(),
120
+ origin: `env variables ${bold("AWS_ACCESS_KEY_ID")} and ${bold("AWS_SECRET_ACCESS_KEY")}`
121
+ };
122
+ } else if ((_a = sharedConfigFiles.credentialsFile) == null ? void 0 : _a.default) {
123
+ profileAndOrigin = { value: "default", origin: `${bold("[default]")} in credentials file` };
124
+ credentialsAndOrigin = { value: await (0, import_credential_providers.fromIni)({ profile: "default" })(), origin: `profile ${bold("[default]")}` };
125
+ }
126
+ if (argv.region) {
127
+ regionAndOrigin = { value: argv.region, origin: `command line option: ${bold(argv.region)}` };
128
+ } else if (env.AWS_REGION) {
129
+ regionAndOrigin = { value: env.AWS_REGION, origin: `env variable ${bold("AWS_REGION")}: ${underline(env.AWS_REGION)}` };
130
+ } else if (env.AWS_DEFAULT_REGION) {
131
+ regionAndOrigin = {
132
+ value: env.AWS_DEFAULT_REGION,
133
+ origin: `env variable ${bold("AWS_DEFAULT_REGION")}: ${underline(env.AWS_DEFAULT_REGION)}`
134
+ };
135
+ } else if (profileAndOrigin) {
136
+ const foundRegion = (_c = (_b = sharedConfigFiles == null ? void 0 : sharedConfigFiles.configFile) == null ? void 0 : _b[profileAndOrigin.value]) == null ? void 0 : _c.region;
137
+ if (foundRegion) {
138
+ regionAndOrigin = { value: foundRegion, origin: `${bold(`[profile ${profileAndOrigin.value}]`)} in config file` };
139
+ }
140
+ }
141
+ return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };
142
+ };
143
+ var printVerboseCredentialsProfileRegion = ({
144
+ credentialsAndOrigin,
145
+ regionAndOrigin,
146
+ profileAndOrigin
147
+ }) => {
148
+ const out = [];
149
+ if (profileAndOrigin) {
150
+ out.push(`Got profile name from ${profileAndOrigin.origin}`);
151
+ }
152
+ if (credentialsAndOrigin) {
153
+ out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);
154
+ }
155
+ if (regionAndOrigin) {
156
+ out.push(`Resolved region from ${regionAndOrigin.origin}`);
157
+ }
158
+ return out.join("\n");
159
+ };
160
+
161
+ // src/lib/partial-commands/handleCredentialsAndRegion.ts
162
+ var handleCredentialsAndRegion = async ({
163
+ argv,
164
+ env
165
+ }) => {
166
+ const { credentialsAndOrigin, regionAndOrigin } = await getCredentialsProfileRegion({
167
+ argv: { region: argv.awsRegion, profile: argv.awsProfile },
168
+ env: __spreadValues({}, env)
169
+ });
170
+ if (argv.verbose === true) {
171
+ console.log(printVerboseCredentialsProfileRegion({ credentialsAndOrigin, regionAndOrigin }));
172
+ }
173
+ if (!credentialsAndOrigin || !regionAndOrigin) {
174
+ if (!credentialsAndOrigin) {
175
+ console.error("Could not find credentials");
176
+ throw new Error("Could not find credentials");
177
+ }
178
+ if (!regionAndOrigin) {
179
+ console.error("Could not find region");
180
+ throw new Error("Could not find region");
181
+ }
182
+ }
183
+ return { credentialsAndOrigin, regionAndOrigin };
184
+ };
185
+
186
+ // src/utils/io.ts
187
+ var import_promises = __toModule(require("fs/promises"));
188
+ var fileExists = async (source) => {
189
+ try {
190
+ await (0, import_promises.stat)(source);
191
+ return true;
192
+ } catch {
193
+ return false;
194
+ }
195
+ };
196
+
197
+ // src/commands/decryptSecCommand.ts
198
+ var command = "decrypt-sec";
199
+ var desc = "Decrypts a dotsec file";
200
+ var builder = {
201
+ "aws-profile": __spreadValues({}, commonCliOptions.awsProfile),
202
+ "aws-region": __spreadValues({}, commonCliOptions.awsRegion),
203
+ "aws-key-alias": { string: true, default: "alias/top-secret" },
204
+ "env-file": {
205
+ string: true,
206
+ describe: ".env file",
207
+ default: ".env"
208
+ },
209
+ "sec-file": {
210
+ string: true,
211
+ describe: ".sec file",
212
+ default: ".sec"
213
+ },
214
+ verbose: __spreadValues({}, commonCliOptions.verbose),
215
+ yes: __spreadValues({}, commonCliOptions.yes)
216
+ };
217
+ var handler = async (argv) => {
218
+ try {
219
+ const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({ argv: __spreadValues({}, argv), env: __spreadValues({}, process.env) });
220
+ const secSource = import_node_path.default.resolve(process.cwd(), argv.secFile);
221
+ if (!await fileExists(secSource)) {
222
+ console.error(`Could not open ${(0, import_chalk2.redBright)(secSource)}`);
223
+ return;
224
+ }
225
+ const parsedSec = (0, import_dotenv.parse)(import_node_fs.default.readFileSync(secSource, { encoding: "utf8" }));
226
+ const kmsClient = new import_client_kms.KMSClient({
227
+ credentials: credentialsAndOrigin.value,
228
+ region: regionAndOrigin.value
229
+ });
230
+ const envEntries = await Promise.all(Object.entries(parsedSec).map(async ([key, cipherText]) => {
231
+ const decryptCommand = new import_client_kms.DecryptCommand({
232
+ KeyId: argv.awsKeyAlias,
233
+ CiphertextBlob: Buffer.from(cipherText, "base64"),
234
+ EncryptionAlgorithm: "RSAES_OAEP_SHA_256"
235
+ });
236
+ const decryptionResult = await kmsClient.send(decryptCommand);
237
+ if (!(decryptionResult == null ? void 0 : decryptionResult.Plaintext)) {
238
+ throw new Error(`No: ${JSON.stringify({ key, cipherText, decryptCommand })}`);
239
+ }
240
+ const value = Buffer.from(decryptionResult.Plaintext).toString();
241
+ return [key, value];
242
+ }));
243
+ import_node_fs.default.writeFileSync(import_node_path.default.resolve(process.cwd(), argv.envFile || ".env"), envEntries.map(([key, value]) => `${key}="${value}"`).join("\n"));
244
+ } catch (e) {
245
+ console.error(e);
246
+ }
247
+ };
248
+
249
+ // src/commands/defaultCommand.ts
250
+ var defaultCommand_exports = {};
251
+ __export(defaultCommand_exports, {
252
+ builder: () => builder2,
253
+ command: () => command2,
254
+ desc: () => desc2,
255
+ handler: () => handler2
256
+ });
257
+ var import_client_kms2 = __toModule(require("@aws-sdk/client-kms"));
258
+ var import_chalk3 = __toModule(require("chalk"));
259
+ var import_cross_spawn = __toModule(require("cross-spawn"));
260
+ var import_dotenv2 = __toModule(require("dotenv"));
261
+ var import_node_fs2 = __toModule(require("node:fs"));
262
+ var import_node_path2 = __toModule(require("node:path"));
263
+ var command2 = "$0 <command>";
264
+ var desc2 = "Decrypts a .sec file, injects the results into a separate process and runs a command";
265
+ var builder2 = {
266
+ "aws-profile": __spreadValues({}, commonCliOptions.awsProfile),
267
+ "aws-region": __spreadValues({}, commonCliOptions.awsRegion),
268
+ "aws-key-alias": { string: true, default: "alias/top-secret" },
269
+ "sec-file": {
270
+ string: true,
271
+ describe: ".sec file",
272
+ default: ".sec"
273
+ },
274
+ verbose: __spreadValues({}, commonCliOptions.verbose),
275
+ yes: __spreadValues({}, commonCliOptions.yes),
276
+ command: { string: true, required: true }
277
+ };
278
+ var handler2 = async (argv) => {
279
+ try {
280
+ const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({ argv: __spreadValues({}, argv), env: __spreadValues({}, process.env) });
281
+ const secSource = import_node_path2.default.resolve(process.cwd(), argv.secFile);
282
+ if (!await fileExists(secSource)) {
283
+ console.error(`Could not open ${(0, import_chalk3.redBright)(secSource)}`);
284
+ return;
285
+ }
286
+ const parsedSec = (0, import_dotenv2.parse)(import_node_fs2.default.readFileSync(secSource, { encoding: "utf8" }));
287
+ const kmsClient = new import_client_kms2.KMSClient({
288
+ credentials: credentialsAndOrigin.value,
289
+ region: regionAndOrigin.value
290
+ });
291
+ const envEntries = await Promise.all(Object.entries(parsedSec).map(async ([key, cipherText]) => {
292
+ const decryptCommand = new import_client_kms2.DecryptCommand({
293
+ KeyId: argv.awsKeyAlias,
294
+ CiphertextBlob: Buffer.from(cipherText, "base64"),
295
+ EncryptionAlgorithm: "RSAES_OAEP_SHA_256"
296
+ });
297
+ const decryptionResult = await kmsClient.send(decryptCommand);
298
+ if (!(decryptionResult == null ? void 0 : decryptionResult.Plaintext)) {
299
+ throw new Error(`No: ${JSON.stringify({ key, cipherText, decryptCommand })}`);
300
+ }
301
+ const value = Buffer.from(decryptionResult.Plaintext).toString();
302
+ return [key, value];
303
+ }));
304
+ const env = Object.fromEntries(envEntries);
305
+ const userCommandArgs = process.argv.slice(process.argv.indexOf(argv.command) + 1);
306
+ if (argv.command) {
307
+ (0, import_cross_spawn.spawn)(argv.command, [...userCommandArgs], {
308
+ stdio: "inherit",
309
+ shell: false,
310
+ env: __spreadValues(__spreadValues({}, process.env), env)
311
+ });
312
+ }
313
+ } catch (e) {
314
+ console.error(e);
315
+ }
316
+ };
317
+
318
+ // src/commands/encryptEnvCommand.ts
319
+ var encryptEnvCommand_exports = {};
320
+ __export(encryptEnvCommand_exports, {
321
+ builder: () => builder3,
322
+ command: () => command3,
323
+ desc: () => desc3,
324
+ handler: () => handler3
325
+ });
326
+ var import_client_kms3 = __toModule(require("@aws-sdk/client-kms"));
327
+ var import_chalk4 = __toModule(require("chalk"));
328
+ var import_dotenv3 = __toModule(require("dotenv"));
329
+ var import_node_fs3 = __toModule(require("node:fs"));
330
+ var import_node_path3 = __toModule(require("node:path"));
331
+ var command3 = "encrypt-env";
332
+ var desc3 = "Encrypts a dotenv file";
333
+ var builder3 = {
334
+ "aws-profile": __spreadValues({}, commonCliOptions.awsProfile),
335
+ "aws-region": __spreadValues({}, commonCliOptions.awsRegion),
336
+ "aws-key-alias": { string: true, default: "alias/top-secret" },
337
+ "env-file": {
338
+ string: true,
339
+ describe: ".env file",
340
+ default: ".env"
341
+ },
342
+ "sec-file": {
343
+ string: true,
344
+ describe: ".sec file",
345
+ default: ".sec"
346
+ },
347
+ verbose: __spreadValues({}, commonCliOptions.verbose),
348
+ yes: __spreadValues({}, commonCliOptions.yes)
349
+ };
350
+ var handler3 = async (argv) => {
351
+ try {
352
+ const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({ argv: __spreadValues({}, argv), env: __spreadValues({}, process.env) });
353
+ const envSource = import_node_path3.default.resolve(process.cwd(), argv.envFile);
354
+ if (!await fileExists(envSource)) {
355
+ console.error(`Could not open ${(0, import_chalk4.redBright)(envSource)}`);
356
+ return;
357
+ }
358
+ const parsedEnv = (0, import_dotenv3.parse)(import_node_fs3.default.readFileSync(envSource, { encoding: "utf8" }));
359
+ const kmsClient = new import_client_kms3.KMSClient({
360
+ credentials: credentialsAndOrigin.value,
361
+ region: regionAndOrigin.value
362
+ });
363
+ const sec = (await Promise.all(Object.entries(parsedEnv).map(async ([key, value]) => {
364
+ const encryptCommand = new import_client_kms3.EncryptCommand({
365
+ KeyId: argv.awsKeyAlias,
366
+ Plaintext: Buffer.from(value),
367
+ EncryptionAlgorithm: "RSAES_OAEP_SHA_256"
368
+ });
369
+ const encryptionResult = await kmsClient.send(encryptCommand);
370
+ if (!encryptionResult.CiphertextBlob) {
371
+ throw new Error(`No: ${JSON.stringify({ key, value, encryptCommand })}`);
372
+ }
373
+ const cipherText = Buffer.from(encryptionResult.CiphertextBlob).toString("base64");
374
+ return `${key}="${cipherText}"`;
375
+ }))).join("\n");
376
+ import_node_fs3.default.writeFileSync(import_node_path3.default.resolve(process.cwd(), argv.secFile), sec);
377
+ } catch (e) {
378
+ console.error(e);
379
+ }
380
+ };
381
+
382
+ // src/cli.ts
383
+ void (0, import_yargs.default)((0, import_helpers.hideBin)(process.argv)).command(defaultCommand_exports).command(encryptEnvCommand_exports).command(decryptSecCommand_exports).parse();
384
+ //# sourceMappingURL=cli.js.map
package/dist/cli.js.map ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../src/cli.ts", "../src/commands/decryptSecCommand.ts", "../src/commonCliOptions.ts", "../src/utils/getCredentialsProfileRegion.ts", "../src/utils/logger.ts", "../src/lib/partial-commands/handleCredentialsAndRegion.ts", "../src/utils/io.ts", "../src/commands/defaultCommand.ts", "../src/commands/encryptEnvCommand.ts"],
4
+ "sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': {\n ...commonCliOptions.awsProfile,\n },\n 'aws-region': {\n ...commonCliOptions.awsRegion,\n },\n 'aws-key-alias': { string: true, default: 'alias/top-secret' },\n 'env-file': {\n string: true,\n describe: '.env file',\n default: '.env',\n },\n 'sec-file': {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n verbose: { ...commonCliOptions.verbose },\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (argv: YargsHandlerParams<typeof builder>): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({ argv: { ...argv }, env: { ...process.env } });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(`No: ${JSON.stringify({ key, cipherText, decryptCommand })}`);\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(path.resolve(process.cwd(), argv.envFile || '.env'), envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'));\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n describe: 'AWS KMS asymmetric key alias',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS asymmetric key arn',\n },\n\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import { fromEnv, fromIni } from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport { CredentialsAndOrigin, ProfileAndOrigin, RegionAndOrigin } from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: { profile?: string; region?: string };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n\n if (argv.profile) {\n profileAndOrigin = { value: argv.profile, origin: `command line option: ${bold(argv.profile)}` };\n credentialsAndOrigin = { value: await fromIni({ profile: argv.profile })(), origin: `${bold(`[${argv.profile}]`)} in credentials file` };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = { value: env.AWS_PROFILE, origin: `env variable ${bold('AWS_PROFILE')}: ${underline(env.AWS_PROFILE)}` };\n credentialsAndOrigin = {\n value: await fromIni({ profile: env.AWS_PROFILE })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(env.AWS_PROFILE)}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold('AWS_SECRET_ACCESS_KEY')}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = { value: 'default', origin: `${bold('[default]')} in credentials file` };\n credentialsAndOrigin = { value: await fromIni({ profile: 'default' })(), origin: `profile ${bold('[default]')}` };\n }\n\n if (argv.region) {\n regionAndOrigin = { value: argv.region, origin: `command line option: ${bold(argv.region)}` };\n } else if (env.AWS_REGION) {\n regionAndOrigin = { value: env.AWS_REGION, origin: `env variable ${bold('AWS_REGION')}: ${underline(env.AWS_REGION)}` };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(env.AWS_DEFAULT_REGION)}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion = sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = { value: foundRegion, origin: `${bold(`[profile ${profileAndOrigin.value}]`)} in config file` };\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n return console;\n }\n\n return _logger;\n};\n\nexport const bold = (str: string): string => chalk.yellowBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\n", "import { getCredentialsProfileRegion, printVerboseCredentialsProfileRegion } from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: { awsRegion?: string; awsProfile?: string; verbose?: boolean };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin } = await getCredentialsProfileRegion({\n argv: { region: argv.awsRegion, profile: argv.awsProfile },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(printVerboseCredentialsProfileRegion({ credentialsAndOrigin, regionAndOrigin }));\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { stat } from 'fs/promises';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n", "import { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = '$0 <command>';\nexport const desc = 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': {\n ...commonCliOptions.awsProfile,\n },\n 'aws-region': {\n ...commonCliOptions.awsRegion,\n },\n 'aws-key-alias': { string: true, default: 'alias/top-secret' },\n 'sec-file': {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n verbose: { ...commonCliOptions.verbose },\n yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nexport const handler = async (argv: YargsHandlerParams<typeof builder>): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({ argv: { ...argv }, env: { ...process.env } });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(`No: ${JSON.stringify({ key, cipherText, decryptCommand })}`);\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n // console.log(env);\n\n const userCommandArgs = process.argv.slice(process.argv.indexOf(argv.command) + 1);\n // console.info({ userCommandArgs });\n\n // console.info(argv.command);\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import { KMSClient, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': {\n ...commonCliOptions.awsProfile,\n },\n 'aws-region': {\n ...commonCliOptions.awsRegion,\n },\n 'aws-key-alias': { string: true, default: 'alias/top-secret' },\n 'env-file': {\n string: true,\n describe: '.env file',\n default: '.env',\n },\n 'sec-file': {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n verbose: { ...commonCliOptions.verbose },\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (argv: YargsHandlerParams<typeof builder>): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({ argv: { ...argv }, env: { ...process.env } });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n console.error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(fs.readFileSync(envSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const encryptionResult = await kmsClient.send(encryptCommand);\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(`No: ${JSON.stringify({ key, value, encryptCommand })}`);\n }\n\n const cipherText = Buffer.from(encryptionResult.CiphertextBlob).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n // console.log(sec);\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n console.error(e);\n }\n};\n"],
5
+ "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,qBAAwB;AACxB,mBAAkB;;;ACFlB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,wBAA0C;AAC1C,oBAA0B;AAC1B,oBAAsB;AACtB,qBAAe;AACf,uBAAiB;;;ACFV,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAWd,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;ACvClB,kCAAiC;AACjC,oCAAsC;;;ACDtC,mBAAkB;AAYX,IAAM,OAAO,CAAC,QAAwB,qBAAM,aAAa,KAAK;AAC9D,IAAM,YAAY,CAAC,QAAwB,qBAAM,WAAW,KAAK;;;ADPjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAWE;AAnBN;AAoBI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AAEnD,MAAI,KAAK,SAAS;AACd,uBAAmB,EAAE,OAAO,KAAK,SAAS,QAAQ,wBAAwB,KAAK,KAAK;AACpF,2BAAuB,EAAE,OAAO,MAAM,yCAAQ,EAAE,SAAS,KAAK,cAAc,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA,aAC9F,IAAI,aAAa;AACxB,uBAAmB,EAAE,OAAO,IAAI,aAAa,QAAQ,gBAAgB,KAAK,mBAAmB,UAAU,IAAI;AAC3G,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ,EAAE,SAAS,IAAI;AAAA,MACpC,QAAQ,gBAAgB,UAAU,mBAAmB,KAAK,IAAI;AAAA;AAAA,aAE3D,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KAAK;AAAA;AAAA,aAE5D,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB,EAAE,OAAO,WAAW,QAAQ,GAAG,KAAK;AACvD,2BAAuB,EAAE,OAAO,MAAM,yCAAQ,EAAE,SAAS,gBAAgB,QAAQ,WAAW,KAAK;AAAA;AAGrG,MAAI,KAAK,QAAQ;AACb,sBAAkB,EAAE,OAAO,KAAK,QAAQ,QAAQ,wBAAwB,KAAK,KAAK;AAAA,aAC3E,IAAI,YAAY;AACvB,sBAAkB,EAAE,OAAO,IAAI,YAAY,QAAQ,gBAAgB,KAAK,kBAAkB,UAAU,IAAI;AAAA,aACjG,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UAAU,IAAI;AAAA;AAAA,aAElE,kBAAkB;AACzB,UAAM,cAAc,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7E,QAAI,aAAa;AACb,wBAAkB,EAAE,OAAO,aAAa,QAAQ,GAAG,KAAK,YAAY,iBAAiB;AAAA;AAAA;AAI7F,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AEjFb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAWE;AACF,QAAM,EAAE,sBAAsB,oBAAoB,MAAM,4BAA4B;AAAA,IAChF,MAAM,EAAE,QAAQ,KAAK,WAAW,SAAS,KAAK;AAAA,IAC9C,KAAK,mBACE;AAAA;AAIX,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IAAI,qCAAqC,EAAE,sBAAsB;AAAA;AAG7E,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;ACtCnC,sBAAqB;AAEd,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,0BAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;;;ALIR,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,mBACR,iBAAiB;AAAA,EAExB,cAAc,mBACP,iBAAiB;AAAA,EAExB,iBAAiB,EAAE,QAAQ,MAAM,SAAS;AAAA,EAC1C,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,SAAS,mBAAK,iBAAiB;AAAA,EAC/B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OAAO,SAA4D;AACtF,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAAoB,MAAM,2BAA2B,EAAE,MAAM,mBAAK,OAAQ,KAAK,mBAAK,QAAQ;AAE1H,UAAM,YAAY,yBAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,yBAAM,uBAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,UAAM,YAAY,IAAI,4BAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,iCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MAAM,OAAO,KAAK,UAAU,EAAE,KAAK,YAAY;AAAA;AAE7D,YAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,aAAO,CAAC,KAAK;AAAA;AAGrB,2BAAG,cAAc,yBAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAAS,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAC5H,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AMtEtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAA0C;AAC1C,oBAA0B;AAC1B,yBAAsB;AACtB,qBAAsB;AACtB,sBAAe;AACf,wBAAiB;AAOV,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,mBACR,iBAAiB;AAAA,EAExB,cAAc,mBACP,iBAAiB;AAAA,EAExB,iBAAiB,EAAE,QAAQ,MAAM,SAAS;AAAA,EAC1C,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,SAAS,mBAAK,iBAAiB;AAAA,EAC/B,KAAK,mBAAK,iBAAiB;AAAA,EAC3B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGhC,IAAM,WAAU,OAAO,SAA4D;AACtF,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAAoB,MAAM,2BAA2B,EAAE,MAAM,mBAAK,OAAQ,KAAK,mBAAK,QAAQ;AAE1H,UAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,0BAAM,wBAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,UAAM,YAAY,IAAI,6BAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MAAM,OAAO,KAAK,UAAU,EAAE,KAAK,YAAY;AAAA;AAE7D,YAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,aAAO,CAAC,KAAK;AAAA;AAGrB,UAAM,MAAM,OAAO,YAAY;AAG/B,UAAM,kBAAkB,QAAQ,KAAK,MAAM,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAIhF,QAAI,KAAK,SAAS;AACd,oCAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,kCAAK,QAAQ,MAAQ;AAAA;AAAA;AAAA,WAG7B,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AChFtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAA0C;AAC1C,oBAA0B;AAC1B,qBAAsB;AACtB,sBAAe;AACf,wBAAiB;AAOV,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,mBACR,iBAAiB;AAAA,EAExB,cAAc,mBACP,iBAAiB;AAAA,EAExB,iBAAiB,EAAE,QAAQ,MAAM,SAAS;AAAA,EAC1C,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,SAAS,mBAAK,iBAAiB;AAAA,EAC/B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OAAO,SAA4D;AACtF,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAAoB,MAAM,2BAA2B,EAAE,MAAM,mBAAK,OAAQ,KAAK,mBAAK,QAAQ;AAE1H,UAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,0BAAM,wBAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,UAAM,YAAY,IAAI,6BAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MAAM,OAAO,KAAK,UAAU,EAAE,KAAK,OAAO;AAAA;AAGxD,YAAM,aAAa,OAAO,KAAK,iBAAiB,gBAAgB,SAAS;AACzE,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAIP,4BAAG,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;ARlEtB,KAAK,0BAAM,4BAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,2BACR,QAAQ,2BAGR;",
6
+ "names": []
7
+ }
package/dist/esm/cli.js ADDED
@@ -0,0 +1,369 @@
1
+ var __defProp = Object.defineProperty;
2
+ var __getOwnPropSymbols = Object.getOwnPropertySymbols;
3
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
4
+ var __propIsEnum = Object.prototype.propertyIsEnumerable;
5
+ var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
6
+ var __spreadValues = (a, b) => {
7
+ for (var prop in b || (b = {}))
8
+ if (__hasOwnProp.call(b, prop))
9
+ __defNormalProp(a, prop, b[prop]);
10
+ if (__getOwnPropSymbols)
11
+ for (var prop of __getOwnPropSymbols(b)) {
12
+ if (__propIsEnum.call(b, prop))
13
+ __defNormalProp(a, prop, b[prop]);
14
+ }
15
+ return a;
16
+ };
17
+ var __markAsModule = (target) => __defProp(target, "__esModule", { value: true });
18
+ var __export = (target, all) => {
19
+ __markAsModule(target);
20
+ for (var name in all)
21
+ __defProp(target, name, { get: all[name], enumerable: true });
22
+ };
23
+
24
+ // src/cli.ts
25
+ import { hideBin } from "yargs/helpers";
26
+ import yargs from "yargs/yargs";
27
+
28
+ // src/commands/decryptSecCommand.ts
29
+ var decryptSecCommand_exports = {};
30
+ __export(decryptSecCommand_exports, {
31
+ builder: () => builder,
32
+ command: () => command,
33
+ desc: () => desc,
34
+ handler: () => handler
35
+ });
36
+ import { KMSClient, DecryptCommand } from "@aws-sdk/client-kms";
37
+ import { redBright } from "chalk";
38
+ import { parse } from "dotenv";
39
+ import fs from "node:fs";
40
+ import path from "node:path";
41
+
42
+ // src/commonCliOptions.ts
43
+ var commonCliOptions = {
44
+ awsProfile: {
45
+ string: true,
46
+ describe: "AWS profile"
47
+ },
48
+ awsRegion: {
49
+ string: true,
50
+ describe: "AWS region"
51
+ },
52
+ awsKeyAlias: {
53
+ string: true,
54
+ describe: "AWS KMS asymmetric key alias"
55
+ },
56
+ awsKey: {
57
+ string: true,
58
+ describe: "AWS KMS asymmetric key arn"
59
+ },
60
+ verbose: {
61
+ boolean: true,
62
+ describe: "Be verbose"
63
+ },
64
+ yes: {
65
+ boolean: true,
66
+ describe: "Proceeds without confirmation"
67
+ },
68
+ dryRun: {
69
+ boolean: true,
70
+ describe: "Do a dry run"
71
+ }
72
+ };
73
+
74
+ // src/utils/getCredentialsProfileRegion.ts
75
+ import { fromEnv, fromIni } from "@aws-sdk/credential-providers";
76
+ import { loadSharedConfigFiles } from "@aws-sdk/shared-ini-file-loader";
77
+
78
+ // src/utils/logger.ts
79
+ import chalk from "chalk";
80
+ var bold = (str) => chalk.yellowBright.bold(str);
81
+ var underline = (str) => chalk.cyanBright.bold(str);
82
+
83
+ // src/utils/getCredentialsProfileRegion.ts
84
+ var getCredentialsProfileRegion = async ({
85
+ argv,
86
+ env
87
+ }) => {
88
+ var _a, _b, _c;
89
+ const sharedConfigFiles = await loadSharedConfigFiles();
90
+ let credentialsAndOrigin = void 0;
91
+ let profileAndOrigin = void 0;
92
+ let regionAndOrigin = void 0;
93
+ if (argv.profile) {
94
+ profileAndOrigin = { value: argv.profile, origin: `command line option: ${bold(argv.profile)}` };
95
+ credentialsAndOrigin = { value: await fromIni({ profile: argv.profile })(), origin: `${bold(`[${argv.profile}]`)} in credentials file` };
96
+ } else if (env.AWS_PROFILE) {
97
+ profileAndOrigin = { value: env.AWS_PROFILE, origin: `env variable ${bold("AWS_PROFILE")}: ${underline(env.AWS_PROFILE)}` };
98
+ credentialsAndOrigin = {
99
+ value: await fromIni({ profile: env.AWS_PROFILE })(),
100
+ origin: `env variable ${underline("AWS_PROFILE")}: ${bold(env.AWS_PROFILE)}`
101
+ };
102
+ } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {
103
+ credentialsAndOrigin = {
104
+ value: await fromEnv()(),
105
+ origin: `env variables ${bold("AWS_ACCESS_KEY_ID")} and ${bold("AWS_SECRET_ACCESS_KEY")}`
106
+ };
107
+ } else if ((_a = sharedConfigFiles.credentialsFile) == null ? void 0 : _a.default) {
108
+ profileAndOrigin = { value: "default", origin: `${bold("[default]")} in credentials file` };
109
+ credentialsAndOrigin = { value: await fromIni({ profile: "default" })(), origin: `profile ${bold("[default]")}` };
110
+ }
111
+ if (argv.region) {
112
+ regionAndOrigin = { value: argv.region, origin: `command line option: ${bold(argv.region)}` };
113
+ } else if (env.AWS_REGION) {
114
+ regionAndOrigin = { value: env.AWS_REGION, origin: `env variable ${bold("AWS_REGION")}: ${underline(env.AWS_REGION)}` };
115
+ } else if (env.AWS_DEFAULT_REGION) {
116
+ regionAndOrigin = {
117
+ value: env.AWS_DEFAULT_REGION,
118
+ origin: `env variable ${bold("AWS_DEFAULT_REGION")}: ${underline(env.AWS_DEFAULT_REGION)}`
119
+ };
120
+ } else if (profileAndOrigin) {
121
+ const foundRegion = (_c = (_b = sharedConfigFiles == null ? void 0 : sharedConfigFiles.configFile) == null ? void 0 : _b[profileAndOrigin.value]) == null ? void 0 : _c.region;
122
+ if (foundRegion) {
123
+ regionAndOrigin = { value: foundRegion, origin: `${bold(`[profile ${profileAndOrigin.value}]`)} in config file` };
124
+ }
125
+ }
126
+ return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };
127
+ };
128
+ var printVerboseCredentialsProfileRegion = ({
129
+ credentialsAndOrigin,
130
+ regionAndOrigin,
131
+ profileAndOrigin
132
+ }) => {
133
+ const out = [];
134
+ if (profileAndOrigin) {
135
+ out.push(`Got profile name from ${profileAndOrigin.origin}`);
136
+ }
137
+ if (credentialsAndOrigin) {
138
+ out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);
139
+ }
140
+ if (regionAndOrigin) {
141
+ out.push(`Resolved region from ${regionAndOrigin.origin}`);
142
+ }
143
+ return out.join("\n");
144
+ };
145
+
146
+ // src/lib/partial-commands/handleCredentialsAndRegion.ts
147
+ var handleCredentialsAndRegion = async ({
148
+ argv,
149
+ env
150
+ }) => {
151
+ const { credentialsAndOrigin, regionAndOrigin } = await getCredentialsProfileRegion({
152
+ argv: { region: argv.awsRegion, profile: argv.awsProfile },
153
+ env: __spreadValues({}, env)
154
+ });
155
+ if (argv.verbose === true) {
156
+ console.log(printVerboseCredentialsProfileRegion({ credentialsAndOrigin, regionAndOrigin }));
157
+ }
158
+ if (!credentialsAndOrigin || !regionAndOrigin) {
159
+ if (!credentialsAndOrigin) {
160
+ console.error("Could not find credentials");
161
+ throw new Error("Could not find credentials");
162
+ }
163
+ if (!regionAndOrigin) {
164
+ console.error("Could not find region");
165
+ throw new Error("Could not find region");
166
+ }
167
+ }
168
+ return { credentialsAndOrigin, regionAndOrigin };
169
+ };
170
+
171
+ // src/utils/io.ts
172
+ import { stat } from "fs/promises";
173
+ var fileExists = async (source) => {
174
+ try {
175
+ await stat(source);
176
+ return true;
177
+ } catch {
178
+ return false;
179
+ }
180
+ };
181
+
182
+ // src/commands/decryptSecCommand.ts
183
+ var command = "decrypt-sec";
184
+ var desc = "Decrypts a dotsec file";
185
+ var builder = {
186
+ "aws-profile": __spreadValues({}, commonCliOptions.awsProfile),
187
+ "aws-region": __spreadValues({}, commonCliOptions.awsRegion),
188
+ "aws-key-alias": { string: true, default: "alias/top-secret" },
189
+ "env-file": {
190
+ string: true,
191
+ describe: ".env file",
192
+ default: ".env"
193
+ },
194
+ "sec-file": {
195
+ string: true,
196
+ describe: ".sec file",
197
+ default: ".sec"
198
+ },
199
+ verbose: __spreadValues({}, commonCliOptions.verbose),
200
+ yes: __spreadValues({}, commonCliOptions.yes)
201
+ };
202
+ var handler = async (argv) => {
203
+ try {
204
+ const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({ argv: __spreadValues({}, argv), env: __spreadValues({}, process.env) });
205
+ const secSource = path.resolve(process.cwd(), argv.secFile);
206
+ if (!await fileExists(secSource)) {
207
+ console.error(`Could not open ${redBright(secSource)}`);
208
+ return;
209
+ }
210
+ const parsedSec = parse(fs.readFileSync(secSource, { encoding: "utf8" }));
211
+ const kmsClient = new KMSClient({
212
+ credentials: credentialsAndOrigin.value,
213
+ region: regionAndOrigin.value
214
+ });
215
+ const envEntries = await Promise.all(Object.entries(parsedSec).map(async ([key, cipherText]) => {
216
+ const decryptCommand = new DecryptCommand({
217
+ KeyId: argv.awsKeyAlias,
218
+ CiphertextBlob: Buffer.from(cipherText, "base64"),
219
+ EncryptionAlgorithm: "RSAES_OAEP_SHA_256"
220
+ });
221
+ const decryptionResult = await kmsClient.send(decryptCommand);
222
+ if (!(decryptionResult == null ? void 0 : decryptionResult.Plaintext)) {
223
+ throw new Error(`No: ${JSON.stringify({ key, cipherText, decryptCommand })}`);
224
+ }
225
+ const value = Buffer.from(decryptionResult.Plaintext).toString();
226
+ return [key, value];
227
+ }));
228
+ fs.writeFileSync(path.resolve(process.cwd(), argv.envFile || ".env"), envEntries.map(([key, value]) => `${key}="${value}"`).join("\n"));
229
+ } catch (e) {
230
+ console.error(e);
231
+ }
232
+ };
233
+
234
+ // src/commands/defaultCommand.ts
235
+ var defaultCommand_exports = {};
236
+ __export(defaultCommand_exports, {
237
+ builder: () => builder2,
238
+ command: () => command2,
239
+ desc: () => desc2,
240
+ handler: () => handler2
241
+ });
242
+ import { KMSClient as KMSClient2, DecryptCommand as DecryptCommand2 } from "@aws-sdk/client-kms";
243
+ import { redBright as redBright2 } from "chalk";
244
+ import { spawn } from "cross-spawn";
245
+ import { parse as parse2 } from "dotenv";
246
+ import fs2 from "node:fs";
247
+ import path2 from "node:path";
248
+ var command2 = "$0 <command>";
249
+ var desc2 = "Decrypts a .sec file, injects the results into a separate process and runs a command";
250
+ var builder2 = {
251
+ "aws-profile": __spreadValues({}, commonCliOptions.awsProfile),
252
+ "aws-region": __spreadValues({}, commonCliOptions.awsRegion),
253
+ "aws-key-alias": { string: true, default: "alias/top-secret" },
254
+ "sec-file": {
255
+ string: true,
256
+ describe: ".sec file",
257
+ default: ".sec"
258
+ },
259
+ verbose: __spreadValues({}, commonCliOptions.verbose),
260
+ yes: __spreadValues({}, commonCliOptions.yes),
261
+ command: { string: true, required: true }
262
+ };
263
+ var handler2 = async (argv) => {
264
+ try {
265
+ const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({ argv: __spreadValues({}, argv), env: __spreadValues({}, process.env) });
266
+ const secSource = path2.resolve(process.cwd(), argv.secFile);
267
+ if (!await fileExists(secSource)) {
268
+ console.error(`Could not open ${redBright2(secSource)}`);
269
+ return;
270
+ }
271
+ const parsedSec = parse2(fs2.readFileSync(secSource, { encoding: "utf8" }));
272
+ const kmsClient = new KMSClient2({
273
+ credentials: credentialsAndOrigin.value,
274
+ region: regionAndOrigin.value
275
+ });
276
+ const envEntries = await Promise.all(Object.entries(parsedSec).map(async ([key, cipherText]) => {
277
+ const decryptCommand = new DecryptCommand2({
278
+ KeyId: argv.awsKeyAlias,
279
+ CiphertextBlob: Buffer.from(cipherText, "base64"),
280
+ EncryptionAlgorithm: "RSAES_OAEP_SHA_256"
281
+ });
282
+ const decryptionResult = await kmsClient.send(decryptCommand);
283
+ if (!(decryptionResult == null ? void 0 : decryptionResult.Plaintext)) {
284
+ throw new Error(`No: ${JSON.stringify({ key, cipherText, decryptCommand })}`);
285
+ }
286
+ const value = Buffer.from(decryptionResult.Plaintext).toString();
287
+ return [key, value];
288
+ }));
289
+ const env = Object.fromEntries(envEntries);
290
+ const userCommandArgs = process.argv.slice(process.argv.indexOf(argv.command) + 1);
291
+ if (argv.command) {
292
+ spawn(argv.command, [...userCommandArgs], {
293
+ stdio: "inherit",
294
+ shell: false,
295
+ env: __spreadValues(__spreadValues({}, process.env), env)
296
+ });
297
+ }
298
+ } catch (e) {
299
+ console.error(e);
300
+ }
301
+ };
302
+
303
+ // src/commands/encryptEnvCommand.ts
304
+ var encryptEnvCommand_exports = {};
305
+ __export(encryptEnvCommand_exports, {
306
+ builder: () => builder3,
307
+ command: () => command3,
308
+ desc: () => desc3,
309
+ handler: () => handler3
310
+ });
311
+ import { KMSClient as KMSClient3, EncryptCommand } from "@aws-sdk/client-kms";
312
+ import { redBright as redBright3 } from "chalk";
313
+ import { parse as parse3 } from "dotenv";
314
+ import fs3 from "node:fs";
315
+ import path3 from "node:path";
316
+ var command3 = "encrypt-env";
317
+ var desc3 = "Encrypts a dotenv file";
318
+ var builder3 = {
319
+ "aws-profile": __spreadValues({}, commonCliOptions.awsProfile),
320
+ "aws-region": __spreadValues({}, commonCliOptions.awsRegion),
321
+ "aws-key-alias": { string: true, default: "alias/top-secret" },
322
+ "env-file": {
323
+ string: true,
324
+ describe: ".env file",
325
+ default: ".env"
326
+ },
327
+ "sec-file": {
328
+ string: true,
329
+ describe: ".sec file",
330
+ default: ".sec"
331
+ },
332
+ verbose: __spreadValues({}, commonCliOptions.verbose),
333
+ yes: __spreadValues({}, commonCliOptions.yes)
334
+ };
335
+ var handler3 = async (argv) => {
336
+ try {
337
+ const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({ argv: __spreadValues({}, argv), env: __spreadValues({}, process.env) });
338
+ const envSource = path3.resolve(process.cwd(), argv.envFile);
339
+ if (!await fileExists(envSource)) {
340
+ console.error(`Could not open ${redBright3(envSource)}`);
341
+ return;
342
+ }
343
+ const parsedEnv = parse3(fs3.readFileSync(envSource, { encoding: "utf8" }));
344
+ const kmsClient = new KMSClient3({
345
+ credentials: credentialsAndOrigin.value,
346
+ region: regionAndOrigin.value
347
+ });
348
+ const sec = (await Promise.all(Object.entries(parsedEnv).map(async ([key, value]) => {
349
+ const encryptCommand = new EncryptCommand({
350
+ KeyId: argv.awsKeyAlias,
351
+ Plaintext: Buffer.from(value),
352
+ EncryptionAlgorithm: "RSAES_OAEP_SHA_256"
353
+ });
354
+ const encryptionResult = await kmsClient.send(encryptCommand);
355
+ if (!encryptionResult.CiphertextBlob) {
356
+ throw new Error(`No: ${JSON.stringify({ key, value, encryptCommand })}`);
357
+ }
358
+ const cipherText = Buffer.from(encryptionResult.CiphertextBlob).toString("base64");
359
+ return `${key}="${cipherText}"`;
360
+ }))).join("\n");
361
+ fs3.writeFileSync(path3.resolve(process.cwd(), argv.secFile), sec);
362
+ } catch (e) {
363
+ console.error(e);
364
+ }
365
+ };
366
+
367
+ // src/cli.ts
368
+ void yargs(hideBin(process.argv)).command(defaultCommand_exports).command(encryptEnvCommand_exports).command(decryptSecCommand_exports).parse();
369
+ //# sourceMappingURL=cli.js.map
package/dist/esm/cli.js.map ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../../src/cli.ts", "../../src/commands/decryptSecCommand.ts", "../../src/commonCliOptions.ts", "../../src/utils/getCredentialsProfileRegion.ts", "../../src/utils/logger.ts", "../../src/lib/partial-commands/handleCredentialsAndRegion.ts", "../../src/utils/io.ts", "../../src/commands/defaultCommand.ts", "../../src/commands/encryptEnvCommand.ts"],
4
+ "sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': {\n ...commonCliOptions.awsProfile,\n },\n 'aws-region': {\n ...commonCliOptions.awsRegion,\n },\n 'aws-key-alias': { string: true, default: 'alias/top-secret' },\n 'env-file': {\n string: true,\n describe: '.env file',\n default: '.env',\n },\n 'sec-file': {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n verbose: { ...commonCliOptions.verbose },\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (argv: YargsHandlerParams<typeof builder>): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({ argv: { ...argv }, env: { ...process.env } });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(`No: ${JSON.stringify({ key, cipherText, decryptCommand })}`);\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(path.resolve(process.cwd(), argv.envFile || '.env'), envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'));\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n describe: 'AWS KMS asymmetric key alias',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS asymmetric key arn',\n },\n\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import { fromEnv, fromIni } from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport { CredentialsAndOrigin, ProfileAndOrigin, RegionAndOrigin } from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: { profile?: string; region?: string };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n\n if (argv.profile) {\n profileAndOrigin = { value: argv.profile, origin: `command line option: ${bold(argv.profile)}` };\n credentialsAndOrigin = { value: await fromIni({ profile: argv.profile })(), origin: `${bold(`[${argv.profile}]`)} in credentials file` };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = { value: env.AWS_PROFILE, origin: `env variable ${bold('AWS_PROFILE')}: ${underline(env.AWS_PROFILE)}` };\n credentialsAndOrigin = {\n value: await fromIni({ profile: env.AWS_PROFILE })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(env.AWS_PROFILE)}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold('AWS_SECRET_ACCESS_KEY')}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = { value: 'default', origin: `${bold('[default]')} in credentials file` };\n credentialsAndOrigin = { value: await fromIni({ profile: 'default' })(), origin: `profile ${bold('[default]')}` };\n }\n\n if (argv.region) {\n regionAndOrigin = { value: argv.region, origin: `command line option: ${bold(argv.region)}` };\n } else if (env.AWS_REGION) {\n regionAndOrigin = { value: env.AWS_REGION, origin: `env variable ${bold('AWS_REGION')}: ${underline(env.AWS_REGION)}` };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(env.AWS_DEFAULT_REGION)}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion = sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = { value: foundRegion, origin: `${bold(`[profile ${profileAndOrigin.value}]`)} in config file` };\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n return console;\n }\n\n return _logger;\n};\n\nexport const bold = (str: string): string => chalk.yellowBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\n", "import { getCredentialsProfileRegion, printVerboseCredentialsProfileRegion } from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: { awsRegion?: string; awsProfile?: string; verbose?: boolean };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin } = await getCredentialsProfileRegion({\n argv: { region: argv.awsRegion, profile: argv.awsProfile },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(printVerboseCredentialsProfileRegion({ credentialsAndOrigin, regionAndOrigin }));\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { stat } from 'fs/promises';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n", "import { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = '$0 <command>';\nexport const desc = 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': {\n ...commonCliOptions.awsProfile,\n },\n 'aws-region': {\n ...commonCliOptions.awsRegion,\n },\n 'aws-key-alias': { string: true, default: 'alias/top-secret' },\n 'sec-file': {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n verbose: { ...commonCliOptions.verbose },\n yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nexport const handler = async (argv: YargsHandlerParams<typeof builder>): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({ argv: { ...argv }, env: { ...process.env } });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(`No: ${JSON.stringify({ key, cipherText, decryptCommand })}`);\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n // console.log(env);\n\n const userCommandArgs = process.argv.slice(process.argv.indexOf(argv.command) + 1);\n // console.info({ userCommandArgs });\n\n // console.info(argv.command);\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import { KMSClient, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': {\n ...commonCliOptions.awsProfile,\n },\n 'aws-region': {\n ...commonCliOptions.awsRegion,\n },\n 'aws-key-alias': { string: true, default: 'alias/top-secret' },\n 'env-file': {\n string: true,\n describe: '.env file',\n default: '.env',\n },\n 'sec-file': {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n verbose: { ...commonCliOptions.verbose },\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (argv: YargsHandlerParams<typeof builder>): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({ argv: { ...argv }, env: { ...process.env } });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n console.error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(fs.readFileSync(envSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const encryptionResult = await kmsClient.send(encryptCommand);\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(`No: ${JSON.stringify({ key, value, encryptCommand })}`);\n }\n\n const cipherText = Buffer.from(encryptionResult.CiphertextBlob).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n // console.log(sec);\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n console.error(e);\n }\n};\n"],
5
+ "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;AACA;AACA;;;ACFA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;;;ACFO,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAWd,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;ACvClB;AACA;;;ACDA;AAYO,IAAM,OAAO,CAAC,QAAwB,MAAM,aAAa,KAAK;AAC9D,IAAM,YAAY,CAAC,QAAwB,MAAM,WAAW,KAAK;;;ADPjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAWE;AAnBN;AAoBI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AAEnD,MAAI,KAAK,SAAS;AACd,uBAAmB,EAAE,OAAO,KAAK,SAAS,QAAQ,wBAAwB,KAAK,KAAK;AACpF,2BAAuB,EAAE,OAAO,MAAM,QAAQ,EAAE,SAAS,KAAK,cAAc,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA,aAC9F,IAAI,aAAa;AACxB,uBAAmB,EAAE,OAAO,IAAI,aAAa,QAAQ,gBAAgB,KAAK,mBAAmB,UAAU,IAAI;AAC3G,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ,EAAE,SAAS,IAAI;AAAA,MACpC,QAAQ,gBAAgB,UAAU,mBAAmB,KAAK,IAAI;AAAA;AAAA,aAE3D,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KAAK;AAAA;AAAA,aAE5D,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB,EAAE,OAAO,WAAW,QAAQ,GAAG,KAAK;AACvD,2BAAuB,EAAE,OAAO,MAAM,QAAQ,EAAE,SAAS,gBAAgB,QAAQ,WAAW,KAAK;AAAA;AAGrG,MAAI,KAAK,QAAQ;AACb,sBAAkB,EAAE,OAAO,KAAK,QAAQ,QAAQ,wBAAwB,KAAK,KAAK;AAAA,aAC3E,IAAI,YAAY;AACvB,sBAAkB,EAAE,OAAO,IAAI,YAAY,QAAQ,gBAAgB,KAAK,kBAAkB,UAAU,IAAI;AAAA,aACjG,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UAAU,IAAI;AAAA;AAAA,aAElE,kBAAkB;AACzB,UAAM,cAAc,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7E,QAAI,aAAa;AACb,wBAAkB,EAAE,OAAO,aAAa,QAAQ,GAAG,KAAK,YAAY,iBAAiB;AAAA;AAAA;AAI7F,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AEjFb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAWE;AACF,QAAM,EAAE,sBAAsB,oBAAoB,MAAM,4BAA4B;AAAA,IAChF,MAAM,EAAE,QAAQ,KAAK,WAAW,SAAS,KAAK;AAAA,IAC9C,KAAK,mBACE;AAAA;AAIX,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IAAI,qCAAqC,EAAE,sBAAsB;AAAA;AAG7E,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;ACtCnC;AAEO,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,KAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;;;ALIR,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,mBACR,iBAAiB;AAAA,EAExB,cAAc,mBACP,iBAAiB;AAAA,EAExB,iBAAiB,EAAE,QAAQ,MAAM,SAAS;AAAA,EAC1C,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,SAAS,mBAAK,iBAAiB;AAAA,EAC/B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OAAO,SAA4D;AACtF,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAAoB,MAAM,2BAA2B,EAAE,MAAM,mBAAK,OAAQ,KAAK,mBAAK,QAAQ;AAE1H,UAAM,YAAY,KAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,UAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,MAAM,GAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,UAAM,YAAY,IAAI,UAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MAAM,OAAO,KAAK,UAAU,EAAE,KAAK,YAAY;AAAA;AAE7D,YAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,aAAO,CAAC,KAAK;AAAA;AAGrB,OAAG,cAAc,KAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAAS,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAC5H,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AMtEtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;AACA;AAOO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,mBACR,iBAAiB;AAAA,EAExB,cAAc,mBACP,iBAAiB;AAAA,EAExB,iBAAiB,EAAE,QAAQ,MAAM,SAAS;AAAA,EAC1C,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,SAAS,mBAAK,iBAAiB;AAAA,EAC/B,KAAK,mBAAK,iBAAiB;AAAA,EAC3B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGhC,IAAM,WAAU,OAAO,SAA4D;AACtF,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAAoB,MAAM,2BAA2B,EAAE,MAAM,mBAAK,OAAQ,KAAK,mBAAK,QAAQ;AAE1H,UAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,WAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,OAAM,IAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,UAAM,YAAY,IAAI,WAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MAAM,OAAO,KAAK,UAAU,EAAE,KAAK,YAAY;AAAA;AAE7D,YAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,aAAO,CAAC,KAAK;AAAA;AAGrB,UAAM,MAAM,OAAO,YAAY;AAG/B,UAAM,kBAAkB,QAAQ,KAAK,MAAM,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAIhF,QAAI,KAAK,SAAS;AACd,YAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,kCAAK,QAAQ,MAAQ;AAAA;AAAA;AAAA,WAG7B,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AChFtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;AAOO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,mBACR,iBAAiB;AAAA,EAExB,cAAc,mBACP,iBAAiB;AAAA,EAExB,iBAAiB,EAAE,QAAQ,MAAM,SAAS;AAAA,EAC1C,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,SAAS,mBAAK,iBAAiB;AAAA,EAC/B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OAAO,SAA4D;AACtF,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAAoB,MAAM,2BAA2B,EAAE,MAAM,mBAAK,OAAQ,KAAK,mBAAK,QAAQ;AAE1H,UAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,WAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,OAAM,IAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,UAAM,YAAY,IAAI,WAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MAAM,OAAO,KAAK,UAAU,EAAE,KAAK,OAAO;AAAA;AAGxD,YAAM,aAAa,OAAO,KAAK,iBAAiB,gBAAgB,SAAS;AACzE,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAIP,QAAG,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;ARlEtB,KAAK,MAAM,QAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,2BACR,QAAQ,2BAGR;",
6
+ "names": []
7
+ }
package/dist/esm/index.js ADDED
@@ -0,0 +1,7 @@
1
+ // src/index.ts
2
+ var src_default = () => {
3
+ };
4
+ export {
5
+ src_default as default
6
+ };
7
+ //# sourceMappingURL=index.js.map
package/dist/esm/index.js.map ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../../src/index.ts"],
4
+ "sourcesContent": ["export default () => {};\n"],
5
+ "mappings": ";AAAA,IAAO,cAAQ,MAAM;AAAA;",
6
+ "names": []
7
+ }
package/dist/index.d.ts ADDED
@@ -0,0 +1,3 @@
1
+ declare const _default: () => void;
2
+
3
+ export { _default as default };
package/dist/index.js ADDED
@@ -0,0 +1,17 @@
1
+ var __defProp = Object.defineProperty;
2
+ var __markAsModule = (target) => __defProp(target, "__esModule", { value: true });
3
+ var __export = (target, all) => {
4
+ __markAsModule(target);
5
+ for (var name in all)
6
+ __defProp(target, name, { get: all[name], enumerable: true });
7
+ };
8
+
9
+ // src/index.ts
10
+ __export(exports, {
11
+ default: () => src_default
12
+ });
13
+ var src_default = () => {
14
+ };
15
+ // Annotate the CommonJS export names for ESM import in node:
16
+ 0 && (module.exports = {});
17
+ //# sourceMappingURL=index.js.map
package/dist/index.js.map ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../src/index.ts"],
4
+ "sourcesContent": ["export default () => {};\n"],
5
+ "mappings": ";;;;;;;;;AAAA;AAAA;AAAA;AAAA,IAAO,cAAQ,MAAM;AAAA;",
6
+ "names": []
7
+ }
package/package.json ADDED
@@ -0,0 +1,56 @@
1
+ {
2
+ "name": "dotsec",
3
+ "version": "0.1.1",
4
+ "description": "",
5
+ "main": "./dist/index.js",
6
+ "types": "./dist/index.d.ts",
7
+ "module": "./dist/esm/index.js",
8
+ "files": [
9
+ "README.md",
10
+ "LICENSE.md",
11
+ "CHANGELOG.md",
12
+ "package.json",
13
+ "dist"
14
+ ],
15
+ "exports": {
16
+ ".": {
17
+ "import": "./dist/esm/index.js",
18
+ "require": "./dist/index.js"
19
+ }
20
+ },
21
+ "bin": {
22
+ "dotsec": "./bin/dotsec.js"
23
+ },
24
+ "repository": {
25
+ "type": "git",
26
+ "url": "git@github.com:jpwesselink/dotsec.git",
27
+ "directory": "packages/dotsec"
28
+ },
29
+ "author": "JP Wesselink <jpwesselink@gmail.com>",
30
+ "license": "MIT",
31
+ "scripts": {
32
+ "dev": "tsup --watch ./src --onSuccess \"node dist/index.js\"",
33
+ "build": "tsup --dts --format cjs,esm --legacy-output",
34
+ "test": "jest"
35
+ },
36
+ "devDependencies": {
37
+ "@types/jest": "~26.0.24",
38
+ "@types/node": "^14.14.19",
39
+ "@types/yargs": "^17.0.8",
40
+ "esbuild-jest": "^0.5.0",
41
+ "jest": "~27.3.1",
42
+ "tsup": "^4.14.0",
43
+ "typescript": "~4.5.5"
44
+ },
45
+ "dependencies": {
46
+ "@aws-sdk/client-kms": "^3.52.0",
47
+ "@aws-sdk/credential-providers": "^3.52.0",
48
+ "@aws-sdk/shared-ini-file-loader": "^3.52.0",
49
+ "@aws-sdk/types": "^3.52.0",
50
+ "chalk": "^4.1.2",
51
+ "cross-spawn": "^7.0.3",
52
+ "dotenv": "^16.0.0",
53
+ "yargs": "^17.3.1"
54
+ },
55
+ "gitHead": "0507e90cb6c01dd37c0fadec6f74ecf0d9d51ca8"
56
+ }