dotsec 0.10.1-alpha.2 → 0.10.1-alpha.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +11 -1
- package/dist/cli.js.map +2 -2
- package/dist/esm/cli.js +12 -2
- package/dist/esm/cli.js.map +2 -2
- package/dist/esm/index.js.map +1 -1
- package/dist/index.d.ts +3 -0
- package/dist/index.js.map +1 -1
- package/package.json +2 -2
package/dist/cli.js
CHANGED
|
@@ -1136,10 +1136,20 @@ var handler7 = async (argv) => {
|
|
|
1136
1136
|
verbose: argv.verbose
|
|
1137
1137
|
});
|
|
1138
1138
|
await Promise.all(Object.entries(flatParameters).map(([parameterName, value]) => {
|
|
1139
|
+
var _a, _b;
|
|
1140
|
+
let type = import_client_ssm3.ParameterType.STRING;
|
|
1141
|
+
const secureStrings = (_b = (_a = config.aws) == null ? void 0 : _a.secureStrings) == null ? void 0 : _b.pathMatches;
|
|
1142
|
+
if (secureStrings && Array.isArray(secureStrings)) {
|
|
1143
|
+
secureStrings.forEach((secureString) => {
|
|
1144
|
+
if (parameterName.match(secureString)) {
|
|
1145
|
+
type = import_client_ssm3.ParameterType.SECURE_STRING;
|
|
1146
|
+
}
|
|
1147
|
+
});
|
|
1148
|
+
}
|
|
1139
1149
|
const putParameterCommand = new import_client_ssm3.PutParameterCommand({
|
|
1140
1150
|
Name: `/${parameterName}`,
|
|
1141
1151
|
Value: value,
|
|
1142
|
-
Type:
|
|
1152
|
+
Type: type,
|
|
1143
1153
|
Overwrite: true
|
|
1144
1154
|
});
|
|
1145
1155
|
return ssmClient.send(putParameterCommand);
|
package/dist/cli.js.map
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../src/cli.ts", "../src/commands/debugCommand.ts", "../src/commonCliOptions.ts", "../src/utils/getCredentialsProfileRegion.ts", "../src/utils/logger.ts", "../src/lib/partial-commands/handleCredentialsAndRegion.ts", "../src/utils/ssm.ts", "../src/commands/decryptSecCommand.ts", "../src/utils/io.ts", "../src/utils/kms.ts", "../src/commands/decryptSecretsJson.ts", "../src/lib/config.ts", "../src/commands/defaultCommand.ts", "../src/lib/encryptedSecrets.ts", "../src/commands/encryptEnvCommand.ts", "../src/commands/encryptSecretsJson.ts", "../src/commands/offloadToSSMCommand.ts"],
|
|
4
|
-
"sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as debugCommand from './commands/debugCommand';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as decryptSecretsJson from './commands/decryptSecretsJson';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\nimport * as encryptSecretsJson from './commands/encryptSecretsJson';\nimport * as offloadToSSMCommand from './commands/offloadToSSMCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(offloadToSSMCommand)\n .command(debugCommand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n .command(encryptSecretsJson)\n .command(decryptSecretsJson)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { GetParametersByPathCommand } from '@aws-sdk/client-ssm';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { getSSMClient } from '../utils/ssm';\n\nexport const command = 'debug';\nexport const desc = 'Debugs all the things';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const getParametersByPathCommand = new GetParametersByPathCommand({\n Path: `arn:aws:ssm:eu-west-1:060014838622:parameter/dotsec/*`,\n Recursive: true,\n });\n\n const commandResult = await ssmClient.send(getParametersByPathCommand);\n console.log(commandResult);\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n describe: 'AWS KMS key alias',\n },\n awsKeyArn: {\n string: true,\n describe: 'AWS KMS key id',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS key arn',\n },\n envFile: {\n string: true,\n describe: '.env file',\n },\n ignoreMissingEnvFile: {\n boolean: true,\n describe: `Don't halt on missing .env file`,\n },\n secFile: {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n awsAssumeRoleArn: {\n string: true,\n describe:\n 'arn or role to assume. Can also be set using the AWS_ASSUME_ROLE_ARN environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n awsAssumeRoleSessionDuration: {\n number: true,\n describe:\n 'Duration of assume role sessions. Defaults to 3600 seconds. Can also be set using the AWS_ASSUME_ROLE_SESSION_DURATION environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n encryptedSecretsFile: {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n },\n jsonFilter: {\n string: true,\n describe:\n 'dot separated filter path, for example a.b.c will return { a: { b: { c: ... }}}',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import {\n fromEnv,\n fromIni,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport {\n CredentialsAndOrigin,\n ProfileAndOrigin,\n RegionAndOrigin,\n} from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: {\n profile?: string;\n region?: string;\n assumeRoleArn?: string;\n assumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n if (argv.profile) {\n profileAndOrigin = {\n value: argv.profile,\n origin: `command line option: ${bold(argv.profile)}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: argv.profile,\n })(),\n origin: `${bold(`[${argv.profile}]`)} in credentials file`,\n };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = {\n value: env.AWS_PROFILE,\n origin: `env variable ${bold('AWS_PROFILE')}: ${underline(\n env.AWS_PROFILE,\n )}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: env.AWS_PROFILE,\n })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(\n env.AWS_PROFILE,\n )}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold(\n 'AWS_SECRET_ACCESS_KEY',\n )}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = {\n value: 'default',\n origin: `${bold('[default]')} in credentials file`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: 'default',\n })(),\n origin: `profile ${bold('[default]')}`,\n };\n }\n\n if (argv.region) {\n regionAndOrigin = {\n value: argv.region,\n origin: `command line option: ${bold(argv.region)}`,\n };\n } else if (env.AWS_REGION) {\n regionAndOrigin = {\n value: env.AWS_REGION,\n origin: `env variable ${bold('AWS_REGION')}: ${underline(\n env.AWS_REGION,\n )}`,\n };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(\n env.AWS_DEFAULT_REGION,\n )}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion =\n sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = {\n value: foundRegion,\n origin: `${bold(\n `[profile ${profileAndOrigin.value}]`,\n )} in config file`,\n };\n }\n }\n\n const assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;\n if (assumedRole) {\n const origin = argv.assumeRoleArn\n ? 'command line option'\n : 'env variable';\n credentialsAndOrigin = {\n value: await fromTemporaryCredentials({\n masterCredentials: credentialsAndOrigin?.value,\n\n params: {\n DurationSeconds:\n argv.assumeRoleSessionDuration ||\n Number(env.AWS_ASSUME_ROLE_SESSION_DURATION) ||\n 3600,\n RoleArn: assumedRole,\n },\n\n clientConfig: {\n region: regionAndOrigin?.value,\n },\n })(),\n origin: `${origin} ${bold(`[${assumedRole}]`)}`,\n };\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n _logger = console;\n }\n\n return _logger;\n};\nexport const writeLine = (str: string) => {\n process.stdout.write(str);\n};\nexport const bold = (str: string): string => chalk.greenBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\nexport const clientLogger = {\n debug(content: object) {\n console.log(content);\n },\n info(content: object) {\n console.log(content);\n },\n warn(content: object) {\n console.log(content);\n },\n error(content: object) {\n console.error(content);\n },\n};\n", "import {\n getCredentialsProfileRegion,\n printVerboseCredentialsProfileRegion,\n} from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: {\n awsRegion?: string;\n awsProfile?: string;\n verbose?: boolean;\n awsAssumeRoleArn?: string;\n awsAssumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n await getCredentialsProfileRegion({\n argv: {\n region: argv.awsRegion,\n profile: argv.awsProfile,\n assumeRoleArn: argv.awsAssumeRoleArn,\n assumeRoleSessionDuration: argv.awsAssumeRoleSessionDuration,\n },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(\n printVerboseCredentialsProfileRegion({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n }),\n );\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { SSMClient, SSMClientConfig } from '@aws-sdk/client-ssm';\n\nexport const getSSMClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SSMClientConfig;\n}) => {\n const ssmClient = new SSMClient(configuration);\n return ssmClient;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getEncryptionAlgorithm } from '../utils/kms';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'env-file': { ...commonCliOptions.envFile, default: 'env' },\n 'sec-file': commonCliOptions.secFile,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(\n fs.readFileSync(secSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n argv.awsKeyAlias,\n );\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(\n path.resolve(process.cwd(), argv.envFile || '.env'),\n envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'),\n );\n } catch (e) {\n console.error(e);\n }\n};\n", "import { stat } from 'fs/promises';\n\nimport prompts from 'prompts';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n\nexport const promptOverwriteIfFileExists = async ({\n filePath,\n skip,\n}: {\n filePath: string;\n skip?: boolean;\n}) => {\n let overwriteResponse: prompts.Answers<'overwrite'> | undefined;\n\n if ((await fileExists(filePath)) && skip !== true) {\n overwriteResponse = await prompts({\n type: 'confirm',\n name: 'overwrite',\n message: () => {\n return `Overwrite '${filePath}' ?`;\n },\n });\n } else {\n overwriteResponse = undefined;\n }\n return overwriteResponse;\n};\n", "import {\n DescribeKeyCommand,\n KMSClient,\n KMSClientConfig,\n} from '@aws-sdk/client-kms';\n\nexport const getKMSClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: KMSClientConfig;\n}) => {\n const kmsClient = new KMSClient(configuration);\n\n return kmsClient;\n};\n\nexport const getEncryptionAlgorithm = async (\n kmsClient: KMSClient,\n awsKeyAlias: string,\n) => {\n // describe key *once*\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n const encryptionAlgorithm =\n describeKeyResult.KeyMetadata?.EncryptionAlgorithms?.[0];\n\n if (encryptionAlgorithm === undefined) {\n throw new Error(`Could not determine encryption algorithm`);\n }\n\n return encryptionAlgorithm;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { getConfig } from '../lib/config';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getEncryptionAlgorithm, getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'decrypt-secrets-json';\nexport const desc = 'Derypts an encrypted file';\n\nexport const builder = {\n 'secrets-file': {\n string: true,\n describe: 'filename of json file writing secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n ...commonCliOptions.encryptedSecretsFile,\n default: 'secrets.encrypted.json',\n },\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n const config = await getConfig();\n\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: {\n ...argv,\n awsRegion: config.aws.region || argv.awsRegion,\n awsProfile: config.aws.profile || argv.awsProfile,\n awsAssumeRoleArn:\n config.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n awsAssumeRoleSessionDuration:\n config.aws.assumeRoleSessionDuration ||\n argv.awsAssumeRoleSessionDuration,\n },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const awsKeyAlias = argv.awsKeyAlias || config.aws.keyAlias;\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n info('keyMetaData', { ...describeKeyResult.KeyMetadata });\n }\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n awsKeyAlias,\n );\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const plaintext = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n try {\n // is this json?\n const jsonObject = JSON.parse(plaintext) as Record<\n string,\n unknown\n >;\n return [parameterName, jsonObject];\n } catch (e) {\n console.log('NOPES', plaintext);\n // ignore it, yes, it is not json\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const parameters: Secrets['parameters'] = flat.unflatten(\n flatParameters,\n { delimiter: '/' },\n );\n const secrets: Secrets = {\n config: encryptedSecrets.config,\n parameters,\n };\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: secretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(secretsPath, JSON.stringify(secrets, null, 4));\n }\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'fs';\nimport path from 'node:path';\n\nimport { bundleRequire } from 'bundle-require';\nimport JoyCon from 'joycon';\n\nexport type Config = {\n /**\n * defines the object depth from the root of the object, children past this depth will be serialized as JSON\n *\n * ```json\n * { a: { b: { c: 3 } } }\n * ```\n * with a maxDepth of 1 will result in { a: \"{ \"b\": { \"c\": 3 }\" } }\n */\n maxDepth?: number;\n aws: {\n keyAlias: string;\n region?: string;\n profile?: string;\n assumeRoleArn?: string;\n assumeRoleSessionDuration?: number;\n };\n};\nexport type PartialConfig = Partial<Config>;\n\nexport const defaultConfig: Config = {\n aws: {\n keyAlias: 'alias/top-secret',\n },\n} as const;\n\nfunction jsoncParse(data: string) {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return, @typescript-eslint/no-implied-eval\n return new Function('return ' + data.trim())();\n } catch {\n // Silently ignore any error\n // That's what tsc/jsonc-parser did after all\n return {};\n }\n}\n\nconst loadJson = async (filepath: string) => {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return\n return jsoncParse(await fs.promises.readFile(filepath, 'utf8'));\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(\n `Failed to parse ${path.relative(process.cwd(), filepath)}: ${\n error.message\n }`,\n );\n } else {\n throw error;\n }\n }\n};\n\nexport const getConfig = async (): Promise<Config> => {\n const cwd = process.cwd();\n const configJoycon = new JoyCon();\n const configPath = await configJoycon.resolve({\n files: [\n 'dotsec.config.ts',\n 'dotsec.config.js',\n 'dotsec.config.cjs',\n 'dotsec.config.mjs',\n 'dotsec.config.json',\n 'package.json',\n ],\n cwd,\n stopDir: path.parse(cwd).root,\n packageKey: 'dotsec',\n });\n\n if (configPath) {\n if (configPath.endsWith('.json')) {\n const rawData = (await loadJson(configPath)) as\n | Partial<Config>\n | { dotsec: Partial<Config> };\n\n let data: Partial<Config>;\n\n if (\n configPath.endsWith('package.json') &&\n (rawData as { dotsec: Partial<Config> }).dotsec !== undefined\n ) {\n data = (rawData as { dotsec: Partial<Config> }).dotsec;\n } else {\n data = rawData as Partial<Config>;\n }\n\n return {\n ...defaultConfig,\n ...data,\n aws: { ...defaultConfig.aws, ...data.aws },\n };\n }\n\n const config = await bundleRequire({\n filepath: configPath,\n });\n\n const retrievedConfig =\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n (config.mod.dotsec as Partial<Config>) ||\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n (config.mod.default as Partial<Config>) ||\n config.mod;\n return {\n ...defaultConfig,\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n ...retrievedConfig,\n };\n }\n\n return { ...defaultConfig };\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { constantCase } from 'constant-case';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { getConfig } from '../lib/config';\nimport { loadEncryptedSecrets } from '../lib/encryptedSecrets';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport {\n CredentialsAndOrigin,\n RegionAndOrigin,\n YargsHandlerParams,\n} from '../types';\nimport { fileExists } from '../utils/io';\nimport { getEncryptionAlgorithm } from '../utils/kms';\n\nexport const command = '$0 <command>';\nexport const desc =\n 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'sec-file': commonCliOptions.secFile,\n 'env-file': commonCliOptions.envFile,\n 'ignore-missing-env-file': commonCliOptions.ignoreMissingEnvFile,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n 'encrypted-secrets-file': commonCliOptions.encryptedSecretsFile,\n 'json-filter': commonCliOptions.jsonFilter,\n\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nconst handleSec = async ({\n secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n secFile: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const secSource = path.resolve(process.cwd(), secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n awsKeyAlias,\n );\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nconst handleEncryptedJson = async ({\n encryptedSecretsFile,\n jsonFilter,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n encryptedSecretsFile: string;\n jsonFilter?: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const encryptedSecrets = await loadEncryptedSecrets({\n encryptedSecretsFile: encryptedSecretsFile,\n });\n\n const flattened: Record<string, string> = flat.flatten(\n encryptedSecrets.encryptedParameters,\n {\n delimiter: '__',\n transformKey: (key) => {\n return constantCase(key);\n },\n },\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n awsKeyAlias,\n );\n\n const filterKey = jsonFilter\n ?.split('.')\n .map((part) => constantCase(part))\n .join('__');\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(flattened)\n .filter(([key]) => {\n if (filterKey) {\n return key.indexOf(filterKey) === 0;\n }\n return true;\n })\n .map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const config = await getConfig();\n\n try {\n let env: Record<string, string> | undefined;\n let awsEnv: Record<string, string> | undefined;\n\n try {\n if (argv.envFile) {\n env = parse(\n fs.readFileSync(argv.envFile, { encoding: 'utf8' }),\n );\n\n if (\n argv.awsAssumeRoleArn ||\n process.env.AWS_ASSUME_ROLE_ARN ||\n env?.AWS_ASSUME_ROLE_ARN\n ) {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: {\n ...argv,\n awsRegion: config.aws.region || argv.awsRegion,\n awsProfile:\n config.aws.profile || argv.awsProfile,\n awsAssumeRoleArn:\n config.aws.assumeRoleArn ||\n argv.awsAssumeRoleArn,\n awsAssumeRoleSessionDuration:\n config.aws.assumeRoleSessionDuration ||\n argv.awsAssumeRoleSessionDuration,\n },\n env: { ...process.env },\n });\n\n awsEnv = {\n AWS_ACCESS_KEY_ID:\n credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n };\n\n if (credentialsAndOrigin.value.sessionToken) {\n awsEnv.AWS_SESSION_TOKEN =\n credentialsAndOrigin.value.sessionToken;\n }\n // this means we have\n }\n } else {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: {\n ...argv,\n awsRegion: config.aws.region || argv.awsRegion,\n awsProfile: config.aws.profile || argv.awsProfile,\n awsAssumeRoleArn:\n config.aws.assumeRoleArn ||\n argv.awsAssumeRoleArn,\n awsAssumeRoleSessionDuration:\n config.aws.assumeRoleSessionDuration ||\n argv.awsAssumeRoleSessionDuration,\n },\n env: { ...process.env },\n });\n\n if (\n (argv.awsAssumeRoleArn ||\n process.env.AWS_ASSUME_ROLE_ARN ||\n env?.AWS_ASSUME_ROLE_ARN) &&\n credentialsAndOrigin.value.sessionToken !== undefined\n ) {\n awsEnv = {\n AWS_ACCESS_KEY_ID:\n credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n AWS_SESSION_TOKEN:\n credentialsAndOrigin.value.sessionToken,\n };\n // this means we have\n }\n if (argv.verbose) {\n console.log({ credentialsAndOrigin, regionAndOrigin });\n }\n const awsKeyAlias = argv.awsKeyAlias || config.aws.keyAlias;\n\n if (argv.encryptedSecretsFile) {\n env = await handleEncryptedJson({\n encryptedSecretsFile: argv.encryptedSecretsFile,\n jsonFilter: argv.jsonFilter,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n });\n // // load that file\n // const encryptedSecrets = await loadEncryptedSecrets({\n // encryptedSecretsFile: argv.encryptedSecretsFile,\n // });\n\n // const flattened = flat.flatten(encryptedSecrets, {\n // delimiter: '__',\n // transformKey: (key) => {\n // return constantCase(key);\n // },\n // });\n\n // console.log('flattened', flattened);\n\n // const unflattend = flat.unflatten(flattened, {\n // delimiter: '__',\n // transformKey: (key) => {\n // return camelCase(key);\n // },\n // });\n\n // console.log(JSON.stringify(unflattend, null, 4));\n } else {\n env = await handleSec({\n secFile: argv.secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n });\n }\n }\n } catch (e) {\n if (argv.ignoreMissingEnvFile !== true) {\n throw e;\n }\n }\n\n //\n const userCommandArgs = process.argv.slice(\n process.argv.indexOf(argv.command) + 1,\n );\n\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...awsEnv, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import fs from 'fs';\nimport path from 'path';\n\nimport { redBright } from 'chalk';\n\nimport { EncryptedSecrets } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const loadEncryptedSecrets = async ({\n encryptedSecretsFile,\n}: {\n encryptedSecretsFile: string;\n}) => {\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n throw new Error(`Could not open ${redBright(encryptedSecretsPath)}`);\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n if (!encryptedSecrets) {\n throw new Error(\n `No encrypted secrets found in ${redBright(encryptedSecretsPath)}`,\n );\n }\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n return encryptedSecrets;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getEncryptionAlgorithm, getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'env-file': { ...commonCliOptions.envFile, default: '.env' },\n 'sec-file': commonCliOptions.secFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(\n fs.readFileSync(envSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n argv.awsKeyAlias,\n );\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key,\n value,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(`Encrypting key ${bold(key)} ${underline('ok')}`);\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { getConfig } from '../lib/config';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getEncryptionAlgorithm, getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-secrets-json';\nexport const desc = 'Encrypts an unencrypted file';\n\nexport const builder = {\n 'secrets-file': {\n string: true,\n describe: 'filename of json file reading secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const config = await getConfig();\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: {\n ...argv,\n awsRegion: config.aws.region || argv.awsRegion,\n awsProfile: config.aws.profile || argv.awsProfile,\n awsAssumeRoleArn:\n config.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n awsAssumeRoleSessionDuration:\n config.aws.assumeRoleSessionDuration ||\n argv.awsAssumeRoleSessionDuration,\n },\n env: { ...process.env },\n });\n\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n if (!(await fileExists(secretsPath))) {\n error(`Could not open ${redBright(secretsPath)}`);\n return;\n }\n const secrets = JSON.parse(\n fs.readFileSync(secretsPath, { encoding: 'utf8' }),\n ) as Secrets;\n\n if (!secrets.parameters) {\n throw new Error(`Expected 'parameters' property, but got none`);\n }\n\n const flatParameters: Record<string, unknown> = flat(\n secrets.parameters,\n { delimiter: '/', maxDepth: config.maxDepth },\n );\n\n if (argv.verbose) {\n info(flatParameters);\n }\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const awsKeyAlias = argv.awsKeyAlias || config.aws.keyAlias;\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n info('keyMetaData', { ...describeKeyResult.KeyMetadata });\n }\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n awsKeyAlias,\n );\n const encryptedFlatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatParameters).map(\n async ([parameterName, parameter]) => {\n // copy paramter to let\n let parameterCopy = parameter;\n // check if parameter is string, number or boolean, if not, encode to json\n if (\n typeof parameter !== 'string' &&\n typeof parameter !== 'number' &&\n typeof parameter !== 'boolean'\n ) {\n parameterCopy = JSON.stringify(parameter);\n }\n const encryptCommand = new EncryptCommand({\n KeyId: awsKeyAlias,\n Plaintext: Buffer.from(String(parameterCopy)),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n value: parameter,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return [parameterName, cipherText];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const encryptedParameters: EncryptedSecrets['encryptedParameters'] =\n flat.unflatten(encryptedFlatParameters, { delimiter: '/' });\n const encryptedSecrets: EncryptedSecrets = {\n config: secrets.config,\n encryptedParameters,\n };\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: encryptedSecretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(\n encryptedSecretsPath,\n JSON.stringify(encryptedSecrets, null, 4),\n );\n }\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DecryptCommand } from '@aws-sdk/client-kms';\nimport { PutParameterCommand } from '@aws-sdk/client-ssm';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { getConfig } from '../lib/config';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getEncryptionAlgorithm, getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nimport { getSSMClient } from '../utils/ssm';\nexport const command = 'offload-secrets-json-to-ssm';\nexport const desc =\n 'Sends decrypted values of secrets.encrypted.json file to SSM parameter store';\n\nexport const builder = {\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const config = await getConfig();\n\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: {\n ...argv,\n awsRegion: config.aws.region || argv.awsRegion,\n awsProfile: config.aws.profile || argv.awsProfile,\n awsAssumeRoleArn:\n config.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n awsAssumeRoleSessionDuration:\n config.aws.assumeRoleSessionDuration ||\n argv.awsAssumeRoleSessionDuration,\n },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const awsKeyAlias = argv.awsKeyAlias || config.aws.keyAlias;\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n }\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n awsKeyAlias,\n );\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n // create ssm client\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n await Promise.all(\n Object.entries(flatParameters).map(([parameterName, value]) => {\n const putParameterCommand = new PutParameterCommand({\n Name: `/${parameterName}`,\n Value: value,\n Type: 'String',\n Overwrite: true,\n });\n\n return ssmClient.send(putParameterCommand);\n }),\n );\n } catch (e) {\n error(e);\n }\n};\n"],
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,qBAAwB;AACxB,mBAAkB;;;ACFlB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAA2C;;;ACEpC,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,sBAAsB;AAAA,IAClB,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,kBAAkB;AAAA,IACd,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,8BAA8B;AAAA,IAC1B,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,sBAAsB;AAAA,IAClB,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAWR,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;AC1ElB,kCAIO;AACP,oCAAsC;;;ACLtC,mBAAkB;AAElB,IAAI;AAEG,IAAM,YAAY,MAAM;AAC3B,MAAI,CAAC,SAAS;AACV,cAAU;AAAA;AAGd,SAAO;AAAA;AAKJ,IAAM,OAAO,CAAC,QAAwB,qBAAM,YAAY,KAAK;AAC7D,IAAM,YAAY,CAAC,QAAwB,qBAAM,WAAW,KAAK;;;ADDjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAkBE;AAlCN;AAmCI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AACnD,MAAI,KAAK,SAAS;AACd,uBAAmB;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAE9C,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS,KAAK;AAAA;AAAA,MAElB,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA;AAAA,aAEtB,IAAI,aAAa;AACxB,uBAAmB;AAAA,MACf,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,mBAAmB,UAC5C,IAAI;AAAA;AAGZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS,IAAI;AAAA;AAAA,MAEjB,QAAQ,gBAAgB,UAAU,mBAAmB,KACjD,IAAI;AAAA;AAAA,aAGL,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KACtD;AAAA;AAAA,aAGD,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB;AAAA,MACf,OAAO;AAAA,MACP,QAAQ,GAAG,KAAK;AAAA;AAEpB,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS;AAAA;AAAA,MAEb,QAAQ,WAAW,KAAK;AAAA;AAAA;AAIhC,MAAI,KAAK,QAAQ;AACb,sBAAkB;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAAA,aAEvC,IAAI,YAAY;AACvB,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,kBAAkB,UAC3C,IAAI;AAAA;AAAA,aAGL,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UACnD,IAAI;AAAA;AAAA,aAGL,kBAAkB;AACzB,UAAM,cACF,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7D,QAAI,aAAa;AACb,wBAAkB;AAAA,QACd,OAAO;AAAA,QACP,QAAQ,GAAG,KACP,YAAY,iBAAiB;AAAA;AAAA;AAAA;AAM7C,QAAM,cAAc,KAAK,iBAAiB,IAAI;AAC9C,MAAI,aAAa;AACb,UAAM,SAAS,KAAK,gBACd,wBACA;AACN,2BAAuB;AAAA,MACnB,OAAO,MAAM,0DAAyB;AAAA,QAClC,mBAAmB,6DAAsB;AAAA,QAEzC,QAAQ;AAAA,UACJ,iBACI,KAAK,6BACL,OAAO,IAAI,qCACX;AAAA,UACJ,SAAS;AAAA;AAAA,QAGb,cAAc;AAAA,UACV,QAAQ,mDAAiB;AAAA;AAAA;AAAA,MAGjC,QAAQ,GAAG,UAAU,KAAK,IAAI;AAAA;AAAA;AAItC,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AEhKb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAmBE;AACF,QAAM,EAAE,sBAAsB,iBAAiB,qBAC3C,MAAM,4BAA4B;AAAA,IAC9B,MAAM;AAAA,MACF,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA,MACpB,2BAA2B,KAAK;AAAA;AAAA,IAEpC,KAAK,mBACE;AAAA;AAIf,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IACJ,qCAAqC;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAKZ,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;AC7DnC,wBAA2C;AAEpC,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,4BAAU;AAChC,SAAO;AAAA;;;ALFJ,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,6BAA6B,IAAI,8CAA2B;AAAA,MAC9D,MAAM;AAAA,MACN,WAAW;AAAA;AAGf,UAAM,gBAAgB,MAAM,UAAU,KAAK;AAC3C,YAAQ,IAAI;AAAA,WACP,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AM7CtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,qBAAe;AACf,uBAAiB;AAEjB,yBAA0C;AAC1C,oBAA0B;AAC1B,oBAAsB;;;ACLtB,sBAAqB;AAErB,qBAAoB;AAEb,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,0BAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;AAIR,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAIE;AACF,MAAI;AAEJ,MAAK,MAAM,WAAW,aAAc,SAAS,MAAM;AAC/C,wBAAoB,MAAM,4BAAQ;AAAA,MAC9B,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,MAAM;AACX,eAAO,cAAc;AAAA;AAAA;AAAA,SAG1B;AACH,wBAAoB;AAAA;AAExB,SAAO;AAAA;;;ACjCX,wBAIO;AAEA,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,4BAAU;AAEhC,SAAO;AAAA;AAGJ,IAAM,yBAAyB,OAClC,WACA,gBACC;AApBL;AAsBI,QAAM,qBAAqB,IAAI,qCAAmB;AAAA,IAC9C,OAAO;AAAA;AAGX,QAAM,oBAAoB,MAAM,UAAU,KAAK;AAC/C,QAAM,sBACF,8BAAkB,gBAAlB,mBAA+B,yBAA/B,mBAAsD;AAE1D,MAAI,wBAAwB,QAAW;AACnC,UAAM,IAAI,MAAM;AAAA;AAGpB,SAAO;AAAA;;;AFrBJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,mBAAmB,iBAAiB;AAAA,EACpC,YAAY,iCAAK,iBAAiB,UAAtB,EAA+B,SAAS;AAAA,EACpD,YAAY,iBAAiB;AAAA,EAC7B,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,yBAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,yBACd,uBAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,IAAI,6BAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,sBAAsB,MAAM,uBAC9B,WACA,KAAK;AAGT,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAIZ,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,KAAK;AAAA;AAGrB,2BAAG,cACC,yBAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAC5C,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAE1D,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AGrFtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAAmD;AACnD,oBAA0B;AAC1B,kBAAiB;;;ACLjB,gBAAe;AACf,wBAAiB;AAEjB,4BAA8B;AAC9B,oBAAmB;AAsBZ,IAAM,gBAAwB;AAAA,EACjC,KAAK;AAAA,IACD,UAAU;AAAA;AAAA;AAIlB,oBAAoB,MAAc;AAC9B,MAAI;AAEA,WAAO,IAAI,SAAS,YAAY,KAAK;AAAA,UACvC;AAGE,WAAO;AAAA;AAAA;AAIf,IAAM,WAAW,OAAO,aAAqB;AACzC,MAAI;AAEA,WAAO,WAAW,MAAM,kBAAG,SAAS,SAAS,UAAU;AAAA,WAClD,OAAP;AACE,QAAI,iBAAiB,OAAO;AACxB,YAAM,IAAI,MACN,mBAAmB,0BAAK,SAAS,QAAQ,OAAO,cAC5C,MAAM;AAAA,WAGX;AACH,YAAM;AAAA;AAAA;AAAA;AAKX,IAAM,YAAY,YAA6B;AAClD,QAAM,MAAM,QAAQ;AACpB,QAAM,eAAe,IAAI;AACzB,QAAM,aAAa,MAAM,aAAa,QAAQ;AAAA,IAC1C,OAAO;AAAA,MACH;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA;AAAA,IAEJ;AAAA,IACA,SAAS,0BAAK,MAAM,KAAK;AAAA,IACzB,YAAY;AAAA;AAGhB,MAAI,YAAY;AACZ,QAAI,WAAW,SAAS,UAAU;AAC9B,YAAM,UAAW,MAAM,SAAS;AAIhC,UAAI;AAEJ,UACI,WAAW,SAAS,mBACnB,QAAwC,WAAW,QACtD;AACE,eAAQ,QAAwC;AAAA,aAC7C;AACH,eAAO;AAAA;AAGX,aAAO,gDACA,gBACA,OAFA;AAAA,QAGH,KAAK,kCAAK,cAAc,MAAQ,KAAK;AAAA;AAAA;AAI7C,UAAM,SAAS,MAAM,yCAAc;AAAA,MAC/B,UAAU;AAAA;AAGd,UAAM,kBAED,OAAO,IAAI,UAEX,OAAO,IAAI,WACZ,OAAO;AACX,WAAO,kCACA,gBAEA;AAAA;AAIX,SAAO,mBAAK;AAAA;;;ADxGT,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B,iCACnB,iBAAiB,uBADE;AAAA,IAEtB,SAAS;AAAA;AAAA,EAEb,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,QAAM,SAAS,MAAM;AAErB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,iCACC,OADD;AAAA,QAEF,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,QACrC,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,QACvC,kBACI,OAAO,IAAI,iBAAiB,KAAK;AAAA,QACrC,8BACI,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,MAEb,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,wBAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,yBACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,cAAc,KAAK,eAAe,OAAO,IAAI;AAEnD,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,mBAAmB,KAClD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO;AAAA;AAGX,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,WAAK,eAAe,mBAAK,kBAAkB;AAAA;AAG/C,UAAM,sBAAsB,MAAM,uBAC9B,WACA;AAGJ,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,YAAY,OAAO,KACrB,iBAAiB,WACnB;AACF,UAAI;AAEA,cAAM,aAAa,KAAK,MAAM;AAI9B,eAAO,CAAC,eAAe;AAAA,eAClB,GAAP;AACE,gBAAQ,IAAI,SAAS;AAAA;AAGzB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,aAAoC,oBAAK,UAC3C,gBACA,EAAE,WAAW;AAEjB,UAAM,UAAmB;AAAA,MACrB,QAAQ,iBAAiB;AAAA,MACzB;AAAA;AAEJ,UAAM,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,8BAAG,cAAc,aAAa,KAAK,UAAU,SAAS,MAAM;AAAA;AAAA,WAE3D,GAAP;AACE,UAAM;AAAA;AAAA;;;AElMd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAA0C;AAC1C,oBAA0B;AAC1B,2BAA6B;AAC7B,yBAAsB;AACtB,qBAAsB;AACtB,mBAAiB;;;ACRjB,iBAAe;AACf,kBAAiB;AAEjB,oBAA0B;AAKnB,IAAM,uBAAuB,OAAO;AAAA,EACvC;AAAA,MAGE;AACF,QAAM,uBAAuB,oBAAK,QAC9B,QAAQ,OACR;AAEJ,MAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,UAAM,IAAI,MAAM,kBAAkB,6BAAU;AAAA;AAEhD,QAAM,mBAAmB,KAAK,MAC1B,mBAAG,aAAa,sBAAsB,EAAE,UAAU;AAEtD,MAAI,CAAC,kBAAkB;AACnB,UAAM,IAAI,MACN,iCAAiC,6BAAU;AAAA;AAGnD,MAAI,CAAC,iBAAiB,qBAAqB;AACvC,UAAM,IAAI,MACN;AAAA;AAIR,SAAO;AAAA;;;ADZJ,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,2BAA2B,iBAAiB;AAAA,EAC5C,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,0BAA0B,iBAAiB;AAAA,EAC3C,eAAe,iBAAiB;AAAA,EAEhC,SAAS,iBAAiB;AAAA,EAE1B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGvC,IAAM,YAAY,OAAO;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAME;AACF,QAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO;AAC9C,MAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,QAAM,YAAY,0BAAM,wBAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,QAAM,YAAY,IAAI,6BAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,sBAAsB,MAAM,uBAC9B,WACA;AAGJ,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,UAAM,iBAAiB,IAAI,kCAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGrB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEX,IAAM,sBAAsB,OAAO;AAAA,EAC/B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAOE;AACF,QAAM,mBAAmB,MAAM,qBAAqB;AAAA,IAChD;AAAA;AAGJ,QAAM,YAAoC,qBAAK,QAC3C,iBAAiB,qBACjB;AAAA,IACI,WAAW;AAAA,IACX,cAAc,CAAC,QAAQ;AACnB,aAAO,uCAAa;AAAA;AAAA;AAKhC,QAAM,YAAY,IAAI,6BAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,sBAAsB,MAAM,uBAC9B,WACA;AAGJ,QAAM,YAAY,yCACZ,MAAM,KACP,IAAI,CAAC,SAAS,uCAAa,OAC3B,KAAK;AACV,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WACV,OAAO,CAAC,CAAC,SAAS;AACf,QAAI,WAAW;AACX,aAAO,IAAI,QAAQ,eAAe;AAAA;AAEtC,WAAO;AAAA,KAEV,IAAI,OAAO,CAAC,KAAK,gBAAgB;AAC9B,UAAM,iBAAiB,IAAI,kCAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,WAAO,CAAC,KAAK;AAAA;AAGzB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEJ,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,SAAS,MAAM;AAErB,MAAI;AACA,QAAI;AACJ,QAAI;AAEJ,QAAI;AACA,UAAI,KAAK,SAAS;AACd,cAAM,0BACF,wBAAG,aAAa,KAAK,SAAS,EAAE,UAAU;AAG9C,YACI,KAAK,oBACL,QAAQ,IAAI,uBACZ,4BAAK,sBACP;AACE,gBAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,YAC7B,MAAM,iCACC,OADD;AAAA,cAEF,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,cACrC,YACI,OAAO,IAAI,WAAW,KAAK;AAAA,cAC/B,kBACI,OAAO,IAAI,iBACX,KAAK;AAAA,cACT,8BACI,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,YAEb,KAAK,mBAAK,QAAQ;AAAA;AAG1B,mBAAS;AAAA,YACL,mBACI,qBAAqB,MAAM;AAAA,YAC/B,uBACI,qBAAqB,MAAM;AAAA;AAGnC,cAAI,qBAAqB,MAAM,cAAc;AACzC,mBAAO,oBACH,qBAAqB,MAAM;AAAA;AAAA;AAAA,aAIpC;AACH,cAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,UAC7B,MAAM,iCACC,OADD;AAAA,YAEF,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,YACrC,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,YACvC,kBACI,OAAO,IAAI,iBACX,KAAK;AAAA,YACT,8BACI,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,UAEb,KAAK,mBAAK,QAAQ;AAAA;AAG1B,YACK,MAAK,oBACF,QAAQ,IAAI,uBACZ,4BAAK,yBACT,qBAAqB,MAAM,iBAAiB,QAC9C;AACE,mBAAS;AAAA,YACL,mBACI,qBAAqB,MAAM;AAAA,YAC/B,uBACI,qBAAqB,MAAM;AAAA,YAC/B,mBACI,qBAAqB,MAAM;AAAA;AAAA;AAIvC,YAAI,KAAK,SAAS;AACd,kBAAQ,IAAI,EAAE,sBAAsB;AAAA;AAExC,cAAM,cAAc,KAAK,eAAe,OAAO,IAAI;AAEnD,YAAI,KAAK,sBAAsB;AAC3B,gBAAM,MAAM,oBAAoB;AAAA,YAC5B,sBAAsB,KAAK;AAAA,YAC3B,YAAY,KAAK;AAAA,YACjB;AAAA,YACA;AAAA,YACA;AAAA;AAAA,eAwBD;AACH,gBAAM,MAAM,UAAU;AAAA,YAClB,SAAS,KAAK;AAAA,YACd;AAAA,YACA;AAAA,YACA;AAAA;AAAA;AAAA;AAAA,aAIP,GAAP;AACE,UAAI,KAAK,yBAAyB,MAAM;AACpC,cAAM;AAAA;AAAA;AAKd,UAAM,kBAAkB,QAAQ,KAAK,MACjC,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAGzC,QAAI,KAAK,SAAS;AACd,oCAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,iDAAK,QAAQ,MAAQ,SAAW;AAAA;AAAA;AAAA,WAGxC,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AEhUtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAAmD;AACnD,oBAA0B;AAC1B,qBAAsB;AAQf,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iCAAK,iBAAiB,UAAtB,EAA+B,SAAS;AAAA,EACpD,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,YAAY,0BACd,wBAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,sBAAsB,MAAM,uBAC9B,WACA,KAAK;AAGT,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aAAK,kBAAkB,KAAK,QAAQ,UAAU;AAAA;AAGlD,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAEP,4BAAG,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,UAAM;AAAA;AAAA;;;ACnHd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAAmD;AACnD,oBAA0B;AAC1B,mBAAiB;AASV,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,SAAS,MAAM;AACrB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,iCACC,OADD;AAAA,QAEF,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,QACrC,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,QACvC,kBACI,OAAO,IAAI,iBAAiB,KAAK;AAAA,QACrC,8BACI,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,MAEb,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,QAAI,CAAE,MAAM,WAAW,cAAe;AAClC,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,UAAU,KAAK,MACjB,wBAAG,aAAa,aAAa,EAAE,UAAU;AAG7C,QAAI,CAAC,QAAQ,YAAY;AACrB,YAAM,IAAI,MAAM;AAAA;AAGpB,UAAM,iBAA0C,0BAC5C,QAAQ,YACR,EAAE,WAAW,KAAK,UAAU,OAAO;AAGvC,QAAI,KAAK,SAAS;AACd,WAAK;AAAA;AAET,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,cAAc,KAAK,eAAe,OAAO,IAAI;AAEnD,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,mBAAmB,KAClD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO;AAAA;AAGX,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,WAAK,eAAe,mBAAK,kBAAkB;AAAA;AAG/C,UAAM,sBAAsB,MAAM,uBAC9B,WACA;AAEJ,UAAM,0BAA0B,OAAO,YACnC,MAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAC3B,OAAO,CAAC,eAAe,eAAe;AAElC,UAAI,gBAAgB;AAEpB,UACI,OAAO,cAAc,YACrB,OAAO,cAAc,YACrB,OAAO,cAAc,WACvB;AACE,wBAAgB,KAAK,UAAU;AAAA;AAEnC,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO;AAAA,QACP,WAAW,OAAO,KAAK,OAAO;AAAA,QAC9B,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,OAAO;AAAA,UACP;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,sBACF,qBAAK,UAAU,yBAAyB,EAAE,WAAW;AACzD,UAAM,mBAAqC;AAAA,MACvC,QAAQ,QAAQ;AAAA,MAChB;AAAA;AAGJ,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,8BAAG,cACC,sBACA,KAAK,UAAU,kBAAkB,MAAM;AAAA;AAAA,WAG1C,GAAP;AACE,UAAM;AAAA;AAAA;;;AC7Ld;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAA+B;AAC/B,yBAAoC;AACpC,oBAA0B;AAC1B,mBAAiB;AAUV,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,SAAS,MAAM;AAErB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,iCACC,OADD;AAAA,QAEF,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,QACrC,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,QACvC,kBACI,OAAO,IAAI,iBAAiB,KAAK;AAAA,QACrC,8BACI,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,MAEb,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,wBAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,0BACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,cAAc,KAAK,eAAe,OAAO,IAAI;AAEnD,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,mBAAmB,KAClD,MAAM,UAAU,OAAO;AAAA;AAKnC,UAAM,sBAAsB,MAAM,uBAC9B,WACA;AAGJ,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAOvC,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAAI,CAAC,CAAC,eAAe,WAAW;AAC3D,YAAM,sBAAsB,IAAI,uCAAoB;AAAA,QAChD,MAAM,IAAI;AAAA,QACV,OAAO;AAAA,QACP,MAAM;AAAA,QACN,WAAW;AAAA;AAGf,aAAO,UAAU,KAAK;AAAA;AAAA,WAGzB,GAAP;AACE,UAAM;AAAA;AAAA;;;AhB5Jd,KAAK,0BAAM,4BAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,6BACR,QAAQ,sBACR,QAAQ,2BACR,QAAQ,2BACR,QAAQ,4BACR,QAAQ,4BAGR;",
|
|
4
|
+
"sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as debugCommand from './commands/debugCommand';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as decryptSecretsJson from './commands/decryptSecretsJson';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\nimport * as encryptSecretsJson from './commands/encryptSecretsJson';\nimport * as offloadToSSMCommand from './commands/offloadToSSMCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(offloadToSSMCommand)\n .command(debugCommand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n .command(encryptSecretsJson)\n .command(decryptSecretsJson)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { GetParametersByPathCommand } from '@aws-sdk/client-ssm';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { getSSMClient } from '../utils/ssm';\n\nexport const command = 'debug';\nexport const desc = 'Debugs all the things';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const getParametersByPathCommand = new GetParametersByPathCommand({\n Path: `arn:aws:ssm:eu-west-1:060014838622:parameter/dotsec/*`,\n Recursive: true,\n });\n\n const commandResult = await ssmClient.send(getParametersByPathCommand);\n console.log(commandResult);\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n describe: 'AWS KMS key alias',\n },\n awsKeyArn: {\n string: true,\n describe: 'AWS KMS key id',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS key arn',\n },\n envFile: {\n string: true,\n describe: '.env file',\n },\n ignoreMissingEnvFile: {\n boolean: true,\n describe: `Don't halt on missing .env file`,\n },\n secFile: {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n awsAssumeRoleArn: {\n string: true,\n describe:\n 'arn or role to assume. Can also be set using the AWS_ASSUME_ROLE_ARN environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n awsAssumeRoleSessionDuration: {\n number: true,\n describe:\n 'Duration of assume role sessions. Defaults to 3600 seconds. Can also be set using the AWS_ASSUME_ROLE_SESSION_DURATION environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n encryptedSecretsFile: {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n },\n jsonFilter: {\n string: true,\n describe:\n 'dot separated filter path, for example a.b.c will return { a: { b: { c: ... }}}',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import {\n fromEnv,\n fromIni,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport {\n CredentialsAndOrigin,\n ProfileAndOrigin,\n RegionAndOrigin,\n} from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: {\n profile?: string;\n region?: string;\n assumeRoleArn?: string;\n assumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n if (argv.profile) {\n profileAndOrigin = {\n value: argv.profile,\n origin: `command line option: ${bold(argv.profile)}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: argv.profile,\n })(),\n origin: `${bold(`[${argv.profile}]`)} in credentials file`,\n };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = {\n value: env.AWS_PROFILE,\n origin: `env variable ${bold('AWS_PROFILE')}: ${underline(\n env.AWS_PROFILE,\n )}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: env.AWS_PROFILE,\n })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(\n env.AWS_PROFILE,\n )}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold(\n 'AWS_SECRET_ACCESS_KEY',\n )}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = {\n value: 'default',\n origin: `${bold('[default]')} in credentials file`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: 'default',\n })(),\n origin: `profile ${bold('[default]')}`,\n };\n }\n\n if (argv.region) {\n regionAndOrigin = {\n value: argv.region,\n origin: `command line option: ${bold(argv.region)}`,\n };\n } else if (env.AWS_REGION) {\n regionAndOrigin = {\n value: env.AWS_REGION,\n origin: `env variable ${bold('AWS_REGION')}: ${underline(\n env.AWS_REGION,\n )}`,\n };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(\n env.AWS_DEFAULT_REGION,\n )}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion =\n sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = {\n value: foundRegion,\n origin: `${bold(\n `[profile ${profileAndOrigin.value}]`,\n )} in config file`,\n };\n }\n }\n\n const assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;\n if (assumedRole) {\n const origin = argv.assumeRoleArn\n ? 'command line option'\n : 'env variable';\n credentialsAndOrigin = {\n value: await fromTemporaryCredentials({\n masterCredentials: credentialsAndOrigin?.value,\n\n params: {\n DurationSeconds:\n argv.assumeRoleSessionDuration ||\n Number(env.AWS_ASSUME_ROLE_SESSION_DURATION) ||\n 3600,\n RoleArn: assumedRole,\n },\n\n clientConfig: {\n region: regionAndOrigin?.value,\n },\n })(),\n origin: `${origin} ${bold(`[${assumedRole}]`)}`,\n };\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n _logger = console;\n }\n\n return _logger;\n};\nexport const writeLine = (str: string) => {\n process.stdout.write(str);\n};\nexport const bold = (str: string): string => chalk.greenBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\nexport const clientLogger = {\n debug(content: object) {\n console.log(content);\n },\n info(content: object) {\n console.log(content);\n },\n warn(content: object) {\n console.log(content);\n },\n error(content: object) {\n console.error(content);\n },\n};\n", "import {\n getCredentialsProfileRegion,\n printVerboseCredentialsProfileRegion,\n} from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: {\n awsRegion?: string;\n awsProfile?: string;\n verbose?: boolean;\n awsAssumeRoleArn?: string;\n awsAssumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n await getCredentialsProfileRegion({\n argv: {\n region: argv.awsRegion,\n profile: argv.awsProfile,\n assumeRoleArn: argv.awsAssumeRoleArn,\n assumeRoleSessionDuration: argv.awsAssumeRoleSessionDuration,\n },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(\n printVerboseCredentialsProfileRegion({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n }),\n );\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { SSMClient, SSMClientConfig } from '@aws-sdk/client-ssm';\n\nexport const getSSMClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SSMClientConfig;\n}) => {\n const ssmClient = new SSMClient(configuration);\n return ssmClient;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getEncryptionAlgorithm } from '../utils/kms';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'env-file': { ...commonCliOptions.envFile, default: 'env' },\n 'sec-file': commonCliOptions.secFile,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(\n fs.readFileSync(secSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n argv.awsKeyAlias,\n );\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(\n path.resolve(process.cwd(), argv.envFile || '.env'),\n envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'),\n );\n } catch (e) {\n console.error(e);\n }\n};\n", "import { stat } from 'fs/promises';\n\nimport prompts from 'prompts';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n\nexport const promptOverwriteIfFileExists = async ({\n filePath,\n skip,\n}: {\n filePath: string;\n skip?: boolean;\n}) => {\n let overwriteResponse: prompts.Answers<'overwrite'> | undefined;\n\n if ((await fileExists(filePath)) && skip !== true) {\n overwriteResponse = await prompts({\n type: 'confirm',\n name: 'overwrite',\n message: () => {\n return `Overwrite '${filePath}' ?`;\n },\n });\n } else {\n overwriteResponse = undefined;\n }\n return overwriteResponse;\n};\n", "import {\n DescribeKeyCommand,\n KMSClient,\n KMSClientConfig,\n} from '@aws-sdk/client-kms';\n\nexport const getKMSClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: KMSClientConfig;\n}) => {\n const kmsClient = new KMSClient(configuration);\n\n return kmsClient;\n};\n\nexport const getEncryptionAlgorithm = async (\n kmsClient: KMSClient,\n awsKeyAlias: string,\n) => {\n // describe key *once*\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n const encryptionAlgorithm =\n describeKeyResult.KeyMetadata?.EncryptionAlgorithms?.[0];\n\n if (encryptionAlgorithm === undefined) {\n throw new Error(`Could not determine encryption algorithm`);\n }\n\n return encryptionAlgorithm;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { getConfig } from '../lib/config';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getEncryptionAlgorithm, getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'decrypt-secrets-json';\nexport const desc = 'Derypts an encrypted file';\n\nexport const builder = {\n 'secrets-file': {\n string: true,\n describe: 'filename of json file writing secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n ...commonCliOptions.encryptedSecretsFile,\n default: 'secrets.encrypted.json',\n },\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n const config = await getConfig();\n\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: {\n ...argv,\n awsRegion: config.aws.region || argv.awsRegion,\n awsProfile: config.aws.profile || argv.awsProfile,\n awsAssumeRoleArn:\n config.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n awsAssumeRoleSessionDuration:\n config.aws.assumeRoleSessionDuration ||\n argv.awsAssumeRoleSessionDuration,\n },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const awsKeyAlias = argv.awsKeyAlias || config.aws.keyAlias;\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n info('keyMetaData', { ...describeKeyResult.KeyMetadata });\n }\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n awsKeyAlias,\n );\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const plaintext = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n try {\n // is this json?\n const jsonObject = JSON.parse(plaintext) as Record<\n string,\n unknown\n >;\n return [parameterName, jsonObject];\n } catch (e) {\n console.log('NOPES', plaintext);\n // ignore it, yes, it is not json\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const parameters: Secrets['parameters'] = flat.unflatten(\n flatParameters,\n { delimiter: '/' },\n );\n const secrets: Secrets = {\n config: encryptedSecrets.config,\n parameters,\n };\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: secretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(secretsPath, JSON.stringify(secrets, null, 4));\n }\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'fs';\nimport path from 'node:path';\n\nimport { bundleRequire } from 'bundle-require';\nimport JoyCon from 'joycon';\n\nexport type Config = {\n /**\n * defines the object depth from the root of the object, children past this depth will be serialized as JSON\n *\n * ```json\n * { a: { b: { c: 3 } } }\n * ```\n * with a maxDepth of 1 will result in { a: \"{ \"b\": { \"c\": 3 }\" } }\n */\n maxDepth?: number;\n aws: {\n keyAlias: string;\n region?: string;\n profile?: string;\n assumeRoleArn?: string;\n assumeRoleSessionDuration?: number;\n secureStrings?: {\n pathMatches: string[];\n };\n };\n};\nexport type PartialConfig = Partial<Config>;\n\nexport const defaultConfig: Config = {\n aws: {\n keyAlias: 'alias/top-secret',\n },\n} as const;\n\nfunction jsoncParse(data: string) {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return, @typescript-eslint/no-implied-eval\n return new Function('return ' + data.trim())();\n } catch {\n // Silently ignore any error\n // That's what tsc/jsonc-parser did after all\n return {};\n }\n}\n\nconst loadJson = async (filepath: string) => {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return\n return jsoncParse(await fs.promises.readFile(filepath, 'utf8'));\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(\n `Failed to parse ${path.relative(process.cwd(), filepath)}: ${\n error.message\n }`,\n );\n } else {\n throw error;\n }\n }\n};\n\nexport const getConfig = async (): Promise<Config> => {\n const cwd = process.cwd();\n const configJoycon = new JoyCon();\n const configPath = await configJoycon.resolve({\n files: [\n 'dotsec.config.ts',\n 'dotsec.config.js',\n 'dotsec.config.cjs',\n 'dotsec.config.mjs',\n 'dotsec.config.json',\n 'package.json',\n ],\n cwd,\n stopDir: path.parse(cwd).root,\n packageKey: 'dotsec',\n });\n\n if (configPath) {\n if (configPath.endsWith('.json')) {\n const rawData = (await loadJson(configPath)) as\n | Partial<Config>\n | { dotsec: Partial<Config> };\n\n let data: Partial<Config>;\n\n if (\n configPath.endsWith('package.json') &&\n (rawData as { dotsec: Partial<Config> }).dotsec !== undefined\n ) {\n data = (rawData as { dotsec: Partial<Config> }).dotsec;\n } else {\n data = rawData as Partial<Config>;\n }\n\n return {\n ...defaultConfig,\n ...data,\n aws: { ...defaultConfig.aws, ...data.aws },\n };\n }\n\n const config = await bundleRequire({\n filepath: configPath,\n });\n\n const retrievedConfig =\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n (config.mod.dotsec as Partial<Config>) ||\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n (config.mod.default as Partial<Config>) ||\n config.mod;\n return {\n ...defaultConfig,\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n ...retrievedConfig,\n };\n }\n\n return { ...defaultConfig };\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { constantCase } from 'constant-case';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { getConfig } from '../lib/config';\nimport { loadEncryptedSecrets } from '../lib/encryptedSecrets';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport {\n CredentialsAndOrigin,\n RegionAndOrigin,\n YargsHandlerParams,\n} from '../types';\nimport { fileExists } from '../utils/io';\nimport { getEncryptionAlgorithm } from '../utils/kms';\n\nexport const command = '$0 <command>';\nexport const desc =\n 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'sec-file': commonCliOptions.secFile,\n 'env-file': commonCliOptions.envFile,\n 'ignore-missing-env-file': commonCliOptions.ignoreMissingEnvFile,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n 'encrypted-secrets-file': commonCliOptions.encryptedSecretsFile,\n 'json-filter': commonCliOptions.jsonFilter,\n\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nconst handleSec = async ({\n secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n secFile: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const secSource = path.resolve(process.cwd(), secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n awsKeyAlias,\n );\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nconst handleEncryptedJson = async ({\n encryptedSecretsFile,\n jsonFilter,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n encryptedSecretsFile: string;\n jsonFilter?: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const encryptedSecrets = await loadEncryptedSecrets({\n encryptedSecretsFile: encryptedSecretsFile,\n });\n\n const flattened: Record<string, string> = flat.flatten(\n encryptedSecrets.encryptedParameters,\n {\n delimiter: '__',\n transformKey: (key) => {\n return constantCase(key);\n },\n },\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n awsKeyAlias,\n );\n\n const filterKey = jsonFilter\n ?.split('.')\n .map((part) => constantCase(part))\n .join('__');\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(flattened)\n .filter(([key]) => {\n if (filterKey) {\n return key.indexOf(filterKey) === 0;\n }\n return true;\n })\n .map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const config = await getConfig();\n\n try {\n let env: Record<string, string> | undefined;\n let awsEnv: Record<string, string> | undefined;\n\n try {\n if (argv.envFile) {\n env = parse(\n fs.readFileSync(argv.envFile, { encoding: 'utf8' }),\n );\n\n if (\n argv.awsAssumeRoleArn ||\n process.env.AWS_ASSUME_ROLE_ARN ||\n env?.AWS_ASSUME_ROLE_ARN\n ) {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: {\n ...argv,\n awsRegion: config.aws.region || argv.awsRegion,\n awsProfile:\n config.aws.profile || argv.awsProfile,\n awsAssumeRoleArn:\n config.aws.assumeRoleArn ||\n argv.awsAssumeRoleArn,\n awsAssumeRoleSessionDuration:\n config.aws.assumeRoleSessionDuration ||\n argv.awsAssumeRoleSessionDuration,\n },\n env: { ...process.env },\n });\n\n awsEnv = {\n AWS_ACCESS_KEY_ID:\n credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n };\n\n if (credentialsAndOrigin.value.sessionToken) {\n awsEnv.AWS_SESSION_TOKEN =\n credentialsAndOrigin.value.sessionToken;\n }\n // this means we have\n }\n } else {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: {\n ...argv,\n awsRegion: config.aws.region || argv.awsRegion,\n awsProfile: config.aws.profile || argv.awsProfile,\n awsAssumeRoleArn:\n config.aws.assumeRoleArn ||\n argv.awsAssumeRoleArn,\n awsAssumeRoleSessionDuration:\n config.aws.assumeRoleSessionDuration ||\n argv.awsAssumeRoleSessionDuration,\n },\n env: { ...process.env },\n });\n\n if (\n (argv.awsAssumeRoleArn ||\n process.env.AWS_ASSUME_ROLE_ARN ||\n env?.AWS_ASSUME_ROLE_ARN) &&\n credentialsAndOrigin.value.sessionToken !== undefined\n ) {\n awsEnv = {\n AWS_ACCESS_KEY_ID:\n credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n AWS_SESSION_TOKEN:\n credentialsAndOrigin.value.sessionToken,\n };\n // this means we have\n }\n if (argv.verbose) {\n console.log({ credentialsAndOrigin, regionAndOrigin });\n }\n const awsKeyAlias = argv.awsKeyAlias || config.aws.keyAlias;\n\n if (argv.encryptedSecretsFile) {\n env = await handleEncryptedJson({\n encryptedSecretsFile: argv.encryptedSecretsFile,\n jsonFilter: argv.jsonFilter,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n });\n // // load that file\n // const encryptedSecrets = await loadEncryptedSecrets({\n // encryptedSecretsFile: argv.encryptedSecretsFile,\n // });\n\n // const flattened = flat.flatten(encryptedSecrets, {\n // delimiter: '__',\n // transformKey: (key) => {\n // return constantCase(key);\n // },\n // });\n\n // console.log('flattened', flattened);\n\n // const unflattend = flat.unflatten(flattened, {\n // delimiter: '__',\n // transformKey: (key) => {\n // return camelCase(key);\n // },\n // });\n\n // console.log(JSON.stringify(unflattend, null, 4));\n } else {\n env = await handleSec({\n secFile: argv.secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n });\n }\n }\n } catch (e) {\n if (argv.ignoreMissingEnvFile !== true) {\n throw e;\n }\n }\n\n //\n const userCommandArgs = process.argv.slice(\n process.argv.indexOf(argv.command) + 1,\n );\n\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...awsEnv, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import fs from 'fs';\nimport path from 'path';\n\nimport { redBright } from 'chalk';\n\nimport { EncryptedSecrets } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const loadEncryptedSecrets = async ({\n encryptedSecretsFile,\n}: {\n encryptedSecretsFile: string;\n}) => {\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n throw new Error(`Could not open ${redBright(encryptedSecretsPath)}`);\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n if (!encryptedSecrets) {\n throw new Error(\n `No encrypted secrets found in ${redBright(encryptedSecretsPath)}`,\n );\n }\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n return encryptedSecrets;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getEncryptionAlgorithm, getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'env-file': { ...commonCliOptions.envFile, default: '.env' },\n 'sec-file': commonCliOptions.secFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(\n fs.readFileSync(envSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n argv.awsKeyAlias,\n );\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key,\n value,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(`Encrypting key ${bold(key)} ${underline('ok')}`);\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { getConfig } from '../lib/config';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getEncryptionAlgorithm, getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-secrets-json';\nexport const desc = 'Encrypts an unencrypted file';\n\nexport const builder = {\n 'secrets-file': {\n string: true,\n describe: 'filename of json file reading secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const config = await getConfig();\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: {\n ...argv,\n awsRegion: config.aws.region || argv.awsRegion,\n awsProfile: config.aws.profile || argv.awsProfile,\n awsAssumeRoleArn:\n config.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n awsAssumeRoleSessionDuration:\n config.aws.assumeRoleSessionDuration ||\n argv.awsAssumeRoleSessionDuration,\n },\n env: { ...process.env },\n });\n\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n if (!(await fileExists(secretsPath))) {\n error(`Could not open ${redBright(secretsPath)}`);\n return;\n }\n const secrets = JSON.parse(\n fs.readFileSync(secretsPath, { encoding: 'utf8' }),\n ) as Secrets;\n\n if (!secrets.parameters) {\n throw new Error(`Expected 'parameters' property, but got none`);\n }\n\n const flatParameters: Record<string, unknown> = flat(\n secrets.parameters,\n { delimiter: '/', maxDepth: config.maxDepth },\n );\n\n if (argv.verbose) {\n info(flatParameters);\n }\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const awsKeyAlias = argv.awsKeyAlias || config.aws.keyAlias;\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n info('keyMetaData', { ...describeKeyResult.KeyMetadata });\n }\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n awsKeyAlias,\n );\n const encryptedFlatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatParameters).map(\n async ([parameterName, parameter]) => {\n // copy paramter to let\n let parameterCopy = parameter;\n // check if parameter is string, number or boolean, if not, encode to json\n if (\n typeof parameter !== 'string' &&\n typeof parameter !== 'number' &&\n typeof parameter !== 'boolean'\n ) {\n parameterCopy = JSON.stringify(parameter);\n }\n const encryptCommand = new EncryptCommand({\n KeyId: awsKeyAlias,\n Plaintext: Buffer.from(String(parameterCopy)),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n value: parameter,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return [parameterName, cipherText];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const encryptedParameters: EncryptedSecrets['encryptedParameters'] =\n flat.unflatten(encryptedFlatParameters, { delimiter: '/' });\n const encryptedSecrets: EncryptedSecrets = {\n config: secrets.config,\n encryptedParameters,\n };\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: encryptedSecretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(\n encryptedSecretsPath,\n JSON.stringify(encryptedSecrets, null, 4),\n );\n }\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DecryptCommand } from '@aws-sdk/client-kms';\nimport { ParameterType, PutParameterCommand } from '@aws-sdk/client-ssm';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { getConfig } from '../lib/config';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getEncryptionAlgorithm, getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nimport { getSSMClient } from '../utils/ssm';\nexport const command = 'offload-secrets-json-to-ssm';\nexport const desc =\n 'Sends decrypted values of secrets.encrypted.json file to SSM parameter store';\n\nexport const builder = {\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const config = await getConfig();\n\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: {\n ...argv,\n awsRegion: config.aws.region || argv.awsRegion,\n awsProfile: config.aws.profile || argv.awsProfile,\n awsAssumeRoleArn:\n config.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n awsAssumeRoleSessionDuration:\n config.aws.assumeRoleSessionDuration ||\n argv.awsAssumeRoleSessionDuration,\n },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const awsKeyAlias = argv.awsKeyAlias || config.aws.keyAlias;\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n }\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n awsKeyAlias,\n );\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n // create ssm client\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n await Promise.all(\n Object.entries(flatParameters).map(([parameterName, value]) => {\n let type: ParameterType = ParameterType.STRING;\n const secureStrings = config.aws?.secureStrings?.pathMatches;\n if (secureStrings && Array.isArray(secureStrings)) {\n // if parameterName regex matches any of the secureStrings, set type to SecureString\n secureStrings.forEach((secureString) => {\n if (parameterName.match(secureString)) {\n type = ParameterType.SECURE_STRING;\n }\n });\n }\n const putParameterCommand = new PutParameterCommand({\n Name: `/${parameterName}`,\n Value: value,\n Type: type,\n Overwrite: true,\n });\n\n return ssmClient.send(putParameterCommand);\n }),\n );\n } catch (e) {\n error(e);\n }\n};\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,qBAAwB;AACxB,mBAAkB;;;ACFlB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAA2C;;;ACEpC,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,sBAAsB;AAAA,IAClB,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,kBAAkB;AAAA,IACd,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,8BAA8B;AAAA,IAC1B,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,sBAAsB;AAAA,IAClB,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAWR,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;AC1ElB,kCAIO;AACP,oCAAsC;;;ACLtC,mBAAkB;AAElB,IAAI;AAEG,IAAM,YAAY,MAAM;AAC3B,MAAI,CAAC,SAAS;AACV,cAAU;AAAA;AAGd,SAAO;AAAA;AAKJ,IAAM,OAAO,CAAC,QAAwB,qBAAM,YAAY,KAAK;AAC7D,IAAM,YAAY,CAAC,QAAwB,qBAAM,WAAW,KAAK;;;ADDjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAkBE;AAlCN;AAmCI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AACnD,MAAI,KAAK,SAAS;AACd,uBAAmB;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAE9C,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS,KAAK;AAAA;AAAA,MAElB,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA;AAAA,aAEtB,IAAI,aAAa;AACxB,uBAAmB;AAAA,MACf,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,mBAAmB,UAC5C,IAAI;AAAA;AAGZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS,IAAI;AAAA;AAAA,MAEjB,QAAQ,gBAAgB,UAAU,mBAAmB,KACjD,IAAI;AAAA;AAAA,aAGL,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KACtD;AAAA;AAAA,aAGD,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB;AAAA,MACf,OAAO;AAAA,MACP,QAAQ,GAAG,KAAK;AAAA;AAEpB,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS;AAAA;AAAA,MAEb,QAAQ,WAAW,KAAK;AAAA;AAAA;AAIhC,MAAI,KAAK,QAAQ;AACb,sBAAkB;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAAA,aAEvC,IAAI,YAAY;AACvB,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,kBAAkB,UAC3C,IAAI;AAAA;AAAA,aAGL,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UACnD,IAAI;AAAA;AAAA,aAGL,kBAAkB;AACzB,UAAM,cACF,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7D,QAAI,aAAa;AACb,wBAAkB;AAAA,QACd,OAAO;AAAA,QACP,QAAQ,GAAG,KACP,YAAY,iBAAiB;AAAA;AAAA;AAAA;AAM7C,QAAM,cAAc,KAAK,iBAAiB,IAAI;AAC9C,MAAI,aAAa;AACb,UAAM,SAAS,KAAK,gBACd,wBACA;AACN,2BAAuB;AAAA,MACnB,OAAO,MAAM,0DAAyB;AAAA,QAClC,mBAAmB,6DAAsB;AAAA,QAEzC,QAAQ;AAAA,UACJ,iBACI,KAAK,6BACL,OAAO,IAAI,qCACX;AAAA,UACJ,SAAS;AAAA;AAAA,QAGb,cAAc;AAAA,UACV,QAAQ,mDAAiB;AAAA;AAAA;AAAA,MAGjC,QAAQ,GAAG,UAAU,KAAK,IAAI;AAAA;AAAA;AAItC,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AEhKb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAmBE;AACF,QAAM,EAAE,sBAAsB,iBAAiB,qBAC3C,MAAM,4BAA4B;AAAA,IAC9B,MAAM;AAAA,MACF,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA,MACpB,2BAA2B,KAAK;AAAA;AAAA,IAEpC,KAAK,mBACE;AAAA;AAIf,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IACJ,qCAAqC;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAKZ,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;AC7DnC,wBAA2C;AAEpC,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,4BAAU;AAChC,SAAO;AAAA;;;ALFJ,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,6BAA6B,IAAI,8CAA2B;AAAA,MAC9D,MAAM;AAAA,MACN,WAAW;AAAA;AAGf,UAAM,gBAAgB,MAAM,UAAU,KAAK;AAC3C,YAAQ,IAAI;AAAA,WACP,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AM7CtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,qBAAe;AACf,uBAAiB;AAEjB,yBAA0C;AAC1C,oBAA0B;AAC1B,oBAAsB;;;ACLtB,sBAAqB;AAErB,qBAAoB;AAEb,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,0BAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;AAIR,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAIE;AACF,MAAI;AAEJ,MAAK,MAAM,WAAW,aAAc,SAAS,MAAM;AAC/C,wBAAoB,MAAM,4BAAQ;AAAA,MAC9B,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,MAAM;AACX,eAAO,cAAc;AAAA;AAAA;AAAA,SAG1B;AACH,wBAAoB;AAAA;AAExB,SAAO;AAAA;;;ACjCX,wBAIO;AAEA,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,4BAAU;AAEhC,SAAO;AAAA;AAGJ,IAAM,yBAAyB,OAClC,WACA,gBACC;AApBL;AAsBI,QAAM,qBAAqB,IAAI,qCAAmB;AAAA,IAC9C,OAAO;AAAA;AAGX,QAAM,oBAAoB,MAAM,UAAU,KAAK;AAC/C,QAAM,sBACF,8BAAkB,gBAAlB,mBAA+B,yBAA/B,mBAAsD;AAE1D,MAAI,wBAAwB,QAAW;AACnC,UAAM,IAAI,MAAM;AAAA;AAGpB,SAAO;AAAA;;;AFrBJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,mBAAmB,iBAAiB;AAAA,EACpC,YAAY,iCAAK,iBAAiB,UAAtB,EAA+B,SAAS;AAAA,EACpD,YAAY,iBAAiB;AAAA,EAC7B,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,yBAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,yBACd,uBAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,IAAI,6BAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,sBAAsB,MAAM,uBAC9B,WACA,KAAK;AAGT,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAIZ,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,KAAK;AAAA;AAGrB,2BAAG,cACC,yBAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAC5C,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAE1D,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AGrFtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAAmD;AACnD,oBAA0B;AAC1B,kBAAiB;;;ACLjB,gBAAe;AACf,wBAAiB;AAEjB,4BAA8B;AAC9B,oBAAmB;AAyBZ,IAAM,gBAAwB;AAAA,EACjC,KAAK;AAAA,IACD,UAAU;AAAA;AAAA;AAIlB,oBAAoB,MAAc;AAC9B,MAAI;AAEA,WAAO,IAAI,SAAS,YAAY,KAAK;AAAA,UACvC;AAGE,WAAO;AAAA;AAAA;AAIf,IAAM,WAAW,OAAO,aAAqB;AACzC,MAAI;AAEA,WAAO,WAAW,MAAM,kBAAG,SAAS,SAAS,UAAU;AAAA,WAClD,OAAP;AACE,QAAI,iBAAiB,OAAO;AACxB,YAAM,IAAI,MACN,mBAAmB,0BAAK,SAAS,QAAQ,OAAO,cAC5C,MAAM;AAAA,WAGX;AACH,YAAM;AAAA;AAAA;AAAA;AAKX,IAAM,YAAY,YAA6B;AAClD,QAAM,MAAM,QAAQ;AACpB,QAAM,eAAe,IAAI;AACzB,QAAM,aAAa,MAAM,aAAa,QAAQ;AAAA,IAC1C,OAAO;AAAA,MACH;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA;AAAA,IAEJ;AAAA,IACA,SAAS,0BAAK,MAAM,KAAK;AAAA,IACzB,YAAY;AAAA;AAGhB,MAAI,YAAY;AACZ,QAAI,WAAW,SAAS,UAAU;AAC9B,YAAM,UAAW,MAAM,SAAS;AAIhC,UAAI;AAEJ,UACI,WAAW,SAAS,mBACnB,QAAwC,WAAW,QACtD;AACE,eAAQ,QAAwC;AAAA,aAC7C;AACH,eAAO;AAAA;AAGX,aAAO,gDACA,gBACA,OAFA;AAAA,QAGH,KAAK,kCAAK,cAAc,MAAQ,KAAK;AAAA;AAAA;AAI7C,UAAM,SAAS,MAAM,yCAAc;AAAA,MAC/B,UAAU;AAAA;AAGd,UAAM,kBAED,OAAO,IAAI,UAEX,OAAO,IAAI,WACZ,OAAO;AACX,WAAO,kCACA,gBAEA;AAAA;AAIX,SAAO,mBAAK;AAAA;;;AD3GT,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B,iCACnB,iBAAiB,uBADE;AAAA,IAEtB,SAAS;AAAA;AAAA,EAEb,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,QAAM,SAAS,MAAM;AAErB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,iCACC,OADD;AAAA,QAEF,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,QACrC,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,QACvC,kBACI,OAAO,IAAI,iBAAiB,KAAK;AAAA,QACrC,8BACI,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,MAEb,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,wBAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,yBACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,cAAc,KAAK,eAAe,OAAO,IAAI;AAEnD,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,mBAAmB,KAClD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO;AAAA;AAGX,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,WAAK,eAAe,mBAAK,kBAAkB;AAAA;AAG/C,UAAM,sBAAsB,MAAM,uBAC9B,WACA;AAGJ,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,YAAY,OAAO,KACrB,iBAAiB,WACnB;AACF,UAAI;AAEA,cAAM,aAAa,KAAK,MAAM;AAI9B,eAAO,CAAC,eAAe;AAAA,eAClB,GAAP;AACE,gBAAQ,IAAI,SAAS;AAAA;AAGzB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,aAAoC,oBAAK,UAC3C,gBACA,EAAE,WAAW;AAEjB,UAAM,UAAmB;AAAA,MACrB,QAAQ,iBAAiB;AAAA,MACzB;AAAA;AAEJ,UAAM,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,8BAAG,cAAc,aAAa,KAAK,UAAU,SAAS,MAAM;AAAA;AAAA,WAE3D,GAAP;AACE,UAAM;AAAA;AAAA;;;AElMd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAA0C;AAC1C,oBAA0B;AAC1B,2BAA6B;AAC7B,yBAAsB;AACtB,qBAAsB;AACtB,mBAAiB;;;ACRjB,iBAAe;AACf,kBAAiB;AAEjB,oBAA0B;AAKnB,IAAM,uBAAuB,OAAO;AAAA,EACvC;AAAA,MAGE;AACF,QAAM,uBAAuB,oBAAK,QAC9B,QAAQ,OACR;AAEJ,MAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,UAAM,IAAI,MAAM,kBAAkB,6BAAU;AAAA;AAEhD,QAAM,mBAAmB,KAAK,MAC1B,mBAAG,aAAa,sBAAsB,EAAE,UAAU;AAEtD,MAAI,CAAC,kBAAkB;AACnB,UAAM,IAAI,MACN,iCAAiC,6BAAU;AAAA;AAGnD,MAAI,CAAC,iBAAiB,qBAAqB;AACvC,UAAM,IAAI,MACN;AAAA;AAIR,SAAO;AAAA;;;ADZJ,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,2BAA2B,iBAAiB;AAAA,EAC5C,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,0BAA0B,iBAAiB;AAAA,EAC3C,eAAe,iBAAiB;AAAA,EAEhC,SAAS,iBAAiB;AAAA,EAE1B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGvC,IAAM,YAAY,OAAO;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAME;AACF,QAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO;AAC9C,MAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,QAAM,YAAY,0BAAM,wBAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,QAAM,YAAY,IAAI,6BAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,sBAAsB,MAAM,uBAC9B,WACA;AAGJ,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,UAAM,iBAAiB,IAAI,kCAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGrB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEX,IAAM,sBAAsB,OAAO;AAAA,EAC/B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAOE;AACF,QAAM,mBAAmB,MAAM,qBAAqB;AAAA,IAChD;AAAA;AAGJ,QAAM,YAAoC,qBAAK,QAC3C,iBAAiB,qBACjB;AAAA,IACI,WAAW;AAAA,IACX,cAAc,CAAC,QAAQ;AACnB,aAAO,uCAAa;AAAA;AAAA;AAKhC,QAAM,YAAY,IAAI,6BAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,sBAAsB,MAAM,uBAC9B,WACA;AAGJ,QAAM,YAAY,yCACZ,MAAM,KACP,IAAI,CAAC,SAAS,uCAAa,OAC3B,KAAK;AACV,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WACV,OAAO,CAAC,CAAC,SAAS;AACf,QAAI,WAAW;AACX,aAAO,IAAI,QAAQ,eAAe;AAAA;AAEtC,WAAO;AAAA,KAEV,IAAI,OAAO,CAAC,KAAK,gBAAgB;AAC9B,UAAM,iBAAiB,IAAI,kCAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,WAAO,CAAC,KAAK;AAAA;AAGzB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEJ,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,SAAS,MAAM;AAErB,MAAI;AACA,QAAI;AACJ,QAAI;AAEJ,QAAI;AACA,UAAI,KAAK,SAAS;AACd,cAAM,0BACF,wBAAG,aAAa,KAAK,SAAS,EAAE,UAAU;AAG9C,YACI,KAAK,oBACL,QAAQ,IAAI,uBACZ,4BAAK,sBACP;AACE,gBAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,YAC7B,MAAM,iCACC,OADD;AAAA,cAEF,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,cACrC,YACI,OAAO,IAAI,WAAW,KAAK;AAAA,cAC/B,kBACI,OAAO,IAAI,iBACX,KAAK;AAAA,cACT,8BACI,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,YAEb,KAAK,mBAAK,QAAQ;AAAA;AAG1B,mBAAS;AAAA,YACL,mBACI,qBAAqB,MAAM;AAAA,YAC/B,uBACI,qBAAqB,MAAM;AAAA;AAGnC,cAAI,qBAAqB,MAAM,cAAc;AACzC,mBAAO,oBACH,qBAAqB,MAAM;AAAA;AAAA;AAAA,aAIpC;AACH,cAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,UAC7B,MAAM,iCACC,OADD;AAAA,YAEF,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,YACrC,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,YACvC,kBACI,OAAO,IAAI,iBACX,KAAK;AAAA,YACT,8BACI,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,UAEb,KAAK,mBAAK,QAAQ;AAAA;AAG1B,YACK,MAAK,oBACF,QAAQ,IAAI,uBACZ,4BAAK,yBACT,qBAAqB,MAAM,iBAAiB,QAC9C;AACE,mBAAS;AAAA,YACL,mBACI,qBAAqB,MAAM;AAAA,YAC/B,uBACI,qBAAqB,MAAM;AAAA,YAC/B,mBACI,qBAAqB,MAAM;AAAA;AAAA;AAIvC,YAAI,KAAK,SAAS;AACd,kBAAQ,IAAI,EAAE,sBAAsB;AAAA;AAExC,cAAM,cAAc,KAAK,eAAe,OAAO,IAAI;AAEnD,YAAI,KAAK,sBAAsB;AAC3B,gBAAM,MAAM,oBAAoB;AAAA,YAC5B,sBAAsB,KAAK;AAAA,YAC3B,YAAY,KAAK;AAAA,YACjB;AAAA,YACA;AAAA,YACA;AAAA;AAAA,eAwBD;AACH,gBAAM,MAAM,UAAU;AAAA,YAClB,SAAS,KAAK;AAAA,YACd;AAAA,YACA;AAAA,YACA;AAAA;AAAA;AAAA;AAAA,aAIP,GAAP;AACE,UAAI,KAAK,yBAAyB,MAAM;AACpC,cAAM;AAAA;AAAA;AAKd,UAAM,kBAAkB,QAAQ,KAAK,MACjC,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAGzC,QAAI,KAAK,SAAS;AACd,oCAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,iDAAK,QAAQ,MAAQ,SAAW;AAAA;AAAA;AAAA,WAGxC,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AEhUtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAAmD;AACnD,oBAA0B;AAC1B,qBAAsB;AAQf,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iCAAK,iBAAiB,UAAtB,EAA+B,SAAS;AAAA,EACpD,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,YAAY,0BACd,wBAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,sBAAsB,MAAM,uBAC9B,WACA,KAAK;AAGT,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aAAK,kBAAkB,KAAK,QAAQ,UAAU;AAAA;AAGlD,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAEP,4BAAG,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,UAAM;AAAA;AAAA;;;ACnHd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAAmD;AACnD,oBAA0B;AAC1B,mBAAiB;AASV,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,SAAS,MAAM;AACrB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,iCACC,OADD;AAAA,QAEF,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,QACrC,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,QACvC,kBACI,OAAO,IAAI,iBAAiB,KAAK;AAAA,QACrC,8BACI,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,MAEb,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,QAAI,CAAE,MAAM,WAAW,cAAe;AAClC,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,UAAU,KAAK,MACjB,wBAAG,aAAa,aAAa,EAAE,UAAU;AAG7C,QAAI,CAAC,QAAQ,YAAY;AACrB,YAAM,IAAI,MAAM;AAAA;AAGpB,UAAM,iBAA0C,0BAC5C,QAAQ,YACR,EAAE,WAAW,KAAK,UAAU,OAAO;AAGvC,QAAI,KAAK,SAAS;AACd,WAAK;AAAA;AAET,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,cAAc,KAAK,eAAe,OAAO,IAAI;AAEnD,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,mBAAmB,KAClD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO;AAAA;AAGX,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,WAAK,eAAe,mBAAK,kBAAkB;AAAA;AAG/C,UAAM,sBAAsB,MAAM,uBAC9B,WACA;AAEJ,UAAM,0BAA0B,OAAO,YACnC,MAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAC3B,OAAO,CAAC,eAAe,eAAe;AAElC,UAAI,gBAAgB;AAEpB,UACI,OAAO,cAAc,YACrB,OAAO,cAAc,YACrB,OAAO,cAAc,WACvB;AACE,wBAAgB,KAAK,UAAU;AAAA;AAEnC,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO;AAAA,QACP,WAAW,OAAO,KAAK,OAAO;AAAA,QAC9B,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,OAAO;AAAA,UACP;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,sBACF,qBAAK,UAAU,yBAAyB,EAAE,WAAW;AACzD,UAAM,mBAAqC;AAAA,MACvC,QAAQ,QAAQ;AAAA,MAChB;AAAA;AAGJ,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,8BAAG,cACC,sBACA,KAAK,UAAU,kBAAkB,MAAM;AAAA;AAAA,WAG1C,GAAP;AACE,UAAM;AAAA;AAAA;;;AC7Ld;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAA+B;AAC/B,yBAAmD;AACnD,oBAA0B;AAC1B,mBAAiB;AAUV,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,SAAS,MAAM;AAErB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,iCACC,OADD;AAAA,QAEF,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,QACrC,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,QACvC,kBACI,OAAO,IAAI,iBAAiB,KAAK;AAAA,QACrC,8BACI,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,MAEb,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,wBAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,0BACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,cAAc,KAAK,eAAe,OAAO,IAAI;AAEnD,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,mBAAmB,KAClD,MAAM,UAAU,OAAO;AAAA;AAKnC,UAAM,sBAAsB,MAAM,uBAC9B,WACA;AAGJ,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAOvC,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAAI,CAAC,CAAC,eAAe,WAAW;AA9J3E;AA+JgB,UAAI,OAAsB,iCAAc;AACxC,YAAM,gBAAgB,mBAAO,QAAP,mBAAY,kBAAZ,mBAA2B;AACjD,UAAI,iBAAiB,MAAM,QAAQ,gBAAgB;AAE/C,sBAAc,QAAQ,CAAC,iBAAiB;AACpC,cAAI,cAAc,MAAM,eAAe;AACnC,mBAAO,iCAAc;AAAA;AAAA;AAAA;AAIjC,YAAM,sBAAsB,IAAI,uCAAoB;AAAA,QAChD,MAAM,IAAI;AAAA,QACV,OAAO;AAAA,QACP,MAAM;AAAA,QACN,WAAW;AAAA;AAGf,aAAO,UAAU,KAAK;AAAA;AAAA,WAGzB,GAAP;AACE,UAAM;AAAA;AAAA;;;AhBtKd,KAAK,0BAAM,4BAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,6BACR,QAAQ,sBACR,QAAQ,2BACR,QAAQ,2BACR,QAAQ,4BACR,QAAQ,4BAGR;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
package/dist/esm/cli.js
CHANGED
|
@@ -1046,7 +1046,7 @@ __export(offloadToSSMCommand_exports, {
|
|
|
1046
1046
|
import fs8 from "node:fs";
|
|
1047
1047
|
import path8 from "node:path";
|
|
1048
1048
|
import { DecryptCommand as DecryptCommand4 } from "@aws-sdk/client-kms";
|
|
1049
|
-
import { PutParameterCommand } from "@aws-sdk/client-ssm";
|
|
1049
|
+
import { ParameterType, PutParameterCommand } from "@aws-sdk/client-ssm";
|
|
1050
1050
|
import { redBright as redBright7 } from "chalk";
|
|
1051
1051
|
import flat4 from "flat";
|
|
1052
1052
|
var command7 = "offload-secrets-json-to-ssm";
|
|
@@ -1128,10 +1128,20 @@ var handler7 = async (argv) => {
|
|
|
1128
1128
|
verbose: argv.verbose
|
|
1129
1129
|
});
|
|
1130
1130
|
await Promise.all(Object.entries(flatParameters).map(([parameterName, value]) => {
|
|
1131
|
+
var _a, _b;
|
|
1132
|
+
let type = ParameterType.STRING;
|
|
1133
|
+
const secureStrings = (_b = (_a = config.aws) == null ? void 0 : _a.secureStrings) == null ? void 0 : _b.pathMatches;
|
|
1134
|
+
if (secureStrings && Array.isArray(secureStrings)) {
|
|
1135
|
+
secureStrings.forEach((secureString) => {
|
|
1136
|
+
if (parameterName.match(secureString)) {
|
|
1137
|
+
type = ParameterType.SECURE_STRING;
|
|
1138
|
+
}
|
|
1139
|
+
});
|
|
1140
|
+
}
|
|
1131
1141
|
const putParameterCommand = new PutParameterCommand({
|
|
1132
1142
|
Name: `/${parameterName}`,
|
|
1133
1143
|
Value: value,
|
|
1134
|
-
Type:
|
|
1144
|
+
Type: type,
|
|
1135
1145
|
Overwrite: true
|
|
1136
1146
|
});
|
|
1137
1147
|
return ssmClient.send(putParameterCommand);
|
package/dist/esm/cli.js.map
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../src/cli.ts", "../../src/commands/debugCommand.ts", "../../src/commonCliOptions.ts", "../../src/utils/getCredentialsProfileRegion.ts", "../../src/utils/logger.ts", "../../src/lib/partial-commands/handleCredentialsAndRegion.ts", "../../src/utils/ssm.ts", "../../src/commands/decryptSecCommand.ts", "../../src/utils/io.ts", "../../src/utils/kms.ts", "../../src/commands/decryptSecretsJson.ts", "../../src/lib/config.ts", "../../src/commands/defaultCommand.ts", "../../src/lib/encryptedSecrets.ts", "../../src/commands/encryptEnvCommand.ts", "../../src/commands/encryptSecretsJson.ts", "../../src/commands/offloadToSSMCommand.ts"],
|
|
4
|
-
"sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as debugCommand from './commands/debugCommand';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as decryptSecretsJson from './commands/decryptSecretsJson';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\nimport * as encryptSecretsJson from './commands/encryptSecretsJson';\nimport * as offloadToSSMCommand from './commands/offloadToSSMCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(offloadToSSMCommand)\n .command(debugCommand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n .command(encryptSecretsJson)\n .command(decryptSecretsJson)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { GetParametersByPathCommand } from '@aws-sdk/client-ssm';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { getSSMClient } from '../utils/ssm';\n\nexport const command = 'debug';\nexport const desc = 'Debugs all the things';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const getParametersByPathCommand = new GetParametersByPathCommand({\n Path: `arn:aws:ssm:eu-west-1:060014838622:parameter/dotsec/*`,\n Recursive: true,\n });\n\n const commandResult = await ssmClient.send(getParametersByPathCommand);\n console.log(commandResult);\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n describe: 'AWS KMS key alias',\n },\n awsKeyArn: {\n string: true,\n describe: 'AWS KMS key id',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS key arn',\n },\n envFile: {\n string: true,\n describe: '.env file',\n },\n ignoreMissingEnvFile: {\n boolean: true,\n describe: `Don't halt on missing .env file`,\n },\n secFile: {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n awsAssumeRoleArn: {\n string: true,\n describe:\n 'arn or role to assume. Can also be set using the AWS_ASSUME_ROLE_ARN environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n awsAssumeRoleSessionDuration: {\n number: true,\n describe:\n 'Duration of assume role sessions. Defaults to 3600 seconds. Can also be set using the AWS_ASSUME_ROLE_SESSION_DURATION environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n encryptedSecretsFile: {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n },\n jsonFilter: {\n string: true,\n describe:\n 'dot separated filter path, for example a.b.c will return { a: { b: { c: ... }}}',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import {\n fromEnv,\n fromIni,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport {\n CredentialsAndOrigin,\n ProfileAndOrigin,\n RegionAndOrigin,\n} from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: {\n profile?: string;\n region?: string;\n assumeRoleArn?: string;\n assumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n if (argv.profile) {\n profileAndOrigin = {\n value: argv.profile,\n origin: `command line option: ${bold(argv.profile)}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: argv.profile,\n })(),\n origin: `${bold(`[${argv.profile}]`)} in credentials file`,\n };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = {\n value: env.AWS_PROFILE,\n origin: `env variable ${bold('AWS_PROFILE')}: ${underline(\n env.AWS_PROFILE,\n )}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: env.AWS_PROFILE,\n })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(\n env.AWS_PROFILE,\n )}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold(\n 'AWS_SECRET_ACCESS_KEY',\n )}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = {\n value: 'default',\n origin: `${bold('[default]')} in credentials file`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: 'default',\n })(),\n origin: `profile ${bold('[default]')}`,\n };\n }\n\n if (argv.region) {\n regionAndOrigin = {\n value: argv.region,\n origin: `command line option: ${bold(argv.region)}`,\n };\n } else if (env.AWS_REGION) {\n regionAndOrigin = {\n value: env.AWS_REGION,\n origin: `env variable ${bold('AWS_REGION')}: ${underline(\n env.AWS_REGION,\n )}`,\n };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(\n env.AWS_DEFAULT_REGION,\n )}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion =\n sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = {\n value: foundRegion,\n origin: `${bold(\n `[profile ${profileAndOrigin.value}]`,\n )} in config file`,\n };\n }\n }\n\n const assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;\n if (assumedRole) {\n const origin = argv.assumeRoleArn\n ? 'command line option'\n : 'env variable';\n credentialsAndOrigin = {\n value: await fromTemporaryCredentials({\n masterCredentials: credentialsAndOrigin?.value,\n\n params: {\n DurationSeconds:\n argv.assumeRoleSessionDuration ||\n Number(env.AWS_ASSUME_ROLE_SESSION_DURATION) ||\n 3600,\n RoleArn: assumedRole,\n },\n\n clientConfig: {\n region: regionAndOrigin?.value,\n },\n })(),\n origin: `${origin} ${bold(`[${assumedRole}]`)}`,\n };\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n _logger = console;\n }\n\n return _logger;\n};\nexport const writeLine = (str: string) => {\n process.stdout.write(str);\n};\nexport const bold = (str: string): string => chalk.greenBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\nexport const clientLogger = {\n debug(content: object) {\n console.log(content);\n },\n info(content: object) {\n console.log(content);\n },\n warn(content: object) {\n console.log(content);\n },\n error(content: object) {\n console.error(content);\n },\n};\n", "import {\n getCredentialsProfileRegion,\n printVerboseCredentialsProfileRegion,\n} from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: {\n awsRegion?: string;\n awsProfile?: string;\n verbose?: boolean;\n awsAssumeRoleArn?: string;\n awsAssumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n await getCredentialsProfileRegion({\n argv: {\n region: argv.awsRegion,\n profile: argv.awsProfile,\n assumeRoleArn: argv.awsAssumeRoleArn,\n assumeRoleSessionDuration: argv.awsAssumeRoleSessionDuration,\n },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(\n printVerboseCredentialsProfileRegion({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n }),\n );\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { SSMClient, SSMClientConfig } from '@aws-sdk/client-ssm';\n\nexport const getSSMClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SSMClientConfig;\n}) => {\n const ssmClient = new SSMClient(configuration);\n return ssmClient;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getEncryptionAlgorithm } from '../utils/kms';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'env-file': { ...commonCliOptions.envFile, default: 'env' },\n 'sec-file': commonCliOptions.secFile,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(\n fs.readFileSync(secSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n argv.awsKeyAlias,\n );\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(\n path.resolve(process.cwd(), argv.envFile || '.env'),\n envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'),\n );\n } catch (e) {\n console.error(e);\n }\n};\n", "import { stat } from 'fs/promises';\n\nimport prompts from 'prompts';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n\nexport const promptOverwriteIfFileExists = async ({\n filePath,\n skip,\n}: {\n filePath: string;\n skip?: boolean;\n}) => {\n let overwriteResponse: prompts.Answers<'overwrite'> | undefined;\n\n if ((await fileExists(filePath)) && skip !== true) {\n overwriteResponse = await prompts({\n type: 'confirm',\n name: 'overwrite',\n message: () => {\n return `Overwrite '${filePath}' ?`;\n },\n });\n } else {\n overwriteResponse = undefined;\n }\n return overwriteResponse;\n};\n", "import {\n DescribeKeyCommand,\n KMSClient,\n KMSClientConfig,\n} from '@aws-sdk/client-kms';\n\nexport const getKMSClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: KMSClientConfig;\n}) => {\n const kmsClient = new KMSClient(configuration);\n\n return kmsClient;\n};\n\nexport const getEncryptionAlgorithm = async (\n kmsClient: KMSClient,\n awsKeyAlias: string,\n) => {\n // describe key *once*\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n const encryptionAlgorithm =\n describeKeyResult.KeyMetadata?.EncryptionAlgorithms?.[0];\n\n if (encryptionAlgorithm === undefined) {\n throw new Error(`Could not determine encryption algorithm`);\n }\n\n return encryptionAlgorithm;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { getConfig } from '../lib/config';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getEncryptionAlgorithm, getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'decrypt-secrets-json';\nexport const desc = 'Derypts an encrypted file';\n\nexport const builder = {\n 'secrets-file': {\n string: true,\n describe: 'filename of json file writing secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n ...commonCliOptions.encryptedSecretsFile,\n default: 'secrets.encrypted.json',\n },\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n const config = await getConfig();\n\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: {\n ...argv,\n awsRegion: config.aws.region || argv.awsRegion,\n awsProfile: config.aws.profile || argv.awsProfile,\n awsAssumeRoleArn:\n config.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n awsAssumeRoleSessionDuration:\n config.aws.assumeRoleSessionDuration ||\n argv.awsAssumeRoleSessionDuration,\n },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const awsKeyAlias = argv.awsKeyAlias || config.aws.keyAlias;\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n info('keyMetaData', { ...describeKeyResult.KeyMetadata });\n }\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n awsKeyAlias,\n );\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const plaintext = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n try {\n // is this json?\n const jsonObject = JSON.parse(plaintext) as Record<\n string,\n unknown\n >;\n return [parameterName, jsonObject];\n } catch (e) {\n console.log('NOPES', plaintext);\n // ignore it, yes, it is not json\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const parameters: Secrets['parameters'] = flat.unflatten(\n flatParameters,\n { delimiter: '/' },\n );\n const secrets: Secrets = {\n config: encryptedSecrets.config,\n parameters,\n };\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: secretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(secretsPath, JSON.stringify(secrets, null, 4));\n }\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'fs';\nimport path from 'node:path';\n\nimport { bundleRequire } from 'bundle-require';\nimport JoyCon from 'joycon';\n\nexport type Config = {\n /**\n * defines the object depth from the root of the object, children past this depth will be serialized as JSON\n *\n * ```json\n * { a: { b: { c: 3 } } }\n * ```\n * with a maxDepth of 1 will result in { a: \"{ \"b\": { \"c\": 3 }\" } }\n */\n maxDepth?: number;\n aws: {\n keyAlias: string;\n region?: string;\n profile?: string;\n assumeRoleArn?: string;\n assumeRoleSessionDuration?: number;\n };\n};\nexport type PartialConfig = Partial<Config>;\n\nexport const defaultConfig: Config = {\n aws: {\n keyAlias: 'alias/top-secret',\n },\n} as const;\n\nfunction jsoncParse(data: string) {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return, @typescript-eslint/no-implied-eval\n return new Function('return ' + data.trim())();\n } catch {\n // Silently ignore any error\n // That's what tsc/jsonc-parser did after all\n return {};\n }\n}\n\nconst loadJson = async (filepath: string) => {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return\n return jsoncParse(await fs.promises.readFile(filepath, 'utf8'));\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(\n `Failed to parse ${path.relative(process.cwd(), filepath)}: ${\n error.message\n }`,\n );\n } else {\n throw error;\n }\n }\n};\n\nexport const getConfig = async (): Promise<Config> => {\n const cwd = process.cwd();\n const configJoycon = new JoyCon();\n const configPath = await configJoycon.resolve({\n files: [\n 'dotsec.config.ts',\n 'dotsec.config.js',\n 'dotsec.config.cjs',\n 'dotsec.config.mjs',\n 'dotsec.config.json',\n 'package.json',\n ],\n cwd,\n stopDir: path.parse(cwd).root,\n packageKey: 'dotsec',\n });\n\n if (configPath) {\n if (configPath.endsWith('.json')) {\n const rawData = (await loadJson(configPath)) as\n | Partial<Config>\n | { dotsec: Partial<Config> };\n\n let data: Partial<Config>;\n\n if (\n configPath.endsWith('package.json') &&\n (rawData as { dotsec: Partial<Config> }).dotsec !== undefined\n ) {\n data = (rawData as { dotsec: Partial<Config> }).dotsec;\n } else {\n data = rawData as Partial<Config>;\n }\n\n return {\n ...defaultConfig,\n ...data,\n aws: { ...defaultConfig.aws, ...data.aws },\n };\n }\n\n const config = await bundleRequire({\n filepath: configPath,\n });\n\n const retrievedConfig =\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n (config.mod.dotsec as Partial<Config>) ||\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n (config.mod.default as Partial<Config>) ||\n config.mod;\n return {\n ...defaultConfig,\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n ...retrievedConfig,\n };\n }\n\n return { ...defaultConfig };\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { constantCase } from 'constant-case';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { getConfig } from '../lib/config';\nimport { loadEncryptedSecrets } from '../lib/encryptedSecrets';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport {\n CredentialsAndOrigin,\n RegionAndOrigin,\n YargsHandlerParams,\n} from '../types';\nimport { fileExists } from '../utils/io';\nimport { getEncryptionAlgorithm } from '../utils/kms';\n\nexport const command = '$0 <command>';\nexport const desc =\n 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'sec-file': commonCliOptions.secFile,\n 'env-file': commonCliOptions.envFile,\n 'ignore-missing-env-file': commonCliOptions.ignoreMissingEnvFile,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n 'encrypted-secrets-file': commonCliOptions.encryptedSecretsFile,\n 'json-filter': commonCliOptions.jsonFilter,\n\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nconst handleSec = async ({\n secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n secFile: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const secSource = path.resolve(process.cwd(), secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n awsKeyAlias,\n );\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nconst handleEncryptedJson = async ({\n encryptedSecretsFile,\n jsonFilter,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n encryptedSecretsFile: string;\n jsonFilter?: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const encryptedSecrets = await loadEncryptedSecrets({\n encryptedSecretsFile: encryptedSecretsFile,\n });\n\n const flattened: Record<string, string> = flat.flatten(\n encryptedSecrets.encryptedParameters,\n {\n delimiter: '__',\n transformKey: (key) => {\n return constantCase(key);\n },\n },\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n awsKeyAlias,\n );\n\n const filterKey = jsonFilter\n ?.split('.')\n .map((part) => constantCase(part))\n .join('__');\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(flattened)\n .filter(([key]) => {\n if (filterKey) {\n return key.indexOf(filterKey) === 0;\n }\n return true;\n })\n .map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const config = await getConfig();\n\n try {\n let env: Record<string, string> | undefined;\n let awsEnv: Record<string, string> | undefined;\n\n try {\n if (argv.envFile) {\n env = parse(\n fs.readFileSync(argv.envFile, { encoding: 'utf8' }),\n );\n\n if (\n argv.awsAssumeRoleArn ||\n process.env.AWS_ASSUME_ROLE_ARN ||\n env?.AWS_ASSUME_ROLE_ARN\n ) {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: {\n ...argv,\n awsRegion: config.aws.region || argv.awsRegion,\n awsProfile:\n config.aws.profile || argv.awsProfile,\n awsAssumeRoleArn:\n config.aws.assumeRoleArn ||\n argv.awsAssumeRoleArn,\n awsAssumeRoleSessionDuration:\n config.aws.assumeRoleSessionDuration ||\n argv.awsAssumeRoleSessionDuration,\n },\n env: { ...process.env },\n });\n\n awsEnv = {\n AWS_ACCESS_KEY_ID:\n credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n };\n\n if (credentialsAndOrigin.value.sessionToken) {\n awsEnv.AWS_SESSION_TOKEN =\n credentialsAndOrigin.value.sessionToken;\n }\n // this means we have\n }\n } else {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: {\n ...argv,\n awsRegion: config.aws.region || argv.awsRegion,\n awsProfile: config.aws.profile || argv.awsProfile,\n awsAssumeRoleArn:\n config.aws.assumeRoleArn ||\n argv.awsAssumeRoleArn,\n awsAssumeRoleSessionDuration:\n config.aws.assumeRoleSessionDuration ||\n argv.awsAssumeRoleSessionDuration,\n },\n env: { ...process.env },\n });\n\n if (\n (argv.awsAssumeRoleArn ||\n process.env.AWS_ASSUME_ROLE_ARN ||\n env?.AWS_ASSUME_ROLE_ARN) &&\n credentialsAndOrigin.value.sessionToken !== undefined\n ) {\n awsEnv = {\n AWS_ACCESS_KEY_ID:\n credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n AWS_SESSION_TOKEN:\n credentialsAndOrigin.value.sessionToken,\n };\n // this means we have\n }\n if (argv.verbose) {\n console.log({ credentialsAndOrigin, regionAndOrigin });\n }\n const awsKeyAlias = argv.awsKeyAlias || config.aws.keyAlias;\n\n if (argv.encryptedSecretsFile) {\n env = await handleEncryptedJson({\n encryptedSecretsFile: argv.encryptedSecretsFile,\n jsonFilter: argv.jsonFilter,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n });\n // // load that file\n // const encryptedSecrets = await loadEncryptedSecrets({\n // encryptedSecretsFile: argv.encryptedSecretsFile,\n // });\n\n // const flattened = flat.flatten(encryptedSecrets, {\n // delimiter: '__',\n // transformKey: (key) => {\n // return constantCase(key);\n // },\n // });\n\n // console.log('flattened', flattened);\n\n // const unflattend = flat.unflatten(flattened, {\n // delimiter: '__',\n // transformKey: (key) => {\n // return camelCase(key);\n // },\n // });\n\n // console.log(JSON.stringify(unflattend, null, 4));\n } else {\n env = await handleSec({\n secFile: argv.secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n });\n }\n }\n } catch (e) {\n if (argv.ignoreMissingEnvFile !== true) {\n throw e;\n }\n }\n\n //\n const userCommandArgs = process.argv.slice(\n process.argv.indexOf(argv.command) + 1,\n );\n\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...awsEnv, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import fs from 'fs';\nimport path from 'path';\n\nimport { redBright } from 'chalk';\n\nimport { EncryptedSecrets } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const loadEncryptedSecrets = async ({\n encryptedSecretsFile,\n}: {\n encryptedSecretsFile: string;\n}) => {\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n throw new Error(`Could not open ${redBright(encryptedSecretsPath)}`);\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n if (!encryptedSecrets) {\n throw new Error(\n `No encrypted secrets found in ${redBright(encryptedSecretsPath)}`,\n );\n }\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n return encryptedSecrets;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getEncryptionAlgorithm, getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'env-file': { ...commonCliOptions.envFile, default: '.env' },\n 'sec-file': commonCliOptions.secFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(\n fs.readFileSync(envSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n argv.awsKeyAlias,\n );\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key,\n value,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(`Encrypting key ${bold(key)} ${underline('ok')}`);\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { getConfig } from '../lib/config';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getEncryptionAlgorithm, getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-secrets-json';\nexport const desc = 'Encrypts an unencrypted file';\n\nexport const builder = {\n 'secrets-file': {\n string: true,\n describe: 'filename of json file reading secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const config = await getConfig();\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: {\n ...argv,\n awsRegion: config.aws.region || argv.awsRegion,\n awsProfile: config.aws.profile || argv.awsProfile,\n awsAssumeRoleArn:\n config.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n awsAssumeRoleSessionDuration:\n config.aws.assumeRoleSessionDuration ||\n argv.awsAssumeRoleSessionDuration,\n },\n env: { ...process.env },\n });\n\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n if (!(await fileExists(secretsPath))) {\n error(`Could not open ${redBright(secretsPath)}`);\n return;\n }\n const secrets = JSON.parse(\n fs.readFileSync(secretsPath, { encoding: 'utf8' }),\n ) as Secrets;\n\n if (!secrets.parameters) {\n throw new Error(`Expected 'parameters' property, but got none`);\n }\n\n const flatParameters: Record<string, unknown> = flat(\n secrets.parameters,\n { delimiter: '/', maxDepth: config.maxDepth },\n );\n\n if (argv.verbose) {\n info(flatParameters);\n }\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const awsKeyAlias = argv.awsKeyAlias || config.aws.keyAlias;\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n info('keyMetaData', { ...describeKeyResult.KeyMetadata });\n }\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n awsKeyAlias,\n );\n const encryptedFlatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatParameters).map(\n async ([parameterName, parameter]) => {\n // copy paramter to let\n let parameterCopy = parameter;\n // check if parameter is string, number or boolean, if not, encode to json\n if (\n typeof parameter !== 'string' &&\n typeof parameter !== 'number' &&\n typeof parameter !== 'boolean'\n ) {\n parameterCopy = JSON.stringify(parameter);\n }\n const encryptCommand = new EncryptCommand({\n KeyId: awsKeyAlias,\n Plaintext: Buffer.from(String(parameterCopy)),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n value: parameter,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return [parameterName, cipherText];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const encryptedParameters: EncryptedSecrets['encryptedParameters'] =\n flat.unflatten(encryptedFlatParameters, { delimiter: '/' });\n const encryptedSecrets: EncryptedSecrets = {\n config: secrets.config,\n encryptedParameters,\n };\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: encryptedSecretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(\n encryptedSecretsPath,\n JSON.stringify(encryptedSecrets, null, 4),\n );\n }\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DecryptCommand } from '@aws-sdk/client-kms';\nimport { PutParameterCommand } from '@aws-sdk/client-ssm';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { getConfig } from '../lib/config';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getEncryptionAlgorithm, getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nimport { getSSMClient } from '../utils/ssm';\nexport const command = 'offload-secrets-json-to-ssm';\nexport const desc =\n 'Sends decrypted values of secrets.encrypted.json file to SSM parameter store';\n\nexport const builder = {\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const config = await getConfig();\n\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: {\n ...argv,\n awsRegion: config.aws.region || argv.awsRegion,\n awsProfile: config.aws.profile || argv.awsProfile,\n awsAssumeRoleArn:\n config.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n awsAssumeRoleSessionDuration:\n config.aws.assumeRoleSessionDuration ||\n argv.awsAssumeRoleSessionDuration,\n },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const awsKeyAlias = argv.awsKeyAlias || config.aws.keyAlias;\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n }\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n awsKeyAlias,\n );\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n // create ssm client\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n await Promise.all(\n Object.entries(flatParameters).map(([parameterName, value]) => {\n const putParameterCommand = new PutParameterCommand({\n Name: `/${parameterName}`,\n Value: value,\n Type: 'String',\n Overwrite: true,\n });\n\n return ssmClient.send(putParameterCommand);\n }),\n );\n } catch (e) {\n error(e);\n }\n};\n"],
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;AACA;AACA;;;ACFA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACEO,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,sBAAsB;AAAA,IAClB,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,kBAAkB;AAAA,IACd,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,8BAA8B;AAAA,IAC1B,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,sBAAsB;AAAA,IAClB,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAWR,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;AC1ElB;AAAA;AAAA;AAAA;AAAA;AAKA;;;ACLA;AAEA,IAAI;AAEG,IAAM,YAAY,MAAM;AAC3B,MAAI,CAAC,SAAS;AACV,cAAU;AAAA;AAGd,SAAO;AAAA;AAKJ,IAAM,OAAO,CAAC,QAAwB,MAAM,YAAY,KAAK;AAC7D,IAAM,YAAY,CAAC,QAAwB,MAAM,WAAW,KAAK;;;ADDjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAkBE;AAlCN;AAmCI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AACnD,MAAI,KAAK,SAAS;AACd,uBAAmB;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAE9C,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,KAAK;AAAA;AAAA,MAElB,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA;AAAA,aAEtB,IAAI,aAAa;AACxB,uBAAmB;AAAA,MACf,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,mBAAmB,UAC5C,IAAI;AAAA;AAGZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,IAAI;AAAA;AAAA,MAEjB,QAAQ,gBAAgB,UAAU,mBAAmB,KACjD,IAAI;AAAA;AAAA,aAGL,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KACtD;AAAA;AAAA,aAGD,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB;AAAA,MACf,OAAO;AAAA,MACP,QAAQ,GAAG,KAAK;AAAA;AAEpB,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS;AAAA;AAAA,MAEb,QAAQ,WAAW,KAAK;AAAA;AAAA;AAIhC,MAAI,KAAK,QAAQ;AACb,sBAAkB;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAAA,aAEvC,IAAI,YAAY;AACvB,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,kBAAkB,UAC3C,IAAI;AAAA;AAAA,aAGL,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UACnD,IAAI;AAAA;AAAA,aAGL,kBAAkB;AACzB,UAAM,cACF,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7D,QAAI,aAAa;AACb,wBAAkB;AAAA,QACd,OAAO;AAAA,QACP,QAAQ,GAAG,KACP,YAAY,iBAAiB;AAAA;AAAA;AAAA;AAM7C,QAAM,cAAc,KAAK,iBAAiB,IAAI;AAC9C,MAAI,aAAa;AACb,UAAM,SAAS,KAAK,gBACd,wBACA;AACN,2BAAuB;AAAA,MACnB,OAAO,MAAM,yBAAyB;AAAA,QAClC,mBAAmB,6DAAsB;AAAA,QAEzC,QAAQ;AAAA,UACJ,iBACI,KAAK,6BACL,OAAO,IAAI,qCACX;AAAA,UACJ,SAAS;AAAA;AAAA,QAGb,cAAc;AAAA,UACV,QAAQ,mDAAiB;AAAA;AAAA;AAAA,MAGjC,QAAQ,GAAG,UAAU,KAAK,IAAI;AAAA;AAAA;AAItC,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AEhKb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAmBE;AACF,QAAM,EAAE,sBAAsB,iBAAiB,qBAC3C,MAAM,4BAA4B;AAAA,IAC9B,MAAM;AAAA,MACF,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA,MACpB,2BAA2B,KAAK;AAAA;AAAA,IAEpC,KAAK,mBACE;AAAA;AAIf,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IACJ,qCAAqC;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAKZ,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;AC7DnC;AAEO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,UAAU;AAChC,SAAO;AAAA;;;ALFJ,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,6BAA6B,IAAI,2BAA2B;AAAA,MAC9D,MAAM;AAAA,MACN,WAAW;AAAA;AAGf,UAAM,gBAAgB,MAAM,UAAU,KAAK;AAC3C,YAAQ,IAAI;AAAA,WACP,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AM7CtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;;;ACLA;AAEA;AAEO,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,KAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;AAIR,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAIE;AACF,MAAI;AAEJ,MAAK,MAAM,WAAW,aAAc,SAAS,MAAM;AAC/C,wBAAoB,MAAM,QAAQ;AAAA,MAC9B,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,MAAM;AACX,eAAO,cAAc;AAAA;AAAA;AAAA,SAG1B;AACH,wBAAoB;AAAA;AAExB,SAAO;AAAA;;;ACjCX;AAAA;AAAA;AAAA;AAMO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,UAAU;AAEhC,SAAO;AAAA;AAGJ,IAAM,yBAAyB,OAClC,WACA,gBACC;AApBL;AAsBI,QAAM,qBAAqB,IAAI,mBAAmB;AAAA,IAC9C,OAAO;AAAA;AAGX,QAAM,oBAAoB,MAAM,UAAU,KAAK;AAC/C,QAAM,sBACF,8BAAkB,gBAAlB,mBAA+B,yBAA/B,mBAAsD;AAE1D,MAAI,wBAAwB,QAAW;AACnC,UAAM,IAAI,MAAM;AAAA;AAGpB,SAAO;AAAA;;;AFrBJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,mBAAmB,iBAAiB;AAAA,EACpC,YAAY,iCAAK,iBAAiB,UAAtB,EAA+B,SAAS;AAAA,EACpD,YAAY,iBAAiB;AAAA,EAC7B,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,KAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,UAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,MACd,GAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,IAAI,WAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,sBAAsB,MAAM,uBAC9B,WACA,KAAK;AAGT,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAIZ,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,KAAK;AAAA;AAGrB,OAAG,cACC,KAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAC5C,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAE1D,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AGrFtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;;;ACLA;AACA;AAEA;AACA;AAsBO,IAAM,gBAAwB;AAAA,EACjC,KAAK;AAAA,IACD,UAAU;AAAA;AAAA;AAIlB,oBAAoB,MAAc;AAC9B,MAAI;AAEA,WAAO,IAAI,SAAS,YAAY,KAAK;AAAA,UACvC;AAGE,WAAO;AAAA;AAAA;AAIf,IAAM,WAAW,OAAO,aAAqB;AACzC,MAAI;AAEA,WAAO,WAAW,MAAM,IAAG,SAAS,SAAS,UAAU;AAAA,WAClD,OAAP;AACE,QAAI,iBAAiB,OAAO;AACxB,YAAM,IAAI,MACN,mBAAmB,MAAK,SAAS,QAAQ,OAAO,cAC5C,MAAM;AAAA,WAGX;AACH,YAAM;AAAA;AAAA;AAAA;AAKX,IAAM,YAAY,YAA6B;AAClD,QAAM,MAAM,QAAQ;AACpB,QAAM,eAAe,IAAI;AACzB,QAAM,aAAa,MAAM,aAAa,QAAQ;AAAA,IAC1C,OAAO;AAAA,MACH;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA;AAAA,IAEJ;AAAA,IACA,SAAS,MAAK,MAAM,KAAK;AAAA,IACzB,YAAY;AAAA;AAGhB,MAAI,YAAY;AACZ,QAAI,WAAW,SAAS,UAAU;AAC9B,YAAM,UAAW,MAAM,SAAS;AAIhC,UAAI;AAEJ,UACI,WAAW,SAAS,mBACnB,QAAwC,WAAW,QACtD;AACE,eAAQ,QAAwC;AAAA,aAC7C;AACH,eAAO;AAAA;AAGX,aAAO,gDACA,gBACA,OAFA;AAAA,QAGH,KAAK,kCAAK,cAAc,MAAQ,KAAK;AAAA;AAAA;AAI7C,UAAM,SAAS,MAAM,cAAc;AAAA,MAC/B,UAAU;AAAA;AAGd,UAAM,kBAED,OAAO,IAAI,UAEX,OAAO,IAAI,WACZ,OAAO;AACX,WAAO,kCACA,gBAEA;AAAA;AAIX,SAAO,mBAAK;AAAA;;;ADxGT,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B,iCACnB,iBAAiB,uBADE;AAAA,IAEtB,SAAS;AAAA;AAAA,EAEb,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,QAAM,SAAS,MAAM;AAErB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,iCACC,OADD;AAAA,QAEF,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,QACrC,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,QACvC,kBACI,OAAO,IAAI,iBAAiB,KAAK;AAAA,QACrC,8BACI,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,MAEb,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,KACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,cAAc,KAAK,eAAe,OAAO,IAAI;AAEnD,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,mBAAmB,KAClD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO;AAAA;AAGX,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,WAAK,eAAe,mBAAK,kBAAkB;AAAA;AAG/C,UAAM,sBAAsB,MAAM,uBAC9B,WACA;AAGJ,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,YAAY,OAAO,KACrB,iBAAiB,WACnB;AACF,UAAI;AAEA,cAAM,aAAa,KAAK,MAAM;AAI9B,eAAO,CAAC,eAAe;AAAA,eAClB,GAAP;AACE,gBAAQ,IAAI,SAAS;AAAA;AAGzB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,aAAoC,KAAK,UAC3C,gBACA,EAAE,WAAW;AAEjB,UAAM,UAAmB;AAAA,MACrB,QAAQ,iBAAiB;AAAA,MACzB;AAAA;AAEJ,UAAM,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,UAAG,cAAc,aAAa,KAAK,UAAU,SAAS,MAAM;AAAA;AAAA,WAE3D,GAAP;AACE,UAAM;AAAA;AAAA;;;AElMd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AACA;AACA;AACA;;;ACRA;AACA;AAEA;AAKO,IAAM,uBAAuB,OAAO;AAAA,EACvC;AAAA,MAGE;AACF,QAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR;AAEJ,MAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,UAAM,IAAI,MAAM,kBAAkB,WAAU;AAAA;AAEhD,QAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAEtD,MAAI,CAAC,kBAAkB;AACnB,UAAM,IAAI,MACN,iCAAiC,WAAU;AAAA;AAGnD,MAAI,CAAC,iBAAiB,qBAAqB;AACvC,UAAM,IAAI,MACN;AAAA;AAIR,SAAO;AAAA;;;ADZJ,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,2BAA2B,iBAAiB;AAAA,EAC5C,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,0BAA0B,iBAAiB;AAAA,EAC3C,eAAe,iBAAiB;AAAA,EAEhC,SAAS,iBAAiB;AAAA,EAE1B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGvC,IAAM,YAAY,OAAO;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAME;AACF,QAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO;AAC9C,MAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAQ,MAAM,kBAAkB,WAAU;AAC1C;AAAA;AAEJ,QAAM,YAAY,OAAM,IAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,QAAM,YAAY,IAAI,WAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,sBAAsB,MAAM,uBAC9B,WACA;AAGJ,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,UAAM,iBAAiB,IAAI,gBAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGrB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEX,IAAM,sBAAsB,OAAO;AAAA,EAC/B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAOE;AACF,QAAM,mBAAmB,MAAM,qBAAqB;AAAA,IAChD;AAAA;AAGJ,QAAM,YAAoC,MAAK,QAC3C,iBAAiB,qBACjB;AAAA,IACI,WAAW;AAAA,IACX,cAAc,CAAC,QAAQ;AACnB,aAAO,aAAa;AAAA;AAAA;AAKhC,QAAM,YAAY,IAAI,WAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,sBAAsB,MAAM,uBAC9B,WACA;AAGJ,QAAM,YAAY,yCACZ,MAAM,KACP,IAAI,CAAC,SAAS,aAAa,OAC3B,KAAK;AACV,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WACV,OAAO,CAAC,CAAC,SAAS;AACf,QAAI,WAAW;AACX,aAAO,IAAI,QAAQ,eAAe;AAAA;AAEtC,WAAO;AAAA,KAEV,IAAI,OAAO,CAAC,KAAK,gBAAgB;AAC9B,UAAM,iBAAiB,IAAI,gBAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,WAAO,CAAC,KAAK;AAAA;AAGzB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEJ,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,SAAS,MAAM;AAErB,MAAI;AACA,QAAI;AACJ,QAAI;AAEJ,QAAI;AACA,UAAI,KAAK,SAAS;AACd,cAAM,OACF,IAAG,aAAa,KAAK,SAAS,EAAE,UAAU;AAG9C,YACI,KAAK,oBACL,QAAQ,IAAI,uBACZ,4BAAK,sBACP;AACE,gBAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,YAC7B,MAAM,iCACC,OADD;AAAA,cAEF,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,cACrC,YACI,OAAO,IAAI,WAAW,KAAK;AAAA,cAC/B,kBACI,OAAO,IAAI,iBACX,KAAK;AAAA,cACT,8BACI,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,YAEb,KAAK,mBAAK,QAAQ;AAAA;AAG1B,mBAAS;AAAA,YACL,mBACI,qBAAqB,MAAM;AAAA,YAC/B,uBACI,qBAAqB,MAAM;AAAA;AAGnC,cAAI,qBAAqB,MAAM,cAAc;AACzC,mBAAO,oBACH,qBAAqB,MAAM;AAAA;AAAA;AAAA,aAIpC;AACH,cAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,UAC7B,MAAM,iCACC,OADD;AAAA,YAEF,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,YACrC,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,YACvC,kBACI,OAAO,IAAI,iBACX,KAAK;AAAA,YACT,8BACI,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,UAEb,KAAK,mBAAK,QAAQ;AAAA;AAG1B,YACK,MAAK,oBACF,QAAQ,IAAI,uBACZ,4BAAK,yBACT,qBAAqB,MAAM,iBAAiB,QAC9C;AACE,mBAAS;AAAA,YACL,mBACI,qBAAqB,MAAM;AAAA,YAC/B,uBACI,qBAAqB,MAAM;AAAA,YAC/B,mBACI,qBAAqB,MAAM;AAAA;AAAA;AAIvC,YAAI,KAAK,SAAS;AACd,kBAAQ,IAAI,EAAE,sBAAsB;AAAA;AAExC,cAAM,cAAc,KAAK,eAAe,OAAO,IAAI;AAEnD,YAAI,KAAK,sBAAsB;AAC3B,gBAAM,MAAM,oBAAoB;AAAA,YAC5B,sBAAsB,KAAK;AAAA,YAC3B,YAAY,KAAK;AAAA,YACjB;AAAA,YACA;AAAA,YACA;AAAA;AAAA,eAwBD;AACH,gBAAM,MAAM,UAAU;AAAA,YAClB,SAAS,KAAK;AAAA,YACd;AAAA,YACA;AAAA,YACA;AAAA;AAAA;AAAA;AAAA,aAIP,GAAP;AACE,UAAI,KAAK,yBAAyB,MAAM;AACpC,cAAM;AAAA;AAAA;AAKd,UAAM,kBAAkB,QAAQ,KAAK,MACjC,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAGzC,QAAI,KAAK,SAAS;AACd,YAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,iDAAK,QAAQ,MAAQ,SAAW;AAAA;AAAA;AAAA,WAGxC,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AEhUtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AAQO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iCAAK,iBAAiB,UAAtB,EAA+B,SAAS;AAAA,EACpD,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,YAAY,OACd,IAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,sBAAsB,MAAM,uBAC9B,WACA,KAAK;AAGT,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aAAK,kBAAkB,KAAK,QAAQ,UAAU;AAAA;AAGlD,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAEP,QAAG,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,UAAM;AAAA;AAAA;;;ACnHd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AASO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,SAAS,MAAM;AACrB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,iCACC,OADD;AAAA,QAEF,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,QACrC,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,QACvC,kBACI,OAAO,IAAI,iBAAiB,KAAK;AAAA,QACrC,8BACI,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,MAEb,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,QAAI,CAAE,MAAM,WAAW,cAAe;AAClC,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,UAAU,KAAK,MACjB,IAAG,aAAa,aAAa,EAAE,UAAU;AAG7C,QAAI,CAAC,QAAQ,YAAY;AACrB,YAAM,IAAI,MAAM;AAAA;AAGpB,UAAM,iBAA0C,MAC5C,QAAQ,YACR,EAAE,WAAW,KAAK,UAAU,OAAO;AAGvC,QAAI,KAAK,SAAS;AACd,WAAK;AAAA;AAET,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,cAAc,KAAK,eAAe,OAAO,IAAI;AAEnD,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,mBAAmB,KAClD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO;AAAA;AAGX,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,WAAK,eAAe,mBAAK,kBAAkB;AAAA;AAG/C,UAAM,sBAAsB,MAAM,uBAC9B,WACA;AAEJ,UAAM,0BAA0B,OAAO,YACnC,MAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAC3B,OAAO,CAAC,eAAe,eAAe;AAElC,UAAI,gBAAgB;AAEpB,UACI,OAAO,cAAc,YACrB,OAAO,cAAc,YACrB,OAAO,cAAc,WACvB;AACE,wBAAgB,KAAK,UAAU;AAAA;AAEnC,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO;AAAA,QACP,WAAW,OAAO,KAAK,OAAO;AAAA,QAC9B,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,OAAO;AAAA,UACP;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,sBACF,MAAK,UAAU,yBAAyB,EAAE,WAAW;AACzD,UAAM,mBAAqC;AAAA,MACvC,QAAQ,QAAQ;AAAA,MAChB;AAAA;AAGJ,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,UAAG,cACC,sBACA,KAAK,UAAU,kBAAkB,MAAM;AAAA;AAAA,WAG1C,GAAP;AACE,UAAM;AAAA;AAAA;;;AC7Ld;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AACA;AAUO,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,SAAS,MAAM;AAErB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,iCACC,OADD;AAAA,QAEF,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,QACrC,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,QACvC,kBACI,OAAO,IAAI,iBAAiB,KAAK;AAAA,QACrC,8BACI,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,MAEb,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,MACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,cAAc,KAAK,eAAe,OAAO,IAAI;AAEnD,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,mBAAmB,KAClD,MAAM,UAAU,OAAO;AAAA;AAKnC,UAAM,sBAAsB,MAAM,uBAC9B,WACA;AAGJ,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAOvC,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAAI,CAAC,CAAC,eAAe,WAAW;AAC3D,YAAM,sBAAsB,IAAI,oBAAoB;AAAA,QAChD,MAAM,IAAI;AAAA,QACV,OAAO;AAAA,QACP,MAAM;AAAA,QACN,WAAW;AAAA;AAGf,aAAO,UAAU,KAAK;AAAA;AAAA,WAGzB,GAAP;AACE,UAAM;AAAA;AAAA;;;AhB5Jd,KAAK,MAAM,QAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,6BACR,QAAQ,sBACR,QAAQ,2BACR,QAAQ,2BACR,QAAQ,4BACR,QAAQ,4BAGR;",
|
|
4
|
+
"sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as debugCommand from './commands/debugCommand';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as decryptSecretsJson from './commands/decryptSecretsJson';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\nimport * as encryptSecretsJson from './commands/encryptSecretsJson';\nimport * as offloadToSSMCommand from './commands/offloadToSSMCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(offloadToSSMCommand)\n .command(debugCommand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n .command(encryptSecretsJson)\n .command(decryptSecretsJson)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { GetParametersByPathCommand } from '@aws-sdk/client-ssm';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { getSSMClient } from '../utils/ssm';\n\nexport const command = 'debug';\nexport const desc = 'Debugs all the things';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const getParametersByPathCommand = new GetParametersByPathCommand({\n Path: `arn:aws:ssm:eu-west-1:060014838622:parameter/dotsec/*`,\n Recursive: true,\n });\n\n const commandResult = await ssmClient.send(getParametersByPathCommand);\n console.log(commandResult);\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n describe: 'AWS KMS key alias',\n },\n awsKeyArn: {\n string: true,\n describe: 'AWS KMS key id',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS key arn',\n },\n envFile: {\n string: true,\n describe: '.env file',\n },\n ignoreMissingEnvFile: {\n boolean: true,\n describe: `Don't halt on missing .env file`,\n },\n secFile: {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n awsAssumeRoleArn: {\n string: true,\n describe:\n 'arn or role to assume. Can also be set using the AWS_ASSUME_ROLE_ARN environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n awsAssumeRoleSessionDuration: {\n number: true,\n describe:\n 'Duration of assume role sessions. Defaults to 3600 seconds. Can also be set using the AWS_ASSUME_ROLE_SESSION_DURATION environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n encryptedSecretsFile: {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n },\n jsonFilter: {\n string: true,\n describe:\n 'dot separated filter path, for example a.b.c will return { a: { b: { c: ... }}}',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import {\n fromEnv,\n fromIni,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport {\n CredentialsAndOrigin,\n ProfileAndOrigin,\n RegionAndOrigin,\n} from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: {\n profile?: string;\n region?: string;\n assumeRoleArn?: string;\n assumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n if (argv.profile) {\n profileAndOrigin = {\n value: argv.profile,\n origin: `command line option: ${bold(argv.profile)}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: argv.profile,\n })(),\n origin: `${bold(`[${argv.profile}]`)} in credentials file`,\n };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = {\n value: env.AWS_PROFILE,\n origin: `env variable ${bold('AWS_PROFILE')}: ${underline(\n env.AWS_PROFILE,\n )}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: env.AWS_PROFILE,\n })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(\n env.AWS_PROFILE,\n )}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold(\n 'AWS_SECRET_ACCESS_KEY',\n )}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = {\n value: 'default',\n origin: `${bold('[default]')} in credentials file`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: 'default',\n })(),\n origin: `profile ${bold('[default]')}`,\n };\n }\n\n if (argv.region) {\n regionAndOrigin = {\n value: argv.region,\n origin: `command line option: ${bold(argv.region)}`,\n };\n } else if (env.AWS_REGION) {\n regionAndOrigin = {\n value: env.AWS_REGION,\n origin: `env variable ${bold('AWS_REGION')}: ${underline(\n env.AWS_REGION,\n )}`,\n };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(\n env.AWS_DEFAULT_REGION,\n )}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion =\n sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = {\n value: foundRegion,\n origin: `${bold(\n `[profile ${profileAndOrigin.value}]`,\n )} in config file`,\n };\n }\n }\n\n const assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;\n if (assumedRole) {\n const origin = argv.assumeRoleArn\n ? 'command line option'\n : 'env variable';\n credentialsAndOrigin = {\n value: await fromTemporaryCredentials({\n masterCredentials: credentialsAndOrigin?.value,\n\n params: {\n DurationSeconds:\n argv.assumeRoleSessionDuration ||\n Number(env.AWS_ASSUME_ROLE_SESSION_DURATION) ||\n 3600,\n RoleArn: assumedRole,\n },\n\n clientConfig: {\n region: regionAndOrigin?.value,\n },\n })(),\n origin: `${origin} ${bold(`[${assumedRole}]`)}`,\n };\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n _logger = console;\n }\n\n return _logger;\n};\nexport const writeLine = (str: string) => {\n process.stdout.write(str);\n};\nexport const bold = (str: string): string => chalk.greenBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\nexport const clientLogger = {\n debug(content: object) {\n console.log(content);\n },\n info(content: object) {\n console.log(content);\n },\n warn(content: object) {\n console.log(content);\n },\n error(content: object) {\n console.error(content);\n },\n};\n", "import {\n getCredentialsProfileRegion,\n printVerboseCredentialsProfileRegion,\n} from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: {\n awsRegion?: string;\n awsProfile?: string;\n verbose?: boolean;\n awsAssumeRoleArn?: string;\n awsAssumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n await getCredentialsProfileRegion({\n argv: {\n region: argv.awsRegion,\n profile: argv.awsProfile,\n assumeRoleArn: argv.awsAssumeRoleArn,\n assumeRoleSessionDuration: argv.awsAssumeRoleSessionDuration,\n },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(\n printVerboseCredentialsProfileRegion({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n }),\n );\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { SSMClient, SSMClientConfig } from '@aws-sdk/client-ssm';\n\nexport const getSSMClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SSMClientConfig;\n}) => {\n const ssmClient = new SSMClient(configuration);\n return ssmClient;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getEncryptionAlgorithm } from '../utils/kms';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'env-file': { ...commonCliOptions.envFile, default: 'env' },\n 'sec-file': commonCliOptions.secFile,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(\n fs.readFileSync(secSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n argv.awsKeyAlias,\n );\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(\n path.resolve(process.cwd(), argv.envFile || '.env'),\n envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'),\n );\n } catch (e) {\n console.error(e);\n }\n};\n", "import { stat } from 'fs/promises';\n\nimport prompts from 'prompts';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n\nexport const promptOverwriteIfFileExists = async ({\n filePath,\n skip,\n}: {\n filePath: string;\n skip?: boolean;\n}) => {\n let overwriteResponse: prompts.Answers<'overwrite'> | undefined;\n\n if ((await fileExists(filePath)) && skip !== true) {\n overwriteResponse = await prompts({\n type: 'confirm',\n name: 'overwrite',\n message: () => {\n return `Overwrite '${filePath}' ?`;\n },\n });\n } else {\n overwriteResponse = undefined;\n }\n return overwriteResponse;\n};\n", "import {\n DescribeKeyCommand,\n KMSClient,\n KMSClientConfig,\n} from '@aws-sdk/client-kms';\n\nexport const getKMSClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: KMSClientConfig;\n}) => {\n const kmsClient = new KMSClient(configuration);\n\n return kmsClient;\n};\n\nexport const getEncryptionAlgorithm = async (\n kmsClient: KMSClient,\n awsKeyAlias: string,\n) => {\n // describe key *once*\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n const encryptionAlgorithm =\n describeKeyResult.KeyMetadata?.EncryptionAlgorithms?.[0];\n\n if (encryptionAlgorithm === undefined) {\n throw new Error(`Could not determine encryption algorithm`);\n }\n\n return encryptionAlgorithm;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { getConfig } from '../lib/config';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getEncryptionAlgorithm, getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'decrypt-secrets-json';\nexport const desc = 'Derypts an encrypted file';\n\nexport const builder = {\n 'secrets-file': {\n string: true,\n describe: 'filename of json file writing secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n ...commonCliOptions.encryptedSecretsFile,\n default: 'secrets.encrypted.json',\n },\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n const config = await getConfig();\n\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: {\n ...argv,\n awsRegion: config.aws.region || argv.awsRegion,\n awsProfile: config.aws.profile || argv.awsProfile,\n awsAssumeRoleArn:\n config.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n awsAssumeRoleSessionDuration:\n config.aws.assumeRoleSessionDuration ||\n argv.awsAssumeRoleSessionDuration,\n },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const awsKeyAlias = argv.awsKeyAlias || config.aws.keyAlias;\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n info('keyMetaData', { ...describeKeyResult.KeyMetadata });\n }\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n awsKeyAlias,\n );\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const plaintext = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n try {\n // is this json?\n const jsonObject = JSON.parse(plaintext) as Record<\n string,\n unknown\n >;\n return [parameterName, jsonObject];\n } catch (e) {\n console.log('NOPES', plaintext);\n // ignore it, yes, it is not json\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const parameters: Secrets['parameters'] = flat.unflatten(\n flatParameters,\n { delimiter: '/' },\n );\n const secrets: Secrets = {\n config: encryptedSecrets.config,\n parameters,\n };\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: secretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(secretsPath, JSON.stringify(secrets, null, 4));\n }\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'fs';\nimport path from 'node:path';\n\nimport { bundleRequire } from 'bundle-require';\nimport JoyCon from 'joycon';\n\nexport type Config = {\n /**\n * defines the object depth from the root of the object, children past this depth will be serialized as JSON\n *\n * ```json\n * { a: { b: { c: 3 } } }\n * ```\n * with a maxDepth of 1 will result in { a: \"{ \"b\": { \"c\": 3 }\" } }\n */\n maxDepth?: number;\n aws: {\n keyAlias: string;\n region?: string;\n profile?: string;\n assumeRoleArn?: string;\n assumeRoleSessionDuration?: number;\n secureStrings?: {\n pathMatches: string[];\n };\n };\n};\nexport type PartialConfig = Partial<Config>;\n\nexport const defaultConfig: Config = {\n aws: {\n keyAlias: 'alias/top-secret',\n },\n} as const;\n\nfunction jsoncParse(data: string) {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return, @typescript-eslint/no-implied-eval\n return new Function('return ' + data.trim())();\n } catch {\n // Silently ignore any error\n // That's what tsc/jsonc-parser did after all\n return {};\n }\n}\n\nconst loadJson = async (filepath: string) => {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return\n return jsoncParse(await fs.promises.readFile(filepath, 'utf8'));\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(\n `Failed to parse ${path.relative(process.cwd(), filepath)}: ${\n error.message\n }`,\n );\n } else {\n throw error;\n }\n }\n};\n\nexport const getConfig = async (): Promise<Config> => {\n const cwd = process.cwd();\n const configJoycon = new JoyCon();\n const configPath = await configJoycon.resolve({\n files: [\n 'dotsec.config.ts',\n 'dotsec.config.js',\n 'dotsec.config.cjs',\n 'dotsec.config.mjs',\n 'dotsec.config.json',\n 'package.json',\n ],\n cwd,\n stopDir: path.parse(cwd).root,\n packageKey: 'dotsec',\n });\n\n if (configPath) {\n if (configPath.endsWith('.json')) {\n const rawData = (await loadJson(configPath)) as\n | Partial<Config>\n | { dotsec: Partial<Config> };\n\n let data: Partial<Config>;\n\n if (\n configPath.endsWith('package.json') &&\n (rawData as { dotsec: Partial<Config> }).dotsec !== undefined\n ) {\n data = (rawData as { dotsec: Partial<Config> }).dotsec;\n } else {\n data = rawData as Partial<Config>;\n }\n\n return {\n ...defaultConfig,\n ...data,\n aws: { ...defaultConfig.aws, ...data.aws },\n };\n }\n\n const config = await bundleRequire({\n filepath: configPath,\n });\n\n const retrievedConfig =\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n (config.mod.dotsec as Partial<Config>) ||\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n (config.mod.default as Partial<Config>) ||\n config.mod;\n return {\n ...defaultConfig,\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n ...retrievedConfig,\n };\n }\n\n return { ...defaultConfig };\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { constantCase } from 'constant-case';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { getConfig } from '../lib/config';\nimport { loadEncryptedSecrets } from '../lib/encryptedSecrets';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport {\n CredentialsAndOrigin,\n RegionAndOrigin,\n YargsHandlerParams,\n} from '../types';\nimport { fileExists } from '../utils/io';\nimport { getEncryptionAlgorithm } from '../utils/kms';\n\nexport const command = '$0 <command>';\nexport const desc =\n 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'sec-file': commonCliOptions.secFile,\n 'env-file': commonCliOptions.envFile,\n 'ignore-missing-env-file': commonCliOptions.ignoreMissingEnvFile,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n 'encrypted-secrets-file': commonCliOptions.encryptedSecretsFile,\n 'json-filter': commonCliOptions.jsonFilter,\n\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nconst handleSec = async ({\n secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n secFile: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const secSource = path.resolve(process.cwd(), secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n awsKeyAlias,\n );\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nconst handleEncryptedJson = async ({\n encryptedSecretsFile,\n jsonFilter,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n encryptedSecretsFile: string;\n jsonFilter?: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const encryptedSecrets = await loadEncryptedSecrets({\n encryptedSecretsFile: encryptedSecretsFile,\n });\n\n const flattened: Record<string, string> = flat.flatten(\n encryptedSecrets.encryptedParameters,\n {\n delimiter: '__',\n transformKey: (key) => {\n return constantCase(key);\n },\n },\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n awsKeyAlias,\n );\n\n const filterKey = jsonFilter\n ?.split('.')\n .map((part) => constantCase(part))\n .join('__');\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(flattened)\n .filter(([key]) => {\n if (filterKey) {\n return key.indexOf(filterKey) === 0;\n }\n return true;\n })\n .map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const config = await getConfig();\n\n try {\n let env: Record<string, string> | undefined;\n let awsEnv: Record<string, string> | undefined;\n\n try {\n if (argv.envFile) {\n env = parse(\n fs.readFileSync(argv.envFile, { encoding: 'utf8' }),\n );\n\n if (\n argv.awsAssumeRoleArn ||\n process.env.AWS_ASSUME_ROLE_ARN ||\n env?.AWS_ASSUME_ROLE_ARN\n ) {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: {\n ...argv,\n awsRegion: config.aws.region || argv.awsRegion,\n awsProfile:\n config.aws.profile || argv.awsProfile,\n awsAssumeRoleArn:\n config.aws.assumeRoleArn ||\n argv.awsAssumeRoleArn,\n awsAssumeRoleSessionDuration:\n config.aws.assumeRoleSessionDuration ||\n argv.awsAssumeRoleSessionDuration,\n },\n env: { ...process.env },\n });\n\n awsEnv = {\n AWS_ACCESS_KEY_ID:\n credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n };\n\n if (credentialsAndOrigin.value.sessionToken) {\n awsEnv.AWS_SESSION_TOKEN =\n credentialsAndOrigin.value.sessionToken;\n }\n // this means we have\n }\n } else {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: {\n ...argv,\n awsRegion: config.aws.region || argv.awsRegion,\n awsProfile: config.aws.profile || argv.awsProfile,\n awsAssumeRoleArn:\n config.aws.assumeRoleArn ||\n argv.awsAssumeRoleArn,\n awsAssumeRoleSessionDuration:\n config.aws.assumeRoleSessionDuration ||\n argv.awsAssumeRoleSessionDuration,\n },\n env: { ...process.env },\n });\n\n if (\n (argv.awsAssumeRoleArn ||\n process.env.AWS_ASSUME_ROLE_ARN ||\n env?.AWS_ASSUME_ROLE_ARN) &&\n credentialsAndOrigin.value.sessionToken !== undefined\n ) {\n awsEnv = {\n AWS_ACCESS_KEY_ID:\n credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n AWS_SESSION_TOKEN:\n credentialsAndOrigin.value.sessionToken,\n };\n // this means we have\n }\n if (argv.verbose) {\n console.log({ credentialsAndOrigin, regionAndOrigin });\n }\n const awsKeyAlias = argv.awsKeyAlias || config.aws.keyAlias;\n\n if (argv.encryptedSecretsFile) {\n env = await handleEncryptedJson({\n encryptedSecretsFile: argv.encryptedSecretsFile,\n jsonFilter: argv.jsonFilter,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n });\n // // load that file\n // const encryptedSecrets = await loadEncryptedSecrets({\n // encryptedSecretsFile: argv.encryptedSecretsFile,\n // });\n\n // const flattened = flat.flatten(encryptedSecrets, {\n // delimiter: '__',\n // transformKey: (key) => {\n // return constantCase(key);\n // },\n // });\n\n // console.log('flattened', flattened);\n\n // const unflattend = flat.unflatten(flattened, {\n // delimiter: '__',\n // transformKey: (key) => {\n // return camelCase(key);\n // },\n // });\n\n // console.log(JSON.stringify(unflattend, null, 4));\n } else {\n env = await handleSec({\n secFile: argv.secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n });\n }\n }\n } catch (e) {\n if (argv.ignoreMissingEnvFile !== true) {\n throw e;\n }\n }\n\n //\n const userCommandArgs = process.argv.slice(\n process.argv.indexOf(argv.command) + 1,\n );\n\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...awsEnv, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import fs from 'fs';\nimport path from 'path';\n\nimport { redBright } from 'chalk';\n\nimport { EncryptedSecrets } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const loadEncryptedSecrets = async ({\n encryptedSecretsFile,\n}: {\n encryptedSecretsFile: string;\n}) => {\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n throw new Error(`Could not open ${redBright(encryptedSecretsPath)}`);\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n if (!encryptedSecrets) {\n throw new Error(\n `No encrypted secrets found in ${redBright(encryptedSecretsPath)}`,\n );\n }\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n return encryptedSecrets;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getEncryptionAlgorithm, getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'env-file': { ...commonCliOptions.envFile, default: '.env' },\n 'sec-file': commonCliOptions.secFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(\n fs.readFileSync(envSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n argv.awsKeyAlias,\n );\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key,\n value,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(`Encrypting key ${bold(key)} ${underline('ok')}`);\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { getConfig } from '../lib/config';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getEncryptionAlgorithm, getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-secrets-json';\nexport const desc = 'Encrypts an unencrypted file';\n\nexport const builder = {\n 'secrets-file': {\n string: true,\n describe: 'filename of json file reading secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const config = await getConfig();\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: {\n ...argv,\n awsRegion: config.aws.region || argv.awsRegion,\n awsProfile: config.aws.profile || argv.awsProfile,\n awsAssumeRoleArn:\n config.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n awsAssumeRoleSessionDuration:\n config.aws.assumeRoleSessionDuration ||\n argv.awsAssumeRoleSessionDuration,\n },\n env: { ...process.env },\n });\n\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n if (!(await fileExists(secretsPath))) {\n error(`Could not open ${redBright(secretsPath)}`);\n return;\n }\n const secrets = JSON.parse(\n fs.readFileSync(secretsPath, { encoding: 'utf8' }),\n ) as Secrets;\n\n if (!secrets.parameters) {\n throw new Error(`Expected 'parameters' property, but got none`);\n }\n\n const flatParameters: Record<string, unknown> = flat(\n secrets.parameters,\n { delimiter: '/', maxDepth: config.maxDepth },\n );\n\n if (argv.verbose) {\n info(flatParameters);\n }\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const awsKeyAlias = argv.awsKeyAlias || config.aws.keyAlias;\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n info('keyMetaData', { ...describeKeyResult.KeyMetadata });\n }\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n awsKeyAlias,\n );\n const encryptedFlatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatParameters).map(\n async ([parameterName, parameter]) => {\n // copy paramter to let\n let parameterCopy = parameter;\n // check if parameter is string, number or boolean, if not, encode to json\n if (\n typeof parameter !== 'string' &&\n typeof parameter !== 'number' &&\n typeof parameter !== 'boolean'\n ) {\n parameterCopy = JSON.stringify(parameter);\n }\n const encryptCommand = new EncryptCommand({\n KeyId: awsKeyAlias,\n Plaintext: Buffer.from(String(parameterCopy)),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n value: parameter,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return [parameterName, cipherText];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const encryptedParameters: EncryptedSecrets['encryptedParameters'] =\n flat.unflatten(encryptedFlatParameters, { delimiter: '/' });\n const encryptedSecrets: EncryptedSecrets = {\n config: secrets.config,\n encryptedParameters,\n };\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: encryptedSecretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(\n encryptedSecretsPath,\n JSON.stringify(encryptedSecrets, null, 4),\n );\n }\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DecryptCommand } from '@aws-sdk/client-kms';\nimport { ParameterType, PutParameterCommand } from '@aws-sdk/client-ssm';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { getConfig } from '../lib/config';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getEncryptionAlgorithm, getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nimport { getSSMClient } from '../utils/ssm';\nexport const command = 'offload-secrets-json-to-ssm';\nexport const desc =\n 'Sends decrypted values of secrets.encrypted.json file to SSM parameter store';\n\nexport const builder = {\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const config = await getConfig();\n\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: {\n ...argv,\n awsRegion: config.aws.region || argv.awsRegion,\n awsProfile: config.aws.profile || argv.awsProfile,\n awsAssumeRoleArn:\n config.aws.assumeRoleArn || argv.awsAssumeRoleArn,\n awsAssumeRoleSessionDuration:\n config.aws.assumeRoleSessionDuration ||\n argv.awsAssumeRoleSessionDuration,\n },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const awsKeyAlias = argv.awsKeyAlias || config.aws.keyAlias;\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n }\n\n const encryptionAlgorithm = await getEncryptionAlgorithm(\n kmsClient,\n awsKeyAlias,\n );\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: encryptionAlgorithm,\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n // create ssm client\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n await Promise.all(\n Object.entries(flatParameters).map(([parameterName, value]) => {\n let type: ParameterType = ParameterType.STRING;\n const secureStrings = config.aws?.secureStrings?.pathMatches;\n if (secureStrings && Array.isArray(secureStrings)) {\n // if parameterName regex matches any of the secureStrings, set type to SecureString\n secureStrings.forEach((secureString) => {\n if (parameterName.match(secureString)) {\n type = ParameterType.SECURE_STRING;\n }\n });\n }\n const putParameterCommand = new PutParameterCommand({\n Name: `/${parameterName}`,\n Value: value,\n Type: type,\n Overwrite: true,\n });\n\n return ssmClient.send(putParameterCommand);\n }),\n );\n } catch (e) {\n error(e);\n }\n};\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;AACA;AACA;;;ACFA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACEO,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,sBAAsB;AAAA,IAClB,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,kBAAkB;AAAA,IACd,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,8BAA8B;AAAA,IAC1B,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,sBAAsB;AAAA,IAClB,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAWR,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;AC1ElB;AAAA;AAAA;AAAA;AAAA;AAKA;;;ACLA;AAEA,IAAI;AAEG,IAAM,YAAY,MAAM;AAC3B,MAAI,CAAC,SAAS;AACV,cAAU;AAAA;AAGd,SAAO;AAAA;AAKJ,IAAM,OAAO,CAAC,QAAwB,MAAM,YAAY,KAAK;AAC7D,IAAM,YAAY,CAAC,QAAwB,MAAM,WAAW,KAAK;;;ADDjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAkBE;AAlCN;AAmCI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AACnD,MAAI,KAAK,SAAS;AACd,uBAAmB;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAE9C,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,KAAK;AAAA;AAAA,MAElB,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA;AAAA,aAEtB,IAAI,aAAa;AACxB,uBAAmB;AAAA,MACf,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,mBAAmB,UAC5C,IAAI;AAAA;AAGZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,IAAI;AAAA;AAAA,MAEjB,QAAQ,gBAAgB,UAAU,mBAAmB,KACjD,IAAI;AAAA;AAAA,aAGL,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KACtD;AAAA;AAAA,aAGD,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB;AAAA,MACf,OAAO;AAAA,MACP,QAAQ,GAAG,KAAK;AAAA;AAEpB,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS;AAAA;AAAA,MAEb,QAAQ,WAAW,KAAK;AAAA;AAAA;AAIhC,MAAI,KAAK,QAAQ;AACb,sBAAkB;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAAA,aAEvC,IAAI,YAAY;AACvB,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,kBAAkB,UAC3C,IAAI;AAAA;AAAA,aAGL,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UACnD,IAAI;AAAA;AAAA,aAGL,kBAAkB;AACzB,UAAM,cACF,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7D,QAAI,aAAa;AACb,wBAAkB;AAAA,QACd,OAAO;AAAA,QACP,QAAQ,GAAG,KACP,YAAY,iBAAiB;AAAA;AAAA;AAAA;AAM7C,QAAM,cAAc,KAAK,iBAAiB,IAAI;AAC9C,MAAI,aAAa;AACb,UAAM,SAAS,KAAK,gBACd,wBACA;AACN,2BAAuB;AAAA,MACnB,OAAO,MAAM,yBAAyB;AAAA,QAClC,mBAAmB,6DAAsB;AAAA,QAEzC,QAAQ;AAAA,UACJ,iBACI,KAAK,6BACL,OAAO,IAAI,qCACX;AAAA,UACJ,SAAS;AAAA;AAAA,QAGb,cAAc;AAAA,UACV,QAAQ,mDAAiB;AAAA;AAAA;AAAA,MAGjC,QAAQ,GAAG,UAAU,KAAK,IAAI;AAAA;AAAA;AAItC,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AEhKb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAmBE;AACF,QAAM,EAAE,sBAAsB,iBAAiB,qBAC3C,MAAM,4BAA4B;AAAA,IAC9B,MAAM;AAAA,MACF,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA,MACpB,2BAA2B,KAAK;AAAA;AAAA,IAEpC,KAAK,mBACE;AAAA;AAIf,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IACJ,qCAAqC;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAKZ,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;AC7DnC;AAEO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,UAAU;AAChC,SAAO;AAAA;;;ALFJ,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,6BAA6B,IAAI,2BAA2B;AAAA,MAC9D,MAAM;AAAA,MACN,WAAW;AAAA;AAGf,UAAM,gBAAgB,MAAM,UAAU,KAAK;AAC3C,YAAQ,IAAI;AAAA,WACP,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AM7CtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;;;ACLA;AAEA;AAEO,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,KAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;AAIR,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAIE;AACF,MAAI;AAEJ,MAAK,MAAM,WAAW,aAAc,SAAS,MAAM;AAC/C,wBAAoB,MAAM,QAAQ;AAAA,MAC9B,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,MAAM;AACX,eAAO,cAAc;AAAA;AAAA;AAAA,SAG1B;AACH,wBAAoB;AAAA;AAExB,SAAO;AAAA;;;ACjCX;AAAA;AAAA;AAAA;AAMO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,UAAU;AAEhC,SAAO;AAAA;AAGJ,IAAM,yBAAyB,OAClC,WACA,gBACC;AApBL;AAsBI,QAAM,qBAAqB,IAAI,mBAAmB;AAAA,IAC9C,OAAO;AAAA;AAGX,QAAM,oBAAoB,MAAM,UAAU,KAAK;AAC/C,QAAM,sBACF,8BAAkB,gBAAlB,mBAA+B,yBAA/B,mBAAsD;AAE1D,MAAI,wBAAwB,QAAW;AACnC,UAAM,IAAI,MAAM;AAAA;AAGpB,SAAO;AAAA;;;AFrBJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,mBAAmB,iBAAiB;AAAA,EACpC,YAAY,iCAAK,iBAAiB,UAAtB,EAA+B,SAAS;AAAA,EACpD,YAAY,iBAAiB;AAAA,EAC7B,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,KAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,UAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,MACd,GAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,IAAI,WAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,sBAAsB,MAAM,uBAC9B,WACA,KAAK;AAGT,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAIZ,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,KAAK;AAAA;AAGrB,OAAG,cACC,KAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAC5C,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAE1D,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AGrFtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;;;ACLA;AACA;AAEA;AACA;AAyBO,IAAM,gBAAwB;AAAA,EACjC,KAAK;AAAA,IACD,UAAU;AAAA;AAAA;AAIlB,oBAAoB,MAAc;AAC9B,MAAI;AAEA,WAAO,IAAI,SAAS,YAAY,KAAK;AAAA,UACvC;AAGE,WAAO;AAAA;AAAA;AAIf,IAAM,WAAW,OAAO,aAAqB;AACzC,MAAI;AAEA,WAAO,WAAW,MAAM,IAAG,SAAS,SAAS,UAAU;AAAA,WAClD,OAAP;AACE,QAAI,iBAAiB,OAAO;AACxB,YAAM,IAAI,MACN,mBAAmB,MAAK,SAAS,QAAQ,OAAO,cAC5C,MAAM;AAAA,WAGX;AACH,YAAM;AAAA;AAAA;AAAA;AAKX,IAAM,YAAY,YAA6B;AAClD,QAAM,MAAM,QAAQ;AACpB,QAAM,eAAe,IAAI;AACzB,QAAM,aAAa,MAAM,aAAa,QAAQ;AAAA,IAC1C,OAAO;AAAA,MACH;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA;AAAA,IAEJ;AAAA,IACA,SAAS,MAAK,MAAM,KAAK;AAAA,IACzB,YAAY;AAAA;AAGhB,MAAI,YAAY;AACZ,QAAI,WAAW,SAAS,UAAU;AAC9B,YAAM,UAAW,MAAM,SAAS;AAIhC,UAAI;AAEJ,UACI,WAAW,SAAS,mBACnB,QAAwC,WAAW,QACtD;AACE,eAAQ,QAAwC;AAAA,aAC7C;AACH,eAAO;AAAA;AAGX,aAAO,gDACA,gBACA,OAFA;AAAA,QAGH,KAAK,kCAAK,cAAc,MAAQ,KAAK;AAAA;AAAA;AAI7C,UAAM,SAAS,MAAM,cAAc;AAAA,MAC/B,UAAU;AAAA;AAGd,UAAM,kBAED,OAAO,IAAI,UAEX,OAAO,IAAI,WACZ,OAAO;AACX,WAAO,kCACA,gBAEA;AAAA;AAIX,SAAO,mBAAK;AAAA;;;AD3GT,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B,iCACnB,iBAAiB,uBADE;AAAA,IAEtB,SAAS;AAAA;AAAA,EAEb,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,QAAM,SAAS,MAAM;AAErB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,iCACC,OADD;AAAA,QAEF,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,QACrC,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,QACvC,kBACI,OAAO,IAAI,iBAAiB,KAAK;AAAA,QACrC,8BACI,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,MAEb,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,KACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,cAAc,KAAK,eAAe,OAAO,IAAI;AAEnD,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,mBAAmB,KAClD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO;AAAA;AAGX,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,WAAK,eAAe,mBAAK,kBAAkB;AAAA;AAG/C,UAAM,sBAAsB,MAAM,uBAC9B,WACA;AAGJ,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,YAAY,OAAO,KACrB,iBAAiB,WACnB;AACF,UAAI;AAEA,cAAM,aAAa,KAAK,MAAM;AAI9B,eAAO,CAAC,eAAe;AAAA,eAClB,GAAP;AACE,gBAAQ,IAAI,SAAS;AAAA;AAGzB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,aAAoC,KAAK,UAC3C,gBACA,EAAE,WAAW;AAEjB,UAAM,UAAmB;AAAA,MACrB,QAAQ,iBAAiB;AAAA,MACzB;AAAA;AAEJ,UAAM,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,UAAG,cAAc,aAAa,KAAK,UAAU,SAAS,MAAM;AAAA;AAAA,WAE3D,GAAP;AACE,UAAM;AAAA;AAAA;;;AElMd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AACA;AACA;AACA;;;ACRA;AACA;AAEA;AAKO,IAAM,uBAAuB,OAAO;AAAA,EACvC;AAAA,MAGE;AACF,QAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR;AAEJ,MAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,UAAM,IAAI,MAAM,kBAAkB,WAAU;AAAA;AAEhD,QAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAEtD,MAAI,CAAC,kBAAkB;AACnB,UAAM,IAAI,MACN,iCAAiC,WAAU;AAAA;AAGnD,MAAI,CAAC,iBAAiB,qBAAqB;AACvC,UAAM,IAAI,MACN;AAAA;AAIR,SAAO;AAAA;;;ADZJ,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,2BAA2B,iBAAiB;AAAA,EAC5C,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,0BAA0B,iBAAiB;AAAA,EAC3C,eAAe,iBAAiB;AAAA,EAEhC,SAAS,iBAAiB;AAAA,EAE1B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGvC,IAAM,YAAY,OAAO;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAME;AACF,QAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO;AAC9C,MAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAQ,MAAM,kBAAkB,WAAU;AAC1C;AAAA;AAEJ,QAAM,YAAY,OAAM,IAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,QAAM,YAAY,IAAI,WAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,sBAAsB,MAAM,uBAC9B,WACA;AAGJ,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,UAAM,iBAAiB,IAAI,gBAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGrB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEX,IAAM,sBAAsB,OAAO;AAAA,EAC/B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAOE;AACF,QAAM,mBAAmB,MAAM,qBAAqB;AAAA,IAChD;AAAA;AAGJ,QAAM,YAAoC,MAAK,QAC3C,iBAAiB,qBACjB;AAAA,IACI,WAAW;AAAA,IACX,cAAc,CAAC,QAAQ;AACnB,aAAO,aAAa;AAAA;AAAA;AAKhC,QAAM,YAAY,IAAI,WAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,sBAAsB,MAAM,uBAC9B,WACA;AAGJ,QAAM,YAAY,yCACZ,MAAM,KACP,IAAI,CAAC,SAAS,aAAa,OAC3B,KAAK;AACV,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WACV,OAAO,CAAC,CAAC,SAAS;AACf,QAAI,WAAW;AACX,aAAO,IAAI,QAAQ,eAAe;AAAA;AAEtC,WAAO;AAAA,KAEV,IAAI,OAAO,CAAC,KAAK,gBAAgB;AAC9B,UAAM,iBAAiB,IAAI,gBAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,WAAO,CAAC,KAAK;AAAA;AAGzB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEJ,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,SAAS,MAAM;AAErB,MAAI;AACA,QAAI;AACJ,QAAI;AAEJ,QAAI;AACA,UAAI,KAAK,SAAS;AACd,cAAM,OACF,IAAG,aAAa,KAAK,SAAS,EAAE,UAAU;AAG9C,YACI,KAAK,oBACL,QAAQ,IAAI,uBACZ,4BAAK,sBACP;AACE,gBAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,YAC7B,MAAM,iCACC,OADD;AAAA,cAEF,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,cACrC,YACI,OAAO,IAAI,WAAW,KAAK;AAAA,cAC/B,kBACI,OAAO,IAAI,iBACX,KAAK;AAAA,cACT,8BACI,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,YAEb,KAAK,mBAAK,QAAQ;AAAA;AAG1B,mBAAS;AAAA,YACL,mBACI,qBAAqB,MAAM;AAAA,YAC/B,uBACI,qBAAqB,MAAM;AAAA;AAGnC,cAAI,qBAAqB,MAAM,cAAc;AACzC,mBAAO,oBACH,qBAAqB,MAAM;AAAA;AAAA;AAAA,aAIpC;AACH,cAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,UAC7B,MAAM,iCACC,OADD;AAAA,YAEF,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,YACrC,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,YACvC,kBACI,OAAO,IAAI,iBACX,KAAK;AAAA,YACT,8BACI,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,UAEb,KAAK,mBAAK,QAAQ;AAAA;AAG1B,YACK,MAAK,oBACF,QAAQ,IAAI,uBACZ,4BAAK,yBACT,qBAAqB,MAAM,iBAAiB,QAC9C;AACE,mBAAS;AAAA,YACL,mBACI,qBAAqB,MAAM;AAAA,YAC/B,uBACI,qBAAqB,MAAM;AAAA,YAC/B,mBACI,qBAAqB,MAAM;AAAA;AAAA;AAIvC,YAAI,KAAK,SAAS;AACd,kBAAQ,IAAI,EAAE,sBAAsB;AAAA;AAExC,cAAM,cAAc,KAAK,eAAe,OAAO,IAAI;AAEnD,YAAI,KAAK,sBAAsB;AAC3B,gBAAM,MAAM,oBAAoB;AAAA,YAC5B,sBAAsB,KAAK;AAAA,YAC3B,YAAY,KAAK;AAAA,YACjB;AAAA,YACA;AAAA,YACA;AAAA;AAAA,eAwBD;AACH,gBAAM,MAAM,UAAU;AAAA,YAClB,SAAS,KAAK;AAAA,YACd;AAAA,YACA;AAAA,YACA;AAAA;AAAA;AAAA;AAAA,aAIP,GAAP;AACE,UAAI,KAAK,yBAAyB,MAAM;AACpC,cAAM;AAAA;AAAA;AAKd,UAAM,kBAAkB,QAAQ,KAAK,MACjC,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAGzC,QAAI,KAAK,SAAS;AACd,YAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,iDAAK,QAAQ,MAAQ,SAAW;AAAA;AAAA;AAAA,WAGxC,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AEhUtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AAQO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iCAAK,iBAAiB,UAAtB,EAA+B,SAAS;AAAA,EACpD,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,YAAY,OACd,IAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,sBAAsB,MAAM,uBAC9B,WACA,KAAK;AAGT,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aAAK,kBAAkB,KAAK,QAAQ,UAAU;AAAA;AAGlD,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAEP,QAAG,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,UAAM;AAAA;AAAA;;;ACnHd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AASO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,SAAS,MAAM;AACrB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,iCACC,OADD;AAAA,QAEF,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,QACrC,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,QACvC,kBACI,OAAO,IAAI,iBAAiB,KAAK;AAAA,QACrC,8BACI,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,MAEb,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,QAAI,CAAE,MAAM,WAAW,cAAe;AAClC,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,UAAU,KAAK,MACjB,IAAG,aAAa,aAAa,EAAE,UAAU;AAG7C,QAAI,CAAC,QAAQ,YAAY;AACrB,YAAM,IAAI,MAAM;AAAA;AAGpB,UAAM,iBAA0C,MAC5C,QAAQ,YACR,EAAE,WAAW,KAAK,UAAU,OAAO;AAGvC,QAAI,KAAK,SAAS;AACd,WAAK;AAAA;AAET,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,cAAc,KAAK,eAAe,OAAO,IAAI;AAEnD,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,mBAAmB,KAClD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO;AAAA;AAGX,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,WAAK,eAAe,mBAAK,kBAAkB;AAAA;AAG/C,UAAM,sBAAsB,MAAM,uBAC9B,WACA;AAEJ,UAAM,0BAA0B,OAAO,YACnC,MAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAC3B,OAAO,CAAC,eAAe,eAAe;AAElC,UAAI,gBAAgB;AAEpB,UACI,OAAO,cAAc,YACrB,OAAO,cAAc,YACrB,OAAO,cAAc,WACvB;AACE,wBAAgB,KAAK,UAAU;AAAA;AAEnC,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO;AAAA,QACP,WAAW,OAAO,KAAK,OAAO;AAAA,QAC9B,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,OAAO;AAAA,UACP;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,sBACF,MAAK,UAAU,yBAAyB,EAAE,WAAW;AACzD,UAAM,mBAAqC;AAAA,MACvC,QAAQ,QAAQ;AAAA,MAChB;AAAA;AAGJ,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,UAAG,cACC,sBACA,KAAK,UAAU,kBAAkB,MAAM;AAAA;AAAA,WAG1C,GAAP;AACE,UAAM;AAAA;AAAA;;;AC7Ld;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AACA;AAUO,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,SAAS,MAAM;AAErB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,iCACC,OADD;AAAA,QAEF,WAAW,OAAO,IAAI,UAAU,KAAK;AAAA,QACrC,YAAY,OAAO,IAAI,WAAW,KAAK;AAAA,QACvC,kBACI,OAAO,IAAI,iBAAiB,KAAK;AAAA,QACrC,8BACI,OAAO,IAAI,6BACX,KAAK;AAAA;AAAA,MAEb,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,MACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,cAAc,KAAK,eAAe,OAAO,IAAI;AAEnD,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,mBAAmB,KAClD,MAAM,UAAU,OAAO;AAAA;AAKnC,UAAM,sBAAsB,MAAM,uBAC9B,WACA;AAGJ,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAOvC,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAAI,CAAC,CAAC,eAAe,WAAW;AA9J3E;AA+JgB,UAAI,OAAsB,cAAc;AACxC,YAAM,gBAAgB,mBAAO,QAAP,mBAAY,kBAAZ,mBAA2B;AACjD,UAAI,iBAAiB,MAAM,QAAQ,gBAAgB;AAE/C,sBAAc,QAAQ,CAAC,iBAAiB;AACpC,cAAI,cAAc,MAAM,eAAe;AACnC,mBAAO,cAAc;AAAA;AAAA;AAAA;AAIjC,YAAM,sBAAsB,IAAI,oBAAoB;AAAA,QAChD,MAAM,IAAI;AAAA,QACV,OAAO;AAAA,QACP,MAAM;AAAA,QACN,WAAW;AAAA;AAGf,aAAO,UAAU,KAAK;AAAA;AAAA,WAGzB,GAAP;AACE,UAAM;AAAA;AAAA;;;AhBtKd,KAAK,MAAM,QAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,6BACR,QAAQ,sBACR,QAAQ,2BACR,QAAQ,2BACR,QAAQ,4BACR,QAAQ,4BAGR;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
package/dist/esm/index.js.map
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../src/lib/config.ts", "../../src/index.ts"],
|
|
4
|
-
"sourcesContent": ["import fs from 'fs';\nimport path from 'node:path';\n\nimport { bundleRequire } from 'bundle-require';\nimport JoyCon from 'joycon';\n\nexport type Config = {\n /**\n * defines the object depth from the root of the object, children past this depth will be serialized as JSON\n *\n * ```json\n * { a: { b: { c: 3 } } }\n * ```\n * with a maxDepth of 1 will result in { a: \"{ \"b\": { \"c\": 3 }\" } }\n */\n maxDepth?: number;\n aws: {\n keyAlias: string;\n region?: string;\n profile?: string;\n assumeRoleArn?: string;\n assumeRoleSessionDuration?: number;\n };\n};\nexport type PartialConfig = Partial<Config>;\n\nexport const defaultConfig: Config = {\n aws: {\n keyAlias: 'alias/top-secret',\n },\n} as const;\n\nfunction jsoncParse(data: string) {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return, @typescript-eslint/no-implied-eval\n return new Function('return ' + data.trim())();\n } catch {\n // Silently ignore any error\n // That's what tsc/jsonc-parser did after all\n return {};\n }\n}\n\nconst loadJson = async (filepath: string) => {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return\n return jsoncParse(await fs.promises.readFile(filepath, 'utf8'));\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(\n `Failed to parse ${path.relative(process.cwd(), filepath)}: ${\n error.message\n }`,\n );\n } else {\n throw error;\n }\n }\n};\n\nexport const getConfig = async (): Promise<Config> => {\n const cwd = process.cwd();\n const configJoycon = new JoyCon();\n const configPath = await configJoycon.resolve({\n files: [\n 'dotsec.config.ts',\n 'dotsec.config.js',\n 'dotsec.config.cjs',\n 'dotsec.config.mjs',\n 'dotsec.config.json',\n 'package.json',\n ],\n cwd,\n stopDir: path.parse(cwd).root,\n packageKey: 'dotsec',\n });\n\n if (configPath) {\n if (configPath.endsWith('.json')) {\n const rawData = (await loadJson(configPath)) as\n | Partial<Config>\n | { dotsec: Partial<Config> };\n\n let data: Partial<Config>;\n\n if (\n configPath.endsWith('package.json') &&\n (rawData as { dotsec: Partial<Config> }).dotsec !== undefined\n ) {\n data = (rawData as { dotsec: Partial<Config> }).dotsec;\n } else {\n data = rawData as Partial<Config>;\n }\n\n return {\n ...defaultConfig,\n ...data,\n aws: { ...defaultConfig.aws, ...data.aws },\n };\n }\n\n const config = await bundleRequire({\n filepath: configPath,\n });\n\n const retrievedConfig =\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n (config.mod.dotsec as Partial<Config>) ||\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n (config.mod.default as Partial<Config>) ||\n config.mod;\n return {\n ...defaultConfig,\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n ...retrievedConfig,\n };\n }\n\n return { ...defaultConfig };\n};\n", "export default () => {};\nexport { Config, PartialConfig } from './lib/config';\n"],
|
|
4
|
+
"sourcesContent": ["import fs from 'fs';\nimport path from 'node:path';\n\nimport { bundleRequire } from 'bundle-require';\nimport JoyCon from 'joycon';\n\nexport type Config = {\n /**\n * defines the object depth from the root of the object, children past this depth will be serialized as JSON\n *\n * ```json\n * { a: { b: { c: 3 } } }\n * ```\n * with a maxDepth of 1 will result in { a: \"{ \"b\": { \"c\": 3 }\" } }\n */\n maxDepth?: number;\n aws: {\n keyAlias: string;\n region?: string;\n profile?: string;\n assumeRoleArn?: string;\n assumeRoleSessionDuration?: number;\n secureStrings?: {\n pathMatches: string[];\n };\n };\n};\nexport type PartialConfig = Partial<Config>;\n\nexport const defaultConfig: Config = {\n aws: {\n keyAlias: 'alias/top-secret',\n },\n} as const;\n\nfunction jsoncParse(data: string) {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return, @typescript-eslint/no-implied-eval\n return new Function('return ' + data.trim())();\n } catch {\n // Silently ignore any error\n // That's what tsc/jsonc-parser did after all\n return {};\n }\n}\n\nconst loadJson = async (filepath: string) => {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return\n return jsoncParse(await fs.promises.readFile(filepath, 'utf8'));\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(\n `Failed to parse ${path.relative(process.cwd(), filepath)}: ${\n error.message\n }`,\n );\n } else {\n throw error;\n }\n }\n};\n\nexport const getConfig = async (): Promise<Config> => {\n const cwd = process.cwd();\n const configJoycon = new JoyCon();\n const configPath = await configJoycon.resolve({\n files: [\n 'dotsec.config.ts',\n 'dotsec.config.js',\n 'dotsec.config.cjs',\n 'dotsec.config.mjs',\n 'dotsec.config.json',\n 'package.json',\n ],\n cwd,\n stopDir: path.parse(cwd).root,\n packageKey: 'dotsec',\n });\n\n if (configPath) {\n if (configPath.endsWith('.json')) {\n const rawData = (await loadJson(configPath)) as\n | Partial<Config>\n | { dotsec: Partial<Config> };\n\n let data: Partial<Config>;\n\n if (\n configPath.endsWith('package.json') &&\n (rawData as { dotsec: Partial<Config> }).dotsec !== undefined\n ) {\n data = (rawData as { dotsec: Partial<Config> }).dotsec;\n } else {\n data = rawData as Partial<Config>;\n }\n\n return {\n ...defaultConfig,\n ...data,\n aws: { ...defaultConfig.aws, ...data.aws },\n };\n }\n\n const config = await bundleRequire({\n filepath: configPath,\n });\n\n const retrievedConfig =\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n (config.mod.dotsec as Partial<Config>) ||\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n (config.mod.default as Partial<Config>) ||\n config.mod;\n return {\n ...defaultConfig,\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n ...retrievedConfig,\n };\n }\n\n return { ...defaultConfig };\n};\n", "export default () => {};\nexport { Config, PartialConfig } from './lib/config';\n"],
|
|
5
5
|
"mappings": ";AAAA;AACA;AAEA;AACA;;;ACJA,IAAO,cAAQ,MAAM;AAAA;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
package/dist/index.d.ts
CHANGED
package/dist/index.js.map
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../src/index.ts", "../src/lib/config.ts"],
|
|
4
|
-
"sourcesContent": ["export default () => {};\nexport { Config, PartialConfig } from './lib/config';\n", "import fs from 'fs';\nimport path from 'node:path';\n\nimport { bundleRequire } from 'bundle-require';\nimport JoyCon from 'joycon';\n\nexport type Config = {\n /**\n * defines the object depth from the root of the object, children past this depth will be serialized as JSON\n *\n * ```json\n * { a: { b: { c: 3 } } }\n * ```\n * with a maxDepth of 1 will result in { a: \"{ \"b\": { \"c\": 3 }\" } }\n */\n maxDepth?: number;\n aws: {\n keyAlias: string;\n region?: string;\n profile?: string;\n assumeRoleArn?: string;\n assumeRoleSessionDuration?: number;\n };\n};\nexport type PartialConfig = Partial<Config>;\n\nexport const defaultConfig: Config = {\n aws: {\n keyAlias: 'alias/top-secret',\n },\n} as const;\n\nfunction jsoncParse(data: string) {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return, @typescript-eslint/no-implied-eval\n return new Function('return ' + data.trim())();\n } catch {\n // Silently ignore any error\n // That's what tsc/jsonc-parser did after all\n return {};\n }\n}\n\nconst loadJson = async (filepath: string) => {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return\n return jsoncParse(await fs.promises.readFile(filepath, 'utf8'));\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(\n `Failed to parse ${path.relative(process.cwd(), filepath)}: ${\n error.message\n }`,\n );\n } else {\n throw error;\n }\n }\n};\n\nexport const getConfig = async (): Promise<Config> => {\n const cwd = process.cwd();\n const configJoycon = new JoyCon();\n const configPath = await configJoycon.resolve({\n files: [\n 'dotsec.config.ts',\n 'dotsec.config.js',\n 'dotsec.config.cjs',\n 'dotsec.config.mjs',\n 'dotsec.config.json',\n 'package.json',\n ],\n cwd,\n stopDir: path.parse(cwd).root,\n packageKey: 'dotsec',\n });\n\n if (configPath) {\n if (configPath.endsWith('.json')) {\n const rawData = (await loadJson(configPath)) as\n | Partial<Config>\n | { dotsec: Partial<Config> };\n\n let data: Partial<Config>;\n\n if (\n configPath.endsWith('package.json') &&\n (rawData as { dotsec: Partial<Config> }).dotsec !== undefined\n ) {\n data = (rawData as { dotsec: Partial<Config> }).dotsec;\n } else {\n data = rawData as Partial<Config>;\n }\n\n return {\n ...defaultConfig,\n ...data,\n aws: { ...defaultConfig.aws, ...data.aws },\n };\n }\n\n const config = await bundleRequire({\n filepath: configPath,\n });\n\n const retrievedConfig =\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n (config.mod.dotsec as Partial<Config>) ||\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n (config.mod.default as Partial<Config>) ||\n config.mod;\n return {\n ...defaultConfig,\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n ...retrievedConfig,\n };\n }\n\n return { ...defaultConfig };\n};\n"],
|
|
4
|
+
"sourcesContent": ["export default () => {};\nexport { Config, PartialConfig } from './lib/config';\n", "import fs from 'fs';\nimport path from 'node:path';\n\nimport { bundleRequire } from 'bundle-require';\nimport JoyCon from 'joycon';\n\nexport type Config = {\n /**\n * defines the object depth from the root of the object, children past this depth will be serialized as JSON\n *\n * ```json\n * { a: { b: { c: 3 } } }\n * ```\n * with a maxDepth of 1 will result in { a: \"{ \"b\": { \"c\": 3 }\" } }\n */\n maxDepth?: number;\n aws: {\n keyAlias: string;\n region?: string;\n profile?: string;\n assumeRoleArn?: string;\n assumeRoleSessionDuration?: number;\n secureStrings?: {\n pathMatches: string[];\n };\n };\n};\nexport type PartialConfig = Partial<Config>;\n\nexport const defaultConfig: Config = {\n aws: {\n keyAlias: 'alias/top-secret',\n },\n} as const;\n\nfunction jsoncParse(data: string) {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return, @typescript-eslint/no-implied-eval\n return new Function('return ' + data.trim())();\n } catch {\n // Silently ignore any error\n // That's what tsc/jsonc-parser did after all\n return {};\n }\n}\n\nconst loadJson = async (filepath: string) => {\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-return\n return jsoncParse(await fs.promises.readFile(filepath, 'utf8'));\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(\n `Failed to parse ${path.relative(process.cwd(), filepath)}: ${\n error.message\n }`,\n );\n } else {\n throw error;\n }\n }\n};\n\nexport const getConfig = async (): Promise<Config> => {\n const cwd = process.cwd();\n const configJoycon = new JoyCon();\n const configPath = await configJoycon.resolve({\n files: [\n 'dotsec.config.ts',\n 'dotsec.config.js',\n 'dotsec.config.cjs',\n 'dotsec.config.mjs',\n 'dotsec.config.json',\n 'package.json',\n ],\n cwd,\n stopDir: path.parse(cwd).root,\n packageKey: 'dotsec',\n });\n\n if (configPath) {\n if (configPath.endsWith('.json')) {\n const rawData = (await loadJson(configPath)) as\n | Partial<Config>\n | { dotsec: Partial<Config> };\n\n let data: Partial<Config>;\n\n if (\n configPath.endsWith('package.json') &&\n (rawData as { dotsec: Partial<Config> }).dotsec !== undefined\n ) {\n data = (rawData as { dotsec: Partial<Config> }).dotsec;\n } else {\n data = rawData as Partial<Config>;\n }\n\n return {\n ...defaultConfig,\n ...data,\n aws: { ...defaultConfig.aws, ...data.aws },\n };\n }\n\n const config = await bundleRequire({\n filepath: configPath,\n });\n\n const retrievedConfig =\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n (config.mod.dotsec as Partial<Config>) ||\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n (config.mod.default as Partial<Config>) ||\n config.mod;\n return {\n ...defaultConfig,\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n ...retrievedConfig,\n };\n }\n\n return { ...defaultConfig };\n};\n"],
|
|
5
5
|
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;;;ACAA,gBAAe;AACf,uBAAiB;AAEjB,4BAA8B;AAC9B,oBAAmB;;;ADJnB,IAAO,cAAQ,MAAM;AAAA;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "dotsec",
|
|
3
|
-
"version": "0.10.1-alpha.
|
|
3
|
+
"version": "0.10.1-alpha.3",
|
|
4
4
|
"description": "",
|
|
5
5
|
"main": "./dist/index.js",
|
|
6
6
|
"types": "./dist/index.d.ts",
|
|
@@ -65,5 +65,5 @@
|
|
|
65
65
|
"prompts": "^2.4.2",
|
|
66
66
|
"yargs": "^17.4.0"
|
|
67
67
|
},
|
|
68
|
-
"gitHead": "
|
|
68
|
+
"gitHead": "cbf38c90724d4aff82241518126ce050c227403a"
|
|
69
69
|
}
|