dotsec 0.4.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/README.md +30 -0
  2. package/dist/cli.js +26 -12
  3. package/dist/cli.js.map +2 -2
  4. package/dist/esm/cli.js +26 -12
  5. package/dist/esm/cli.js.map +2 -2
  6. package/package.json +2 -2
package/README.md CHANGED
@@ -10,6 +10,36 @@ Secure dot env. Encrypts your .env so you can safely store it in your project.
10
10
  npx dotsec --env-file .env {command}
11
11
  ```
12
12
 
13
+ This command also supports injecting AWS assumed role credentials into the process environment.
14
+
15
+ You can specify the ARN of the role to assume in three ways:
16
+
17
+ - By adding the `--aws-assume-role-arn` flag
18
+ - By setting the `AWS_ASSUME_ROLE_ARN` environment variable
19
+ - By adding the `AWS_ASSUME_ROLE_ARN` environment variable to your target `.env` file
20
+
21
+ #### By adding the `--aws-assume-role-arn` flag
22
+
23
+ ```sh
24
+ npx dotsec --env-file .env --aws-assume-role-arn arn:aws:iam::123456789012:role/special-role {command}
25
+ ```
26
+
27
+ #### By setting the `AWS_ASSUME_ROLE_ARN` environment variable
28
+
29
+ ```sh
30
+ AWS_ASSUME_ROLE_ARN=arn:aws:iam::123456789012:role/special-role npx dotsec --env-file .env {command}
31
+ ```
32
+
33
+ #### By adding the `AWS_ASSUME_ROLE_ARN` environment variable to your target `.env` file
34
+
35
+ ...
36
+ AWS_ASSUME_ROLE_ARN=arn:aws:iam::123456789012:role/special-role
37
+ ...
38
+
39
+ ```sh
40
+ npx dotsec --env-file .env {command}
41
+ ```
42
+
13
43
  #### Secure usage
14
44
 
15
45
  Create a user managed AWS KMS key, add an alias. Refer to the AWS documentation for [creating keys](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) and [managing aliases](https://docs.aws.amazon.com/kms/latest/developerguide/alias-manage.html#alias-create)
package/dist/cli.js CHANGED
@@ -1,6 +1,8 @@
1
1
  var __create = Object.create;
2
2
  var __defProp = Object.defineProperty;
3
+ var __defProps = Object.defineProperties;
3
4
  var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
+ var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
4
6
  var __getOwnPropNames = Object.getOwnPropertyNames;
5
7
  var __getOwnPropSymbols = Object.getOwnPropertySymbols;
6
8
  var __getProtoOf = Object.getPrototypeOf;
@@ -18,6 +20,7 @@ var __spreadValues = (a, b) => {
18
20
  }
19
21
  return a;
20
22
  };
23
+ var __spreadProps = (a, b) => __defProps(a, __getOwnPropDescs(b));
21
24
  var __markAsModule = (target) => __defProp(target, "__esModule", { value: true });
22
25
  var __export = (target, all) => {
23
26
  __markAsModule(target);
@@ -190,19 +193,20 @@ var getCredentialsProfileRegion = async ({
190
193
  };
191
194
  }
192
195
  }
193
- if (argv.assumeRoleArn) {
194
- console.log("assume this yo");
196
+ const assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;
197
+ if (assumedRole) {
198
+ const origin = argv.assumeRoleArn ? "command line option" : "env variable";
195
199
  credentialsAndOrigin = {
196
200
  value: await (0, import_credential_providers.fromTemporaryCredentials)({
197
201
  masterCredentials: credentialsAndOrigin == null ? void 0 : credentialsAndOrigin.value,
198
202
  params: {
199
- RoleArn: argv.assumeRoleArn
203
+ RoleArn: assumedRole
200
204
  },
201
205
  clientConfig: {
202
206
  region: regionAndOrigin == null ? void 0 : regionAndOrigin.value
203
207
  }
204
208
  })(),
205
- origin: `assume role ${bold(`[${argv.assumeRoleArn}]`)}`
209
+ origin: `${origin} ${bold(`[${assumedRole}]`)}`
206
210
  };
207
211
  }
208
212
  return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };
@@ -533,7 +537,7 @@ var builder4 = {
533
537
  "aws-key-alias": commonCliOptions.awsKeyAlias,
534
538
  "sec-file": commonCliOptions.secFile,
535
539
  "env-file": commonCliOptions.envFile,
536
- "assume-role-arn": commonCliOptions.awsAssumeRoleArn,
540
+ "aws-assume-role-arn": commonCliOptions.awsAssumeRoleArn,
537
541
  verbose: commonCliOptions.verbose,
538
542
  command: { string: true, required: true }
539
543
  };
@@ -575,18 +579,28 @@ var handleSec = async ({
575
579
  };
576
580
  var handler4 = async (argv) => {
577
581
  try {
582
+ let env;
583
+ if (argv.envFile) {
584
+ env = (0, import_dotenv2.parse)(import_node_fs3.default.readFileSync(argv.envFile, { encoding: "utf8" }));
585
+ }
586
+ let awsEnv;
578
587
  const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({
579
588
  argv: __spreadValues({}, argv),
580
- env: __spreadValues({}, process.env)
589
+ env: __spreadProps(__spreadValues({}, process.env), {
590
+ AWS_ASSUME_ROLE_ARN: process.env.AWS_ASSUME_ROLE_ARN || (env == null ? void 0 : env.AWS_ASSUME_ROLE_ARN)
591
+ })
581
592
  });
593
+ if ((argv.awsAssumeRoleArn || process.env.AWS_ASSUME_ROLE_ARN || (env == null ? void 0 : env.AWS_ASSUME_ROLE_ARN)) && credentialsAndOrigin.value.sessionToken !== void 0) {
594
+ awsEnv = {
595
+ AWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,
596
+ AWS_SECRET_ACCESS_KEY: credentialsAndOrigin.value.secretAccessKey,
597
+ AWS_SESSION_TOKEN: credentialsAndOrigin.value.sessionToken
598
+ };
599
+ }
582
600
  if (argv.verbose) {
583
601
  console.log({ credentialsAndOrigin, regionAndOrigin });
584
602
  }
585
- let env;
586
- if (argv.envFile) {
587
- console.log("OK");
588
- env = (0, import_dotenv2.parse)(import_node_fs3.default.readFileSync(argv.envFile, { encoding: "utf8" }));
589
- } else if (argv.secFile) {
603
+ if (!argv.envFile && argv.secFile) {
590
604
  env = await handleSec({
591
605
  secFile: argv.secFile,
592
606
  credentialsAndOrigin,
@@ -599,7 +613,7 @@ var handler4 = async (argv) => {
599
613
  (0, import_cross_spawn.spawn)(argv.command, [...userCommandArgs], {
600
614
  stdio: "inherit",
601
615
  shell: false,
602
- env: __spreadValues(__spreadValues({}, process.env), env)
616
+ env: __spreadValues(__spreadValues(__spreadValues({}, process.env), awsEnv), env)
603
617
  });
604
618
  }
605
619
  } catch (e) {
package/dist/cli.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../src/cli.ts", "../src/commands/debugCommand.ts", "../src/commonCliOptions.ts", "../src/utils/getCredentialsProfileRegion.ts", "../src/utils/logger.ts", "../src/lib/partial-commands/handleCredentialsAndRegion.ts", "../src/utils/ssm.ts", "../src/commands/decryptSecCommand.ts", "../src/utils/io.ts", "../src/commands/decryptSecretsJson.ts", "../src/utils/kms.ts", "../src/commands/defaultCommand.ts", "../src/commands/encryptEnvCommand.ts", "../src/commands/encryptSecretsJson.ts", "../src/commands/offloadToSSMCommand.ts"],
4
- "sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as debugCommand from './commands/debugCommand';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as decryptSecretsJson from './commands/decryptSecretsJson';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\nimport * as encryptSecretsJson from './commands/encryptSecretsJson';\nimport * as offloadToSSMCommand from './commands/offloadToSSMCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(offloadToSSMCommand)\n .command(debugCommand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n .command(encryptSecretsJson)\n .command(decryptSecretsJson)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { GetParametersByPathCommand } from '@aws-sdk/client-ssm';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { getSSMClient } from '../utils/ssm';\n\nexport const command = 'debug';\nexport const desc = 'Debugs all the things';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const getParametersByPathCommand = new GetParametersByPathCommand({\n Path: `arn:aws:ssm:eu-west-1:060014838622:parameter/dotsec/*`,\n Recursive: true,\n });\n\n const commandResult = await ssmClient.send(getParametersByPathCommand);\n console.log(commandResult);\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n default: 'alias/top-secret',\n describe: 'AWS KMS key alias',\n },\n awsKeyArn: {\n string: true,\n describe: 'AWS KMS key id',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS key arn',\n },\n\n envFile: {\n string: true,\n describe: '.env file',\n default: '.env',\n },\n\n secFile: {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n awsAssumeRoleArn: {\n string: true,\n describe: 'arn or role to assume',\n },\n\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import {\n fromEnv,\n fromIni,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport {\n CredentialsAndOrigin,\n ProfileAndOrigin,\n RegionAndOrigin,\n} from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: {\n profile?: string;\n region?: string;\n assumeRoleArn?: string;\n };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n if (argv.profile) {\n profileAndOrigin = {\n value: argv.profile,\n origin: `command line option: ${bold(argv.profile)}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: argv.profile,\n })(),\n origin: `${bold(`[${argv.profile}]`)} in credentials file`,\n };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = {\n value: env.AWS_PROFILE,\n origin: `env variable ${bold('AWS_PROFILE')}: ${underline(\n env.AWS_PROFILE,\n )}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: env.AWS_PROFILE,\n })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(\n env.AWS_PROFILE,\n )}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold(\n 'AWS_SECRET_ACCESS_KEY',\n )}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = {\n value: 'default',\n origin: `${bold('[default]')} in credentials file`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: 'default',\n })(),\n origin: `profile ${bold('[default]')}`,\n };\n }\n\n if (argv.region) {\n regionAndOrigin = {\n value: argv.region,\n origin: `command line option: ${bold(argv.region)}`,\n };\n } else if (env.AWS_REGION) {\n regionAndOrigin = {\n value: env.AWS_REGION,\n origin: `env variable ${bold('AWS_REGION')}: ${underline(\n env.AWS_REGION,\n )}`,\n };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(\n env.AWS_DEFAULT_REGION,\n )}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion =\n sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = {\n value: foundRegion,\n origin: `${bold(\n `[profile ${profileAndOrigin.value}]`,\n )} in config file`,\n };\n }\n }\n\n if (argv.assumeRoleArn) {\n console.log('assume this yo');\n credentialsAndOrigin = {\n value: await fromTemporaryCredentials({\n masterCredentials: credentialsAndOrigin?.value,\n params: {\n RoleArn: argv.assumeRoleArn,\n },\n\n clientConfig: {\n region: regionAndOrigin?.value,\n },\n })(),\n origin: `assume role ${bold(`[${argv.assumeRoleArn}]`)}`,\n };\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n _logger = console;\n }\n\n return _logger;\n};\nexport const writeLine = (str: string) => {\n process.stdout.write(str);\n};\nexport const bold = (str: string): string => chalk.greenBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\nexport const clientLogger = {\n debug(content: object) {\n console.log(content);\n },\n info(content: object) {\n console.log(content);\n },\n warn(content: object) {\n console.log(content);\n },\n error(content: object) {\n console.error(content);\n },\n};\n", "import {\n getCredentialsProfileRegion,\n printVerboseCredentialsProfileRegion,\n} from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: {\n awsRegion?: string;\n awsProfile?: string;\n verbose?: boolean;\n awsAssumeRoleArn?: string;\n };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n await getCredentialsProfileRegion({\n argv: {\n region: argv.awsRegion,\n profile: argv.awsProfile,\n assumeRoleArn: argv.awsAssumeRoleArn,\n },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(\n printVerboseCredentialsProfileRegion({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n }),\n );\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { SSMClient, SSMClientConfig } from '@aws-sdk/client-ssm';\n\nexport const getSSMClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SSMClientConfig;\n}) => {\n const ssmClient = new SSMClient(configuration);\n return ssmClient;\n};\n", "import { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(\n fs.readFileSync(secSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(\n path.resolve(process.cwd(), argv.envFile || '.env'),\n envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'),\n );\n } catch (e) {\n console.error(e);\n }\n};\n", "import { stat } from 'fs/promises';\n\nimport prompts from 'prompts';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n\nexport const promptOverwriteIfFileExists = async ({\n filePath,\n skip,\n}: {\n filePath: string;\n skip?: boolean;\n}) => {\n let overwriteResponse: prompts.Answers<'overwrite'> | undefined;\n\n if ((await fileExists(filePath)) && skip !== true) {\n overwriteResponse = await prompts({\n type: 'confirm',\n name: 'overwrite',\n message: () => {\n return `Overwrite '${filePath}' ?`;\n },\n });\n } else {\n overwriteResponse = undefined;\n }\n return overwriteResponse;\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'decrypt-secrets-json';\nexport const desc = 'Derypts an encrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file writing secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const parameters: Secrets['parameters'] = flat.unflatten(\n flatParameters,\n { delimiter: '/' },\n );\n const secrets: Secrets = {\n config: encryptedSecrets.config,\n parameters,\n };\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: secretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(secretsPath, JSON.stringify(secrets, null, 4));\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { KMSClient, KMSClientConfig } from '@aws-sdk/client-kms';\n\nexport const getKMSClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: KMSClientConfig;\n}) => {\n const kmsClient = new KMSClient(configuration);\n\n return kmsClient;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport {\n CredentialsAndOrigin,\n RegionAndOrigin,\n YargsHandlerParams,\n} from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = '$0 <command>';\nexport const desc =\n 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'sec-file': commonCliOptions.secFile,\n 'env-file': commonCliOptions.envFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nconst handleSec = async ({\n secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n secFile: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const secSource = path.resolve(process.cwd(), secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n if (argv.verbose) {\n console.log({ credentialsAndOrigin, regionAndOrigin });\n }\n let env: Record<string, string> | undefined;\n if (argv.envFile) {\n console.log('OK');\n env = parse(fs.readFileSync(argv.envFile, { encoding: 'utf8' }));\n } else if (argv.secFile) {\n env = await handleSec({\n secFile: argv.secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias: argv.awsKeyAlias,\n });\n }\n\n // const secSource = path.resolve(process.cwd(), argv.secFile);\n // if (!(await fileExists(secSource))) {\n // console.error(`Could not open ${redBright(secSource)}`);\n // return;\n // }\n // const parsedSec = parse(\n // fs.readFileSync(secSource, { encoding: 'utf8' }),\n // );\n\n // const kmsClient = new KMSClient({\n // credentials: credentialsAndOrigin.value,\n // region: regionAndOrigin.value,\n // });\n\n // const envEntries: [string, string][] = await Promise.all(\n // Object.entries(parsedSec).map(async ([key, cipherText]) => {\n // const decryptCommand = new DecryptCommand({\n // KeyId: argv.awsKeyAlias,\n // CiphertextBlob: Buffer.from(cipherText, 'base64'),\n // EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n // });\n // const decryptionResult = await kmsClient.send(decryptCommand);\n\n // if (!decryptionResult?.Plaintext) {\n // throw new Error(\n // `No: ${JSON.stringify({\n // key,\n // cipherText,\n // decryptCommand,\n // })}`,\n // );\n // }\n // const value = Buffer.from(\n // decryptionResult.Plaintext,\n // ).toString();\n // return [key, value];\n // }),\n // );\n // const env = Object.fromEntries(envEntries);\n\n //\n const userCommandArgs = process.argv.slice(\n process.argv.indexOf(argv.command) + 1,\n );\n\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(\n fs.readFileSync(envSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key,\n value,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(`Encrypting key ${bold(key)} ${underline('ok')}`);\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-secrets-json';\nexport const desc = 'Encrypts an unencrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file reading secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n if (!(await fileExists(secretsPath))) {\n error(`Could not open ${redBright(secretsPath)}`);\n return;\n }\n const secrets = JSON.parse(\n fs.readFileSync(secretsPath, { encoding: 'utf8' }),\n ) as Secrets;\n\n if (!secrets.parameters) {\n throw new Error(`Expected 'parameters' property, but got none`);\n }\n\n const flatParameters: Record<string, string> = flat(\n secrets.parameters,\n { delimiter: '/' },\n );\n if (argv.verbose) {\n console.log(flatParameters);\n }\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const encryptedFlatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatParameters).map(\n async ([parameterName, parameter]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(parameter),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n value: parameter,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return [parameterName, cipherText];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const encryptedParameters: EncryptedSecrets['encryptedParameters'] =\n flat.unflatten(encryptedFlatParameters, { delimiter: '/' });\n const encryptedSecrets: EncryptedSecrets = {\n config: secrets.config,\n encryptedParameters,\n };\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: encryptedSecretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(\n encryptedSecretsPath,\n JSON.stringify(encryptedSecrets, null, 4),\n );\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { PutParameterCommand } from '@aws-sdk/client-ssm';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nimport { getSSMClient } from '../utils/ssm';\nexport const command = 'offload-secrets-json-to-ssm';\nexport const desc =\n 'Sends decrypted values of secrets.encrypted.json file to SSM parameter store';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n // create ssm client\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n await Promise.all(\n Object.entries(flatParameters).map(([parameterName, value]) => {\n const putParameterCommand = new PutParameterCommand({\n Name: `/${parameterName}`,\n Value: value,\n Type: 'String',\n Overwrite: true,\n });\n\n return ssmClient.send(putParameterCommand);\n }),\n );\n } catch (e) {\n error(e);\n }\n};\n"],
5
- "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,qBAAwB;AACxB,mBAAkB;;;ACFlB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAA2C;;;ACEpC,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAGb,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,kBAAkB;AAAA,IACd,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAWd,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;AC5DlB,kCAIO;AACP,oCAAsC;;;ACLtC,mBAAkB;AAElB,IAAI;AAEG,IAAM,YAAY,MAAM;AAC3B,MAAI,CAAC,SAAS;AACV,cAAU;AAAA;AAGd,SAAO;AAAA;AAKJ,IAAM,OAAO,CAAC,QAAwB,qBAAM,YAAY,KAAK;AAC7D,IAAM,YAAY,CAAC,QAAwB,qBAAM,WAAW,KAAK;;;ADDjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAeE;AA/BN;AAgCI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AACnD,MAAI,KAAK,SAAS;AACd,uBAAmB;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAE9C,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS,KAAK;AAAA;AAAA,MAElB,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA;AAAA,aAEtB,IAAI,aAAa;AACxB,uBAAmB;AAAA,MACf,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,mBAAmB,UAC5C,IAAI;AAAA;AAGZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS,IAAI;AAAA;AAAA,MAEjB,QAAQ,gBAAgB,UAAU,mBAAmB,KACjD,IAAI;AAAA;AAAA,aAGL,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KACtD;AAAA;AAAA,aAGD,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB;AAAA,MACf,OAAO;AAAA,MACP,QAAQ,GAAG,KAAK;AAAA;AAEpB,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS;AAAA;AAAA,MAEb,QAAQ,WAAW,KAAK;AAAA;AAAA;AAIhC,MAAI,KAAK,QAAQ;AACb,sBAAkB;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAAA,aAEvC,IAAI,YAAY;AACvB,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,kBAAkB,UAC3C,IAAI;AAAA;AAAA,aAGL,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UACnD,IAAI;AAAA;AAAA,aAGL,kBAAkB;AACzB,UAAM,cACF,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7D,QAAI,aAAa;AACb,wBAAkB;AAAA,QACd,OAAO;AAAA,QACP,QAAQ,GAAG,KACP,YAAY,iBAAiB;AAAA;AAAA;AAAA;AAM7C,MAAI,KAAK,eAAe;AACpB,YAAQ,IAAI;AACZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,0DAAyB;AAAA,QAClC,mBAAmB,6DAAsB;AAAA,QACzC,QAAQ;AAAA,UACJ,SAAS,KAAK;AAAA;AAAA,QAGlB,cAAc;AAAA,UACV,QAAQ,mDAAiB;AAAA;AAAA;AAAA,MAGjC,QAAQ,eAAe,KAAK,IAAI,KAAK;AAAA;AAAA;AAI7C,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AErJb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAgBE;AACF,QAAM,EAAE,sBAAsB,iBAAiB,qBAC3C,MAAM,4BAA4B;AAAA,IAC9B,MAAM;AAAA,MACF,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA;AAAA,IAExB,KAAK,mBACE;AAAA;AAIf,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IACJ,qCAAqC;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAKZ,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;ACzDnC,wBAA2C;AAEpC,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,4BAAU;AAChC,SAAO;AAAA;;;ALFJ,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,6BAA6B,IAAI,8CAA2B;AAAA,MAC9D,MAAM;AAAA,MACN,WAAW;AAAA;AAGf,UAAM,gBAAgB,MAAM,UAAU,KAAK;AAC3C,YAAQ,IAAI;AAAA,WACP,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AM7CtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,wBAA0C;AAC1C,oBAA0B;AAC1B,oBAAsB;AACtB,qBAAe;AACf,uBAAiB;;;ACJjB,sBAAqB;AAErB,qBAAoB;AAEb,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,0BAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;AAIR,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAIE;AACF,MAAI;AAEJ,MAAK,MAAM,WAAW,aAAc,SAAS,MAAM;AAC/C,wBAAoB,MAAM,4BAAQ;AAAA,MAC9B,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,MAAM;AACX,eAAO,cAAc;AAAA;AAAA;AAAA,SAG1B;AACH,wBAAoB;AAAA;AAExB,SAAO;AAAA;;;ADtBJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,mBAAmB,iBAAiB;AAAA,EACpC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,yBAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,yBACd,uBAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,IAAI,4BAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,iCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAIZ,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,KAAK;AAAA;AAGrB,2BAAG,cACC,yBAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAC5C,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAE1D,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AE9EtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,oBAA0B;AAC1B,kBAAiB;AACjB,sBAAe;AACf,wBAAiB;;;ACJjB,yBAA2C;AAEpC,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,6BAAU;AAEhC,SAAO;AAAA;;;ADEJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,wBAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,yBACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,aAAoC,oBAAK,UAC3C,gBACA,EAAE,WAAW;AAEjB,UAAM,UAAmB;AAAA,MACrB,QAAQ,iBAAiB;AAAA,MACzB;AAAA;AAEJ,UAAM,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,8BAAG,cAAc,aAAa,KAAK,UAAU,SAAS,MAAM;AAAA;AAAA,WAE3D,GAAP;AACE,UAAM;AAAA;AAAA;;;AE9Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAA0C;AAC1C,oBAA0B;AAC1B,yBAAsB;AACtB,qBAAsB;AAWf,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAE1B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGvC,IAAM,YAAY,OAAO;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAME;AACF,QAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO;AAC9C,MAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,QAAM,YAAY,0BAAM,wBAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,QAAM,YAAY,IAAI,6BAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,UAAM,iBAAiB,IAAI,kCAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGrB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEJ,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAE1B,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI,EAAE,sBAAsB;AAAA;AAExC,QAAI;AACJ,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI;AACZ,YAAM,0BAAM,wBAAG,aAAa,KAAK,SAAS,EAAE,UAAU;AAAA,eAC/C,KAAK,SAAS;AACrB,YAAM,MAAM,UAAU;AAAA,QAClB,SAAS,KAAK;AAAA,QACd;AAAA,QACA;AAAA,QACA,aAAa,KAAK;AAAA;AAAA;AA6C1B,UAAM,kBAAkB,QAAQ,KAAK,MACjC,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAGzC,QAAI,KAAK,SAAS;AACd,oCAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,kCAAK,QAAQ,MAAQ;AAAA;AAAA;AAAA,WAG7B,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AChKtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,oBAA0B;AAC1B,qBAAsB;AACtB,sBAAe;AACf,wBAAiB;AAQV,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,YAAY,0BACd,wBAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aAAK,kBAAkB,KAAK,QAAQ,UAAU;AAAA;AAGlD,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAEP,4BAAG,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,UAAM;AAAA;AAAA;;;AC5Gd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAAmD;AACnD,oBAA0B;AAC1B,mBAAiB;AAQV,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,QAAI,CAAE,MAAM,WAAW,cAAe;AAClC,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,UAAU,KAAK,MACjB,wBAAG,aAAa,aAAa,EAAE,UAAU;AAG7C,QAAI,CAAC,QAAQ,YAAY;AACrB,YAAM,IAAI,MAAM;AAAA;AAGpB,UAAM,iBAAyC,0BAC3C,QAAQ,YACR,EAAE,WAAW;AAEjB,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI;AAAA;AAEhB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,0BAA0B,OAAO,YACnC,MAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAC3B,OAAO,CAAC,eAAe,eAAe;AAClC,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,OAAO;AAAA,UACP;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,sBACF,qBAAK,UAAU,yBAAyB,EAAE,WAAW;AACzD,UAAM,mBAAqC;AAAA,MACvC,QAAQ,QAAQ;AAAA,MAChB;AAAA;AAGJ,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,8BAAG,cACC,sBACA,KAAK,UAAU,kBAAkB,MAAM;AAAA;AAAA,WAG1C,GAAP;AACE,UAAM;AAAA;AAAA;;;AC/Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,yBAAoC;AACpC,oBAA0B;AAC1B,mBAAiB;AACjB,sBAAe;AACf,wBAAiB;AASV,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAElC,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,wBAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,0BACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAQvC,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAAI,CAAC,CAAC,eAAe,WAAW;AAC3D,YAAM,sBAAsB,IAAI,uCAAoB;AAAA,QAChD,MAAM,IAAI;AAAA,QACV,OAAO;AAAA,QACP,MAAM;AAAA,QACN,WAAW;AAAA;AAGf,aAAO,UAAU,KAAK;AAAA;AAAA,WAGzB,GAAP;AACE,UAAM;AAAA;AAAA;;;AdjJd,KAAK,0BAAM,4BAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,6BACR,QAAQ,sBACR,QAAQ,2BACR,QAAQ,2BACR,QAAQ,4BACR,QAAQ,4BAGR;",
4
+ "sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as debugCommand from './commands/debugCommand';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as decryptSecretsJson from './commands/decryptSecretsJson';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\nimport * as encryptSecretsJson from './commands/encryptSecretsJson';\nimport * as offloadToSSMCommand from './commands/offloadToSSMCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(offloadToSSMCommand)\n .command(debugCommand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n .command(encryptSecretsJson)\n .command(decryptSecretsJson)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { GetParametersByPathCommand } from '@aws-sdk/client-ssm';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { getSSMClient } from '../utils/ssm';\n\nexport const command = 'debug';\nexport const desc = 'Debugs all the things';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const getParametersByPathCommand = new GetParametersByPathCommand({\n Path: `arn:aws:ssm:eu-west-1:060014838622:parameter/dotsec/*`,\n Recursive: true,\n });\n\n const commandResult = await ssmClient.send(getParametersByPathCommand);\n console.log(commandResult);\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n default: 'alias/top-secret',\n describe: 'AWS KMS key alias',\n },\n awsKeyArn: {\n string: true,\n describe: 'AWS KMS key id',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS key arn',\n },\n\n envFile: {\n string: true,\n describe: '.env file',\n default: '.env',\n },\n\n secFile: {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n awsAssumeRoleArn: {\n string: true,\n describe: 'arn or role to assume',\n },\n\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import {\n fromEnv,\n fromIni,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport {\n CredentialsAndOrigin,\n ProfileAndOrigin,\n RegionAndOrigin,\n} from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: {\n profile?: string;\n region?: string;\n assumeRoleArn?: string;\n };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n if (argv.profile) {\n profileAndOrigin = {\n value: argv.profile,\n origin: `command line option: ${bold(argv.profile)}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: argv.profile,\n })(),\n origin: `${bold(`[${argv.profile}]`)} in credentials file`,\n };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = {\n value: env.AWS_PROFILE,\n origin: `env variable ${bold('AWS_PROFILE')}: ${underline(\n env.AWS_PROFILE,\n )}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: env.AWS_PROFILE,\n })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(\n env.AWS_PROFILE,\n )}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold(\n 'AWS_SECRET_ACCESS_KEY',\n )}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = {\n value: 'default',\n origin: `${bold('[default]')} in credentials file`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: 'default',\n })(),\n origin: `profile ${bold('[default]')}`,\n };\n }\n\n if (argv.region) {\n regionAndOrigin = {\n value: argv.region,\n origin: `command line option: ${bold(argv.region)}`,\n };\n } else if (env.AWS_REGION) {\n regionAndOrigin = {\n value: env.AWS_REGION,\n origin: `env variable ${bold('AWS_REGION')}: ${underline(\n env.AWS_REGION,\n )}`,\n };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(\n env.AWS_DEFAULT_REGION,\n )}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion =\n sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = {\n value: foundRegion,\n origin: `${bold(\n `[profile ${profileAndOrigin.value}]`,\n )} in config file`,\n };\n }\n }\n\n const assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;\n if (assumedRole) {\n const origin = argv.assumeRoleArn\n ? 'command line option'\n : 'env variable';\n credentialsAndOrigin = {\n value: await fromTemporaryCredentials({\n masterCredentials: credentialsAndOrigin?.value,\n params: {\n RoleArn: assumedRole,\n },\n\n clientConfig: {\n region: regionAndOrigin?.value,\n },\n })(),\n origin: `${origin} ${bold(`[${assumedRole}]`)}`,\n };\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n _logger = console;\n }\n\n return _logger;\n};\nexport const writeLine = (str: string) => {\n process.stdout.write(str);\n};\nexport const bold = (str: string): string => chalk.greenBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\nexport const clientLogger = {\n debug(content: object) {\n console.log(content);\n },\n info(content: object) {\n console.log(content);\n },\n warn(content: object) {\n console.log(content);\n },\n error(content: object) {\n console.error(content);\n },\n};\n", "import {\n getCredentialsProfileRegion,\n printVerboseCredentialsProfileRegion,\n} from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: {\n awsRegion?: string;\n awsProfile?: string;\n verbose?: boolean;\n awsAssumeRoleArn?: string;\n };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n await getCredentialsProfileRegion({\n argv: {\n region: argv.awsRegion,\n profile: argv.awsProfile,\n assumeRoleArn: argv.awsAssumeRoleArn,\n },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(\n printVerboseCredentialsProfileRegion({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n }),\n );\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { SSMClient, SSMClientConfig } from '@aws-sdk/client-ssm';\n\nexport const getSSMClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SSMClientConfig;\n}) => {\n const ssmClient = new SSMClient(configuration);\n return ssmClient;\n};\n", "import { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(\n fs.readFileSync(secSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(\n path.resolve(process.cwd(), argv.envFile || '.env'),\n envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'),\n );\n } catch (e) {\n console.error(e);\n }\n};\n", "import { stat } from 'fs/promises';\n\nimport prompts from 'prompts';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n\nexport const promptOverwriteIfFileExists = async ({\n filePath,\n skip,\n}: {\n filePath: string;\n skip?: boolean;\n}) => {\n let overwriteResponse: prompts.Answers<'overwrite'> | undefined;\n\n if ((await fileExists(filePath)) && skip !== true) {\n overwriteResponse = await prompts({\n type: 'confirm',\n name: 'overwrite',\n message: () => {\n return `Overwrite '${filePath}' ?`;\n },\n });\n } else {\n overwriteResponse = undefined;\n }\n return overwriteResponse;\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'decrypt-secrets-json';\nexport const desc = 'Derypts an encrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file writing secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const parameters: Secrets['parameters'] = flat.unflatten(\n flatParameters,\n { delimiter: '/' },\n );\n const secrets: Secrets = {\n config: encryptedSecrets.config,\n parameters,\n };\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: secretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(secretsPath, JSON.stringify(secrets, null, 4));\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { KMSClient, KMSClientConfig } from '@aws-sdk/client-kms';\n\nexport const getKMSClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: KMSClientConfig;\n}) => {\n const kmsClient = new KMSClient(configuration);\n\n return kmsClient;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport {\n CredentialsAndOrigin,\n RegionAndOrigin,\n YargsHandlerParams,\n} from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = '$0 <command>';\nexport const desc =\n 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'sec-file': commonCliOptions.secFile,\n 'env-file': commonCliOptions.envFile,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nconst handleSec = async ({\n secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n secFile: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const secSource = path.resolve(process.cwd(), secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n let env: Record<string, string> | undefined;\n if (argv.envFile) {\n env = parse(fs.readFileSync(argv.envFile, { encoding: 'utf8' }));\n }\n\n let awsEnv: Record<string, string> | undefined;\n\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: {\n ...process.env,\n AWS_ASSUME_ROLE_ARN:\n process.env.AWS_ASSUME_ROLE_ARN ||\n env?.AWS_ASSUME_ROLE_ARN,\n },\n });\n\n if (\n (argv.awsAssumeRoleArn ||\n process.env.AWS_ASSUME_ROLE_ARN ||\n env?.AWS_ASSUME_ROLE_ARN) &&\n credentialsAndOrigin.value.sessionToken !== undefined\n ) {\n awsEnv = {\n AWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n AWS_SESSION_TOKEN: credentialsAndOrigin.value.sessionToken,\n };\n // this means we have\n }\n if (argv.verbose) {\n console.log({ credentialsAndOrigin, regionAndOrigin });\n }\n\n if (!argv.envFile && argv.secFile) {\n env = await handleSec({\n secFile: argv.secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias: argv.awsKeyAlias,\n });\n }\n\n // const secSource = path.resolve(process.cwd(), argv.secFile);\n // if (!(await fileExists(secSource))) {\n // console.error(`Could not open ${redBright(secSource)}`);\n // return;\n // }\n // const parsedSec = parse(\n // fs.readFileSync(secSource, { encoding: 'utf8' }),\n // );\n\n // const kmsClient = new KMSClient({\n // credentials: credentialsAndOrigin.value,\n // region: regionAndOrigin.value,\n // });\n\n // const envEntries: [string, string][] = await Promise.all(\n // Object.entries(parsedSec).map(async ([key, cipherText]) => {\n // const decryptCommand = new DecryptCommand({\n // KeyId: argv.awsKeyAlias,\n // CiphertextBlob: Buffer.from(cipherText, 'base64'),\n // EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n // });\n // const decryptionResult = await kmsClient.send(decryptCommand);\n\n // if (!decryptionResult?.Plaintext) {\n // throw new Error(\n // `No: ${JSON.stringify({\n // key,\n // cipherText,\n // decryptCommand,\n // })}`,\n // );\n // }\n // const value = Buffer.from(\n // decryptionResult.Plaintext,\n // ).toString();\n // return [key, value];\n // }),\n // );\n // const env = Object.fromEntries(envEntries);\n\n //\n const userCommandArgs = process.argv.slice(\n process.argv.indexOf(argv.command) + 1,\n );\n\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...awsEnv, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(\n fs.readFileSync(envSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key,\n value,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(`Encrypting key ${bold(key)} ${underline('ok')}`);\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-secrets-json';\nexport const desc = 'Encrypts an unencrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file reading secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n if (!(await fileExists(secretsPath))) {\n error(`Could not open ${redBright(secretsPath)}`);\n return;\n }\n const secrets = JSON.parse(\n fs.readFileSync(secretsPath, { encoding: 'utf8' }),\n ) as Secrets;\n\n if (!secrets.parameters) {\n throw new Error(`Expected 'parameters' property, but got none`);\n }\n\n const flatParameters: Record<string, string> = flat(\n secrets.parameters,\n { delimiter: '/' },\n );\n if (argv.verbose) {\n console.log(flatParameters);\n }\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const encryptedFlatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatParameters).map(\n async ([parameterName, parameter]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(parameter),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n value: parameter,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return [parameterName, cipherText];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const encryptedParameters: EncryptedSecrets['encryptedParameters'] =\n flat.unflatten(encryptedFlatParameters, { delimiter: '/' });\n const encryptedSecrets: EncryptedSecrets = {\n config: secrets.config,\n encryptedParameters,\n };\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: encryptedSecretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(\n encryptedSecretsPath,\n JSON.stringify(encryptedSecrets, null, 4),\n );\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { PutParameterCommand } from '@aws-sdk/client-ssm';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nimport { getSSMClient } from '../utils/ssm';\nexport const command = 'offload-secrets-json-to-ssm';\nexport const desc =\n 'Sends decrypted values of secrets.encrypted.json file to SSM parameter store';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n // create ssm client\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n await Promise.all(\n Object.entries(flatParameters).map(([parameterName, value]) => {\n const putParameterCommand = new PutParameterCommand({\n Name: `/${parameterName}`,\n Value: value,\n Type: 'String',\n Overwrite: true,\n });\n\n return ssmClient.send(putParameterCommand);\n }),\n );\n } catch (e) {\n error(e);\n }\n};\n"],
5
+ "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,qBAAwB;AACxB,mBAAkB;;;ACFlB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAA2C;;;ACEpC,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAGb,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,kBAAkB;AAAA,IACd,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAWd,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;AC5DlB,kCAIO;AACP,oCAAsC;;;ACLtC,mBAAkB;AAElB,IAAI;AAEG,IAAM,YAAY,MAAM;AAC3B,MAAI,CAAC,SAAS;AACV,cAAU;AAAA;AAGd,SAAO;AAAA;AAKJ,IAAM,OAAO,CAAC,QAAwB,qBAAM,YAAY,KAAK;AAC7D,IAAM,YAAY,CAAC,QAAwB,qBAAM,WAAW,KAAK;;;ADDjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAgBE;AAhCN;AAiCI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AACnD,MAAI,KAAK,SAAS;AACd,uBAAmB;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAE9C,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS,KAAK;AAAA;AAAA,MAElB,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA;AAAA,aAEtB,IAAI,aAAa;AACxB,uBAAmB;AAAA,MACf,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,mBAAmB,UAC5C,IAAI;AAAA;AAGZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS,IAAI;AAAA;AAAA,MAEjB,QAAQ,gBAAgB,UAAU,mBAAmB,KACjD,IAAI;AAAA;AAAA,aAGL,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KACtD;AAAA;AAAA,aAGD,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB;AAAA,MACf,OAAO;AAAA,MACP,QAAQ,GAAG,KAAK;AAAA;AAEpB,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS;AAAA;AAAA,MAEb,QAAQ,WAAW,KAAK;AAAA;AAAA;AAIhC,MAAI,KAAK,QAAQ;AACb,sBAAkB;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAAA,aAEvC,IAAI,YAAY;AACvB,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,kBAAkB,UAC3C,IAAI;AAAA;AAAA,aAGL,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UACnD,IAAI;AAAA;AAAA,aAGL,kBAAkB;AACzB,UAAM,cACF,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7D,QAAI,aAAa;AACb,wBAAkB;AAAA,QACd,OAAO;AAAA,QACP,QAAQ,GAAG,KACP,YAAY,iBAAiB;AAAA;AAAA;AAAA;AAM7C,QAAM,cAAc,KAAK,iBAAiB,IAAI;AAC9C,MAAI,aAAa;AACb,UAAM,SAAS,KAAK,gBACd,wBACA;AACN,2BAAuB;AAAA,MACnB,OAAO,MAAM,0DAAyB;AAAA,QAClC,mBAAmB,6DAAsB;AAAA,QACzC,QAAQ;AAAA,UACJ,SAAS;AAAA;AAAA,QAGb,cAAc;AAAA,UACV,QAAQ,mDAAiB;AAAA;AAAA;AAAA,MAGjC,QAAQ,GAAG,UAAU,KAAK,IAAI;AAAA;AAAA;AAItC,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AEzJb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAiBE;AACF,QAAM,EAAE,sBAAsB,iBAAiB,qBAC3C,MAAM,4BAA4B;AAAA,IAC9B,MAAM;AAAA,MACF,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA;AAAA,IAExB,KAAK,mBACE;AAAA;AAIf,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IACJ,qCAAqC;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAKZ,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;AC1DnC,wBAA2C;AAEpC,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,4BAAU;AAChC,SAAO;AAAA;;;ALFJ,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,6BAA6B,IAAI,8CAA2B;AAAA,MAC9D,MAAM;AAAA,MACN,WAAW;AAAA;AAGf,UAAM,gBAAgB,MAAM,UAAU,KAAK;AAC3C,YAAQ,IAAI;AAAA,WACP,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AM7CtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,wBAA0C;AAC1C,oBAA0B;AAC1B,oBAAsB;AACtB,qBAAe;AACf,uBAAiB;;;ACJjB,sBAAqB;AAErB,qBAAoB;AAEb,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,0BAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;AAIR,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAIE;AACF,MAAI;AAEJ,MAAK,MAAM,WAAW,aAAc,SAAS,MAAM;AAC/C,wBAAoB,MAAM,4BAAQ;AAAA,MAC9B,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,MAAM;AACX,eAAO,cAAc;AAAA;AAAA;AAAA,SAG1B;AACH,wBAAoB;AAAA;AAExB,SAAO;AAAA;;;ADtBJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,mBAAmB,iBAAiB;AAAA,EACpC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,yBAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,yBACd,uBAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,IAAI,4BAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,iCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAIZ,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,KAAK;AAAA;AAGrB,2BAAG,cACC,yBAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAC5C,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAE1D,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AE9EtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,oBAA0B;AAC1B,kBAAiB;AACjB,sBAAe;AACf,wBAAiB;;;ACJjB,yBAA2C;AAEpC,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,6BAAU;AAEhC,SAAO;AAAA;;;ADEJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,wBAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,yBACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,aAAoC,oBAAK,UAC3C,gBACA,EAAE,WAAW;AAEjB,UAAM,UAAmB;AAAA,MACrB,QAAQ,iBAAiB;AAAA,MACzB;AAAA;AAEJ,UAAM,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,8BAAG,cAAc,aAAa,KAAK,UAAU,SAAS,MAAM;AAAA;AAAA,WAE3D,GAAP;AACE,UAAM;AAAA;AAAA;;;AE9Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAA0C;AAC1C,oBAA0B;AAC1B,yBAAsB;AACtB,qBAAsB;AAWf,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAE1B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGvC,IAAM,YAAY,OAAO;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAME;AACF,QAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO;AAC9C,MAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,QAAM,YAAY,0BAAM,wBAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,QAAM,YAAY,IAAI,6BAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,UAAM,iBAAiB,IAAI,kCAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGrB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEJ,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,QAAI;AACJ,QAAI,KAAK,SAAS;AACd,YAAM,0BAAM,wBAAG,aAAa,KAAK,SAAS,EAAE,UAAU;AAAA;AAG1D,QAAI;AAEJ,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,iCACE,QAAQ,MADV;AAAA,QAED,qBACI,QAAQ,IAAI,uBACZ,4BAAK;AAAA;AAAA;AAIrB,QACK,MAAK,oBACF,QAAQ,IAAI,uBACZ,4BAAK,yBACT,qBAAqB,MAAM,iBAAiB,QAC9C;AACE,eAAS;AAAA,QACL,mBAAmB,qBAAqB,MAAM;AAAA,QAC9C,uBACI,qBAAqB,MAAM;AAAA,QAC/B,mBAAmB,qBAAqB,MAAM;AAAA;AAAA;AAItD,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI,EAAE,sBAAsB;AAAA;AAGxC,QAAI,CAAC,KAAK,WAAW,KAAK,SAAS;AAC/B,YAAM,MAAM,UAAU;AAAA,QAClB,SAAS,KAAK;AAAA,QACd;AAAA,QACA;AAAA,QACA,aAAa,KAAK;AAAA;AAAA;AA6C1B,UAAM,kBAAkB,QAAQ,KAAK,MACjC,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAGzC,QAAI,KAAK,SAAS;AACd,oCAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,iDAAK,QAAQ,MAAQ,SAAW;AAAA;AAAA;AAAA,WAGxC,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;ACxLtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,oBAA0B;AAC1B,qBAAsB;AACtB,sBAAe;AACf,wBAAiB;AAQV,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,YAAY,0BACd,wBAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aAAK,kBAAkB,KAAK,QAAQ,UAAU;AAAA;AAGlD,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAEP,4BAAG,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,UAAM;AAAA;AAAA;;;AC5Gd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAAmD;AACnD,oBAA0B;AAC1B,mBAAiB;AAQV,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,QAAI,CAAE,MAAM,WAAW,cAAe;AAClC,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,UAAU,KAAK,MACjB,wBAAG,aAAa,aAAa,EAAE,UAAU;AAG7C,QAAI,CAAC,QAAQ,YAAY;AACrB,YAAM,IAAI,MAAM;AAAA;AAGpB,UAAM,iBAAyC,0BAC3C,QAAQ,YACR,EAAE,WAAW;AAEjB,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI;AAAA;AAEhB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,0BAA0B,OAAO,YACnC,MAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAC3B,OAAO,CAAC,eAAe,eAAe;AAClC,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,OAAO;AAAA,UACP;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,sBACF,qBAAK,UAAU,yBAAyB,EAAE,WAAW;AACzD,UAAM,mBAAqC;AAAA,MACvC,QAAQ,QAAQ;AAAA,MAChB;AAAA;AAGJ,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,8BAAG,cACC,sBACA,KAAK,UAAU,kBAAkB,MAAM;AAAA;AAAA,WAG1C,GAAP;AACE,UAAM;AAAA;AAAA;;;AC/Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,yBAAoC;AACpC,oBAA0B;AAC1B,mBAAiB;AACjB,sBAAe;AACf,wBAAiB;AASV,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAElC,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,wBAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,0BACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAQvC,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAAI,CAAC,CAAC,eAAe,WAAW;AAC3D,YAAM,sBAAsB,IAAI,uCAAoB;AAAA,QAChD,MAAM,IAAI;AAAA,QACV,OAAO;AAAA,QACP,MAAM;AAAA,QACN,WAAW;AAAA;AAGf,aAAO,UAAU,KAAK;AAAA;AAAA,WAGzB,GAAP;AACE,UAAM;AAAA;AAAA;;;AdjJd,KAAK,0BAAM,4BAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,6BACR,QAAQ,sBACR,QAAQ,2BACR,QAAQ,2BACR,QAAQ,4BACR,QAAQ,4BAGR;",
6
6
  "names": []
7
7
  }
package/dist/esm/cli.js CHANGED
@@ -1,4 +1,6 @@
1
1
  var __defProp = Object.defineProperty;
2
+ var __defProps = Object.defineProperties;
3
+ var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
2
4
  var __getOwnPropSymbols = Object.getOwnPropertySymbols;
3
5
  var __hasOwnProp = Object.prototype.hasOwnProperty;
4
6
  var __propIsEnum = Object.prototype.propertyIsEnumerable;
@@ -14,6 +16,7 @@ var __spreadValues = (a, b) => {
14
16
  }
15
17
  return a;
16
18
  };
19
+ var __spreadProps = (a, b) => __defProps(a, __getOwnPropDescs(b));
17
20
  var __markAsModule = (target) => __defProp(target, "__esModule", { value: true });
18
21
  var __export = (target, all) => {
19
22
  __markAsModule(target);
@@ -179,19 +182,20 @@ var getCredentialsProfileRegion = async ({
179
182
  };
180
183
  }
181
184
  }
182
- if (argv.assumeRoleArn) {
183
- console.log("assume this yo");
185
+ const assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;
186
+ if (assumedRole) {
187
+ const origin = argv.assumeRoleArn ? "command line option" : "env variable";
184
188
  credentialsAndOrigin = {
185
189
  value: await fromTemporaryCredentials({
186
190
  masterCredentials: credentialsAndOrigin == null ? void 0 : credentialsAndOrigin.value,
187
191
  params: {
188
- RoleArn: argv.assumeRoleArn
192
+ RoleArn: assumedRole
189
193
  },
190
194
  clientConfig: {
191
195
  region: regionAndOrigin == null ? void 0 : regionAndOrigin.value
192
196
  }
193
197
  })(),
194
- origin: `assume role ${bold(`[${argv.assumeRoleArn}]`)}`
198
+ origin: `${origin} ${bold(`[${assumedRole}]`)}`
195
199
  };
196
200
  }
197
201
  return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };
@@ -522,7 +526,7 @@ var builder4 = {
522
526
  "aws-key-alias": commonCliOptions.awsKeyAlias,
523
527
  "sec-file": commonCliOptions.secFile,
524
528
  "env-file": commonCliOptions.envFile,
525
- "assume-role-arn": commonCliOptions.awsAssumeRoleArn,
529
+ "aws-assume-role-arn": commonCliOptions.awsAssumeRoleArn,
526
530
  verbose: commonCliOptions.verbose,
527
531
  command: { string: true, required: true }
528
532
  };
@@ -564,18 +568,28 @@ var handleSec = async ({
564
568
  };
565
569
  var handler4 = async (argv) => {
566
570
  try {
571
+ let env;
572
+ if (argv.envFile) {
573
+ env = parse2(fs3.readFileSync(argv.envFile, { encoding: "utf8" }));
574
+ }
575
+ let awsEnv;
567
576
  const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({
568
577
  argv: __spreadValues({}, argv),
569
- env: __spreadValues({}, process.env)
578
+ env: __spreadProps(__spreadValues({}, process.env), {
579
+ AWS_ASSUME_ROLE_ARN: process.env.AWS_ASSUME_ROLE_ARN || (env == null ? void 0 : env.AWS_ASSUME_ROLE_ARN)
580
+ })
570
581
  });
582
+ if ((argv.awsAssumeRoleArn || process.env.AWS_ASSUME_ROLE_ARN || (env == null ? void 0 : env.AWS_ASSUME_ROLE_ARN)) && credentialsAndOrigin.value.sessionToken !== void 0) {
583
+ awsEnv = {
584
+ AWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,
585
+ AWS_SECRET_ACCESS_KEY: credentialsAndOrigin.value.secretAccessKey,
586
+ AWS_SESSION_TOKEN: credentialsAndOrigin.value.sessionToken
587
+ };
588
+ }
571
589
  if (argv.verbose) {
572
590
  console.log({ credentialsAndOrigin, regionAndOrigin });
573
591
  }
574
- let env;
575
- if (argv.envFile) {
576
- console.log("OK");
577
- env = parse2(fs3.readFileSync(argv.envFile, { encoding: "utf8" }));
578
- } else if (argv.secFile) {
592
+ if (!argv.envFile && argv.secFile) {
579
593
  env = await handleSec({
580
594
  secFile: argv.secFile,
581
595
  credentialsAndOrigin,
@@ -588,7 +602,7 @@ var handler4 = async (argv) => {
588
602
  spawn(argv.command, [...userCommandArgs], {
589
603
  stdio: "inherit",
590
604
  shell: false,
591
- env: __spreadValues(__spreadValues({}, process.env), env)
605
+ env: __spreadValues(__spreadValues(__spreadValues({}, process.env), awsEnv), env)
592
606
  });
593
607
  }
594
608
  } catch (e) {
package/dist/esm/cli.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../src/cli.ts", "../../src/commands/debugCommand.ts", "../../src/commonCliOptions.ts", "../../src/utils/getCredentialsProfileRegion.ts", "../../src/utils/logger.ts", "../../src/lib/partial-commands/handleCredentialsAndRegion.ts", "../../src/utils/ssm.ts", "../../src/commands/decryptSecCommand.ts", "../../src/utils/io.ts", "../../src/commands/decryptSecretsJson.ts", "../../src/utils/kms.ts", "../../src/commands/defaultCommand.ts", "../../src/commands/encryptEnvCommand.ts", "../../src/commands/encryptSecretsJson.ts", "../../src/commands/offloadToSSMCommand.ts"],
4
- "sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as debugCommand from './commands/debugCommand';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as decryptSecretsJson from './commands/decryptSecretsJson';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\nimport * as encryptSecretsJson from './commands/encryptSecretsJson';\nimport * as offloadToSSMCommand from './commands/offloadToSSMCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(offloadToSSMCommand)\n .command(debugCommand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n .command(encryptSecretsJson)\n .command(decryptSecretsJson)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { GetParametersByPathCommand } from '@aws-sdk/client-ssm';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { getSSMClient } from '../utils/ssm';\n\nexport const command = 'debug';\nexport const desc = 'Debugs all the things';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const getParametersByPathCommand = new GetParametersByPathCommand({\n Path: `arn:aws:ssm:eu-west-1:060014838622:parameter/dotsec/*`,\n Recursive: true,\n });\n\n const commandResult = await ssmClient.send(getParametersByPathCommand);\n console.log(commandResult);\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n default: 'alias/top-secret',\n describe: 'AWS KMS key alias',\n },\n awsKeyArn: {\n string: true,\n describe: 'AWS KMS key id',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS key arn',\n },\n\n envFile: {\n string: true,\n describe: '.env file',\n default: '.env',\n },\n\n secFile: {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n awsAssumeRoleArn: {\n string: true,\n describe: 'arn or role to assume',\n },\n\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import {\n fromEnv,\n fromIni,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport {\n CredentialsAndOrigin,\n ProfileAndOrigin,\n RegionAndOrigin,\n} from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: {\n profile?: string;\n region?: string;\n assumeRoleArn?: string;\n };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n if (argv.profile) {\n profileAndOrigin = {\n value: argv.profile,\n origin: `command line option: ${bold(argv.profile)}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: argv.profile,\n })(),\n origin: `${bold(`[${argv.profile}]`)} in credentials file`,\n };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = {\n value: env.AWS_PROFILE,\n origin: `env variable ${bold('AWS_PROFILE')}: ${underline(\n env.AWS_PROFILE,\n )}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: env.AWS_PROFILE,\n })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(\n env.AWS_PROFILE,\n )}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold(\n 'AWS_SECRET_ACCESS_KEY',\n )}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = {\n value: 'default',\n origin: `${bold('[default]')} in credentials file`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: 'default',\n })(),\n origin: `profile ${bold('[default]')}`,\n };\n }\n\n if (argv.region) {\n regionAndOrigin = {\n value: argv.region,\n origin: `command line option: ${bold(argv.region)}`,\n };\n } else if (env.AWS_REGION) {\n regionAndOrigin = {\n value: env.AWS_REGION,\n origin: `env variable ${bold('AWS_REGION')}: ${underline(\n env.AWS_REGION,\n )}`,\n };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(\n env.AWS_DEFAULT_REGION,\n )}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion =\n sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = {\n value: foundRegion,\n origin: `${bold(\n `[profile ${profileAndOrigin.value}]`,\n )} in config file`,\n };\n }\n }\n\n if (argv.assumeRoleArn) {\n console.log('assume this yo');\n credentialsAndOrigin = {\n value: await fromTemporaryCredentials({\n masterCredentials: credentialsAndOrigin?.value,\n params: {\n RoleArn: argv.assumeRoleArn,\n },\n\n clientConfig: {\n region: regionAndOrigin?.value,\n },\n })(),\n origin: `assume role ${bold(`[${argv.assumeRoleArn}]`)}`,\n };\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n _logger = console;\n }\n\n return _logger;\n};\nexport const writeLine = (str: string) => {\n process.stdout.write(str);\n};\nexport const bold = (str: string): string => chalk.greenBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\nexport const clientLogger = {\n debug(content: object) {\n console.log(content);\n },\n info(content: object) {\n console.log(content);\n },\n warn(content: object) {\n console.log(content);\n },\n error(content: object) {\n console.error(content);\n },\n};\n", "import {\n getCredentialsProfileRegion,\n printVerboseCredentialsProfileRegion,\n} from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: {\n awsRegion?: string;\n awsProfile?: string;\n verbose?: boolean;\n awsAssumeRoleArn?: string;\n };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n await getCredentialsProfileRegion({\n argv: {\n region: argv.awsRegion,\n profile: argv.awsProfile,\n assumeRoleArn: argv.awsAssumeRoleArn,\n },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(\n printVerboseCredentialsProfileRegion({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n }),\n );\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { SSMClient, SSMClientConfig } from '@aws-sdk/client-ssm';\n\nexport const getSSMClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SSMClientConfig;\n}) => {\n const ssmClient = new SSMClient(configuration);\n return ssmClient;\n};\n", "import { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(\n fs.readFileSync(secSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(\n path.resolve(process.cwd(), argv.envFile || '.env'),\n envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'),\n );\n } catch (e) {\n console.error(e);\n }\n};\n", "import { stat } from 'fs/promises';\n\nimport prompts from 'prompts';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n\nexport const promptOverwriteIfFileExists = async ({\n filePath,\n skip,\n}: {\n filePath: string;\n skip?: boolean;\n}) => {\n let overwriteResponse: prompts.Answers<'overwrite'> | undefined;\n\n if ((await fileExists(filePath)) && skip !== true) {\n overwriteResponse = await prompts({\n type: 'confirm',\n name: 'overwrite',\n message: () => {\n return `Overwrite '${filePath}' ?`;\n },\n });\n } else {\n overwriteResponse = undefined;\n }\n return overwriteResponse;\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'decrypt-secrets-json';\nexport const desc = 'Derypts an encrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file writing secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const parameters: Secrets['parameters'] = flat.unflatten(\n flatParameters,\n { delimiter: '/' },\n );\n const secrets: Secrets = {\n config: encryptedSecrets.config,\n parameters,\n };\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: secretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(secretsPath, JSON.stringify(secrets, null, 4));\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { KMSClient, KMSClientConfig } from '@aws-sdk/client-kms';\n\nexport const getKMSClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: KMSClientConfig;\n}) => {\n const kmsClient = new KMSClient(configuration);\n\n return kmsClient;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport {\n CredentialsAndOrigin,\n RegionAndOrigin,\n YargsHandlerParams,\n} from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = '$0 <command>';\nexport const desc =\n 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'sec-file': commonCliOptions.secFile,\n 'env-file': commonCliOptions.envFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nconst handleSec = async ({\n secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n secFile: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const secSource = path.resolve(process.cwd(), secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n if (argv.verbose) {\n console.log({ credentialsAndOrigin, regionAndOrigin });\n }\n let env: Record<string, string> | undefined;\n if (argv.envFile) {\n console.log('OK');\n env = parse(fs.readFileSync(argv.envFile, { encoding: 'utf8' }));\n } else if (argv.secFile) {\n env = await handleSec({\n secFile: argv.secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias: argv.awsKeyAlias,\n });\n }\n\n // const secSource = path.resolve(process.cwd(), argv.secFile);\n // if (!(await fileExists(secSource))) {\n // console.error(`Could not open ${redBright(secSource)}`);\n // return;\n // }\n // const parsedSec = parse(\n // fs.readFileSync(secSource, { encoding: 'utf8' }),\n // );\n\n // const kmsClient = new KMSClient({\n // credentials: credentialsAndOrigin.value,\n // region: regionAndOrigin.value,\n // });\n\n // const envEntries: [string, string][] = await Promise.all(\n // Object.entries(parsedSec).map(async ([key, cipherText]) => {\n // const decryptCommand = new DecryptCommand({\n // KeyId: argv.awsKeyAlias,\n // CiphertextBlob: Buffer.from(cipherText, 'base64'),\n // EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n // });\n // const decryptionResult = await kmsClient.send(decryptCommand);\n\n // if (!decryptionResult?.Plaintext) {\n // throw new Error(\n // `No: ${JSON.stringify({\n // key,\n // cipherText,\n // decryptCommand,\n // })}`,\n // );\n // }\n // const value = Buffer.from(\n // decryptionResult.Plaintext,\n // ).toString();\n // return [key, value];\n // }),\n // );\n // const env = Object.fromEntries(envEntries);\n\n //\n const userCommandArgs = process.argv.slice(\n process.argv.indexOf(argv.command) + 1,\n );\n\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(\n fs.readFileSync(envSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key,\n value,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(`Encrypting key ${bold(key)} ${underline('ok')}`);\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-secrets-json';\nexport const desc = 'Encrypts an unencrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file reading secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n if (!(await fileExists(secretsPath))) {\n error(`Could not open ${redBright(secretsPath)}`);\n return;\n }\n const secrets = JSON.parse(\n fs.readFileSync(secretsPath, { encoding: 'utf8' }),\n ) as Secrets;\n\n if (!secrets.parameters) {\n throw new Error(`Expected 'parameters' property, but got none`);\n }\n\n const flatParameters: Record<string, string> = flat(\n secrets.parameters,\n { delimiter: '/' },\n );\n if (argv.verbose) {\n console.log(flatParameters);\n }\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const encryptedFlatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatParameters).map(\n async ([parameterName, parameter]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(parameter),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n value: parameter,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return [parameterName, cipherText];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const encryptedParameters: EncryptedSecrets['encryptedParameters'] =\n flat.unflatten(encryptedFlatParameters, { delimiter: '/' });\n const encryptedSecrets: EncryptedSecrets = {\n config: secrets.config,\n encryptedParameters,\n };\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: encryptedSecretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(\n encryptedSecretsPath,\n JSON.stringify(encryptedSecrets, null, 4),\n );\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { PutParameterCommand } from '@aws-sdk/client-ssm';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nimport { getSSMClient } from '../utils/ssm';\nexport const command = 'offload-secrets-json-to-ssm';\nexport const desc =\n 'Sends decrypted values of secrets.encrypted.json file to SSM parameter store';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n // create ssm client\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n await Promise.all(\n Object.entries(flatParameters).map(([parameterName, value]) => {\n const putParameterCommand = new PutParameterCommand({\n Name: `/${parameterName}`,\n Value: value,\n Type: 'String',\n Overwrite: true,\n });\n\n return ssmClient.send(putParameterCommand);\n }),\n );\n } catch (e) {\n error(e);\n }\n};\n"],
5
- "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;AACA;AACA;;;ACFA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACEO,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAGb,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,kBAAkB;AAAA,IACd,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAWd,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;AC5DlB;AAAA;AAAA;AAAA;AAAA;AAKA;;;ACLA;AAEA,IAAI;AAEG,IAAM,YAAY,MAAM;AAC3B,MAAI,CAAC,SAAS;AACV,cAAU;AAAA;AAGd,SAAO;AAAA;AAKJ,IAAM,OAAO,CAAC,QAAwB,MAAM,YAAY,KAAK;AAC7D,IAAM,YAAY,CAAC,QAAwB,MAAM,WAAW,KAAK;;;ADDjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAeE;AA/BN;AAgCI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AACnD,MAAI,KAAK,SAAS;AACd,uBAAmB;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAE9C,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,KAAK;AAAA;AAAA,MAElB,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA;AAAA,aAEtB,IAAI,aAAa;AACxB,uBAAmB;AAAA,MACf,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,mBAAmB,UAC5C,IAAI;AAAA;AAGZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,IAAI;AAAA;AAAA,MAEjB,QAAQ,gBAAgB,UAAU,mBAAmB,KACjD,IAAI;AAAA;AAAA,aAGL,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KACtD;AAAA;AAAA,aAGD,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB;AAAA,MACf,OAAO;AAAA,MACP,QAAQ,GAAG,KAAK;AAAA;AAEpB,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS;AAAA;AAAA,MAEb,QAAQ,WAAW,KAAK;AAAA;AAAA;AAIhC,MAAI,KAAK,QAAQ;AACb,sBAAkB;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAAA,aAEvC,IAAI,YAAY;AACvB,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,kBAAkB,UAC3C,IAAI;AAAA;AAAA,aAGL,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UACnD,IAAI;AAAA;AAAA,aAGL,kBAAkB;AACzB,UAAM,cACF,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7D,QAAI,aAAa;AACb,wBAAkB;AAAA,QACd,OAAO;AAAA,QACP,QAAQ,GAAG,KACP,YAAY,iBAAiB;AAAA;AAAA;AAAA;AAM7C,MAAI,KAAK,eAAe;AACpB,YAAQ,IAAI;AACZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,yBAAyB;AAAA,QAClC,mBAAmB,6DAAsB;AAAA,QACzC,QAAQ;AAAA,UACJ,SAAS,KAAK;AAAA;AAAA,QAGlB,cAAc;AAAA,UACV,QAAQ,mDAAiB;AAAA;AAAA;AAAA,MAGjC,QAAQ,eAAe,KAAK,IAAI,KAAK;AAAA;AAAA;AAI7C,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AErJb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAgBE;AACF,QAAM,EAAE,sBAAsB,iBAAiB,qBAC3C,MAAM,4BAA4B;AAAA,IAC9B,MAAM;AAAA,MACF,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA;AAAA,IAExB,KAAK,mBACE;AAAA;AAIf,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IACJ,qCAAqC;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAKZ,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;ACzDnC;AAEO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,UAAU;AAChC,SAAO;AAAA;;;ALFJ,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,6BAA6B,IAAI,2BAA2B;AAAA,MAC9D,MAAM;AAAA,MACN,WAAW;AAAA;AAGf,UAAM,gBAAgB,MAAM,UAAU,KAAK;AAC3C,YAAQ,IAAI;AAAA,WACP,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AM7CtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;;;ACJA;AAEA;AAEO,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,KAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;AAIR,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAIE;AACF,MAAI;AAEJ,MAAK,MAAM,WAAW,aAAc,SAAS,MAAM;AAC/C,wBAAoB,MAAM,QAAQ;AAAA,MAC9B,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,MAAM;AACX,eAAO,cAAc;AAAA;AAAA;AAAA,SAG1B;AACH,wBAAoB;AAAA;AAExB,SAAO;AAAA;;;ADtBJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,mBAAmB,iBAAiB;AAAA,EACpC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,KAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,UAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,MACd,GAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,IAAI,UAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAIZ,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,KAAK;AAAA;AAGrB,OAAG,cACC,KAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAC5C,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAE1D,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AE9EtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;;;ACJA;AAEO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,WAAU;AAEhC,SAAO;AAAA;;;ADEJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,KACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,mBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,aAAoC,KAAK,UAC3C,gBACA,EAAE,WAAW;AAEjB,UAAM,UAAmB;AAAA,MACrB,QAAQ,iBAAiB;AAAA,MACzB;AAAA;AAEJ,UAAM,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,UAAG,cAAc,aAAa,KAAK,UAAU,SAAS,MAAM;AAAA;AAAA,WAE3D,GAAP;AACE,UAAM;AAAA;AAAA;;;AE9Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AACA;AAWO,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAE1B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGvC,IAAM,YAAY,OAAO;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAME;AACF,QAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO;AAC9C,MAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAQ,MAAM,kBAAkB,WAAU;AAC1C;AAAA;AAEJ,QAAM,YAAY,OAAM,IAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,QAAM,YAAY,IAAI,WAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,UAAM,iBAAiB,IAAI,gBAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGrB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEJ,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAE1B,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI,EAAE,sBAAsB;AAAA;AAExC,QAAI;AACJ,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI;AACZ,YAAM,OAAM,IAAG,aAAa,KAAK,SAAS,EAAE,UAAU;AAAA,eAC/C,KAAK,SAAS;AACrB,YAAM,MAAM,UAAU;AAAA,QAClB,SAAS,KAAK;AAAA,QACd;AAAA,QACA;AAAA,QACA,aAAa,KAAK;AAAA;AAAA;AA6C1B,UAAM,kBAAkB,QAAQ,KAAK,MACjC,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAGzC,QAAI,KAAK,SAAS;AACd,YAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,kCAAK,QAAQ,MAAQ;AAAA;AAAA;AAAA,WAG7B,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AChKtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;AAQO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,YAAY,OACd,IAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aAAK,kBAAkB,KAAK,QAAQ,UAAU;AAAA;AAGlD,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAEP,QAAG,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,UAAM;AAAA;AAAA;;;AC5Gd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AAQO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,QAAI,CAAE,MAAM,WAAW,cAAe;AAClC,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,UAAU,KAAK,MACjB,IAAG,aAAa,aAAa,EAAE,UAAU;AAG7C,QAAI,CAAC,QAAQ,YAAY;AACrB,YAAM,IAAI,MAAM;AAAA;AAGpB,UAAM,iBAAyC,MAC3C,QAAQ,YACR,EAAE,WAAW;AAEjB,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI;AAAA;AAEhB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,0BAA0B,OAAO,YACnC,MAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAC3B,OAAO,CAAC,eAAe,eAAe;AAClC,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,OAAO;AAAA,UACP;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,sBACF,MAAK,UAAU,yBAAyB,EAAE,WAAW;AACzD,UAAM,mBAAqC;AAAA,MACvC,QAAQ,QAAQ;AAAA,MAChB;AAAA;AAGJ,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,UAAG,cACC,sBACA,KAAK,UAAU,kBAAkB,MAAM;AAAA;AAAA,WAG1C,GAAP;AACE,UAAM;AAAA;AAAA;;;AC/Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;AACA;AASO,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAElC,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,MACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAQvC,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAAI,CAAC,CAAC,eAAe,WAAW;AAC3D,YAAM,sBAAsB,IAAI,oBAAoB;AAAA,QAChD,MAAM,IAAI;AAAA,QACV,OAAO;AAAA,QACP,MAAM;AAAA,QACN,WAAW;AAAA;AAGf,aAAO,UAAU,KAAK;AAAA;AAAA,WAGzB,GAAP;AACE,UAAM;AAAA;AAAA;;;AdjJd,KAAK,MAAM,QAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,6BACR,QAAQ,sBACR,QAAQ,2BACR,QAAQ,2BACR,QAAQ,4BACR,QAAQ,4BAGR;",
4
+ "sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as debugCommand from './commands/debugCommand';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as decryptSecretsJson from './commands/decryptSecretsJson';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\nimport * as encryptSecretsJson from './commands/encryptSecretsJson';\nimport * as offloadToSSMCommand from './commands/offloadToSSMCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(offloadToSSMCommand)\n .command(debugCommand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n .command(encryptSecretsJson)\n .command(decryptSecretsJson)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { GetParametersByPathCommand } from '@aws-sdk/client-ssm';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { getSSMClient } from '../utils/ssm';\n\nexport const command = 'debug';\nexport const desc = 'Debugs all the things';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const getParametersByPathCommand = new GetParametersByPathCommand({\n Path: `arn:aws:ssm:eu-west-1:060014838622:parameter/dotsec/*`,\n Recursive: true,\n });\n\n const commandResult = await ssmClient.send(getParametersByPathCommand);\n console.log(commandResult);\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n default: 'alias/top-secret',\n describe: 'AWS KMS key alias',\n },\n awsKeyArn: {\n string: true,\n describe: 'AWS KMS key id',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS key arn',\n },\n\n envFile: {\n string: true,\n describe: '.env file',\n default: '.env',\n },\n\n secFile: {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n awsAssumeRoleArn: {\n string: true,\n describe: 'arn or role to assume',\n },\n\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import {\n fromEnv,\n fromIni,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport {\n CredentialsAndOrigin,\n ProfileAndOrigin,\n RegionAndOrigin,\n} from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: {\n profile?: string;\n region?: string;\n assumeRoleArn?: string;\n };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n if (argv.profile) {\n profileAndOrigin = {\n value: argv.profile,\n origin: `command line option: ${bold(argv.profile)}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: argv.profile,\n })(),\n origin: `${bold(`[${argv.profile}]`)} in credentials file`,\n };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = {\n value: env.AWS_PROFILE,\n origin: `env variable ${bold('AWS_PROFILE')}: ${underline(\n env.AWS_PROFILE,\n )}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: env.AWS_PROFILE,\n })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(\n env.AWS_PROFILE,\n )}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold(\n 'AWS_SECRET_ACCESS_KEY',\n )}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = {\n value: 'default',\n origin: `${bold('[default]')} in credentials file`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: 'default',\n })(),\n origin: `profile ${bold('[default]')}`,\n };\n }\n\n if (argv.region) {\n regionAndOrigin = {\n value: argv.region,\n origin: `command line option: ${bold(argv.region)}`,\n };\n } else if (env.AWS_REGION) {\n regionAndOrigin = {\n value: env.AWS_REGION,\n origin: `env variable ${bold('AWS_REGION')}: ${underline(\n env.AWS_REGION,\n )}`,\n };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(\n env.AWS_DEFAULT_REGION,\n )}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion =\n sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = {\n value: foundRegion,\n origin: `${bold(\n `[profile ${profileAndOrigin.value}]`,\n )} in config file`,\n };\n }\n }\n\n const assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;\n if (assumedRole) {\n const origin = argv.assumeRoleArn\n ? 'command line option'\n : 'env variable';\n credentialsAndOrigin = {\n value: await fromTemporaryCredentials({\n masterCredentials: credentialsAndOrigin?.value,\n params: {\n RoleArn: assumedRole,\n },\n\n clientConfig: {\n region: regionAndOrigin?.value,\n },\n })(),\n origin: `${origin} ${bold(`[${assumedRole}]`)}`,\n };\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n _logger = console;\n }\n\n return _logger;\n};\nexport const writeLine = (str: string) => {\n process.stdout.write(str);\n};\nexport const bold = (str: string): string => chalk.greenBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\nexport const clientLogger = {\n debug(content: object) {\n console.log(content);\n },\n info(content: object) {\n console.log(content);\n },\n warn(content: object) {\n console.log(content);\n },\n error(content: object) {\n console.error(content);\n },\n};\n", "import {\n getCredentialsProfileRegion,\n printVerboseCredentialsProfileRegion,\n} from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: {\n awsRegion?: string;\n awsProfile?: string;\n verbose?: boolean;\n awsAssumeRoleArn?: string;\n };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n await getCredentialsProfileRegion({\n argv: {\n region: argv.awsRegion,\n profile: argv.awsProfile,\n assumeRoleArn: argv.awsAssumeRoleArn,\n },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(\n printVerboseCredentialsProfileRegion({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n }),\n );\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { SSMClient, SSMClientConfig } from '@aws-sdk/client-ssm';\n\nexport const getSSMClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SSMClientConfig;\n}) => {\n const ssmClient = new SSMClient(configuration);\n return ssmClient;\n};\n", "import { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(\n fs.readFileSync(secSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(\n path.resolve(process.cwd(), argv.envFile || '.env'),\n envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'),\n );\n } catch (e) {\n console.error(e);\n }\n};\n", "import { stat } from 'fs/promises';\n\nimport prompts from 'prompts';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n\nexport const promptOverwriteIfFileExists = async ({\n filePath,\n skip,\n}: {\n filePath: string;\n skip?: boolean;\n}) => {\n let overwriteResponse: prompts.Answers<'overwrite'> | undefined;\n\n if ((await fileExists(filePath)) && skip !== true) {\n overwriteResponse = await prompts({\n type: 'confirm',\n name: 'overwrite',\n message: () => {\n return `Overwrite '${filePath}' ?`;\n },\n });\n } else {\n overwriteResponse = undefined;\n }\n return overwriteResponse;\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'decrypt-secrets-json';\nexport const desc = 'Derypts an encrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file writing secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const parameters: Secrets['parameters'] = flat.unflatten(\n flatParameters,\n { delimiter: '/' },\n );\n const secrets: Secrets = {\n config: encryptedSecrets.config,\n parameters,\n };\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: secretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(secretsPath, JSON.stringify(secrets, null, 4));\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { KMSClient, KMSClientConfig } from '@aws-sdk/client-kms';\n\nexport const getKMSClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: KMSClientConfig;\n}) => {\n const kmsClient = new KMSClient(configuration);\n\n return kmsClient;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport {\n CredentialsAndOrigin,\n RegionAndOrigin,\n YargsHandlerParams,\n} from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = '$0 <command>';\nexport const desc =\n 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'sec-file': commonCliOptions.secFile,\n 'env-file': commonCliOptions.envFile,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nconst handleSec = async ({\n secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n secFile: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const secSource = path.resolve(process.cwd(), secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n let env: Record<string, string> | undefined;\n if (argv.envFile) {\n env = parse(fs.readFileSync(argv.envFile, { encoding: 'utf8' }));\n }\n\n let awsEnv: Record<string, string> | undefined;\n\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: {\n ...process.env,\n AWS_ASSUME_ROLE_ARN:\n process.env.AWS_ASSUME_ROLE_ARN ||\n env?.AWS_ASSUME_ROLE_ARN,\n },\n });\n\n if (\n (argv.awsAssumeRoleArn ||\n process.env.AWS_ASSUME_ROLE_ARN ||\n env?.AWS_ASSUME_ROLE_ARN) &&\n credentialsAndOrigin.value.sessionToken !== undefined\n ) {\n awsEnv = {\n AWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n AWS_SESSION_TOKEN: credentialsAndOrigin.value.sessionToken,\n };\n // this means we have\n }\n if (argv.verbose) {\n console.log({ credentialsAndOrigin, regionAndOrigin });\n }\n\n if (!argv.envFile && argv.secFile) {\n env = await handleSec({\n secFile: argv.secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias: argv.awsKeyAlias,\n });\n }\n\n // const secSource = path.resolve(process.cwd(), argv.secFile);\n // if (!(await fileExists(secSource))) {\n // console.error(`Could not open ${redBright(secSource)}`);\n // return;\n // }\n // const parsedSec = parse(\n // fs.readFileSync(secSource, { encoding: 'utf8' }),\n // );\n\n // const kmsClient = new KMSClient({\n // credentials: credentialsAndOrigin.value,\n // region: regionAndOrigin.value,\n // });\n\n // const envEntries: [string, string][] = await Promise.all(\n // Object.entries(parsedSec).map(async ([key, cipherText]) => {\n // const decryptCommand = new DecryptCommand({\n // KeyId: argv.awsKeyAlias,\n // CiphertextBlob: Buffer.from(cipherText, 'base64'),\n // EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n // });\n // const decryptionResult = await kmsClient.send(decryptCommand);\n\n // if (!decryptionResult?.Plaintext) {\n // throw new Error(\n // `No: ${JSON.stringify({\n // key,\n // cipherText,\n // decryptCommand,\n // })}`,\n // );\n // }\n // const value = Buffer.from(\n // decryptionResult.Plaintext,\n // ).toString();\n // return [key, value];\n // }),\n // );\n // const env = Object.fromEntries(envEntries);\n\n //\n const userCommandArgs = process.argv.slice(\n process.argv.indexOf(argv.command) + 1,\n );\n\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...awsEnv, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(\n fs.readFileSync(envSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key,\n value,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(`Encrypting key ${bold(key)} ${underline('ok')}`);\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-secrets-json';\nexport const desc = 'Encrypts an unencrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file reading secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n if (!(await fileExists(secretsPath))) {\n error(`Could not open ${redBright(secretsPath)}`);\n return;\n }\n const secrets = JSON.parse(\n fs.readFileSync(secretsPath, { encoding: 'utf8' }),\n ) as Secrets;\n\n if (!secrets.parameters) {\n throw new Error(`Expected 'parameters' property, but got none`);\n }\n\n const flatParameters: Record<string, string> = flat(\n secrets.parameters,\n { delimiter: '/' },\n );\n if (argv.verbose) {\n console.log(flatParameters);\n }\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const encryptedFlatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatParameters).map(\n async ([parameterName, parameter]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(parameter),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n value: parameter,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return [parameterName, cipherText];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const encryptedParameters: EncryptedSecrets['encryptedParameters'] =\n flat.unflatten(encryptedFlatParameters, { delimiter: '/' });\n const encryptedSecrets: EncryptedSecrets = {\n config: secrets.config,\n encryptedParameters,\n };\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: encryptedSecretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(\n encryptedSecretsPath,\n JSON.stringify(encryptedSecrets, null, 4),\n );\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { PutParameterCommand } from '@aws-sdk/client-ssm';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nimport { getSSMClient } from '../utils/ssm';\nexport const command = 'offload-secrets-json-to-ssm';\nexport const desc =\n 'Sends decrypted values of secrets.encrypted.json file to SSM parameter store';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n // create ssm client\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n await Promise.all(\n Object.entries(flatParameters).map(([parameterName, value]) => {\n const putParameterCommand = new PutParameterCommand({\n Name: `/${parameterName}`,\n Value: value,\n Type: 'String',\n Overwrite: true,\n });\n\n return ssmClient.send(putParameterCommand);\n }),\n );\n } catch (e) {\n error(e);\n }\n};\n"],
5
+ "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;AACA;AACA;;;ACFA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACEO,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAGb,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,kBAAkB;AAAA,IACd,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAWd,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;AC5DlB;AAAA;AAAA;AAAA;AAAA;AAKA;;;ACLA;AAEA,IAAI;AAEG,IAAM,YAAY,MAAM;AAC3B,MAAI,CAAC,SAAS;AACV,cAAU;AAAA;AAGd,SAAO;AAAA;AAKJ,IAAM,OAAO,CAAC,QAAwB,MAAM,YAAY,KAAK;AAC7D,IAAM,YAAY,CAAC,QAAwB,MAAM,WAAW,KAAK;;;ADDjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAgBE;AAhCN;AAiCI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AACnD,MAAI,KAAK,SAAS;AACd,uBAAmB;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAE9C,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,KAAK;AAAA;AAAA,MAElB,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA;AAAA,aAEtB,IAAI,aAAa;AACxB,uBAAmB;AAAA,MACf,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,mBAAmB,UAC5C,IAAI;AAAA;AAGZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,IAAI;AAAA;AAAA,MAEjB,QAAQ,gBAAgB,UAAU,mBAAmB,KACjD,IAAI;AAAA;AAAA,aAGL,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KACtD;AAAA;AAAA,aAGD,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB;AAAA,MACf,OAAO;AAAA,MACP,QAAQ,GAAG,KAAK;AAAA;AAEpB,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS;AAAA;AAAA,MAEb,QAAQ,WAAW,KAAK;AAAA;AAAA;AAIhC,MAAI,KAAK,QAAQ;AACb,sBAAkB;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAAA,aAEvC,IAAI,YAAY;AACvB,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,kBAAkB,UAC3C,IAAI;AAAA;AAAA,aAGL,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UACnD,IAAI;AAAA;AAAA,aAGL,kBAAkB;AACzB,UAAM,cACF,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7D,QAAI,aAAa;AACb,wBAAkB;AAAA,QACd,OAAO;AAAA,QACP,QAAQ,GAAG,KACP,YAAY,iBAAiB;AAAA;AAAA;AAAA;AAM7C,QAAM,cAAc,KAAK,iBAAiB,IAAI;AAC9C,MAAI,aAAa;AACb,UAAM,SAAS,KAAK,gBACd,wBACA;AACN,2BAAuB;AAAA,MACnB,OAAO,MAAM,yBAAyB;AAAA,QAClC,mBAAmB,6DAAsB;AAAA,QACzC,QAAQ;AAAA,UACJ,SAAS;AAAA;AAAA,QAGb,cAAc;AAAA,UACV,QAAQ,mDAAiB;AAAA;AAAA;AAAA,MAGjC,QAAQ,GAAG,UAAU,KAAK,IAAI;AAAA;AAAA;AAItC,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AEzJb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAiBE;AACF,QAAM,EAAE,sBAAsB,iBAAiB,qBAC3C,MAAM,4BAA4B;AAAA,IAC9B,MAAM;AAAA,MACF,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA;AAAA,IAExB,KAAK,mBACE;AAAA;AAIf,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IACJ,qCAAqC;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAKZ,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;AC1DnC;AAEO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,UAAU;AAChC,SAAO;AAAA;;;ALFJ,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,6BAA6B,IAAI,2BAA2B;AAAA,MAC9D,MAAM;AAAA,MACN,WAAW;AAAA;AAGf,UAAM,gBAAgB,MAAM,UAAU,KAAK;AAC3C,YAAQ,IAAI;AAAA,WACP,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AM7CtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;;;ACJA;AAEA;AAEO,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,KAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;AAIR,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAIE;AACF,MAAI;AAEJ,MAAK,MAAM,WAAW,aAAc,SAAS,MAAM;AAC/C,wBAAoB,MAAM,QAAQ;AAAA,MAC9B,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,MAAM;AACX,eAAO,cAAc;AAAA;AAAA;AAAA,SAG1B;AACH,wBAAoB;AAAA;AAExB,SAAO;AAAA;;;ADtBJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,mBAAmB,iBAAiB;AAAA,EACpC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,KAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,UAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,MACd,GAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,IAAI,UAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAIZ,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,KAAK;AAAA;AAGrB,OAAG,cACC,KAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAC5C,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAE1D,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AE9EtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;;;ACJA;AAEO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,WAAU;AAEhC,SAAO;AAAA;;;ADEJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,KACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,mBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,aAAoC,KAAK,UAC3C,gBACA,EAAE,WAAW;AAEjB,UAAM,UAAmB;AAAA,MACrB,QAAQ,iBAAiB;AAAA,MACzB;AAAA;AAEJ,UAAM,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,UAAG,cAAc,aAAa,KAAK,UAAU,SAAS,MAAM;AAAA;AAAA,WAE3D,GAAP;AACE,UAAM;AAAA;AAAA;;;AE9Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AACA;AAWO,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAE1B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGvC,IAAM,YAAY,OAAO;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAME;AACF,QAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO;AAC9C,MAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAQ,MAAM,kBAAkB,WAAU;AAC1C;AAAA;AAEJ,QAAM,YAAY,OAAM,IAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,QAAM,YAAY,IAAI,WAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,UAAM,iBAAiB,IAAI,gBAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGrB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEJ,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,QAAI;AACJ,QAAI,KAAK,SAAS;AACd,YAAM,OAAM,IAAG,aAAa,KAAK,SAAS,EAAE,UAAU;AAAA;AAG1D,QAAI;AAEJ,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,iCACE,QAAQ,MADV;AAAA,QAED,qBACI,QAAQ,IAAI,uBACZ,4BAAK;AAAA;AAAA;AAIrB,QACK,MAAK,oBACF,QAAQ,IAAI,uBACZ,4BAAK,yBACT,qBAAqB,MAAM,iBAAiB,QAC9C;AACE,eAAS;AAAA,QACL,mBAAmB,qBAAqB,MAAM;AAAA,QAC9C,uBACI,qBAAqB,MAAM;AAAA,QAC/B,mBAAmB,qBAAqB,MAAM;AAAA;AAAA;AAItD,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI,EAAE,sBAAsB;AAAA;AAGxC,QAAI,CAAC,KAAK,WAAW,KAAK,SAAS;AAC/B,YAAM,MAAM,UAAU;AAAA,QAClB,SAAS,KAAK;AAAA,QACd;AAAA,QACA;AAAA,QACA,aAAa,KAAK;AAAA;AAAA;AA6C1B,UAAM,kBAAkB,QAAQ,KAAK,MACjC,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAGzC,QAAI,KAAK,SAAS;AACd,YAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,iDAAK,QAAQ,MAAQ,SAAW;AAAA;AAAA;AAAA,WAGxC,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;ACxLtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;AAQO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,YAAY,OACd,IAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aAAK,kBAAkB,KAAK,QAAQ,UAAU;AAAA;AAGlD,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAEP,QAAG,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,UAAM;AAAA;AAAA;;;AC5Gd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AAQO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,QAAI,CAAE,MAAM,WAAW,cAAe;AAClC,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,UAAU,KAAK,MACjB,IAAG,aAAa,aAAa,EAAE,UAAU;AAG7C,QAAI,CAAC,QAAQ,YAAY;AACrB,YAAM,IAAI,MAAM;AAAA;AAGpB,UAAM,iBAAyC,MAC3C,QAAQ,YACR,EAAE,WAAW;AAEjB,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI;AAAA;AAEhB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,0BAA0B,OAAO,YACnC,MAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAC3B,OAAO,CAAC,eAAe,eAAe;AAClC,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,OAAO;AAAA,UACP;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,sBACF,MAAK,UAAU,yBAAyB,EAAE,WAAW;AACzD,UAAM,mBAAqC;AAAA,MACvC,QAAQ,QAAQ;AAAA,MAChB;AAAA;AAGJ,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,UAAG,cACC,sBACA,KAAK,UAAU,kBAAkB,MAAM;AAAA;AAAA,WAG1C,GAAP;AACE,UAAM;AAAA;AAAA;;;AC/Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;AACA;AASO,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAElC,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,MACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAQvC,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAAI,CAAC,CAAC,eAAe,WAAW;AAC3D,YAAM,sBAAsB,IAAI,oBAAoB;AAAA,QAChD,MAAM,IAAI;AAAA,QACV,OAAO;AAAA,QACP,MAAM;AAAA,QACN,WAAW;AAAA;AAGf,aAAO,UAAU,KAAK;AAAA;AAAA,WAGzB,GAAP;AACE,UAAM;AAAA;AAAA;;;AdjJd,KAAK,MAAM,QAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,6BACR,QAAQ,sBACR,QAAQ,2BACR,QAAQ,2BACR,QAAQ,4BACR,QAAQ,4BAGR;",
6
6
  "names": []
7
7
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "dotsec",
3
- "version": "0.4.0",
3
+ "version": "0.7.0",
4
4
  "description": "",
5
5
  "main": "./dist/index.js",
6
6
  "types": "./dist/index.d.ts",
@@ -61,5 +61,5 @@
61
61
  "prompts": "^2.4.2",
62
62
  "yargs": "^17.4.0"
63
63
  },
64
- "gitHead": "6922ac5be21ec0da39ce9ce7b971fabb2c795915"
64
+ "gitHead": "4a6a891730c782f7ec628e0f0740e7b79896e720"
65
65
  }