dotsec 0.5.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +25 -1
- package/dist/cli.js +16 -9
- package/dist/cli.js.map +2 -2
- package/dist/esm/cli.js +16 -9
- package/dist/esm/cli.js.map +2 -2
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -10,12 +10,36 @@ Secure dot env. Encrypts your .env so you can safely store it in your project.
|
|
|
10
10
|
npx dotsec --env-file .env {command}
|
|
11
11
|
```
|
|
12
12
|
|
|
13
|
-
This command also supports injecting AWS assumed role credentials into the process environment
|
|
13
|
+
This command also supports injecting AWS assumed role credentials into the process environment.
|
|
14
|
+
|
|
15
|
+
You can specify the ARN of the role to assume in three ways:
|
|
16
|
+
|
|
17
|
+
- By adding the `--aws-assume-role-arn` flag
|
|
18
|
+
- By setting the `AWS_ASSUME_ROLE_ARN` environment variable
|
|
19
|
+
- By adding the `AWS_ASSUME_ROLE_ARN` environment variable to your target `.env` file
|
|
20
|
+
|
|
21
|
+
#### By adding the `--aws-assume-role-arn` flag
|
|
14
22
|
|
|
15
23
|
```sh
|
|
16
24
|
npx dotsec --env-file .env --aws-assume-role-arn arn:aws:iam::123456789012:role/special-role {command}
|
|
17
25
|
```
|
|
18
26
|
|
|
27
|
+
#### By setting the `AWS_ASSUME_ROLE_ARN` environment variable
|
|
28
|
+
|
|
29
|
+
```sh
|
|
30
|
+
AWS_ASSUME_ROLE_ARN=arn:aws:iam::123456789012:role/special-role npx dotsec --env-file .env {command}
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
#### By adding the `AWS_ASSUME_ROLE_ARN` environment variable to your target `.env` file
|
|
34
|
+
|
|
35
|
+
...
|
|
36
|
+
AWS_ASSUME_ROLE_ARN=arn:aws:iam::123456789012:role/special-role
|
|
37
|
+
...
|
|
38
|
+
|
|
39
|
+
```sh
|
|
40
|
+
npx dotsec --env-file .env {command}
|
|
41
|
+
```
|
|
42
|
+
|
|
19
43
|
#### Secure usage
|
|
20
44
|
|
|
21
45
|
Create a user managed AWS KMS key, add an alias. Refer to the AWS documentation for [creating keys](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) and [managing aliases](https://docs.aws.amazon.com/kms/latest/developerguide/alias-manage.html#alias-create)
|
package/dist/cli.js
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
var __create = Object.create;
|
|
2
2
|
var __defProp = Object.defineProperty;
|
|
3
|
+
var __defProps = Object.defineProperties;
|
|
3
4
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
5
|
+
var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
|
|
4
6
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
7
|
var __getOwnPropSymbols = Object.getOwnPropertySymbols;
|
|
6
8
|
var __getProtoOf = Object.getPrototypeOf;
|
|
@@ -18,6 +20,7 @@ var __spreadValues = (a, b) => {
|
|
|
18
20
|
}
|
|
19
21
|
return a;
|
|
20
22
|
};
|
|
23
|
+
var __spreadProps = (a, b) => __defProps(a, __getOwnPropDescs(b));
|
|
21
24
|
var __markAsModule = (target) => __defProp(target, "__esModule", { value: true });
|
|
22
25
|
var __export = (target, all) => {
|
|
23
26
|
__markAsModule(target);
|
|
@@ -190,19 +193,20 @@ var getCredentialsProfileRegion = async ({
|
|
|
190
193
|
};
|
|
191
194
|
}
|
|
192
195
|
}
|
|
193
|
-
|
|
194
|
-
|
|
196
|
+
const assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;
|
|
197
|
+
if (assumedRole) {
|
|
198
|
+
const origin = argv.assumeRoleArn ? "command line option" : "env variable";
|
|
195
199
|
credentialsAndOrigin = {
|
|
196
200
|
value: await (0, import_credential_providers.fromTemporaryCredentials)({
|
|
197
201
|
masterCredentials: credentialsAndOrigin == null ? void 0 : credentialsAndOrigin.value,
|
|
198
202
|
params: {
|
|
199
|
-
RoleArn:
|
|
203
|
+
RoleArn: assumedRole
|
|
200
204
|
},
|
|
201
205
|
clientConfig: {
|
|
202
206
|
region: regionAndOrigin == null ? void 0 : regionAndOrigin.value
|
|
203
207
|
}
|
|
204
208
|
})(),
|
|
205
|
-
origin:
|
|
209
|
+
origin: `${origin} ${bold(`[${assumedRole}]`)}`
|
|
206
210
|
};
|
|
207
211
|
}
|
|
208
212
|
return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };
|
|
@@ -575,10 +579,16 @@ var handleSec = async ({
|
|
|
575
579
|
};
|
|
576
580
|
var handler4 = async (argv) => {
|
|
577
581
|
try {
|
|
582
|
+
let env;
|
|
583
|
+
if (argv.envFile) {
|
|
584
|
+
env = (0, import_dotenv2.parse)(import_node_fs3.default.readFileSync(argv.envFile, { encoding: "utf8" }));
|
|
585
|
+
}
|
|
578
586
|
let awsEnv;
|
|
579
587
|
const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({
|
|
580
588
|
argv: __spreadValues({}, argv),
|
|
581
|
-
env: __spreadValues({}, process.env)
|
|
589
|
+
env: __spreadProps(__spreadValues({}, process.env), {
|
|
590
|
+
AWS_ASSUME_ROLE_ARN: process.env.AWS_ASSUME_ROLE_ARN || (env == null ? void 0 : env.AWS_ASSUME_ROLE_ARN)
|
|
591
|
+
})
|
|
582
592
|
});
|
|
583
593
|
if (argv.awsAssumeRoleArn && credentialsAndOrigin.value.sessionToken !== void 0) {
|
|
584
594
|
awsEnv = {
|
|
@@ -590,10 +600,7 @@ var handler4 = async (argv) => {
|
|
|
590
600
|
if (argv.verbose) {
|
|
591
601
|
console.log({ credentialsAndOrigin, regionAndOrigin });
|
|
592
602
|
}
|
|
593
|
-
|
|
594
|
-
if (argv.envFile) {
|
|
595
|
-
env = (0, import_dotenv2.parse)(import_node_fs3.default.readFileSync(argv.envFile, { encoding: "utf8" }));
|
|
596
|
-
} else if (argv.secFile) {
|
|
603
|
+
if (!argv.envFile && argv.secFile) {
|
|
597
604
|
env = await handleSec({
|
|
598
605
|
secFile: argv.secFile,
|
|
599
606
|
credentialsAndOrigin,
|
package/dist/cli.js.map
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../src/cli.ts", "../src/commands/debugCommand.ts", "../src/commonCliOptions.ts", "../src/utils/getCredentialsProfileRegion.ts", "../src/utils/logger.ts", "../src/lib/partial-commands/handleCredentialsAndRegion.ts", "../src/utils/ssm.ts", "../src/commands/decryptSecCommand.ts", "../src/utils/io.ts", "../src/commands/decryptSecretsJson.ts", "../src/utils/kms.ts", "../src/commands/defaultCommand.ts", "../src/commands/encryptEnvCommand.ts", "../src/commands/encryptSecretsJson.ts", "../src/commands/offloadToSSMCommand.ts"],
|
|
4
|
-
"sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as debugCommand from './commands/debugCommand';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as decryptSecretsJson from './commands/decryptSecretsJson';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\nimport * as encryptSecretsJson from './commands/encryptSecretsJson';\nimport * as offloadToSSMCommand from './commands/offloadToSSMCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(offloadToSSMCommand)\n .command(debugCommand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n .command(encryptSecretsJson)\n .command(decryptSecretsJson)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { GetParametersByPathCommand } from '@aws-sdk/client-ssm';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { getSSMClient } from '../utils/ssm';\n\nexport const command = 'debug';\nexport const desc = 'Debugs all the things';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const getParametersByPathCommand = new GetParametersByPathCommand({\n Path: `arn:aws:ssm:eu-west-1:060014838622:parameter/dotsec/*`,\n Recursive: true,\n });\n\n const commandResult = await ssmClient.send(getParametersByPathCommand);\n console.log(commandResult);\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n default: 'alias/top-secret',\n describe: 'AWS KMS key alias',\n },\n awsKeyArn: {\n string: true,\n describe: 'AWS KMS key id',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS key arn',\n },\n\n envFile: {\n string: true,\n describe: '.env file',\n default: '.env',\n },\n\n secFile: {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n awsAssumeRoleArn: {\n string: true,\n describe: 'arn or role to assume',\n },\n\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import {\n fromEnv,\n fromIni,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport {\n CredentialsAndOrigin,\n ProfileAndOrigin,\n RegionAndOrigin,\n} from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: {\n profile?: string;\n region?: string;\n assumeRoleArn?: string;\n };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n if (argv.profile) {\n profileAndOrigin = {\n value: argv.profile,\n origin: `command line option: ${bold(argv.profile)}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: argv.profile,\n })(),\n origin: `${bold(`[${argv.profile}]`)} in credentials file`,\n };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = {\n value: env.AWS_PROFILE,\n origin: `env variable ${bold('AWS_PROFILE')}: ${underline(\n env.AWS_PROFILE,\n )}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: env.AWS_PROFILE,\n })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(\n env.AWS_PROFILE,\n )}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold(\n 'AWS_SECRET_ACCESS_KEY',\n )}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = {\n value: 'default',\n origin: `${bold('[default]')} in credentials file`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: 'default',\n })(),\n origin: `profile ${bold('[default]')}`,\n };\n }\n\n if (argv.region) {\n regionAndOrigin = {\n value: argv.region,\n origin: `command line option: ${bold(argv.region)}`,\n };\n } else if (env.AWS_REGION) {\n regionAndOrigin = {\n value: env.AWS_REGION,\n origin: `env variable ${bold('AWS_REGION')}: ${underline(\n env.AWS_REGION,\n )}`,\n };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(\n env.AWS_DEFAULT_REGION,\n )}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion =\n sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = {\n value: foundRegion,\n origin: `${bold(\n `[profile ${profileAndOrigin.value}]`,\n )} in config file`,\n };\n }\n }\n\n if (argv.assumeRoleArn) {\n console.log('assume this yo');\n credentialsAndOrigin = {\n value: await fromTemporaryCredentials({\n masterCredentials: credentialsAndOrigin?.value,\n params: {\n RoleArn: argv.assumeRoleArn,\n },\n\n clientConfig: {\n region: regionAndOrigin?.value,\n },\n })(),\n origin: `assume role ${bold(`[${argv.assumeRoleArn}]`)}`,\n };\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n _logger = console;\n }\n\n return _logger;\n};\nexport const writeLine = (str: string) => {\n process.stdout.write(str);\n};\nexport const bold = (str: string): string => chalk.greenBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\nexport const clientLogger = {\n debug(content: object) {\n console.log(content);\n },\n info(content: object) {\n console.log(content);\n },\n warn(content: object) {\n console.log(content);\n },\n error(content: object) {\n console.error(content);\n },\n};\n", "import {\n getCredentialsProfileRegion,\n printVerboseCredentialsProfileRegion,\n} from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: {\n awsRegion?: string;\n awsProfile?: string;\n verbose?: boolean;\n awsAssumeRoleArn?: string;\n };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n await getCredentialsProfileRegion({\n argv: {\n region: argv.awsRegion,\n profile: argv.awsProfile,\n assumeRoleArn: argv.awsAssumeRoleArn,\n },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(\n printVerboseCredentialsProfileRegion({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n }),\n );\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { SSMClient, SSMClientConfig } from '@aws-sdk/client-ssm';\n\nexport const getSSMClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SSMClientConfig;\n}) => {\n const ssmClient = new SSMClient(configuration);\n return ssmClient;\n};\n", "import { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(\n fs.readFileSync(secSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(\n path.resolve(process.cwd(), argv.envFile || '.env'),\n envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'),\n );\n } catch (e) {\n console.error(e);\n }\n};\n", "import { stat } from 'fs/promises';\n\nimport prompts from 'prompts';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n\nexport const promptOverwriteIfFileExists = async ({\n filePath,\n skip,\n}: {\n filePath: string;\n skip?: boolean;\n}) => {\n let overwriteResponse: prompts.Answers<'overwrite'> | undefined;\n\n if ((await fileExists(filePath)) && skip !== true) {\n overwriteResponse = await prompts({\n type: 'confirm',\n name: 'overwrite',\n message: () => {\n return `Overwrite '${filePath}' ?`;\n },\n });\n } else {\n overwriteResponse = undefined;\n }\n return overwriteResponse;\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'decrypt-secrets-json';\nexport const desc = 'Derypts an encrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file writing secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const parameters: Secrets['parameters'] = flat.unflatten(\n flatParameters,\n { delimiter: '/' },\n );\n const secrets: Secrets = {\n config: encryptedSecrets.config,\n parameters,\n };\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: secretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(secretsPath, JSON.stringify(secrets, null, 4));\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { KMSClient, KMSClientConfig } from '@aws-sdk/client-kms';\n\nexport const getKMSClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: KMSClientConfig;\n}) => {\n const kmsClient = new KMSClient(configuration);\n\n return kmsClient;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport {\n CredentialsAndOrigin,\n RegionAndOrigin,\n YargsHandlerParams,\n} from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = '$0 <command>';\nexport const desc =\n 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'sec-file': commonCliOptions.secFile,\n 'env-file': commonCliOptions.envFile,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nconst handleSec = async ({\n secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n secFile: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const secSource = path.resolve(process.cwd(), secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n let awsEnv: Record<string, string> | undefined;\n\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n // `AWS_ACCESS_KEY_ID=${AccessKeyId} AWS_SECRET_ACCESS_KEY=${SecretAccessKey} AWS_SESSION_TOKEN=${SessionToken}`\n\n if (\n argv.awsAssumeRoleArn &&\n credentialsAndOrigin.value.sessionToken !== undefined\n ) {\n awsEnv = {\n AWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n AWS_SESSION_TOKEN: credentialsAndOrigin.value.sessionToken,\n };\n // this means we have\n }\n if (argv.verbose) {\n console.log({ credentialsAndOrigin, regionAndOrigin });\n }\n\n let env: Record<string, string> | undefined;\n if (argv.envFile) {\n env = parse(fs.readFileSync(argv.envFile, { encoding: 'utf8' }));\n } else if (argv.secFile) {\n env = await handleSec({\n secFile: argv.secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias: argv.awsKeyAlias,\n });\n }\n\n // const secSource = path.resolve(process.cwd(), argv.secFile);\n // if (!(await fileExists(secSource))) {\n // console.error(`Could not open ${redBright(secSource)}`);\n // return;\n // }\n // const parsedSec = parse(\n // fs.readFileSync(secSource, { encoding: 'utf8' }),\n // );\n\n // const kmsClient = new KMSClient({\n // credentials: credentialsAndOrigin.value,\n // region: regionAndOrigin.value,\n // });\n\n // const envEntries: [string, string][] = await Promise.all(\n // Object.entries(parsedSec).map(async ([key, cipherText]) => {\n // const decryptCommand = new DecryptCommand({\n // KeyId: argv.awsKeyAlias,\n // CiphertextBlob: Buffer.from(cipherText, 'base64'),\n // EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n // });\n // const decryptionResult = await kmsClient.send(decryptCommand);\n\n // if (!decryptionResult?.Plaintext) {\n // throw new Error(\n // `No: ${JSON.stringify({\n // key,\n // cipherText,\n // decryptCommand,\n // })}`,\n // );\n // }\n // const value = Buffer.from(\n // decryptionResult.Plaintext,\n // ).toString();\n // return [key, value];\n // }),\n // );\n // const env = Object.fromEntries(envEntries);\n\n //\n const userCommandArgs = process.argv.slice(\n process.argv.indexOf(argv.command) + 1,\n );\n\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...awsEnv, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(\n fs.readFileSync(envSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key,\n value,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(`Encrypting key ${bold(key)} ${underline('ok')}`);\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-secrets-json';\nexport const desc = 'Encrypts an unencrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file reading secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n if (!(await fileExists(secretsPath))) {\n error(`Could not open ${redBright(secretsPath)}`);\n return;\n }\n const secrets = JSON.parse(\n fs.readFileSync(secretsPath, { encoding: 'utf8' }),\n ) as Secrets;\n\n if (!secrets.parameters) {\n throw new Error(`Expected 'parameters' property, but got none`);\n }\n\n const flatParameters: Record<string, string> = flat(\n secrets.parameters,\n { delimiter: '/' },\n );\n if (argv.verbose) {\n console.log(flatParameters);\n }\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const encryptedFlatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatParameters).map(\n async ([parameterName, parameter]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(parameter),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n value: parameter,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return [parameterName, cipherText];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const encryptedParameters: EncryptedSecrets['encryptedParameters'] =\n flat.unflatten(encryptedFlatParameters, { delimiter: '/' });\n const encryptedSecrets: EncryptedSecrets = {\n config: secrets.config,\n encryptedParameters,\n };\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: encryptedSecretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(\n encryptedSecretsPath,\n JSON.stringify(encryptedSecrets, null, 4),\n );\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { PutParameterCommand } from '@aws-sdk/client-ssm';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nimport { getSSMClient } from '../utils/ssm';\nexport const command = 'offload-secrets-json-to-ssm';\nexport const desc =\n 'Sends decrypted values of secrets.encrypted.json file to SSM parameter store';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n // create ssm client\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n await Promise.all(\n Object.entries(flatParameters).map(([parameterName, value]) => {\n const putParameterCommand = new PutParameterCommand({\n Name: `/${parameterName}`,\n Value: value,\n Type: 'String',\n Overwrite: true,\n });\n\n return ssmClient.send(putParameterCommand);\n }),\n );\n } catch (e) {\n error(e);\n }\n};\n"],
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,qBAAwB;AACxB,mBAAkB;;;ACFlB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAA2C;;;ACEpC,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAGb,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,kBAAkB;AAAA,IACd,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAWd,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;AC5DlB,kCAIO;AACP,oCAAsC;;;ACLtC,mBAAkB;AAElB,IAAI;AAEG,IAAM,YAAY,MAAM;AAC3B,MAAI,CAAC,SAAS;AACV,cAAU;AAAA;AAGd,SAAO;AAAA;AAKJ,IAAM,OAAO,CAAC,QAAwB,qBAAM,YAAY,KAAK;AAC7D,IAAM,YAAY,CAAC,QAAwB,qBAAM,WAAW,KAAK;;;ADDjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAeE;AA/BN;AAgCI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AACnD,MAAI,KAAK,SAAS;AACd,uBAAmB;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAE9C,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS,KAAK;AAAA;AAAA,MAElB,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA;AAAA,aAEtB,IAAI,aAAa;AACxB,uBAAmB;AAAA,MACf,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,mBAAmB,UAC5C,IAAI;AAAA;AAGZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS,IAAI;AAAA;AAAA,MAEjB,QAAQ,gBAAgB,UAAU,mBAAmB,KACjD,IAAI;AAAA;AAAA,aAGL,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KACtD;AAAA;AAAA,aAGD,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB;AAAA,MACf,OAAO;AAAA,MACP,QAAQ,GAAG,KAAK;AAAA;AAEpB,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS;AAAA;AAAA,MAEb,QAAQ,WAAW,KAAK;AAAA;AAAA;AAIhC,MAAI,KAAK,QAAQ;AACb,sBAAkB;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAAA,aAEvC,IAAI,YAAY;AACvB,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,kBAAkB,UAC3C,IAAI;AAAA;AAAA,aAGL,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UACnD,IAAI;AAAA;AAAA,aAGL,kBAAkB;AACzB,UAAM,cACF,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7D,QAAI,aAAa;AACb,wBAAkB;AAAA,QACd,OAAO;AAAA,QACP,QAAQ,GAAG,KACP,YAAY,iBAAiB;AAAA;AAAA;AAAA;AAM7C,MAAI,KAAK,eAAe;AACpB,YAAQ,IAAI;AACZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,0DAAyB;AAAA,QAClC,mBAAmB,6DAAsB;AAAA,QACzC,QAAQ;AAAA,UACJ,SAAS,KAAK;AAAA;AAAA,QAGlB,cAAc;AAAA,UACV,QAAQ,mDAAiB;AAAA;AAAA;AAAA,MAGjC,QAAQ,eAAe,KAAK,IAAI,KAAK;AAAA;AAAA;AAI7C,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AErJb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAgBE;AACF,QAAM,EAAE,sBAAsB,iBAAiB,qBAC3C,MAAM,4BAA4B;AAAA,IAC9B,MAAM;AAAA,MACF,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA;AAAA,IAExB,KAAK,mBACE;AAAA;AAIf,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IACJ,qCAAqC;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAKZ,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;ACzDnC,wBAA2C;AAEpC,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,4BAAU;AAChC,SAAO;AAAA;;;ALFJ,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,6BAA6B,IAAI,8CAA2B;AAAA,MAC9D,MAAM;AAAA,MACN,WAAW;AAAA;AAGf,UAAM,gBAAgB,MAAM,UAAU,KAAK;AAC3C,YAAQ,IAAI;AAAA,WACP,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AM7CtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,wBAA0C;AAC1C,oBAA0B;AAC1B,oBAAsB;AACtB,qBAAe;AACf,uBAAiB;;;ACJjB,sBAAqB;AAErB,qBAAoB;AAEb,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,0BAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;AAIR,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAIE;AACF,MAAI;AAEJ,MAAK,MAAM,WAAW,aAAc,SAAS,MAAM;AAC/C,wBAAoB,MAAM,4BAAQ;AAAA,MAC9B,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,MAAM;AACX,eAAO,cAAc;AAAA;AAAA;AAAA,SAG1B;AACH,wBAAoB;AAAA;AAExB,SAAO;AAAA;;;ADtBJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,mBAAmB,iBAAiB;AAAA,EACpC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,yBAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,yBACd,uBAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,IAAI,4BAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,iCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAIZ,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,KAAK;AAAA;AAGrB,2BAAG,cACC,yBAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAC5C,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAE1D,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AE9EtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,oBAA0B;AAC1B,kBAAiB;AACjB,sBAAe;AACf,wBAAiB;;;ACJjB,yBAA2C;AAEpC,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,6BAAU;AAEhC,SAAO;AAAA;;;ADEJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,wBAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,yBACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,aAAoC,oBAAK,UAC3C,gBACA,EAAE,WAAW;AAEjB,UAAM,UAAmB;AAAA,MACrB,QAAQ,iBAAiB;AAAA,MACzB;AAAA;AAEJ,UAAM,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,8BAAG,cAAc,aAAa,KAAK,UAAU,SAAS,MAAM;AAAA;AAAA,WAE3D,GAAP;AACE,UAAM;AAAA;AAAA;;;AE9Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAA0C;AAC1C,oBAA0B;AAC1B,yBAAsB;AACtB,qBAAsB;AAWf,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAE1B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGvC,IAAM,YAAY,OAAO;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAME;AACF,QAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO;AAC9C,MAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,QAAM,YAAY,0BAAM,wBAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,QAAM,YAAY,IAAI,6BAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,UAAM,iBAAiB,IAAI,kCAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGrB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEJ,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,QAAI;AAEJ,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAI1B,QACI,KAAK,oBACL,qBAAqB,MAAM,iBAAiB,QAC9C;AACE,eAAS;AAAA,QACL,mBAAmB,qBAAqB,MAAM;AAAA,QAC9C,uBACI,qBAAqB,MAAM;AAAA,QAC/B,mBAAmB,qBAAqB,MAAM;AAAA;AAAA;AAItD,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI,EAAE,sBAAsB;AAAA;AAGxC,QAAI;AACJ,QAAI,KAAK,SAAS;AACd,YAAM,0BAAM,wBAAG,aAAa,KAAK,SAAS,EAAE,UAAU;AAAA,eAC/C,KAAK,SAAS;AACrB,YAAM,MAAM,UAAU;AAAA,QAClB,SAAS,KAAK;AAAA,QACd;AAAA,QACA;AAAA,QACA,aAAa,KAAK;AAAA;AAAA;AA6C1B,UAAM,kBAAkB,QAAQ,KAAK,MACjC,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAGzC,QAAI,KAAK,SAAS;AACd,oCAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,iDAAK,QAAQ,MAAQ,SAAW;AAAA;AAAA;AAAA,WAGxC,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AChLtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,oBAA0B;AAC1B,qBAAsB;AACtB,sBAAe;AACf,wBAAiB;AAQV,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,YAAY,0BACd,wBAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aAAK,kBAAkB,KAAK,QAAQ,UAAU;AAAA;AAGlD,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAEP,4BAAG,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,UAAM;AAAA;AAAA;;;AC5Gd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAAmD;AACnD,oBAA0B;AAC1B,mBAAiB;AAQV,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,QAAI,CAAE,MAAM,WAAW,cAAe;AAClC,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,UAAU,KAAK,MACjB,wBAAG,aAAa,aAAa,EAAE,UAAU;AAG7C,QAAI,CAAC,QAAQ,YAAY;AACrB,YAAM,IAAI,MAAM;AAAA;AAGpB,UAAM,iBAAyC,0BAC3C,QAAQ,YACR,EAAE,WAAW;AAEjB,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI;AAAA;AAEhB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,0BAA0B,OAAO,YACnC,MAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAC3B,OAAO,CAAC,eAAe,eAAe;AAClC,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,OAAO;AAAA,UACP;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,sBACF,qBAAK,UAAU,yBAAyB,EAAE,WAAW;AACzD,UAAM,mBAAqC;AAAA,MACvC,QAAQ,QAAQ;AAAA,MAChB;AAAA;AAGJ,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,8BAAG,cACC,sBACA,KAAK,UAAU,kBAAkB,MAAM;AAAA;AAAA,WAG1C,GAAP;AACE,UAAM;AAAA;AAAA;;;AC/Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,yBAAoC;AACpC,oBAA0B;AAC1B,mBAAiB;AACjB,sBAAe;AACf,wBAAiB;AASV,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAElC,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,wBAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,0BACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAQvC,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAAI,CAAC,CAAC,eAAe,WAAW;AAC3D,YAAM,sBAAsB,IAAI,uCAAoB;AAAA,QAChD,MAAM,IAAI;AAAA,QACV,OAAO;AAAA,QACP,MAAM;AAAA,QACN,WAAW;AAAA;AAGf,aAAO,UAAU,KAAK;AAAA;AAAA,WAGzB,GAAP;AACE,UAAM;AAAA;AAAA;;;AdjJd,KAAK,0BAAM,4BAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,6BACR,QAAQ,sBACR,QAAQ,2BACR,QAAQ,2BACR,QAAQ,4BACR,QAAQ,4BAGR;",
|
|
4
|
+
"sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as debugCommand from './commands/debugCommand';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as decryptSecretsJson from './commands/decryptSecretsJson';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\nimport * as encryptSecretsJson from './commands/encryptSecretsJson';\nimport * as offloadToSSMCommand from './commands/offloadToSSMCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(offloadToSSMCommand)\n .command(debugCommand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n .command(encryptSecretsJson)\n .command(decryptSecretsJson)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { GetParametersByPathCommand } from '@aws-sdk/client-ssm';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { getSSMClient } from '../utils/ssm';\n\nexport const command = 'debug';\nexport const desc = 'Debugs all the things';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const getParametersByPathCommand = new GetParametersByPathCommand({\n Path: `arn:aws:ssm:eu-west-1:060014838622:parameter/dotsec/*`,\n Recursive: true,\n });\n\n const commandResult = await ssmClient.send(getParametersByPathCommand);\n console.log(commandResult);\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n default: 'alias/top-secret',\n describe: 'AWS KMS key alias',\n },\n awsKeyArn: {\n string: true,\n describe: 'AWS KMS key id',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS key arn',\n },\n\n envFile: {\n string: true,\n describe: '.env file',\n default: '.env',\n },\n\n secFile: {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n awsAssumeRoleArn: {\n string: true,\n describe: 'arn or role to assume',\n },\n\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import {\n fromEnv,\n fromIni,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport {\n CredentialsAndOrigin,\n ProfileAndOrigin,\n RegionAndOrigin,\n} from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: {\n profile?: string;\n region?: string;\n assumeRoleArn?: string;\n };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n if (argv.profile) {\n profileAndOrigin = {\n value: argv.profile,\n origin: `command line option: ${bold(argv.profile)}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: argv.profile,\n })(),\n origin: `${bold(`[${argv.profile}]`)} in credentials file`,\n };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = {\n value: env.AWS_PROFILE,\n origin: `env variable ${bold('AWS_PROFILE')}: ${underline(\n env.AWS_PROFILE,\n )}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: env.AWS_PROFILE,\n })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(\n env.AWS_PROFILE,\n )}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold(\n 'AWS_SECRET_ACCESS_KEY',\n )}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = {\n value: 'default',\n origin: `${bold('[default]')} in credentials file`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: 'default',\n })(),\n origin: `profile ${bold('[default]')}`,\n };\n }\n\n if (argv.region) {\n regionAndOrigin = {\n value: argv.region,\n origin: `command line option: ${bold(argv.region)}`,\n };\n } else if (env.AWS_REGION) {\n regionAndOrigin = {\n value: env.AWS_REGION,\n origin: `env variable ${bold('AWS_REGION')}: ${underline(\n env.AWS_REGION,\n )}`,\n };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(\n env.AWS_DEFAULT_REGION,\n )}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion =\n sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = {\n value: foundRegion,\n origin: `${bold(\n `[profile ${profileAndOrigin.value}]`,\n )} in config file`,\n };\n }\n }\n\n const assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;\n if (assumedRole) {\n const origin = argv.assumeRoleArn\n ? 'command line option'\n : 'env variable';\n credentialsAndOrigin = {\n value: await fromTemporaryCredentials({\n masterCredentials: credentialsAndOrigin?.value,\n params: {\n RoleArn: assumedRole,\n },\n\n clientConfig: {\n region: regionAndOrigin?.value,\n },\n })(),\n origin: `${origin} ${bold(`[${assumedRole}]`)}`,\n };\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n _logger = console;\n }\n\n return _logger;\n};\nexport const writeLine = (str: string) => {\n process.stdout.write(str);\n};\nexport const bold = (str: string): string => chalk.greenBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\nexport const clientLogger = {\n debug(content: object) {\n console.log(content);\n },\n info(content: object) {\n console.log(content);\n },\n warn(content: object) {\n console.log(content);\n },\n error(content: object) {\n console.error(content);\n },\n};\n", "import {\n getCredentialsProfileRegion,\n printVerboseCredentialsProfileRegion,\n} from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: {\n awsRegion?: string;\n awsProfile?: string;\n verbose?: boolean;\n awsAssumeRoleArn?: string;\n };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n await getCredentialsProfileRegion({\n argv: {\n region: argv.awsRegion,\n profile: argv.awsProfile,\n assumeRoleArn: argv.awsAssumeRoleArn,\n },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(\n printVerboseCredentialsProfileRegion({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n }),\n );\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { SSMClient, SSMClientConfig } from '@aws-sdk/client-ssm';\n\nexport const getSSMClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SSMClientConfig;\n}) => {\n const ssmClient = new SSMClient(configuration);\n return ssmClient;\n};\n", "import { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(\n fs.readFileSync(secSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(\n path.resolve(process.cwd(), argv.envFile || '.env'),\n envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'),\n );\n } catch (e) {\n console.error(e);\n }\n};\n", "import { stat } from 'fs/promises';\n\nimport prompts from 'prompts';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n\nexport const promptOverwriteIfFileExists = async ({\n filePath,\n skip,\n}: {\n filePath: string;\n skip?: boolean;\n}) => {\n let overwriteResponse: prompts.Answers<'overwrite'> | undefined;\n\n if ((await fileExists(filePath)) && skip !== true) {\n overwriteResponse = await prompts({\n type: 'confirm',\n name: 'overwrite',\n message: () => {\n return `Overwrite '${filePath}' ?`;\n },\n });\n } else {\n overwriteResponse = undefined;\n }\n return overwriteResponse;\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'decrypt-secrets-json';\nexport const desc = 'Derypts an encrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file writing secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const parameters: Secrets['parameters'] = flat.unflatten(\n flatParameters,\n { delimiter: '/' },\n );\n const secrets: Secrets = {\n config: encryptedSecrets.config,\n parameters,\n };\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: secretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(secretsPath, JSON.stringify(secrets, null, 4));\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { KMSClient, KMSClientConfig } from '@aws-sdk/client-kms';\n\nexport const getKMSClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: KMSClientConfig;\n}) => {\n const kmsClient = new KMSClient(configuration);\n\n return kmsClient;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport {\n CredentialsAndOrigin,\n RegionAndOrigin,\n YargsHandlerParams,\n} from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = '$0 <command>';\nexport const desc =\n 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'sec-file': commonCliOptions.secFile,\n 'env-file': commonCliOptions.envFile,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nconst handleSec = async ({\n secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n secFile: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const secSource = path.resolve(process.cwd(), secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n let env: Record<string, string> | undefined;\n if (argv.envFile) {\n env = parse(fs.readFileSync(argv.envFile, { encoding: 'utf8' }));\n }\n\n let awsEnv: Record<string, string> | undefined;\n\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: {\n ...process.env,\n AWS_ASSUME_ROLE_ARN:\n process.env.AWS_ASSUME_ROLE_ARN ||\n env?.AWS_ASSUME_ROLE_ARN,\n },\n });\n\n if (\n argv.awsAssumeRoleArn &&\n credentialsAndOrigin.value.sessionToken !== undefined\n ) {\n awsEnv = {\n AWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n AWS_SESSION_TOKEN: credentialsAndOrigin.value.sessionToken,\n };\n // this means we have\n }\n if (argv.verbose) {\n console.log({ credentialsAndOrigin, regionAndOrigin });\n }\n\n if (!argv.envFile && argv.secFile) {\n env = await handleSec({\n secFile: argv.secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias: argv.awsKeyAlias,\n });\n }\n\n // const secSource = path.resolve(process.cwd(), argv.secFile);\n // if (!(await fileExists(secSource))) {\n // console.error(`Could not open ${redBright(secSource)}`);\n // return;\n // }\n // const parsedSec = parse(\n // fs.readFileSync(secSource, { encoding: 'utf8' }),\n // );\n\n // const kmsClient = new KMSClient({\n // credentials: credentialsAndOrigin.value,\n // region: regionAndOrigin.value,\n // });\n\n // const envEntries: [string, string][] = await Promise.all(\n // Object.entries(parsedSec).map(async ([key, cipherText]) => {\n // const decryptCommand = new DecryptCommand({\n // KeyId: argv.awsKeyAlias,\n // CiphertextBlob: Buffer.from(cipherText, 'base64'),\n // EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n // });\n // const decryptionResult = await kmsClient.send(decryptCommand);\n\n // if (!decryptionResult?.Plaintext) {\n // throw new Error(\n // `No: ${JSON.stringify({\n // key,\n // cipherText,\n // decryptCommand,\n // })}`,\n // );\n // }\n // const value = Buffer.from(\n // decryptionResult.Plaintext,\n // ).toString();\n // return [key, value];\n // }),\n // );\n // const env = Object.fromEntries(envEntries);\n\n //\n const userCommandArgs = process.argv.slice(\n process.argv.indexOf(argv.command) + 1,\n );\n\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...awsEnv, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(\n fs.readFileSync(envSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key,\n value,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(`Encrypting key ${bold(key)} ${underline('ok')}`);\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-secrets-json';\nexport const desc = 'Encrypts an unencrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file reading secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n if (!(await fileExists(secretsPath))) {\n error(`Could not open ${redBright(secretsPath)}`);\n return;\n }\n const secrets = JSON.parse(\n fs.readFileSync(secretsPath, { encoding: 'utf8' }),\n ) as Secrets;\n\n if (!secrets.parameters) {\n throw new Error(`Expected 'parameters' property, but got none`);\n }\n\n const flatParameters: Record<string, string> = flat(\n secrets.parameters,\n { delimiter: '/' },\n );\n if (argv.verbose) {\n console.log(flatParameters);\n }\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const encryptedFlatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatParameters).map(\n async ([parameterName, parameter]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(parameter),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n value: parameter,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return [parameterName, cipherText];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const encryptedParameters: EncryptedSecrets['encryptedParameters'] =\n flat.unflatten(encryptedFlatParameters, { delimiter: '/' });\n const encryptedSecrets: EncryptedSecrets = {\n config: secrets.config,\n encryptedParameters,\n };\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: encryptedSecretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(\n encryptedSecretsPath,\n JSON.stringify(encryptedSecrets, null, 4),\n );\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { PutParameterCommand } from '@aws-sdk/client-ssm';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nimport { getSSMClient } from '../utils/ssm';\nexport const command = 'offload-secrets-json-to-ssm';\nexport const desc =\n 'Sends decrypted values of secrets.encrypted.json file to SSM parameter store';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n // create ssm client\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n await Promise.all(\n Object.entries(flatParameters).map(([parameterName, value]) => {\n const putParameterCommand = new PutParameterCommand({\n Name: `/${parameterName}`,\n Value: value,\n Type: 'String',\n Overwrite: true,\n });\n\n return ssmClient.send(putParameterCommand);\n }),\n );\n } catch (e) {\n error(e);\n }\n};\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,qBAAwB;AACxB,mBAAkB;;;ACFlB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAA2C;;;ACEpC,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAGb,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,kBAAkB;AAAA,IACd,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAWd,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;AC5DlB,kCAIO;AACP,oCAAsC;;;ACLtC,mBAAkB;AAElB,IAAI;AAEG,IAAM,YAAY,MAAM;AAC3B,MAAI,CAAC,SAAS;AACV,cAAU;AAAA;AAGd,SAAO;AAAA;AAKJ,IAAM,OAAO,CAAC,QAAwB,qBAAM,YAAY,KAAK;AAC7D,IAAM,YAAY,CAAC,QAAwB,qBAAM,WAAW,KAAK;;;ADDjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAgBE;AAhCN;AAiCI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AACnD,MAAI,KAAK,SAAS;AACd,uBAAmB;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAE9C,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS,KAAK;AAAA;AAAA,MAElB,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA;AAAA,aAEtB,IAAI,aAAa;AACxB,uBAAmB;AAAA,MACf,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,mBAAmB,UAC5C,IAAI;AAAA;AAGZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS,IAAI;AAAA;AAAA,MAEjB,QAAQ,gBAAgB,UAAU,mBAAmB,KACjD,IAAI;AAAA;AAAA,aAGL,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KACtD;AAAA;AAAA,aAGD,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB;AAAA,MACf,OAAO;AAAA,MACP,QAAQ,GAAG,KAAK;AAAA;AAEpB,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS;AAAA;AAAA,MAEb,QAAQ,WAAW,KAAK;AAAA;AAAA;AAIhC,MAAI,KAAK,QAAQ;AACb,sBAAkB;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAAA,aAEvC,IAAI,YAAY;AACvB,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,kBAAkB,UAC3C,IAAI;AAAA;AAAA,aAGL,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UACnD,IAAI;AAAA;AAAA,aAGL,kBAAkB;AACzB,UAAM,cACF,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7D,QAAI,aAAa;AACb,wBAAkB;AAAA,QACd,OAAO;AAAA,QACP,QAAQ,GAAG,KACP,YAAY,iBAAiB;AAAA;AAAA;AAAA;AAM7C,QAAM,cAAc,KAAK,iBAAiB,IAAI;AAC9C,MAAI,aAAa;AACb,UAAM,SAAS,KAAK,gBACd,wBACA;AACN,2BAAuB;AAAA,MACnB,OAAO,MAAM,0DAAyB;AAAA,QAClC,mBAAmB,6DAAsB;AAAA,QACzC,QAAQ;AAAA,UACJ,SAAS;AAAA;AAAA,QAGb,cAAc;AAAA,UACV,QAAQ,mDAAiB;AAAA;AAAA;AAAA,MAGjC,QAAQ,GAAG,UAAU,KAAK,IAAI;AAAA;AAAA;AAItC,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AEzJb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAiBE;AACF,QAAM,EAAE,sBAAsB,iBAAiB,qBAC3C,MAAM,4BAA4B;AAAA,IAC9B,MAAM;AAAA,MACF,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA;AAAA,IAExB,KAAK,mBACE;AAAA;AAIf,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IACJ,qCAAqC;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAKZ,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;AC1DnC,wBAA2C;AAEpC,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,4BAAU;AAChC,SAAO;AAAA;;;ALFJ,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,6BAA6B,IAAI,8CAA2B;AAAA,MAC9D,MAAM;AAAA,MACN,WAAW;AAAA;AAGf,UAAM,gBAAgB,MAAM,UAAU,KAAK;AAC3C,YAAQ,IAAI;AAAA,WACP,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AM7CtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,wBAA0C;AAC1C,oBAA0B;AAC1B,oBAAsB;AACtB,qBAAe;AACf,uBAAiB;;;ACJjB,sBAAqB;AAErB,qBAAoB;AAEb,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,0BAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;AAIR,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAIE;AACF,MAAI;AAEJ,MAAK,MAAM,WAAW,aAAc,SAAS,MAAM;AAC/C,wBAAoB,MAAM,4BAAQ;AAAA,MAC9B,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,MAAM;AACX,eAAO,cAAc;AAAA;AAAA;AAAA,SAG1B;AACH,wBAAoB;AAAA;AAExB,SAAO;AAAA;;;ADtBJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,mBAAmB,iBAAiB;AAAA,EACpC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,yBAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,yBACd,uBAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,IAAI,4BAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,iCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAIZ,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,KAAK;AAAA;AAGrB,2BAAG,cACC,yBAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAC5C,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAE1D,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AE9EtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,oBAA0B;AAC1B,kBAAiB;AACjB,sBAAe;AACf,wBAAiB;;;ACJjB,yBAA2C;AAEpC,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,6BAAU;AAEhC,SAAO;AAAA;;;ADEJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,wBAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,yBACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,aAAoC,oBAAK,UAC3C,gBACA,EAAE,WAAW;AAEjB,UAAM,UAAmB;AAAA,MACrB,QAAQ,iBAAiB;AAAA,MACzB;AAAA;AAEJ,UAAM,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,8BAAG,cAAc,aAAa,KAAK,UAAU,SAAS,MAAM;AAAA;AAAA,WAE3D,GAAP;AACE,UAAM;AAAA;AAAA;;;AE9Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAA0C;AAC1C,oBAA0B;AAC1B,yBAAsB;AACtB,qBAAsB;AAWf,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAE1B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGvC,IAAM,YAAY,OAAO;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAME;AACF,QAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO;AAC9C,MAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,QAAM,YAAY,0BAAM,wBAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,QAAM,YAAY,IAAI,6BAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,UAAM,iBAAiB,IAAI,kCAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGrB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEJ,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,QAAI;AACJ,QAAI,KAAK,SAAS;AACd,YAAM,0BAAM,wBAAG,aAAa,KAAK,SAAS,EAAE,UAAU;AAAA;AAG1D,QAAI;AAEJ,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,iCACE,QAAQ,MADV;AAAA,QAED,qBACI,QAAQ,IAAI,uBACZ,4BAAK;AAAA;AAAA;AAIrB,QACI,KAAK,oBACL,qBAAqB,MAAM,iBAAiB,QAC9C;AACE,eAAS;AAAA,QACL,mBAAmB,qBAAqB,MAAM;AAAA,QAC9C,uBACI,qBAAqB,MAAM;AAAA,QAC/B,mBAAmB,qBAAqB,MAAM;AAAA;AAAA;AAItD,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI,EAAE,sBAAsB;AAAA;AAGxC,QAAI,CAAC,KAAK,WAAW,KAAK,SAAS;AAC/B,YAAM,MAAM,UAAU;AAAA,QAClB,SAAS,KAAK;AAAA,QACd;AAAA,QACA;AAAA,QACA,aAAa,KAAK;AAAA;AAAA;AA6C1B,UAAM,kBAAkB,QAAQ,KAAK,MACjC,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAGzC,QAAI,KAAK,SAAS;AACd,oCAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,iDAAK,QAAQ,MAAQ,SAAW;AAAA;AAAA;AAAA,WAGxC,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;ACtLtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,oBAA0B;AAC1B,qBAAsB;AACtB,sBAAe;AACf,wBAAiB;AAQV,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,YAAY,0BACd,wBAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aAAK,kBAAkB,KAAK,QAAQ,UAAU;AAAA;AAGlD,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAEP,4BAAG,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,UAAM;AAAA;AAAA;;;AC5Gd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAAmD;AACnD,oBAA0B;AAC1B,mBAAiB;AAQV,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,QAAI,CAAE,MAAM,WAAW,cAAe;AAClC,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,UAAU,KAAK,MACjB,wBAAG,aAAa,aAAa,EAAE,UAAU;AAG7C,QAAI,CAAC,QAAQ,YAAY;AACrB,YAAM,IAAI,MAAM;AAAA;AAGpB,UAAM,iBAAyC,0BAC3C,QAAQ,YACR,EAAE,WAAW;AAEjB,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI;AAAA;AAEhB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,0BAA0B,OAAO,YACnC,MAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAC3B,OAAO,CAAC,eAAe,eAAe;AAClC,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,OAAO;AAAA,UACP;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,sBACF,qBAAK,UAAU,yBAAyB,EAAE,WAAW;AACzD,UAAM,mBAAqC;AAAA,MACvC,QAAQ,QAAQ;AAAA,MAChB;AAAA;AAGJ,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,8BAAG,cACC,sBACA,KAAK,UAAU,kBAAkB,MAAM;AAAA;AAAA,WAG1C,GAAP;AACE,UAAM;AAAA;AAAA;;;AC/Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,yBAAoC;AACpC,oBAA0B;AAC1B,mBAAiB;AACjB,sBAAe;AACf,wBAAiB;AASV,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAElC,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,wBAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,0BACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAQvC,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAAI,CAAC,CAAC,eAAe,WAAW;AAC3D,YAAM,sBAAsB,IAAI,uCAAoB;AAAA,QAChD,MAAM,IAAI;AAAA,QACV,OAAO;AAAA,QACP,MAAM;AAAA,QACN,WAAW;AAAA;AAGf,aAAO,UAAU,KAAK;AAAA;AAAA,WAGzB,GAAP;AACE,UAAM;AAAA;AAAA;;;AdjJd,KAAK,0BAAM,4BAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,6BACR,QAAQ,sBACR,QAAQ,2BACR,QAAQ,2BACR,QAAQ,4BACR,QAAQ,4BAGR;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
package/dist/esm/cli.js
CHANGED
|
@@ -1,4 +1,6 @@
|
|
|
1
1
|
var __defProp = Object.defineProperty;
|
|
2
|
+
var __defProps = Object.defineProperties;
|
|
3
|
+
var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
|
|
2
4
|
var __getOwnPropSymbols = Object.getOwnPropertySymbols;
|
|
3
5
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
4
6
|
var __propIsEnum = Object.prototype.propertyIsEnumerable;
|
|
@@ -14,6 +16,7 @@ var __spreadValues = (a, b) => {
|
|
|
14
16
|
}
|
|
15
17
|
return a;
|
|
16
18
|
};
|
|
19
|
+
var __spreadProps = (a, b) => __defProps(a, __getOwnPropDescs(b));
|
|
17
20
|
var __markAsModule = (target) => __defProp(target, "__esModule", { value: true });
|
|
18
21
|
var __export = (target, all) => {
|
|
19
22
|
__markAsModule(target);
|
|
@@ -179,19 +182,20 @@ var getCredentialsProfileRegion = async ({
|
|
|
179
182
|
};
|
|
180
183
|
}
|
|
181
184
|
}
|
|
182
|
-
|
|
183
|
-
|
|
185
|
+
const assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;
|
|
186
|
+
if (assumedRole) {
|
|
187
|
+
const origin = argv.assumeRoleArn ? "command line option" : "env variable";
|
|
184
188
|
credentialsAndOrigin = {
|
|
185
189
|
value: await fromTemporaryCredentials({
|
|
186
190
|
masterCredentials: credentialsAndOrigin == null ? void 0 : credentialsAndOrigin.value,
|
|
187
191
|
params: {
|
|
188
|
-
RoleArn:
|
|
192
|
+
RoleArn: assumedRole
|
|
189
193
|
},
|
|
190
194
|
clientConfig: {
|
|
191
195
|
region: regionAndOrigin == null ? void 0 : regionAndOrigin.value
|
|
192
196
|
}
|
|
193
197
|
})(),
|
|
194
|
-
origin:
|
|
198
|
+
origin: `${origin} ${bold(`[${assumedRole}]`)}`
|
|
195
199
|
};
|
|
196
200
|
}
|
|
197
201
|
return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };
|
|
@@ -564,10 +568,16 @@ var handleSec = async ({
|
|
|
564
568
|
};
|
|
565
569
|
var handler4 = async (argv) => {
|
|
566
570
|
try {
|
|
571
|
+
let env;
|
|
572
|
+
if (argv.envFile) {
|
|
573
|
+
env = parse2(fs3.readFileSync(argv.envFile, { encoding: "utf8" }));
|
|
574
|
+
}
|
|
567
575
|
let awsEnv;
|
|
568
576
|
const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({
|
|
569
577
|
argv: __spreadValues({}, argv),
|
|
570
|
-
env: __spreadValues({}, process.env)
|
|
578
|
+
env: __spreadProps(__spreadValues({}, process.env), {
|
|
579
|
+
AWS_ASSUME_ROLE_ARN: process.env.AWS_ASSUME_ROLE_ARN || (env == null ? void 0 : env.AWS_ASSUME_ROLE_ARN)
|
|
580
|
+
})
|
|
571
581
|
});
|
|
572
582
|
if (argv.awsAssumeRoleArn && credentialsAndOrigin.value.sessionToken !== void 0) {
|
|
573
583
|
awsEnv = {
|
|
@@ -579,10 +589,7 @@ var handler4 = async (argv) => {
|
|
|
579
589
|
if (argv.verbose) {
|
|
580
590
|
console.log({ credentialsAndOrigin, regionAndOrigin });
|
|
581
591
|
}
|
|
582
|
-
|
|
583
|
-
if (argv.envFile) {
|
|
584
|
-
env = parse2(fs3.readFileSync(argv.envFile, { encoding: "utf8" }));
|
|
585
|
-
} else if (argv.secFile) {
|
|
592
|
+
if (!argv.envFile && argv.secFile) {
|
|
586
593
|
env = await handleSec({
|
|
587
594
|
secFile: argv.secFile,
|
|
588
595
|
credentialsAndOrigin,
|
package/dist/esm/cli.js.map
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../src/cli.ts", "../../src/commands/debugCommand.ts", "../../src/commonCliOptions.ts", "../../src/utils/getCredentialsProfileRegion.ts", "../../src/utils/logger.ts", "../../src/lib/partial-commands/handleCredentialsAndRegion.ts", "../../src/utils/ssm.ts", "../../src/commands/decryptSecCommand.ts", "../../src/utils/io.ts", "../../src/commands/decryptSecretsJson.ts", "../../src/utils/kms.ts", "../../src/commands/defaultCommand.ts", "../../src/commands/encryptEnvCommand.ts", "../../src/commands/encryptSecretsJson.ts", "../../src/commands/offloadToSSMCommand.ts"],
|
|
4
|
-
"sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as debugCommand from './commands/debugCommand';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as decryptSecretsJson from './commands/decryptSecretsJson';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\nimport * as encryptSecretsJson from './commands/encryptSecretsJson';\nimport * as offloadToSSMCommand from './commands/offloadToSSMCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(offloadToSSMCommand)\n .command(debugCommand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n .command(encryptSecretsJson)\n .command(decryptSecretsJson)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { GetParametersByPathCommand } from '@aws-sdk/client-ssm';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { getSSMClient } from '../utils/ssm';\n\nexport const command = 'debug';\nexport const desc = 'Debugs all the things';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const getParametersByPathCommand = new GetParametersByPathCommand({\n Path: `arn:aws:ssm:eu-west-1:060014838622:parameter/dotsec/*`,\n Recursive: true,\n });\n\n const commandResult = await ssmClient.send(getParametersByPathCommand);\n console.log(commandResult);\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n default: 'alias/top-secret',\n describe: 'AWS KMS key alias',\n },\n awsKeyArn: {\n string: true,\n describe: 'AWS KMS key id',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS key arn',\n },\n\n envFile: {\n string: true,\n describe: '.env file',\n default: '.env',\n },\n\n secFile: {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n awsAssumeRoleArn: {\n string: true,\n describe: 'arn or role to assume',\n },\n\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import {\n fromEnv,\n fromIni,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport {\n CredentialsAndOrigin,\n ProfileAndOrigin,\n RegionAndOrigin,\n} from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: {\n profile?: string;\n region?: string;\n assumeRoleArn?: string;\n };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n if (argv.profile) {\n profileAndOrigin = {\n value: argv.profile,\n origin: `command line option: ${bold(argv.profile)}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: argv.profile,\n })(),\n origin: `${bold(`[${argv.profile}]`)} in credentials file`,\n };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = {\n value: env.AWS_PROFILE,\n origin: `env variable ${bold('AWS_PROFILE')}: ${underline(\n env.AWS_PROFILE,\n )}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: env.AWS_PROFILE,\n })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(\n env.AWS_PROFILE,\n )}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold(\n 'AWS_SECRET_ACCESS_KEY',\n )}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = {\n value: 'default',\n origin: `${bold('[default]')} in credentials file`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: 'default',\n })(),\n origin: `profile ${bold('[default]')}`,\n };\n }\n\n if (argv.region) {\n regionAndOrigin = {\n value: argv.region,\n origin: `command line option: ${bold(argv.region)}`,\n };\n } else if (env.AWS_REGION) {\n regionAndOrigin = {\n value: env.AWS_REGION,\n origin: `env variable ${bold('AWS_REGION')}: ${underline(\n env.AWS_REGION,\n )}`,\n };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(\n env.AWS_DEFAULT_REGION,\n )}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion =\n sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = {\n value: foundRegion,\n origin: `${bold(\n `[profile ${profileAndOrigin.value}]`,\n )} in config file`,\n };\n }\n }\n\n if (argv.assumeRoleArn) {\n console.log('assume this yo');\n credentialsAndOrigin = {\n value: await fromTemporaryCredentials({\n masterCredentials: credentialsAndOrigin?.value,\n params: {\n RoleArn: argv.assumeRoleArn,\n },\n\n clientConfig: {\n region: regionAndOrigin?.value,\n },\n })(),\n origin: `assume role ${bold(`[${argv.assumeRoleArn}]`)}`,\n };\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n _logger = console;\n }\n\n return _logger;\n};\nexport const writeLine = (str: string) => {\n process.stdout.write(str);\n};\nexport const bold = (str: string): string => chalk.greenBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\nexport const clientLogger = {\n debug(content: object) {\n console.log(content);\n },\n info(content: object) {\n console.log(content);\n },\n warn(content: object) {\n console.log(content);\n },\n error(content: object) {\n console.error(content);\n },\n};\n", "import {\n getCredentialsProfileRegion,\n printVerboseCredentialsProfileRegion,\n} from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: {\n awsRegion?: string;\n awsProfile?: string;\n verbose?: boolean;\n awsAssumeRoleArn?: string;\n };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n await getCredentialsProfileRegion({\n argv: {\n region: argv.awsRegion,\n profile: argv.awsProfile,\n assumeRoleArn: argv.awsAssumeRoleArn,\n },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(\n printVerboseCredentialsProfileRegion({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n }),\n );\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { SSMClient, SSMClientConfig } from '@aws-sdk/client-ssm';\n\nexport const getSSMClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SSMClientConfig;\n}) => {\n const ssmClient = new SSMClient(configuration);\n return ssmClient;\n};\n", "import { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(\n fs.readFileSync(secSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(\n path.resolve(process.cwd(), argv.envFile || '.env'),\n envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'),\n );\n } catch (e) {\n console.error(e);\n }\n};\n", "import { stat } from 'fs/promises';\n\nimport prompts from 'prompts';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n\nexport const promptOverwriteIfFileExists = async ({\n filePath,\n skip,\n}: {\n filePath: string;\n skip?: boolean;\n}) => {\n let overwriteResponse: prompts.Answers<'overwrite'> | undefined;\n\n if ((await fileExists(filePath)) && skip !== true) {\n overwriteResponse = await prompts({\n type: 'confirm',\n name: 'overwrite',\n message: () => {\n return `Overwrite '${filePath}' ?`;\n },\n });\n } else {\n overwriteResponse = undefined;\n }\n return overwriteResponse;\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'decrypt-secrets-json';\nexport const desc = 'Derypts an encrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file writing secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const parameters: Secrets['parameters'] = flat.unflatten(\n flatParameters,\n { delimiter: '/' },\n );\n const secrets: Secrets = {\n config: encryptedSecrets.config,\n parameters,\n };\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: secretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(secretsPath, JSON.stringify(secrets, null, 4));\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { KMSClient, KMSClientConfig } from '@aws-sdk/client-kms';\n\nexport const getKMSClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: KMSClientConfig;\n}) => {\n const kmsClient = new KMSClient(configuration);\n\n return kmsClient;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport {\n CredentialsAndOrigin,\n RegionAndOrigin,\n YargsHandlerParams,\n} from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = '$0 <command>';\nexport const desc =\n 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'sec-file': commonCliOptions.secFile,\n 'env-file': commonCliOptions.envFile,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nconst handleSec = async ({\n secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n secFile: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const secSource = path.resolve(process.cwd(), secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n let awsEnv: Record<string, string> | undefined;\n\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n // `AWS_ACCESS_KEY_ID=${AccessKeyId} AWS_SECRET_ACCESS_KEY=${SecretAccessKey} AWS_SESSION_TOKEN=${SessionToken}`\n\n if (\n argv.awsAssumeRoleArn &&\n credentialsAndOrigin.value.sessionToken !== undefined\n ) {\n awsEnv = {\n AWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n AWS_SESSION_TOKEN: credentialsAndOrigin.value.sessionToken,\n };\n // this means we have\n }\n if (argv.verbose) {\n console.log({ credentialsAndOrigin, regionAndOrigin });\n }\n\n let env: Record<string, string> | undefined;\n if (argv.envFile) {\n env = parse(fs.readFileSync(argv.envFile, { encoding: 'utf8' }));\n } else if (argv.secFile) {\n env = await handleSec({\n secFile: argv.secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias: argv.awsKeyAlias,\n });\n }\n\n // const secSource = path.resolve(process.cwd(), argv.secFile);\n // if (!(await fileExists(secSource))) {\n // console.error(`Could not open ${redBright(secSource)}`);\n // return;\n // }\n // const parsedSec = parse(\n // fs.readFileSync(secSource, { encoding: 'utf8' }),\n // );\n\n // const kmsClient = new KMSClient({\n // credentials: credentialsAndOrigin.value,\n // region: regionAndOrigin.value,\n // });\n\n // const envEntries: [string, string][] = await Promise.all(\n // Object.entries(parsedSec).map(async ([key, cipherText]) => {\n // const decryptCommand = new DecryptCommand({\n // KeyId: argv.awsKeyAlias,\n // CiphertextBlob: Buffer.from(cipherText, 'base64'),\n // EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n // });\n // const decryptionResult = await kmsClient.send(decryptCommand);\n\n // if (!decryptionResult?.Plaintext) {\n // throw new Error(\n // `No: ${JSON.stringify({\n // key,\n // cipherText,\n // decryptCommand,\n // })}`,\n // );\n // }\n // const value = Buffer.from(\n // decryptionResult.Plaintext,\n // ).toString();\n // return [key, value];\n // }),\n // );\n // const env = Object.fromEntries(envEntries);\n\n //\n const userCommandArgs = process.argv.slice(\n process.argv.indexOf(argv.command) + 1,\n );\n\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...awsEnv, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(\n fs.readFileSync(envSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key,\n value,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(`Encrypting key ${bold(key)} ${underline('ok')}`);\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-secrets-json';\nexport const desc = 'Encrypts an unencrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file reading secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n if (!(await fileExists(secretsPath))) {\n error(`Could not open ${redBright(secretsPath)}`);\n return;\n }\n const secrets = JSON.parse(\n fs.readFileSync(secretsPath, { encoding: 'utf8' }),\n ) as Secrets;\n\n if (!secrets.parameters) {\n throw new Error(`Expected 'parameters' property, but got none`);\n }\n\n const flatParameters: Record<string, string> = flat(\n secrets.parameters,\n { delimiter: '/' },\n );\n if (argv.verbose) {\n console.log(flatParameters);\n }\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const encryptedFlatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatParameters).map(\n async ([parameterName, parameter]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(parameter),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n value: parameter,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return [parameterName, cipherText];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const encryptedParameters: EncryptedSecrets['encryptedParameters'] =\n flat.unflatten(encryptedFlatParameters, { delimiter: '/' });\n const encryptedSecrets: EncryptedSecrets = {\n config: secrets.config,\n encryptedParameters,\n };\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: encryptedSecretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(\n encryptedSecretsPath,\n JSON.stringify(encryptedSecrets, null, 4),\n );\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { PutParameterCommand } from '@aws-sdk/client-ssm';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nimport { getSSMClient } from '../utils/ssm';\nexport const command = 'offload-secrets-json-to-ssm';\nexport const desc =\n 'Sends decrypted values of secrets.encrypted.json file to SSM parameter store';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n // create ssm client\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n await Promise.all(\n Object.entries(flatParameters).map(([parameterName, value]) => {\n const putParameterCommand = new PutParameterCommand({\n Name: `/${parameterName}`,\n Value: value,\n Type: 'String',\n Overwrite: true,\n });\n\n return ssmClient.send(putParameterCommand);\n }),\n );\n } catch (e) {\n error(e);\n }\n};\n"],
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;AACA;AACA;;;ACFA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACEO,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAGb,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,kBAAkB;AAAA,IACd,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAWd,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;AC5DlB;AAAA;AAAA;AAAA;AAAA;AAKA;;;ACLA;AAEA,IAAI;AAEG,IAAM,YAAY,MAAM;AAC3B,MAAI,CAAC,SAAS;AACV,cAAU;AAAA;AAGd,SAAO;AAAA;AAKJ,IAAM,OAAO,CAAC,QAAwB,MAAM,YAAY,KAAK;AAC7D,IAAM,YAAY,CAAC,QAAwB,MAAM,WAAW,KAAK;;;ADDjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAeE;AA/BN;AAgCI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AACnD,MAAI,KAAK,SAAS;AACd,uBAAmB;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAE9C,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,KAAK;AAAA;AAAA,MAElB,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA;AAAA,aAEtB,IAAI,aAAa;AACxB,uBAAmB;AAAA,MACf,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,mBAAmB,UAC5C,IAAI;AAAA;AAGZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,IAAI;AAAA;AAAA,MAEjB,QAAQ,gBAAgB,UAAU,mBAAmB,KACjD,IAAI;AAAA;AAAA,aAGL,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KACtD;AAAA;AAAA,aAGD,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB;AAAA,MACf,OAAO;AAAA,MACP,QAAQ,GAAG,KAAK;AAAA;AAEpB,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS;AAAA;AAAA,MAEb,QAAQ,WAAW,KAAK;AAAA;AAAA;AAIhC,MAAI,KAAK,QAAQ;AACb,sBAAkB;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAAA,aAEvC,IAAI,YAAY;AACvB,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,kBAAkB,UAC3C,IAAI;AAAA;AAAA,aAGL,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UACnD,IAAI;AAAA;AAAA,aAGL,kBAAkB;AACzB,UAAM,cACF,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7D,QAAI,aAAa;AACb,wBAAkB;AAAA,QACd,OAAO;AAAA,QACP,QAAQ,GAAG,KACP,YAAY,iBAAiB;AAAA;AAAA;AAAA;AAM7C,MAAI,KAAK,eAAe;AACpB,YAAQ,IAAI;AACZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,yBAAyB;AAAA,QAClC,mBAAmB,6DAAsB;AAAA,QACzC,QAAQ;AAAA,UACJ,SAAS,KAAK;AAAA;AAAA,QAGlB,cAAc;AAAA,UACV,QAAQ,mDAAiB;AAAA;AAAA;AAAA,MAGjC,QAAQ,eAAe,KAAK,IAAI,KAAK;AAAA;AAAA;AAI7C,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AErJb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAgBE;AACF,QAAM,EAAE,sBAAsB,iBAAiB,qBAC3C,MAAM,4BAA4B;AAAA,IAC9B,MAAM;AAAA,MACF,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA;AAAA,IAExB,KAAK,mBACE;AAAA;AAIf,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IACJ,qCAAqC;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAKZ,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;ACzDnC;AAEO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,UAAU;AAChC,SAAO;AAAA;;;ALFJ,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,6BAA6B,IAAI,2BAA2B;AAAA,MAC9D,MAAM;AAAA,MACN,WAAW;AAAA;AAGf,UAAM,gBAAgB,MAAM,UAAU,KAAK;AAC3C,YAAQ,IAAI;AAAA,WACP,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AM7CtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;;;ACJA;AAEA;AAEO,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,KAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;AAIR,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAIE;AACF,MAAI;AAEJ,MAAK,MAAM,WAAW,aAAc,SAAS,MAAM;AAC/C,wBAAoB,MAAM,QAAQ;AAAA,MAC9B,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,MAAM;AACX,eAAO,cAAc;AAAA;AAAA;AAAA,SAG1B;AACH,wBAAoB;AAAA;AAExB,SAAO;AAAA;;;ADtBJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,mBAAmB,iBAAiB;AAAA,EACpC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,KAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,UAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,MACd,GAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,IAAI,UAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAIZ,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,KAAK;AAAA;AAGrB,OAAG,cACC,KAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAC5C,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAE1D,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AE9EtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;;;ACJA;AAEO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,WAAU;AAEhC,SAAO;AAAA;;;ADEJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,KACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,mBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,aAAoC,KAAK,UAC3C,gBACA,EAAE,WAAW;AAEjB,UAAM,UAAmB;AAAA,MACrB,QAAQ,iBAAiB;AAAA,MACzB;AAAA;AAEJ,UAAM,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,UAAG,cAAc,aAAa,KAAK,UAAU,SAAS,MAAM;AAAA;AAAA,WAE3D,GAAP;AACE,UAAM;AAAA;AAAA;;;AE9Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AACA;AAWO,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAE1B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGvC,IAAM,YAAY,OAAO;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAME;AACF,QAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO;AAC9C,MAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAQ,MAAM,kBAAkB,WAAU;AAC1C;AAAA;AAEJ,QAAM,YAAY,OAAM,IAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,QAAM,YAAY,IAAI,WAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,UAAM,iBAAiB,IAAI,gBAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGrB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEJ,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,QAAI;AAEJ,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAI1B,QACI,KAAK,oBACL,qBAAqB,MAAM,iBAAiB,QAC9C;AACE,eAAS;AAAA,QACL,mBAAmB,qBAAqB,MAAM;AAAA,QAC9C,uBACI,qBAAqB,MAAM;AAAA,QAC/B,mBAAmB,qBAAqB,MAAM;AAAA;AAAA;AAItD,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI,EAAE,sBAAsB;AAAA;AAGxC,QAAI;AACJ,QAAI,KAAK,SAAS;AACd,YAAM,OAAM,IAAG,aAAa,KAAK,SAAS,EAAE,UAAU;AAAA,eAC/C,KAAK,SAAS;AACrB,YAAM,MAAM,UAAU;AAAA,QAClB,SAAS,KAAK;AAAA,QACd;AAAA,QACA;AAAA,QACA,aAAa,KAAK;AAAA;AAAA;AA6C1B,UAAM,kBAAkB,QAAQ,KAAK,MACjC,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAGzC,QAAI,KAAK,SAAS;AACd,YAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,iDAAK,QAAQ,MAAQ,SAAW;AAAA;AAAA;AAAA,WAGxC,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AChLtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;AAQO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,YAAY,OACd,IAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aAAK,kBAAkB,KAAK,QAAQ,UAAU;AAAA;AAGlD,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAEP,QAAG,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,UAAM;AAAA;AAAA;;;AC5Gd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AAQO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,QAAI,CAAE,MAAM,WAAW,cAAe;AAClC,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,UAAU,KAAK,MACjB,IAAG,aAAa,aAAa,EAAE,UAAU;AAG7C,QAAI,CAAC,QAAQ,YAAY;AACrB,YAAM,IAAI,MAAM;AAAA;AAGpB,UAAM,iBAAyC,MAC3C,QAAQ,YACR,EAAE,WAAW;AAEjB,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI;AAAA;AAEhB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,0BAA0B,OAAO,YACnC,MAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAC3B,OAAO,CAAC,eAAe,eAAe;AAClC,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,OAAO;AAAA,UACP;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,sBACF,MAAK,UAAU,yBAAyB,EAAE,WAAW;AACzD,UAAM,mBAAqC;AAAA,MACvC,QAAQ,QAAQ;AAAA,MAChB;AAAA;AAGJ,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,UAAG,cACC,sBACA,KAAK,UAAU,kBAAkB,MAAM;AAAA;AAAA,WAG1C,GAAP;AACE,UAAM;AAAA;AAAA;;;AC/Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;AACA;AASO,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAElC,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,MACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAQvC,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAAI,CAAC,CAAC,eAAe,WAAW;AAC3D,YAAM,sBAAsB,IAAI,oBAAoB;AAAA,QAChD,MAAM,IAAI;AAAA,QACV,OAAO;AAAA,QACP,MAAM;AAAA,QACN,WAAW;AAAA;AAGf,aAAO,UAAU,KAAK;AAAA;AAAA,WAGzB,GAAP;AACE,UAAM;AAAA;AAAA;;;AdjJd,KAAK,MAAM,QAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,6BACR,QAAQ,sBACR,QAAQ,2BACR,QAAQ,2BACR,QAAQ,4BACR,QAAQ,4BAGR;",
|
|
4
|
+
"sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as debugCommand from './commands/debugCommand';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as decryptSecretsJson from './commands/decryptSecretsJson';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\nimport * as encryptSecretsJson from './commands/encryptSecretsJson';\nimport * as offloadToSSMCommand from './commands/offloadToSSMCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(offloadToSSMCommand)\n .command(debugCommand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n .command(encryptSecretsJson)\n .command(decryptSecretsJson)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { GetParametersByPathCommand } from '@aws-sdk/client-ssm';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { getSSMClient } from '../utils/ssm';\n\nexport const command = 'debug';\nexport const desc = 'Debugs all the things';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const getParametersByPathCommand = new GetParametersByPathCommand({\n Path: `arn:aws:ssm:eu-west-1:060014838622:parameter/dotsec/*`,\n Recursive: true,\n });\n\n const commandResult = await ssmClient.send(getParametersByPathCommand);\n console.log(commandResult);\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n default: 'alias/top-secret',\n describe: 'AWS KMS key alias',\n },\n awsKeyArn: {\n string: true,\n describe: 'AWS KMS key id',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS key arn',\n },\n\n envFile: {\n string: true,\n describe: '.env file',\n default: '.env',\n },\n\n secFile: {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n awsAssumeRoleArn: {\n string: true,\n describe: 'arn or role to assume',\n },\n\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import {\n fromEnv,\n fromIni,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport {\n CredentialsAndOrigin,\n ProfileAndOrigin,\n RegionAndOrigin,\n} from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: {\n profile?: string;\n region?: string;\n assumeRoleArn?: string;\n };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n if (argv.profile) {\n profileAndOrigin = {\n value: argv.profile,\n origin: `command line option: ${bold(argv.profile)}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: argv.profile,\n })(),\n origin: `${bold(`[${argv.profile}]`)} in credentials file`,\n };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = {\n value: env.AWS_PROFILE,\n origin: `env variable ${bold('AWS_PROFILE')}: ${underline(\n env.AWS_PROFILE,\n )}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: env.AWS_PROFILE,\n })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(\n env.AWS_PROFILE,\n )}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold(\n 'AWS_SECRET_ACCESS_KEY',\n )}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = {\n value: 'default',\n origin: `${bold('[default]')} in credentials file`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: 'default',\n })(),\n origin: `profile ${bold('[default]')}`,\n };\n }\n\n if (argv.region) {\n regionAndOrigin = {\n value: argv.region,\n origin: `command line option: ${bold(argv.region)}`,\n };\n } else if (env.AWS_REGION) {\n regionAndOrigin = {\n value: env.AWS_REGION,\n origin: `env variable ${bold('AWS_REGION')}: ${underline(\n env.AWS_REGION,\n )}`,\n };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(\n env.AWS_DEFAULT_REGION,\n )}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion =\n sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = {\n value: foundRegion,\n origin: `${bold(\n `[profile ${profileAndOrigin.value}]`,\n )} in config file`,\n };\n }\n }\n\n const assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;\n if (assumedRole) {\n const origin = argv.assumeRoleArn\n ? 'command line option'\n : 'env variable';\n credentialsAndOrigin = {\n value: await fromTemporaryCredentials({\n masterCredentials: credentialsAndOrigin?.value,\n params: {\n RoleArn: assumedRole,\n },\n\n clientConfig: {\n region: regionAndOrigin?.value,\n },\n })(),\n origin: `${origin} ${bold(`[${assumedRole}]`)}`,\n };\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n _logger = console;\n }\n\n return _logger;\n};\nexport const writeLine = (str: string) => {\n process.stdout.write(str);\n};\nexport const bold = (str: string): string => chalk.greenBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\nexport const clientLogger = {\n debug(content: object) {\n console.log(content);\n },\n info(content: object) {\n console.log(content);\n },\n warn(content: object) {\n console.log(content);\n },\n error(content: object) {\n console.error(content);\n },\n};\n", "import {\n getCredentialsProfileRegion,\n printVerboseCredentialsProfileRegion,\n} from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: {\n awsRegion?: string;\n awsProfile?: string;\n verbose?: boolean;\n awsAssumeRoleArn?: string;\n };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n await getCredentialsProfileRegion({\n argv: {\n region: argv.awsRegion,\n profile: argv.awsProfile,\n assumeRoleArn: argv.awsAssumeRoleArn,\n },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(\n printVerboseCredentialsProfileRegion({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n }),\n );\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { SSMClient, SSMClientConfig } from '@aws-sdk/client-ssm';\n\nexport const getSSMClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SSMClientConfig;\n}) => {\n const ssmClient = new SSMClient(configuration);\n return ssmClient;\n};\n", "import { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(\n fs.readFileSync(secSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(\n path.resolve(process.cwd(), argv.envFile || '.env'),\n envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'),\n );\n } catch (e) {\n console.error(e);\n }\n};\n", "import { stat } from 'fs/promises';\n\nimport prompts from 'prompts';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n\nexport const promptOverwriteIfFileExists = async ({\n filePath,\n skip,\n}: {\n filePath: string;\n skip?: boolean;\n}) => {\n let overwriteResponse: prompts.Answers<'overwrite'> | undefined;\n\n if ((await fileExists(filePath)) && skip !== true) {\n overwriteResponse = await prompts({\n type: 'confirm',\n name: 'overwrite',\n message: () => {\n return `Overwrite '${filePath}' ?`;\n },\n });\n } else {\n overwriteResponse = undefined;\n }\n return overwriteResponse;\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'decrypt-secrets-json';\nexport const desc = 'Derypts an encrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file writing secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const parameters: Secrets['parameters'] = flat.unflatten(\n flatParameters,\n { delimiter: '/' },\n );\n const secrets: Secrets = {\n config: encryptedSecrets.config,\n parameters,\n };\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: secretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(secretsPath, JSON.stringify(secrets, null, 4));\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { KMSClient, KMSClientConfig } from '@aws-sdk/client-kms';\n\nexport const getKMSClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: KMSClientConfig;\n}) => {\n const kmsClient = new KMSClient(configuration);\n\n return kmsClient;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport {\n CredentialsAndOrigin,\n RegionAndOrigin,\n YargsHandlerParams,\n} from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = '$0 <command>';\nexport const desc =\n 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'sec-file': commonCliOptions.secFile,\n 'env-file': commonCliOptions.envFile,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nconst handleSec = async ({\n secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n secFile: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const secSource = path.resolve(process.cwd(), secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n let env: Record<string, string> | undefined;\n if (argv.envFile) {\n env = parse(fs.readFileSync(argv.envFile, { encoding: 'utf8' }));\n }\n\n let awsEnv: Record<string, string> | undefined;\n\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: {\n ...process.env,\n AWS_ASSUME_ROLE_ARN:\n process.env.AWS_ASSUME_ROLE_ARN ||\n env?.AWS_ASSUME_ROLE_ARN,\n },\n });\n\n if (\n argv.awsAssumeRoleArn &&\n credentialsAndOrigin.value.sessionToken !== undefined\n ) {\n awsEnv = {\n AWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n AWS_SESSION_TOKEN: credentialsAndOrigin.value.sessionToken,\n };\n // this means we have\n }\n if (argv.verbose) {\n console.log({ credentialsAndOrigin, regionAndOrigin });\n }\n\n if (!argv.envFile && argv.secFile) {\n env = await handleSec({\n secFile: argv.secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias: argv.awsKeyAlias,\n });\n }\n\n // const secSource = path.resolve(process.cwd(), argv.secFile);\n // if (!(await fileExists(secSource))) {\n // console.error(`Could not open ${redBright(secSource)}`);\n // return;\n // }\n // const parsedSec = parse(\n // fs.readFileSync(secSource, { encoding: 'utf8' }),\n // );\n\n // const kmsClient = new KMSClient({\n // credentials: credentialsAndOrigin.value,\n // region: regionAndOrigin.value,\n // });\n\n // const envEntries: [string, string][] = await Promise.all(\n // Object.entries(parsedSec).map(async ([key, cipherText]) => {\n // const decryptCommand = new DecryptCommand({\n // KeyId: argv.awsKeyAlias,\n // CiphertextBlob: Buffer.from(cipherText, 'base64'),\n // EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n // });\n // const decryptionResult = await kmsClient.send(decryptCommand);\n\n // if (!decryptionResult?.Plaintext) {\n // throw new Error(\n // `No: ${JSON.stringify({\n // key,\n // cipherText,\n // decryptCommand,\n // })}`,\n // );\n // }\n // const value = Buffer.from(\n // decryptionResult.Plaintext,\n // ).toString();\n // return [key, value];\n // }),\n // );\n // const env = Object.fromEntries(envEntries);\n\n //\n const userCommandArgs = process.argv.slice(\n process.argv.indexOf(argv.command) + 1,\n );\n\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...awsEnv, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(\n fs.readFileSync(envSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key,\n value,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(`Encrypting key ${bold(key)} ${underline('ok')}`);\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-secrets-json';\nexport const desc = 'Encrypts an unencrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file reading secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n if (!(await fileExists(secretsPath))) {\n error(`Could not open ${redBright(secretsPath)}`);\n return;\n }\n const secrets = JSON.parse(\n fs.readFileSync(secretsPath, { encoding: 'utf8' }),\n ) as Secrets;\n\n if (!secrets.parameters) {\n throw new Error(`Expected 'parameters' property, but got none`);\n }\n\n const flatParameters: Record<string, string> = flat(\n secrets.parameters,\n { delimiter: '/' },\n );\n if (argv.verbose) {\n console.log(flatParameters);\n }\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const encryptedFlatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatParameters).map(\n async ([parameterName, parameter]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(parameter),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n value: parameter,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return [parameterName, cipherText];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const encryptedParameters: EncryptedSecrets['encryptedParameters'] =\n flat.unflatten(encryptedFlatParameters, { delimiter: '/' });\n const encryptedSecrets: EncryptedSecrets = {\n config: secrets.config,\n encryptedParameters,\n };\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: encryptedSecretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(\n encryptedSecretsPath,\n JSON.stringify(encryptedSecrets, null, 4),\n );\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { PutParameterCommand } from '@aws-sdk/client-ssm';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nimport { getSSMClient } from '../utils/ssm';\nexport const command = 'offload-secrets-json-to-ssm';\nexport const desc =\n 'Sends decrypted values of secrets.encrypted.json file to SSM parameter store';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n // create ssm client\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n await Promise.all(\n Object.entries(flatParameters).map(([parameterName, value]) => {\n const putParameterCommand = new PutParameterCommand({\n Name: `/${parameterName}`,\n Value: value,\n Type: 'String',\n Overwrite: true,\n });\n\n return ssmClient.send(putParameterCommand);\n }),\n );\n } catch (e) {\n error(e);\n }\n};\n"],
|
|
5
|
+
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;AACA;AACA;;;ACFA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACEO,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAGb,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,kBAAkB;AAAA,IACd,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAWd,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;AC5DlB;AAAA;AAAA;AAAA;AAAA;AAKA;;;ACLA;AAEA,IAAI;AAEG,IAAM,YAAY,MAAM;AAC3B,MAAI,CAAC,SAAS;AACV,cAAU;AAAA;AAGd,SAAO;AAAA;AAKJ,IAAM,OAAO,CAAC,QAAwB,MAAM,YAAY,KAAK;AAC7D,IAAM,YAAY,CAAC,QAAwB,MAAM,WAAW,KAAK;;;ADDjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAgBE;AAhCN;AAiCI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AACnD,MAAI,KAAK,SAAS;AACd,uBAAmB;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAE9C,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,KAAK;AAAA;AAAA,MAElB,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA;AAAA,aAEtB,IAAI,aAAa;AACxB,uBAAmB;AAAA,MACf,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,mBAAmB,UAC5C,IAAI;AAAA;AAGZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,IAAI;AAAA;AAAA,MAEjB,QAAQ,gBAAgB,UAAU,mBAAmB,KACjD,IAAI;AAAA;AAAA,aAGL,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KACtD;AAAA;AAAA,aAGD,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB;AAAA,MACf,OAAO;AAAA,MACP,QAAQ,GAAG,KAAK;AAAA;AAEpB,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS;AAAA;AAAA,MAEb,QAAQ,WAAW,KAAK;AAAA;AAAA;AAIhC,MAAI,KAAK,QAAQ;AACb,sBAAkB;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAAA,aAEvC,IAAI,YAAY;AACvB,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,kBAAkB,UAC3C,IAAI;AAAA;AAAA,aAGL,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UACnD,IAAI;AAAA;AAAA,aAGL,kBAAkB;AACzB,UAAM,cACF,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7D,QAAI,aAAa;AACb,wBAAkB;AAAA,QACd,OAAO;AAAA,QACP,QAAQ,GAAG,KACP,YAAY,iBAAiB;AAAA;AAAA;AAAA;AAM7C,QAAM,cAAc,KAAK,iBAAiB,IAAI;AAC9C,MAAI,aAAa;AACb,UAAM,SAAS,KAAK,gBACd,wBACA;AACN,2BAAuB;AAAA,MACnB,OAAO,MAAM,yBAAyB;AAAA,QAClC,mBAAmB,6DAAsB;AAAA,QACzC,QAAQ;AAAA,UACJ,SAAS;AAAA;AAAA,QAGb,cAAc;AAAA,UACV,QAAQ,mDAAiB;AAAA;AAAA;AAAA,MAGjC,QAAQ,GAAG,UAAU,KAAK,IAAI;AAAA;AAAA;AAItC,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AEzJb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAiBE;AACF,QAAM,EAAE,sBAAsB,iBAAiB,qBAC3C,MAAM,4BAA4B;AAAA,IAC9B,MAAM;AAAA,MACF,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA;AAAA,IAExB,KAAK,mBACE;AAAA;AAIf,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IACJ,qCAAqC;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAKZ,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;AC1DnC;AAEO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,UAAU;AAChC,SAAO;AAAA;;;ALFJ,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,6BAA6B,IAAI,2BAA2B;AAAA,MAC9D,MAAM;AAAA,MACN,WAAW;AAAA;AAGf,UAAM,gBAAgB,MAAM,UAAU,KAAK;AAC3C,YAAQ,IAAI;AAAA,WACP,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AM7CtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;;;ACJA;AAEA;AAEO,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,KAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;AAIR,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAIE;AACF,MAAI;AAEJ,MAAK,MAAM,WAAW,aAAc,SAAS,MAAM;AAC/C,wBAAoB,MAAM,QAAQ;AAAA,MAC9B,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,MAAM;AACX,eAAO,cAAc;AAAA;AAAA;AAAA,SAG1B;AACH,wBAAoB;AAAA;AAExB,SAAO;AAAA;;;ADtBJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,mBAAmB,iBAAiB;AAAA,EACpC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,KAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,UAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,MACd,GAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,IAAI,UAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAIZ,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,KAAK;AAAA;AAGrB,OAAG,cACC,KAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAC5C,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAE1D,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AE9EtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;;;ACJA;AAEO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,WAAU;AAEhC,SAAO;AAAA;;;ADEJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,KACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,mBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,aAAoC,KAAK,UAC3C,gBACA,EAAE,WAAW;AAEjB,UAAM,UAAmB;AAAA,MACrB,QAAQ,iBAAiB;AAAA,MACzB;AAAA;AAEJ,UAAM,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,UAAG,cAAc,aAAa,KAAK,UAAU,SAAS,MAAM;AAAA;AAAA,WAE3D,GAAP;AACE,UAAM;AAAA;AAAA;;;AE9Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AACA;AAWO,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAE1B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGvC,IAAM,YAAY,OAAO;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAME;AACF,QAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO;AAC9C,MAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAQ,MAAM,kBAAkB,WAAU;AAC1C;AAAA;AAEJ,QAAM,YAAY,OAAM,IAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,QAAM,YAAY,IAAI,WAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,UAAM,iBAAiB,IAAI,gBAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGrB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEJ,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,QAAI;AACJ,QAAI,KAAK,SAAS;AACd,YAAM,OAAM,IAAG,aAAa,KAAK,SAAS,EAAE,UAAU;AAAA;AAG1D,QAAI;AAEJ,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,iCACE,QAAQ,MADV;AAAA,QAED,qBACI,QAAQ,IAAI,uBACZ,4BAAK;AAAA;AAAA;AAIrB,QACI,KAAK,oBACL,qBAAqB,MAAM,iBAAiB,QAC9C;AACE,eAAS;AAAA,QACL,mBAAmB,qBAAqB,MAAM;AAAA,QAC9C,uBACI,qBAAqB,MAAM;AAAA,QAC/B,mBAAmB,qBAAqB,MAAM;AAAA;AAAA;AAItD,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI,EAAE,sBAAsB;AAAA;AAGxC,QAAI,CAAC,KAAK,WAAW,KAAK,SAAS;AAC/B,YAAM,MAAM,UAAU;AAAA,QAClB,SAAS,KAAK;AAAA,QACd;AAAA,QACA;AAAA,QACA,aAAa,KAAK;AAAA;AAAA;AA6C1B,UAAM,kBAAkB,QAAQ,KAAK,MACjC,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAGzC,QAAI,KAAK,SAAS;AACd,YAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,iDAAK,QAAQ,MAAQ,SAAW;AAAA;AAAA;AAAA,WAGxC,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;ACtLtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;AAQO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,YAAY,OACd,IAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aAAK,kBAAkB,KAAK,QAAQ,UAAU;AAAA;AAGlD,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAEP,QAAG,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,UAAM;AAAA;AAAA;;;AC5Gd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AAQO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,QAAI,CAAE,MAAM,WAAW,cAAe;AAClC,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,UAAU,KAAK,MACjB,IAAG,aAAa,aAAa,EAAE,UAAU;AAG7C,QAAI,CAAC,QAAQ,YAAY;AACrB,YAAM,IAAI,MAAM;AAAA;AAGpB,UAAM,iBAAyC,MAC3C,QAAQ,YACR,EAAE,WAAW;AAEjB,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI;AAAA;AAEhB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,0BAA0B,OAAO,YACnC,MAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAC3B,OAAO,CAAC,eAAe,eAAe;AAClC,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,OAAO;AAAA,UACP;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,sBACF,MAAK,UAAU,yBAAyB,EAAE,WAAW;AACzD,UAAM,mBAAqC;AAAA,MACvC,QAAQ,QAAQ;AAAA,MAChB;AAAA;AAGJ,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,UAAG,cACC,sBACA,KAAK,UAAU,kBAAkB,MAAM;AAAA;AAAA,WAG1C,GAAP;AACE,UAAM;AAAA;AAAA;;;AC/Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;AACA;AASO,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAElC,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,MACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAQvC,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAAI,CAAC,CAAC,eAAe,WAAW;AAC3D,YAAM,sBAAsB,IAAI,oBAAoB;AAAA,QAChD,MAAM,IAAI;AAAA,QACV,OAAO;AAAA,QACP,MAAM;AAAA,QACN,WAAW;AAAA;AAGf,aAAO,UAAU,KAAK;AAAA;AAAA,WAGzB,GAAP;AACE,UAAM;AAAA;AAAA;;;AdjJd,KAAK,MAAM,QAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,6BACR,QAAQ,sBACR,QAAQ,2BACR,QAAQ,2BACR,QAAQ,4BACR,QAAQ,4BAGR;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "dotsec",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.6.0",
|
|
4
4
|
"description": "",
|
|
5
5
|
"main": "./dist/index.js",
|
|
6
6
|
"types": "./dist/index.d.ts",
|
|
@@ -61,5 +61,5 @@
|
|
|
61
61
|
"prompts": "^2.4.2",
|
|
62
62
|
"yargs": "^17.4.0"
|
|
63
63
|
},
|
|
64
|
-
"gitHead": "
|
|
64
|
+
"gitHead": "89e6d454e3f6359b1ac7e0163a5823873fc067df"
|
|
65
65
|
}
|