dotsec 0.5.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/README.md +27 -1
  2. package/dist/cli.js +32 -12
  3. package/dist/cli.js.map +2 -2
  4. package/dist/esm/cli.js +32 -12
  5. package/dist/esm/cli.js.map +2 -2
  6. package/package.json +2 -2
package/README.md CHANGED
@@ -10,12 +10,38 @@ Secure dot env. Encrypts your .env so you can safely store it in your project.
10
10
  npx dotsec --env-file .env {command}
11
11
  ```
12
12
 
13
- This command also supports injecting AWS assumed role credentials into the process environment:
13
+ This command also supports injecting AWS assumed role credentials into the process environment.
14
+
15
+ You can specify the ARN of the role to assume in three ways:
16
+
17
+ - By adding the `--aws-assume-role-arn` flag
18
+ - By setting the `AWS_ASSUME_ROLE_ARN` environment variable
19
+ - By adding the `AWS_ASSUME_ROLE_ARN` environment variable to your target `.env` file
20
+
21
+ #### By adding the `--aws-assume-role-arn` flag
14
22
 
15
23
  ```sh
16
24
  npx dotsec --env-file .env --aws-assume-role-arn arn:aws:iam::123456789012:role/special-role {command}
17
25
  ```
18
26
 
27
+ #### By setting the `AWS_ASSUME_ROLE_ARN` environment variable
28
+
29
+ ```sh
30
+ AWS_ASSUME_ROLE_ARN=arn:aws:iam::123456789012:role/special-role npx dotsec --env-file .env {command}
31
+ ```
32
+
33
+ #### By adding the `AWS_ASSUME_ROLE_ARN` environment variable to your target `.env` file
34
+
35
+ ...
36
+ AWS_ASSUME_ROLE_ARN=arn:aws:iam::123456789012:role/special-role
37
+ ...
38
+
39
+ ```sh
40
+ npx dotsec --env-file .env {command}
41
+ ```
42
+
43
+ Please refer to `dotsec help` for more information on other command line options.
44
+
19
45
  #### Secure usage
20
46
 
21
47
  Create a user managed AWS KMS key, add an alias. Refer to the AWS documentation for [creating keys](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) and [managing aliases](https://docs.aws.amazon.com/kms/latest/developerguide/alias-manage.html#alias-create)
package/dist/cli.js CHANGED
@@ -78,6 +78,10 @@ var commonCliOptions = {
78
78
  describe: ".env file",
79
79
  default: ".env"
80
80
  },
81
+ ignoreMissingEnvFile: {
82
+ boolean: true,
83
+ describe: `Don't halt on missing .env file`
84
+ },
81
85
  secFile: {
82
86
  string: true,
83
87
  describe: ".sec file",
@@ -85,7 +89,11 @@ var commonCliOptions = {
85
89
  },
86
90
  awsAssumeRoleArn: {
87
91
  string: true,
88
- describe: "arn or role to assume"
92
+ describe: "arn or role to assume. Can also be set using the AWS_ASSUME_ROLE_ARN environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable."
93
+ },
94
+ awsAssumeRoleSessionDuration: {
95
+ number: true,
96
+ describe: "Duration of assume role sessions. Defaults to 3600 seconds. Can also be set using the AWS_ASSUME_ROLE_SESSION_DURATION environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable."
89
97
  },
90
98
  verbose: {
91
99
  boolean: true,
@@ -190,19 +198,21 @@ var getCredentialsProfileRegion = async ({
190
198
  };
191
199
  }
192
200
  }
193
- if (argv.assumeRoleArn) {
194
- console.log("assume this yo");
201
+ const assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;
202
+ if (assumedRole) {
203
+ const origin = argv.assumeRoleArn ? "command line option" : "env variable";
195
204
  credentialsAndOrigin = {
196
205
  value: await (0, import_credential_providers.fromTemporaryCredentials)({
197
206
  masterCredentials: credentialsAndOrigin == null ? void 0 : credentialsAndOrigin.value,
198
207
  params: {
199
- RoleArn: argv.assumeRoleArn
208
+ DurationSeconds: argv.assumeRoleSessionDuration || Number(env.AWS_ASSUME_ROLE_SESSION_DURATION) || 3600,
209
+ RoleArn: assumedRole
200
210
  },
201
211
  clientConfig: {
202
212
  region: regionAndOrigin == null ? void 0 : regionAndOrigin.value
203
213
  }
204
214
  })(),
205
- origin: `assume role ${bold(`[${argv.assumeRoleArn}]`)}`
215
+ origin: `${origin} ${bold(`[${assumedRole}]`)}`
206
216
  };
207
217
  }
208
218
  return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };
@@ -234,7 +244,8 @@ var handleCredentialsAndRegion = async ({
234
244
  argv: {
235
245
  region: argv.awsRegion,
236
246
  profile: argv.awsProfile,
237
- assumeRoleArn: argv.awsAssumeRoleArn
247
+ assumeRoleArn: argv.awsAssumeRoleArn,
248
+ assumeRoleSessionDuration: argv.awsAssumeRoleSessionDuration
238
249
  },
239
250
  env: __spreadValues({}, env)
240
251
  });
@@ -533,7 +544,9 @@ var builder4 = {
533
544
  "aws-key-alias": commonCliOptions.awsKeyAlias,
534
545
  "sec-file": commonCliOptions.secFile,
535
546
  "env-file": commonCliOptions.envFile,
547
+ "ignore-missing-env-file": commonCliOptions.ignoreMissingEnvFile,
536
548
  "aws-assume-role-arn": commonCliOptions.awsAssumeRoleArn,
549
+ "aws-assume-role-session-duration": commonCliOptions.awsAssumeRoleSessionDuration,
537
550
  verbose: commonCliOptions.verbose,
538
551
  command: { string: true, required: true }
539
552
  };
@@ -575,12 +588,22 @@ var handleSec = async ({
575
588
  };
576
589
  var handler4 = async (argv) => {
577
590
  try {
591
+ let env;
592
+ try {
593
+ if (argv.envFile) {
594
+ env = (0, import_dotenv2.parse)(import_node_fs3.default.readFileSync(argv.envFile, { encoding: "utf8" }));
595
+ }
596
+ } catch (e) {
597
+ if (argv.ignoreMissingEnvFile !== true) {
598
+ throw e;
599
+ }
600
+ }
578
601
  let awsEnv;
579
602
  const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({
580
603
  argv: __spreadValues({}, argv),
581
- env: __spreadValues({}, process.env)
604
+ env: __spreadValues(__spreadValues({}, process.env), env)
582
605
  });
583
- if (argv.awsAssumeRoleArn && credentialsAndOrigin.value.sessionToken !== void 0) {
606
+ if ((argv.awsAssumeRoleArn || process.env.AWS_ASSUME_ROLE_ARN || (env == null ? void 0 : env.AWS_ASSUME_ROLE_ARN)) && credentialsAndOrigin.value.sessionToken !== void 0) {
584
607
  awsEnv = {
585
608
  AWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,
586
609
  AWS_SECRET_ACCESS_KEY: credentialsAndOrigin.value.secretAccessKey,
@@ -590,10 +613,7 @@ var handler4 = async (argv) => {
590
613
  if (argv.verbose) {
591
614
  console.log({ credentialsAndOrigin, regionAndOrigin });
592
615
  }
593
- let env;
594
- if (argv.envFile) {
595
- env = (0, import_dotenv2.parse)(import_node_fs3.default.readFileSync(argv.envFile, { encoding: "utf8" }));
596
- } else if (argv.secFile) {
616
+ if (!argv.envFile && argv.secFile) {
597
617
  env = await handleSec({
598
618
  secFile: argv.secFile,
599
619
  credentialsAndOrigin,
package/dist/cli.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../src/cli.ts", "../src/commands/debugCommand.ts", "../src/commonCliOptions.ts", "../src/utils/getCredentialsProfileRegion.ts", "../src/utils/logger.ts", "../src/lib/partial-commands/handleCredentialsAndRegion.ts", "../src/utils/ssm.ts", "../src/commands/decryptSecCommand.ts", "../src/utils/io.ts", "../src/commands/decryptSecretsJson.ts", "../src/utils/kms.ts", "../src/commands/defaultCommand.ts", "../src/commands/encryptEnvCommand.ts", "../src/commands/encryptSecretsJson.ts", "../src/commands/offloadToSSMCommand.ts"],
4
- "sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as debugCommand from './commands/debugCommand';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as decryptSecretsJson from './commands/decryptSecretsJson';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\nimport * as encryptSecretsJson from './commands/encryptSecretsJson';\nimport * as offloadToSSMCommand from './commands/offloadToSSMCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(offloadToSSMCommand)\n .command(debugCommand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n .command(encryptSecretsJson)\n .command(decryptSecretsJson)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { GetParametersByPathCommand } from '@aws-sdk/client-ssm';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { getSSMClient } from '../utils/ssm';\n\nexport const command = 'debug';\nexport const desc = 'Debugs all the things';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const getParametersByPathCommand = new GetParametersByPathCommand({\n Path: `arn:aws:ssm:eu-west-1:060014838622:parameter/dotsec/*`,\n Recursive: true,\n });\n\n const commandResult = await ssmClient.send(getParametersByPathCommand);\n console.log(commandResult);\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n default: 'alias/top-secret',\n describe: 'AWS KMS key alias',\n },\n awsKeyArn: {\n string: true,\n describe: 'AWS KMS key id',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS key arn',\n },\n\n envFile: {\n string: true,\n describe: '.env file',\n default: '.env',\n },\n\n secFile: {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n awsAssumeRoleArn: {\n string: true,\n describe: 'arn or role to assume',\n },\n\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import {\n fromEnv,\n fromIni,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport {\n CredentialsAndOrigin,\n ProfileAndOrigin,\n RegionAndOrigin,\n} from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: {\n profile?: string;\n region?: string;\n assumeRoleArn?: string;\n };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n if (argv.profile) {\n profileAndOrigin = {\n value: argv.profile,\n origin: `command line option: ${bold(argv.profile)}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: argv.profile,\n })(),\n origin: `${bold(`[${argv.profile}]`)} in credentials file`,\n };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = {\n value: env.AWS_PROFILE,\n origin: `env variable ${bold('AWS_PROFILE')}: ${underline(\n env.AWS_PROFILE,\n )}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: env.AWS_PROFILE,\n })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(\n env.AWS_PROFILE,\n )}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold(\n 'AWS_SECRET_ACCESS_KEY',\n )}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = {\n value: 'default',\n origin: `${bold('[default]')} in credentials file`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: 'default',\n })(),\n origin: `profile ${bold('[default]')}`,\n };\n }\n\n if (argv.region) {\n regionAndOrigin = {\n value: argv.region,\n origin: `command line option: ${bold(argv.region)}`,\n };\n } else if (env.AWS_REGION) {\n regionAndOrigin = {\n value: env.AWS_REGION,\n origin: `env variable ${bold('AWS_REGION')}: ${underline(\n env.AWS_REGION,\n )}`,\n };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(\n env.AWS_DEFAULT_REGION,\n )}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion =\n sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = {\n value: foundRegion,\n origin: `${bold(\n `[profile ${profileAndOrigin.value}]`,\n )} in config file`,\n };\n }\n }\n\n if (argv.assumeRoleArn) {\n console.log('assume this yo');\n credentialsAndOrigin = {\n value: await fromTemporaryCredentials({\n masterCredentials: credentialsAndOrigin?.value,\n params: {\n RoleArn: argv.assumeRoleArn,\n },\n\n clientConfig: {\n region: regionAndOrigin?.value,\n },\n })(),\n origin: `assume role ${bold(`[${argv.assumeRoleArn}]`)}`,\n };\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n _logger = console;\n }\n\n return _logger;\n};\nexport const writeLine = (str: string) => {\n process.stdout.write(str);\n};\nexport const bold = (str: string): string => chalk.greenBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\nexport const clientLogger = {\n debug(content: object) {\n console.log(content);\n },\n info(content: object) {\n console.log(content);\n },\n warn(content: object) {\n console.log(content);\n },\n error(content: object) {\n console.error(content);\n },\n};\n", "import {\n getCredentialsProfileRegion,\n printVerboseCredentialsProfileRegion,\n} from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: {\n awsRegion?: string;\n awsProfile?: string;\n verbose?: boolean;\n awsAssumeRoleArn?: string;\n };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n await getCredentialsProfileRegion({\n argv: {\n region: argv.awsRegion,\n profile: argv.awsProfile,\n assumeRoleArn: argv.awsAssumeRoleArn,\n },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(\n printVerboseCredentialsProfileRegion({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n }),\n );\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { SSMClient, SSMClientConfig } from '@aws-sdk/client-ssm';\n\nexport const getSSMClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SSMClientConfig;\n}) => {\n const ssmClient = new SSMClient(configuration);\n return ssmClient;\n};\n", "import { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(\n fs.readFileSync(secSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(\n path.resolve(process.cwd(), argv.envFile || '.env'),\n envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'),\n );\n } catch (e) {\n console.error(e);\n }\n};\n", "import { stat } from 'fs/promises';\n\nimport prompts from 'prompts';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n\nexport const promptOverwriteIfFileExists = async ({\n filePath,\n skip,\n}: {\n filePath: string;\n skip?: boolean;\n}) => {\n let overwriteResponse: prompts.Answers<'overwrite'> | undefined;\n\n if ((await fileExists(filePath)) && skip !== true) {\n overwriteResponse = await prompts({\n type: 'confirm',\n name: 'overwrite',\n message: () => {\n return `Overwrite '${filePath}' ?`;\n },\n });\n } else {\n overwriteResponse = undefined;\n }\n return overwriteResponse;\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'decrypt-secrets-json';\nexport const desc = 'Derypts an encrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file writing secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const parameters: Secrets['parameters'] = flat.unflatten(\n flatParameters,\n { delimiter: '/' },\n );\n const secrets: Secrets = {\n config: encryptedSecrets.config,\n parameters,\n };\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: secretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(secretsPath, JSON.stringify(secrets, null, 4));\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { KMSClient, KMSClientConfig } from '@aws-sdk/client-kms';\n\nexport const getKMSClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: KMSClientConfig;\n}) => {\n const kmsClient = new KMSClient(configuration);\n\n return kmsClient;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport {\n CredentialsAndOrigin,\n RegionAndOrigin,\n YargsHandlerParams,\n} from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = '$0 <command>';\nexport const desc =\n 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'sec-file': commonCliOptions.secFile,\n 'env-file': commonCliOptions.envFile,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nconst handleSec = async ({\n secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n secFile: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const secSource = path.resolve(process.cwd(), secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n let awsEnv: Record<string, string> | undefined;\n\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n // `AWS_ACCESS_KEY_ID=${AccessKeyId} AWS_SECRET_ACCESS_KEY=${SecretAccessKey} AWS_SESSION_TOKEN=${SessionToken}`\n\n if (\n argv.awsAssumeRoleArn &&\n credentialsAndOrigin.value.sessionToken !== undefined\n ) {\n awsEnv = {\n AWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n AWS_SESSION_TOKEN: credentialsAndOrigin.value.sessionToken,\n };\n // this means we have\n }\n if (argv.verbose) {\n console.log({ credentialsAndOrigin, regionAndOrigin });\n }\n\n let env: Record<string, string> | undefined;\n if (argv.envFile) {\n env = parse(fs.readFileSync(argv.envFile, { encoding: 'utf8' }));\n } else if (argv.secFile) {\n env = await handleSec({\n secFile: argv.secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias: argv.awsKeyAlias,\n });\n }\n\n // const secSource = path.resolve(process.cwd(), argv.secFile);\n // if (!(await fileExists(secSource))) {\n // console.error(`Could not open ${redBright(secSource)}`);\n // return;\n // }\n // const parsedSec = parse(\n // fs.readFileSync(secSource, { encoding: 'utf8' }),\n // );\n\n // const kmsClient = new KMSClient({\n // credentials: credentialsAndOrigin.value,\n // region: regionAndOrigin.value,\n // });\n\n // const envEntries: [string, string][] = await Promise.all(\n // Object.entries(parsedSec).map(async ([key, cipherText]) => {\n // const decryptCommand = new DecryptCommand({\n // KeyId: argv.awsKeyAlias,\n // CiphertextBlob: Buffer.from(cipherText, 'base64'),\n // EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n // });\n // const decryptionResult = await kmsClient.send(decryptCommand);\n\n // if (!decryptionResult?.Plaintext) {\n // throw new Error(\n // `No: ${JSON.stringify({\n // key,\n // cipherText,\n // decryptCommand,\n // })}`,\n // );\n // }\n // const value = Buffer.from(\n // decryptionResult.Plaintext,\n // ).toString();\n // return [key, value];\n // }),\n // );\n // const env = Object.fromEntries(envEntries);\n\n //\n const userCommandArgs = process.argv.slice(\n process.argv.indexOf(argv.command) + 1,\n );\n\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...awsEnv, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(\n fs.readFileSync(envSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key,\n value,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(`Encrypting key ${bold(key)} ${underline('ok')}`);\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-secrets-json';\nexport const desc = 'Encrypts an unencrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file reading secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n if (!(await fileExists(secretsPath))) {\n error(`Could not open ${redBright(secretsPath)}`);\n return;\n }\n const secrets = JSON.parse(\n fs.readFileSync(secretsPath, { encoding: 'utf8' }),\n ) as Secrets;\n\n if (!secrets.parameters) {\n throw new Error(`Expected 'parameters' property, but got none`);\n }\n\n const flatParameters: Record<string, string> = flat(\n secrets.parameters,\n { delimiter: '/' },\n );\n if (argv.verbose) {\n console.log(flatParameters);\n }\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const encryptedFlatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatParameters).map(\n async ([parameterName, parameter]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(parameter),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n value: parameter,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return [parameterName, cipherText];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const encryptedParameters: EncryptedSecrets['encryptedParameters'] =\n flat.unflatten(encryptedFlatParameters, { delimiter: '/' });\n const encryptedSecrets: EncryptedSecrets = {\n config: secrets.config,\n encryptedParameters,\n };\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: encryptedSecretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(\n encryptedSecretsPath,\n JSON.stringify(encryptedSecrets, null, 4),\n );\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { PutParameterCommand } from '@aws-sdk/client-ssm';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nimport { getSSMClient } from '../utils/ssm';\nexport const command = 'offload-secrets-json-to-ssm';\nexport const desc =\n 'Sends decrypted values of secrets.encrypted.json file to SSM parameter store';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n // create ssm client\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n await Promise.all(\n Object.entries(flatParameters).map(([parameterName, value]) => {\n const putParameterCommand = new PutParameterCommand({\n Name: `/${parameterName}`,\n Value: value,\n Type: 'String',\n Overwrite: true,\n });\n\n return ssmClient.send(putParameterCommand);\n }),\n );\n } catch (e) {\n error(e);\n }\n};\n"],
5
- "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,qBAAwB;AACxB,mBAAkB;;;ACFlB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAA2C;;;ACEpC,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAGb,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,kBAAkB;AAAA,IACd,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAWd,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;AC5DlB,kCAIO;AACP,oCAAsC;;;ACLtC,mBAAkB;AAElB,IAAI;AAEG,IAAM,YAAY,MAAM;AAC3B,MAAI,CAAC,SAAS;AACV,cAAU;AAAA;AAGd,SAAO;AAAA;AAKJ,IAAM,OAAO,CAAC,QAAwB,qBAAM,YAAY,KAAK;AAC7D,IAAM,YAAY,CAAC,QAAwB,qBAAM,WAAW,KAAK;;;ADDjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAeE;AA/BN;AAgCI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AACnD,MAAI,KAAK,SAAS;AACd,uBAAmB;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAE9C,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS,KAAK;AAAA;AAAA,MAElB,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA;AAAA,aAEtB,IAAI,aAAa;AACxB,uBAAmB;AAAA,MACf,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,mBAAmB,UAC5C,IAAI;AAAA;AAGZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS,IAAI;AAAA;AAAA,MAEjB,QAAQ,gBAAgB,UAAU,mBAAmB,KACjD,IAAI;AAAA;AAAA,aAGL,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KACtD;AAAA;AAAA,aAGD,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB;AAAA,MACf,OAAO;AAAA,MACP,QAAQ,GAAG,KAAK;AAAA;AAEpB,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS;AAAA;AAAA,MAEb,QAAQ,WAAW,KAAK;AAAA;AAAA;AAIhC,MAAI,KAAK,QAAQ;AACb,sBAAkB;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAAA,aAEvC,IAAI,YAAY;AACvB,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,kBAAkB,UAC3C,IAAI;AAAA;AAAA,aAGL,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UACnD,IAAI;AAAA;AAAA,aAGL,kBAAkB;AACzB,UAAM,cACF,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7D,QAAI,aAAa;AACb,wBAAkB;AAAA,QACd,OAAO;AAAA,QACP,QAAQ,GAAG,KACP,YAAY,iBAAiB;AAAA;AAAA;AAAA;AAM7C,MAAI,KAAK,eAAe;AACpB,YAAQ,IAAI;AACZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,0DAAyB;AAAA,QAClC,mBAAmB,6DAAsB;AAAA,QACzC,QAAQ;AAAA,UACJ,SAAS,KAAK;AAAA;AAAA,QAGlB,cAAc;AAAA,UACV,QAAQ,mDAAiB;AAAA;AAAA;AAAA,MAGjC,QAAQ,eAAe,KAAK,IAAI,KAAK;AAAA;AAAA;AAI7C,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AErJb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAgBE;AACF,QAAM,EAAE,sBAAsB,iBAAiB,qBAC3C,MAAM,4BAA4B;AAAA,IAC9B,MAAM;AAAA,MACF,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA;AAAA,IAExB,KAAK,mBACE;AAAA;AAIf,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IACJ,qCAAqC;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAKZ,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;ACzDnC,wBAA2C;AAEpC,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,4BAAU;AAChC,SAAO;AAAA;;;ALFJ,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,6BAA6B,IAAI,8CAA2B;AAAA,MAC9D,MAAM;AAAA,MACN,WAAW;AAAA;AAGf,UAAM,gBAAgB,MAAM,UAAU,KAAK;AAC3C,YAAQ,IAAI;AAAA,WACP,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AM7CtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,wBAA0C;AAC1C,oBAA0B;AAC1B,oBAAsB;AACtB,qBAAe;AACf,uBAAiB;;;ACJjB,sBAAqB;AAErB,qBAAoB;AAEb,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,0BAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;AAIR,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAIE;AACF,MAAI;AAEJ,MAAK,MAAM,WAAW,aAAc,SAAS,MAAM;AAC/C,wBAAoB,MAAM,4BAAQ;AAAA,MAC9B,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,MAAM;AACX,eAAO,cAAc;AAAA;AAAA;AAAA,SAG1B;AACH,wBAAoB;AAAA;AAExB,SAAO;AAAA;;;ADtBJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,mBAAmB,iBAAiB;AAAA,EACpC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,yBAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,yBACd,uBAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,IAAI,4BAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,iCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAIZ,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,KAAK;AAAA;AAGrB,2BAAG,cACC,yBAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAC5C,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAE1D,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AE9EtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,oBAA0B;AAC1B,kBAAiB;AACjB,sBAAe;AACf,wBAAiB;;;ACJjB,yBAA2C;AAEpC,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,6BAAU;AAEhC,SAAO;AAAA;;;ADEJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,wBAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,yBACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,aAAoC,oBAAK,UAC3C,gBACA,EAAE,WAAW;AAEjB,UAAM,UAAmB;AAAA,MACrB,QAAQ,iBAAiB;AAAA,MACzB;AAAA;AAEJ,UAAM,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,8BAAG,cAAc,aAAa,KAAK,UAAU,SAAS,MAAM;AAAA;AAAA,WAE3D,GAAP;AACE,UAAM;AAAA;AAAA;;;AE9Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAA0C;AAC1C,oBAA0B;AAC1B,yBAAsB;AACtB,qBAAsB;AAWf,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAE1B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGvC,IAAM,YAAY,OAAO;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAME;AACF,QAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO;AAC9C,MAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,QAAM,YAAY,0BAAM,wBAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,QAAM,YAAY,IAAI,6BAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,UAAM,iBAAiB,IAAI,kCAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGrB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEJ,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,QAAI;AAEJ,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAI1B,QACI,KAAK,oBACL,qBAAqB,MAAM,iBAAiB,QAC9C;AACE,eAAS;AAAA,QACL,mBAAmB,qBAAqB,MAAM;AAAA,QAC9C,uBACI,qBAAqB,MAAM;AAAA,QAC/B,mBAAmB,qBAAqB,MAAM;AAAA;AAAA;AAItD,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI,EAAE,sBAAsB;AAAA;AAGxC,QAAI;AACJ,QAAI,KAAK,SAAS;AACd,YAAM,0BAAM,wBAAG,aAAa,KAAK,SAAS,EAAE,UAAU;AAAA,eAC/C,KAAK,SAAS;AACrB,YAAM,MAAM,UAAU;AAAA,QAClB,SAAS,KAAK;AAAA,QACd;AAAA,QACA;AAAA,QACA,aAAa,KAAK;AAAA;AAAA;AA6C1B,UAAM,kBAAkB,QAAQ,KAAK,MACjC,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAGzC,QAAI,KAAK,SAAS;AACd,oCAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,iDAAK,QAAQ,MAAQ,SAAW;AAAA;AAAA;AAAA,WAGxC,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AChLtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,oBAA0B;AAC1B,qBAAsB;AACtB,sBAAe;AACf,wBAAiB;AAQV,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,YAAY,0BACd,wBAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aAAK,kBAAkB,KAAK,QAAQ,UAAU;AAAA;AAGlD,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAEP,4BAAG,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,UAAM;AAAA;AAAA;;;AC5Gd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAAmD;AACnD,oBAA0B;AAC1B,mBAAiB;AAQV,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,QAAI,CAAE,MAAM,WAAW,cAAe;AAClC,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,UAAU,KAAK,MACjB,wBAAG,aAAa,aAAa,EAAE,UAAU;AAG7C,QAAI,CAAC,QAAQ,YAAY;AACrB,YAAM,IAAI,MAAM;AAAA;AAGpB,UAAM,iBAAyC,0BAC3C,QAAQ,YACR,EAAE,WAAW;AAEjB,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI;AAAA;AAEhB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,0BAA0B,OAAO,YACnC,MAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAC3B,OAAO,CAAC,eAAe,eAAe;AAClC,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,OAAO;AAAA,UACP;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,sBACF,qBAAK,UAAU,yBAAyB,EAAE,WAAW;AACzD,UAAM,mBAAqC;AAAA,MACvC,QAAQ,QAAQ;AAAA,MAChB;AAAA;AAGJ,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,8BAAG,cACC,sBACA,KAAK,UAAU,kBAAkB,MAAM;AAAA;AAAA,WAG1C,GAAP;AACE,UAAM;AAAA;AAAA;;;AC/Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,yBAAoC;AACpC,oBAA0B;AAC1B,mBAAiB;AACjB,sBAAe;AACf,wBAAiB;AASV,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAElC,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,wBAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,0BACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAQvC,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAAI,CAAC,CAAC,eAAe,WAAW;AAC3D,YAAM,sBAAsB,IAAI,uCAAoB;AAAA,QAChD,MAAM,IAAI;AAAA,QACV,OAAO;AAAA,QACP,MAAM;AAAA,QACN,WAAW;AAAA;AAGf,aAAO,UAAU,KAAK;AAAA;AAAA,WAGzB,GAAP;AACE,UAAM;AAAA;AAAA;;;AdjJd,KAAK,0BAAM,4BAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,6BACR,QAAQ,sBACR,QAAQ,2BACR,QAAQ,2BACR,QAAQ,4BACR,QAAQ,4BAGR;",
4
+ "sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as debugCommand from './commands/debugCommand';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as decryptSecretsJson from './commands/decryptSecretsJson';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\nimport * as encryptSecretsJson from './commands/encryptSecretsJson';\nimport * as offloadToSSMCommand from './commands/offloadToSSMCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(offloadToSSMCommand)\n .command(debugCommand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n .command(encryptSecretsJson)\n .command(decryptSecretsJson)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { GetParametersByPathCommand } from '@aws-sdk/client-ssm';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { getSSMClient } from '../utils/ssm';\n\nexport const command = 'debug';\nexport const desc = 'Debugs all the things';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const getParametersByPathCommand = new GetParametersByPathCommand({\n Path: `arn:aws:ssm:eu-west-1:060014838622:parameter/dotsec/*`,\n Recursive: true,\n });\n\n const commandResult = await ssmClient.send(getParametersByPathCommand);\n console.log(commandResult);\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n default: 'alias/top-secret',\n describe: 'AWS KMS key alias',\n },\n awsKeyArn: {\n string: true,\n describe: 'AWS KMS key id',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS key arn',\n },\n envFile: {\n string: true,\n describe: '.env file',\n default: '.env',\n },\n ignoreMissingEnvFile: {\n boolean: true,\n describe: `Don't halt on missing .env file`,\n },\n secFile: {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n awsAssumeRoleArn: {\n string: true,\n describe:\n 'arn or role to assume. Can also be set using the AWS_ASSUME_ROLE_ARN environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n awsAssumeRoleSessionDuration: {\n number: true,\n describe:\n 'Duration of assume role sessions. Defaults to 3600 seconds. Can also be set using the AWS_ASSUME_ROLE_SESSION_DURATION environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import {\n fromEnv,\n fromIni,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport {\n CredentialsAndOrigin,\n ProfileAndOrigin,\n RegionAndOrigin,\n} from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: {\n profile?: string;\n region?: string;\n assumeRoleArn?: string;\n assumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n if (argv.profile) {\n profileAndOrigin = {\n value: argv.profile,\n origin: `command line option: ${bold(argv.profile)}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: argv.profile,\n })(),\n origin: `${bold(`[${argv.profile}]`)} in credentials file`,\n };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = {\n value: env.AWS_PROFILE,\n origin: `env variable ${bold('AWS_PROFILE')}: ${underline(\n env.AWS_PROFILE,\n )}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: env.AWS_PROFILE,\n })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(\n env.AWS_PROFILE,\n )}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold(\n 'AWS_SECRET_ACCESS_KEY',\n )}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = {\n value: 'default',\n origin: `${bold('[default]')} in credentials file`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: 'default',\n })(),\n origin: `profile ${bold('[default]')}`,\n };\n }\n\n if (argv.region) {\n regionAndOrigin = {\n value: argv.region,\n origin: `command line option: ${bold(argv.region)}`,\n };\n } else if (env.AWS_REGION) {\n regionAndOrigin = {\n value: env.AWS_REGION,\n origin: `env variable ${bold('AWS_REGION')}: ${underline(\n env.AWS_REGION,\n )}`,\n };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(\n env.AWS_DEFAULT_REGION,\n )}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion =\n sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = {\n value: foundRegion,\n origin: `${bold(\n `[profile ${profileAndOrigin.value}]`,\n )} in config file`,\n };\n }\n }\n\n const assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;\n if (assumedRole) {\n const origin = argv.assumeRoleArn\n ? 'command line option'\n : 'env variable';\n credentialsAndOrigin = {\n value: await fromTemporaryCredentials({\n masterCredentials: credentialsAndOrigin?.value,\n\n params: {\n DurationSeconds:\n argv.assumeRoleSessionDuration ||\n Number(env.AWS_ASSUME_ROLE_SESSION_DURATION) ||\n 3600,\n RoleArn: assumedRole,\n },\n\n clientConfig: {\n region: regionAndOrigin?.value,\n },\n })(),\n origin: `${origin} ${bold(`[${assumedRole}]`)}`,\n };\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n _logger = console;\n }\n\n return _logger;\n};\nexport const writeLine = (str: string) => {\n process.stdout.write(str);\n};\nexport const bold = (str: string): string => chalk.greenBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\nexport const clientLogger = {\n debug(content: object) {\n console.log(content);\n },\n info(content: object) {\n console.log(content);\n },\n warn(content: object) {\n console.log(content);\n },\n error(content: object) {\n console.error(content);\n },\n};\n", "import {\n getCredentialsProfileRegion,\n printVerboseCredentialsProfileRegion,\n} from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: {\n awsRegion?: string;\n awsProfile?: string;\n verbose?: boolean;\n awsAssumeRoleArn?: string;\n awsAssumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n await getCredentialsProfileRegion({\n argv: {\n region: argv.awsRegion,\n profile: argv.awsProfile,\n assumeRoleArn: argv.awsAssumeRoleArn,\n assumeRoleSessionDuration: argv.awsAssumeRoleSessionDuration,\n },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(\n printVerboseCredentialsProfileRegion({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n }),\n );\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { SSMClient, SSMClientConfig } from '@aws-sdk/client-ssm';\n\nexport const getSSMClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SSMClientConfig;\n}) => {\n const ssmClient = new SSMClient(configuration);\n return ssmClient;\n};\n", "import { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(\n fs.readFileSync(secSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(\n path.resolve(process.cwd(), argv.envFile || '.env'),\n envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'),\n );\n } catch (e) {\n console.error(e);\n }\n};\n", "import { stat } from 'fs/promises';\n\nimport prompts from 'prompts';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n\nexport const promptOverwriteIfFileExists = async ({\n filePath,\n skip,\n}: {\n filePath: string;\n skip?: boolean;\n}) => {\n let overwriteResponse: prompts.Answers<'overwrite'> | undefined;\n\n if ((await fileExists(filePath)) && skip !== true) {\n overwriteResponse = await prompts({\n type: 'confirm',\n name: 'overwrite',\n message: () => {\n return `Overwrite '${filePath}' ?`;\n },\n });\n } else {\n overwriteResponse = undefined;\n }\n return overwriteResponse;\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'decrypt-secrets-json';\nexport const desc = 'Derypts an encrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file writing secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const parameters: Secrets['parameters'] = flat.unflatten(\n flatParameters,\n { delimiter: '/' },\n );\n const secrets: Secrets = {\n config: encryptedSecrets.config,\n parameters,\n };\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: secretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(secretsPath, JSON.stringify(secrets, null, 4));\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { KMSClient, KMSClientConfig } from '@aws-sdk/client-kms';\n\nexport const getKMSClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: KMSClientConfig;\n}) => {\n const kmsClient = new KMSClient(configuration);\n\n return kmsClient;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport {\n CredentialsAndOrigin,\n RegionAndOrigin,\n YargsHandlerParams,\n} from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = '$0 <command>';\nexport const desc =\n 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'sec-file': commonCliOptions.secFile,\n 'env-file': commonCliOptions.envFile,\n 'ignore-missing-env-file': commonCliOptions.ignoreMissingEnvFile,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nconst handleSec = async ({\n secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n secFile: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const secSource = path.resolve(process.cwd(), secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n let env: Record<string, string> | undefined;\n try {\n if (argv.envFile) {\n env = parse(\n fs.readFileSync(argv.envFile, { encoding: 'utf8' }),\n );\n }\n } catch (e) {\n if (argv.ignoreMissingEnvFile !== true) {\n throw e;\n }\n }\n\n let awsEnv: Record<string, string> | undefined;\n\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: {\n ...process.env,\n ...env,\n // AWS_ASSUME_ROLE_ARN:\n // process.env.AWS_ASSUME_ROLE_ARN ||\n // env?.AWS_ASSUME_ROLE_ARN,\n },\n });\n\n if (\n (argv.awsAssumeRoleArn ||\n process.env.AWS_ASSUME_ROLE_ARN ||\n env?.AWS_ASSUME_ROLE_ARN) &&\n credentialsAndOrigin.value.sessionToken !== undefined\n ) {\n awsEnv = {\n AWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n AWS_SESSION_TOKEN: credentialsAndOrigin.value.sessionToken,\n };\n // this means we have\n }\n if (argv.verbose) {\n console.log({ credentialsAndOrigin, regionAndOrigin });\n }\n\n if (!argv.envFile && argv.secFile) {\n env = await handleSec({\n secFile: argv.secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias: argv.awsKeyAlias,\n });\n }\n\n // const secSource = path.resolve(process.cwd(), argv.secFile);\n // if (!(await fileExists(secSource))) {\n // console.error(`Could not open ${redBright(secSource)}`);\n // return;\n // }\n // const parsedSec = parse(\n // fs.readFileSync(secSource, { encoding: 'utf8' }),\n // );\n\n // const kmsClient = new KMSClient({\n // credentials: credentialsAndOrigin.value,\n // region: regionAndOrigin.value,\n // });\n\n // const envEntries: [string, string][] = await Promise.all(\n // Object.entries(parsedSec).map(async ([key, cipherText]) => {\n // const decryptCommand = new DecryptCommand({\n // KeyId: argv.awsKeyAlias,\n // CiphertextBlob: Buffer.from(cipherText, 'base64'),\n // EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n // });\n // const decryptionResult = await kmsClient.send(decryptCommand);\n\n // if (!decryptionResult?.Plaintext) {\n // throw new Error(\n // `No: ${JSON.stringify({\n // key,\n // cipherText,\n // decryptCommand,\n // })}`,\n // );\n // }\n // const value = Buffer.from(\n // decryptionResult.Plaintext,\n // ).toString();\n // return [key, value];\n // }),\n // );\n // const env = Object.fromEntries(envEntries);\n\n //\n const userCommandArgs = process.argv.slice(\n process.argv.indexOf(argv.command) + 1,\n );\n\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...awsEnv, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(\n fs.readFileSync(envSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key,\n value,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(`Encrypting key ${bold(key)} ${underline('ok')}`);\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-secrets-json';\nexport const desc = 'Encrypts an unencrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file reading secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n if (!(await fileExists(secretsPath))) {\n error(`Could not open ${redBright(secretsPath)}`);\n return;\n }\n const secrets = JSON.parse(\n fs.readFileSync(secretsPath, { encoding: 'utf8' }),\n ) as Secrets;\n\n if (!secrets.parameters) {\n throw new Error(`Expected 'parameters' property, but got none`);\n }\n\n const flatParameters: Record<string, string> = flat(\n secrets.parameters,\n { delimiter: '/' },\n );\n if (argv.verbose) {\n console.log(flatParameters);\n }\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const encryptedFlatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatParameters).map(\n async ([parameterName, parameter]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(parameter),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n value: parameter,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return [parameterName, cipherText];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const encryptedParameters: EncryptedSecrets['encryptedParameters'] =\n flat.unflatten(encryptedFlatParameters, { delimiter: '/' });\n const encryptedSecrets: EncryptedSecrets = {\n config: secrets.config,\n encryptedParameters,\n };\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: encryptedSecretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(\n encryptedSecretsPath,\n JSON.stringify(encryptedSecrets, null, 4),\n );\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { PutParameterCommand } from '@aws-sdk/client-ssm';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nimport { getSSMClient } from '../utils/ssm';\nexport const command = 'offload-secrets-json-to-ssm';\nexport const desc =\n 'Sends decrypted values of secrets.encrypted.json file to SSM parameter store';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n // create ssm client\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n await Promise.all(\n Object.entries(flatParameters).map(([parameterName, value]) => {\n const putParameterCommand = new PutParameterCommand({\n Name: `/${parameterName}`,\n Value: value,\n Type: 'String',\n Overwrite: true,\n });\n\n return ssmClient.send(putParameterCommand);\n }),\n );\n } catch (e) {\n error(e);\n }\n};\n"],
5
+ "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,qBAAwB;AACxB,mBAAkB;;;ACFlB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAA2C;;;ACEpC,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,sBAAsB;AAAA,IAClB,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,kBAAkB;AAAA,IACd,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,8BAA8B;AAAA,IAC1B,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAWd,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;ACnElB,kCAIO;AACP,oCAAsC;;;ACLtC,mBAAkB;AAElB,IAAI;AAEG,IAAM,YAAY,MAAM;AAC3B,MAAI,CAAC,SAAS;AACV,cAAU;AAAA;AAGd,SAAO;AAAA;AAKJ,IAAM,OAAO,CAAC,QAAwB,qBAAM,YAAY,KAAK;AAC7D,IAAM,YAAY,CAAC,QAAwB,qBAAM,WAAW,KAAK;;;ADDjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAkBE;AAlCN;AAmCI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AACnD,MAAI,KAAK,SAAS;AACd,uBAAmB;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAE9C,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS,KAAK;AAAA;AAAA,MAElB,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA;AAAA,aAEtB,IAAI,aAAa;AACxB,uBAAmB;AAAA,MACf,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,mBAAmB,UAC5C,IAAI;AAAA;AAGZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS,IAAI;AAAA;AAAA,MAEjB,QAAQ,gBAAgB,UAAU,mBAAmB,KACjD,IAAI;AAAA;AAAA,aAGL,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KACtD;AAAA;AAAA,aAGD,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB;AAAA,MACf,OAAO;AAAA,MACP,QAAQ,GAAG,KAAK;AAAA;AAEpB,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS;AAAA;AAAA,MAEb,QAAQ,WAAW,KAAK;AAAA;AAAA;AAIhC,MAAI,KAAK,QAAQ;AACb,sBAAkB;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAAA,aAEvC,IAAI,YAAY;AACvB,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,kBAAkB,UAC3C,IAAI;AAAA;AAAA,aAGL,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UACnD,IAAI;AAAA;AAAA,aAGL,kBAAkB;AACzB,UAAM,cACF,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7D,QAAI,aAAa;AACb,wBAAkB;AAAA,QACd,OAAO;AAAA,QACP,QAAQ,GAAG,KACP,YAAY,iBAAiB;AAAA;AAAA;AAAA;AAM7C,QAAM,cAAc,KAAK,iBAAiB,IAAI;AAC9C,MAAI,aAAa;AACb,UAAM,SAAS,KAAK,gBACd,wBACA;AACN,2BAAuB;AAAA,MACnB,OAAO,MAAM,0DAAyB;AAAA,QAClC,mBAAmB,6DAAsB;AAAA,QAEzC,QAAQ;AAAA,UACJ,iBACI,KAAK,6BACL,OAAO,IAAI,qCACX;AAAA,UACJ,SAAS;AAAA;AAAA,QAGb,cAAc;AAAA,UACV,QAAQ,mDAAiB;AAAA;AAAA;AAAA,MAGjC,QAAQ,GAAG,UAAU,KAAK,IAAI;AAAA;AAAA;AAItC,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AEhKb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAmBE;AACF,QAAM,EAAE,sBAAsB,iBAAiB,qBAC3C,MAAM,4BAA4B;AAAA,IAC9B,MAAM;AAAA,MACF,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA,MACpB,2BAA2B,KAAK;AAAA;AAAA,IAEpC,KAAK,mBACE;AAAA;AAIf,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IACJ,qCAAqC;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAKZ,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;AC7DnC,wBAA2C;AAEpC,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,4BAAU;AAChC,SAAO;AAAA;;;ALFJ,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,6BAA6B,IAAI,8CAA2B;AAAA,MAC9D,MAAM;AAAA,MACN,WAAW;AAAA;AAGf,UAAM,gBAAgB,MAAM,UAAU,KAAK;AAC3C,YAAQ,IAAI;AAAA,WACP,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AM7CtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,wBAA0C;AAC1C,oBAA0B;AAC1B,oBAAsB;AACtB,qBAAe;AACf,uBAAiB;;;ACJjB,sBAAqB;AAErB,qBAAoB;AAEb,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,0BAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;AAIR,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAIE;AACF,MAAI;AAEJ,MAAK,MAAM,WAAW,aAAc,SAAS,MAAM;AAC/C,wBAAoB,MAAM,4BAAQ;AAAA,MAC9B,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,MAAM;AACX,eAAO,cAAc;AAAA;AAAA;AAAA,SAG1B;AACH,wBAAoB;AAAA;AAExB,SAAO;AAAA;;;ADtBJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,mBAAmB,iBAAiB;AAAA,EACpC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,yBAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,yBACd,uBAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,IAAI,4BAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,iCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAIZ,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,KAAK;AAAA;AAGrB,2BAAG,cACC,yBAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAC5C,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAE1D,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AE9EtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,oBAA0B;AAC1B,kBAAiB;AACjB,sBAAe;AACf,wBAAiB;;;ACJjB,yBAA2C;AAEpC,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,6BAAU;AAEhC,SAAO;AAAA;;;ADEJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,wBAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,yBACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,aAAoC,oBAAK,UAC3C,gBACA,EAAE,WAAW;AAEjB,UAAM,UAAmB;AAAA,MACrB,QAAQ,iBAAiB;AAAA,MACzB;AAAA;AAEJ,UAAM,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,8BAAG,cAAc,aAAa,KAAK,UAAU,SAAS,MAAM;AAAA;AAAA,WAE3D,GAAP;AACE,UAAM;AAAA;AAAA;;;AE9Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAA0C;AAC1C,oBAA0B;AAC1B,yBAAsB;AACtB,qBAAsB;AAWf,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,2BAA2B,iBAAiB;AAAA,EAC5C,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,SAAS,iBAAiB;AAAA,EAE1B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGvC,IAAM,YAAY,OAAO;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAME;AACF,QAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO;AAC9C,MAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,QAAM,YAAY,0BAAM,wBAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,QAAM,YAAY,IAAI,6BAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,UAAM,iBAAiB,IAAI,kCAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGrB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEJ,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,QAAI;AACJ,QAAI;AACA,UAAI,KAAK,SAAS;AACd,cAAM,0BACF,wBAAG,aAAa,KAAK,SAAS,EAAE,UAAU;AAAA;AAAA,aAG7C,GAAP;AACE,UAAI,KAAK,yBAAyB,MAAM;AACpC,cAAM;AAAA;AAAA;AAId,QAAI;AAEJ,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,kCACE,QAAQ,MACR;AAAA;AAOf,QACK,MAAK,oBACF,QAAQ,IAAI,uBACZ,4BAAK,yBACT,qBAAqB,MAAM,iBAAiB,QAC9C;AACE,eAAS;AAAA,QACL,mBAAmB,qBAAqB,MAAM;AAAA,QAC9C,uBACI,qBAAqB,MAAM;AAAA,QAC/B,mBAAmB,qBAAqB,MAAM;AAAA;AAAA;AAItD,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI,EAAE,sBAAsB;AAAA;AAGxC,QAAI,CAAC,KAAK,WAAW,KAAK,SAAS;AAC/B,YAAM,MAAM,UAAU;AAAA,QAClB,SAAS,KAAK;AAAA,QACd;AAAA,QACA;AAAA,QACA,aAAa,KAAK;AAAA;AAAA;AA6C1B,UAAM,kBAAkB,QAAQ,KAAK,MACjC,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAGzC,QAAI,KAAK,SAAS;AACd,oCAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,iDAAK,QAAQ,MAAQ,SAAW;AAAA;AAAA;AAAA,WAGxC,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;ACpMtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,oBAA0B;AAC1B,qBAAsB;AACtB,sBAAe;AACf,wBAAiB;AAQV,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,YAAY,0BACd,wBAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aAAK,kBAAkB,KAAK,QAAQ,UAAU;AAAA;AAGlD,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAEP,4BAAG,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,UAAM;AAAA;AAAA;;;AC5Gd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAAmD;AACnD,oBAA0B;AAC1B,mBAAiB;AAQV,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,QAAI,CAAE,MAAM,WAAW,cAAe;AAClC,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,UAAU,KAAK,MACjB,wBAAG,aAAa,aAAa,EAAE,UAAU;AAG7C,QAAI,CAAC,QAAQ,YAAY;AACrB,YAAM,IAAI,MAAM;AAAA;AAGpB,UAAM,iBAAyC,0BAC3C,QAAQ,YACR,EAAE,WAAW;AAEjB,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI;AAAA;AAEhB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,0BAA0B,OAAO,YACnC,MAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAC3B,OAAO,CAAC,eAAe,eAAe;AAClC,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,OAAO;AAAA,UACP;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,sBACF,qBAAK,UAAU,yBAAyB,EAAE,WAAW;AACzD,UAAM,mBAAqC;AAAA,MACvC,QAAQ,QAAQ;AAAA,MAChB;AAAA;AAGJ,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,8BAAG,cACC,sBACA,KAAK,UAAU,kBAAkB,MAAM;AAAA;AAAA,WAG1C,GAAP;AACE,UAAM;AAAA;AAAA;;;AC/Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,yBAAoC;AACpC,oBAA0B;AAC1B,mBAAiB;AACjB,sBAAe;AACf,wBAAiB;AASV,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAElC,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,wBAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,0BACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAQvC,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAAI,CAAC,CAAC,eAAe,WAAW;AAC3D,YAAM,sBAAsB,IAAI,uCAAoB;AAAA,QAChD,MAAM,IAAI;AAAA,QACV,OAAO;AAAA,QACP,MAAM;AAAA,QACN,WAAW;AAAA;AAGf,aAAO,UAAU,KAAK;AAAA;AAAA,WAGzB,GAAP;AACE,UAAM;AAAA;AAAA;;;AdjJd,KAAK,0BAAM,4BAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,6BACR,QAAQ,sBACR,QAAQ,2BACR,QAAQ,2BACR,QAAQ,4BACR,QAAQ,4BAGR;",
6
6
  "names": []
7
7
  }
package/dist/esm/cli.js CHANGED
@@ -63,6 +63,10 @@ var commonCliOptions = {
63
63
  describe: ".env file",
64
64
  default: ".env"
65
65
  },
66
+ ignoreMissingEnvFile: {
67
+ boolean: true,
68
+ describe: `Don't halt on missing .env file`
69
+ },
66
70
  secFile: {
67
71
  string: true,
68
72
  describe: ".sec file",
@@ -70,7 +74,11 @@ var commonCliOptions = {
70
74
  },
71
75
  awsAssumeRoleArn: {
72
76
  string: true,
73
- describe: "arn or role to assume"
77
+ describe: "arn or role to assume. Can also be set using the AWS_ASSUME_ROLE_ARN environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable."
78
+ },
79
+ awsAssumeRoleSessionDuration: {
80
+ number: true,
81
+ describe: "Duration of assume role sessions. Defaults to 3600 seconds. Can also be set using the AWS_ASSUME_ROLE_SESSION_DURATION environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable."
74
82
  },
75
83
  verbose: {
76
84
  boolean: true,
@@ -179,19 +187,21 @@ var getCredentialsProfileRegion = async ({
179
187
  };
180
188
  }
181
189
  }
182
- if (argv.assumeRoleArn) {
183
- console.log("assume this yo");
190
+ const assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;
191
+ if (assumedRole) {
192
+ const origin = argv.assumeRoleArn ? "command line option" : "env variable";
184
193
  credentialsAndOrigin = {
185
194
  value: await fromTemporaryCredentials({
186
195
  masterCredentials: credentialsAndOrigin == null ? void 0 : credentialsAndOrigin.value,
187
196
  params: {
188
- RoleArn: argv.assumeRoleArn
197
+ DurationSeconds: argv.assumeRoleSessionDuration || Number(env.AWS_ASSUME_ROLE_SESSION_DURATION) || 3600,
198
+ RoleArn: assumedRole
189
199
  },
190
200
  clientConfig: {
191
201
  region: regionAndOrigin == null ? void 0 : regionAndOrigin.value
192
202
  }
193
203
  })(),
194
- origin: `assume role ${bold(`[${argv.assumeRoleArn}]`)}`
204
+ origin: `${origin} ${bold(`[${assumedRole}]`)}`
195
205
  };
196
206
  }
197
207
  return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };
@@ -223,7 +233,8 @@ var handleCredentialsAndRegion = async ({
223
233
  argv: {
224
234
  region: argv.awsRegion,
225
235
  profile: argv.awsProfile,
226
- assumeRoleArn: argv.awsAssumeRoleArn
236
+ assumeRoleArn: argv.awsAssumeRoleArn,
237
+ assumeRoleSessionDuration: argv.awsAssumeRoleSessionDuration
227
238
  },
228
239
  env: __spreadValues({}, env)
229
240
  });
@@ -522,7 +533,9 @@ var builder4 = {
522
533
  "aws-key-alias": commonCliOptions.awsKeyAlias,
523
534
  "sec-file": commonCliOptions.secFile,
524
535
  "env-file": commonCliOptions.envFile,
536
+ "ignore-missing-env-file": commonCliOptions.ignoreMissingEnvFile,
525
537
  "aws-assume-role-arn": commonCliOptions.awsAssumeRoleArn,
538
+ "aws-assume-role-session-duration": commonCliOptions.awsAssumeRoleSessionDuration,
526
539
  verbose: commonCliOptions.verbose,
527
540
  command: { string: true, required: true }
528
541
  };
@@ -564,12 +577,22 @@ var handleSec = async ({
564
577
  };
565
578
  var handler4 = async (argv) => {
566
579
  try {
580
+ let env;
581
+ try {
582
+ if (argv.envFile) {
583
+ env = parse2(fs3.readFileSync(argv.envFile, { encoding: "utf8" }));
584
+ }
585
+ } catch (e) {
586
+ if (argv.ignoreMissingEnvFile !== true) {
587
+ throw e;
588
+ }
589
+ }
567
590
  let awsEnv;
568
591
  const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({
569
592
  argv: __spreadValues({}, argv),
570
- env: __spreadValues({}, process.env)
593
+ env: __spreadValues(__spreadValues({}, process.env), env)
571
594
  });
572
- if (argv.awsAssumeRoleArn && credentialsAndOrigin.value.sessionToken !== void 0) {
595
+ if ((argv.awsAssumeRoleArn || process.env.AWS_ASSUME_ROLE_ARN || (env == null ? void 0 : env.AWS_ASSUME_ROLE_ARN)) && credentialsAndOrigin.value.sessionToken !== void 0) {
573
596
  awsEnv = {
574
597
  AWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,
575
598
  AWS_SECRET_ACCESS_KEY: credentialsAndOrigin.value.secretAccessKey,
@@ -579,10 +602,7 @@ var handler4 = async (argv) => {
579
602
  if (argv.verbose) {
580
603
  console.log({ credentialsAndOrigin, regionAndOrigin });
581
604
  }
582
- let env;
583
- if (argv.envFile) {
584
- env = parse2(fs3.readFileSync(argv.envFile, { encoding: "utf8" }));
585
- } else if (argv.secFile) {
605
+ if (!argv.envFile && argv.secFile) {
586
606
  env = await handleSec({
587
607
  secFile: argv.secFile,
588
608
  credentialsAndOrigin,
package/dist/esm/cli.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../src/cli.ts", "../../src/commands/debugCommand.ts", "../../src/commonCliOptions.ts", "../../src/utils/getCredentialsProfileRegion.ts", "../../src/utils/logger.ts", "../../src/lib/partial-commands/handleCredentialsAndRegion.ts", "../../src/utils/ssm.ts", "../../src/commands/decryptSecCommand.ts", "../../src/utils/io.ts", "../../src/commands/decryptSecretsJson.ts", "../../src/utils/kms.ts", "../../src/commands/defaultCommand.ts", "../../src/commands/encryptEnvCommand.ts", "../../src/commands/encryptSecretsJson.ts", "../../src/commands/offloadToSSMCommand.ts"],
4
- "sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as debugCommand from './commands/debugCommand';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as decryptSecretsJson from './commands/decryptSecretsJson';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\nimport * as encryptSecretsJson from './commands/encryptSecretsJson';\nimport * as offloadToSSMCommand from './commands/offloadToSSMCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(offloadToSSMCommand)\n .command(debugCommand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n .command(encryptSecretsJson)\n .command(decryptSecretsJson)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { GetParametersByPathCommand } from '@aws-sdk/client-ssm';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { getSSMClient } from '../utils/ssm';\n\nexport const command = 'debug';\nexport const desc = 'Debugs all the things';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const getParametersByPathCommand = new GetParametersByPathCommand({\n Path: `arn:aws:ssm:eu-west-1:060014838622:parameter/dotsec/*`,\n Recursive: true,\n });\n\n const commandResult = await ssmClient.send(getParametersByPathCommand);\n console.log(commandResult);\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n default: 'alias/top-secret',\n describe: 'AWS KMS key alias',\n },\n awsKeyArn: {\n string: true,\n describe: 'AWS KMS key id',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS key arn',\n },\n\n envFile: {\n string: true,\n describe: '.env file',\n default: '.env',\n },\n\n secFile: {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n awsAssumeRoleArn: {\n string: true,\n describe: 'arn or role to assume',\n },\n\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import {\n fromEnv,\n fromIni,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport {\n CredentialsAndOrigin,\n ProfileAndOrigin,\n RegionAndOrigin,\n} from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: {\n profile?: string;\n region?: string;\n assumeRoleArn?: string;\n };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n if (argv.profile) {\n profileAndOrigin = {\n value: argv.profile,\n origin: `command line option: ${bold(argv.profile)}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: argv.profile,\n })(),\n origin: `${bold(`[${argv.profile}]`)} in credentials file`,\n };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = {\n value: env.AWS_PROFILE,\n origin: `env variable ${bold('AWS_PROFILE')}: ${underline(\n env.AWS_PROFILE,\n )}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: env.AWS_PROFILE,\n })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(\n env.AWS_PROFILE,\n )}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold(\n 'AWS_SECRET_ACCESS_KEY',\n )}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = {\n value: 'default',\n origin: `${bold('[default]')} in credentials file`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: 'default',\n })(),\n origin: `profile ${bold('[default]')}`,\n };\n }\n\n if (argv.region) {\n regionAndOrigin = {\n value: argv.region,\n origin: `command line option: ${bold(argv.region)}`,\n };\n } else if (env.AWS_REGION) {\n regionAndOrigin = {\n value: env.AWS_REGION,\n origin: `env variable ${bold('AWS_REGION')}: ${underline(\n env.AWS_REGION,\n )}`,\n };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(\n env.AWS_DEFAULT_REGION,\n )}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion =\n sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = {\n value: foundRegion,\n origin: `${bold(\n `[profile ${profileAndOrigin.value}]`,\n )} in config file`,\n };\n }\n }\n\n if (argv.assumeRoleArn) {\n console.log('assume this yo');\n credentialsAndOrigin = {\n value: await fromTemporaryCredentials({\n masterCredentials: credentialsAndOrigin?.value,\n params: {\n RoleArn: argv.assumeRoleArn,\n },\n\n clientConfig: {\n region: regionAndOrigin?.value,\n },\n })(),\n origin: `assume role ${bold(`[${argv.assumeRoleArn}]`)}`,\n };\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n _logger = console;\n }\n\n return _logger;\n};\nexport const writeLine = (str: string) => {\n process.stdout.write(str);\n};\nexport const bold = (str: string): string => chalk.greenBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\nexport const clientLogger = {\n debug(content: object) {\n console.log(content);\n },\n info(content: object) {\n console.log(content);\n },\n warn(content: object) {\n console.log(content);\n },\n error(content: object) {\n console.error(content);\n },\n};\n", "import {\n getCredentialsProfileRegion,\n printVerboseCredentialsProfileRegion,\n} from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: {\n awsRegion?: string;\n awsProfile?: string;\n verbose?: boolean;\n awsAssumeRoleArn?: string;\n };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n await getCredentialsProfileRegion({\n argv: {\n region: argv.awsRegion,\n profile: argv.awsProfile,\n assumeRoleArn: argv.awsAssumeRoleArn,\n },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(\n printVerboseCredentialsProfileRegion({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n }),\n );\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { SSMClient, SSMClientConfig } from '@aws-sdk/client-ssm';\n\nexport const getSSMClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SSMClientConfig;\n}) => {\n const ssmClient = new SSMClient(configuration);\n return ssmClient;\n};\n", "import { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(\n fs.readFileSync(secSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(\n path.resolve(process.cwd(), argv.envFile || '.env'),\n envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'),\n );\n } catch (e) {\n console.error(e);\n }\n};\n", "import { stat } from 'fs/promises';\n\nimport prompts from 'prompts';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n\nexport const promptOverwriteIfFileExists = async ({\n filePath,\n skip,\n}: {\n filePath: string;\n skip?: boolean;\n}) => {\n let overwriteResponse: prompts.Answers<'overwrite'> | undefined;\n\n if ((await fileExists(filePath)) && skip !== true) {\n overwriteResponse = await prompts({\n type: 'confirm',\n name: 'overwrite',\n message: () => {\n return `Overwrite '${filePath}' ?`;\n },\n });\n } else {\n overwriteResponse = undefined;\n }\n return overwriteResponse;\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'decrypt-secrets-json';\nexport const desc = 'Derypts an encrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file writing secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const parameters: Secrets['parameters'] = flat.unflatten(\n flatParameters,\n { delimiter: '/' },\n );\n const secrets: Secrets = {\n config: encryptedSecrets.config,\n parameters,\n };\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: secretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(secretsPath, JSON.stringify(secrets, null, 4));\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { KMSClient, KMSClientConfig } from '@aws-sdk/client-kms';\n\nexport const getKMSClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: KMSClientConfig;\n}) => {\n const kmsClient = new KMSClient(configuration);\n\n return kmsClient;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport {\n CredentialsAndOrigin,\n RegionAndOrigin,\n YargsHandlerParams,\n} from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = '$0 <command>';\nexport const desc =\n 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'sec-file': commonCliOptions.secFile,\n 'env-file': commonCliOptions.envFile,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nconst handleSec = async ({\n secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n secFile: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const secSource = path.resolve(process.cwd(), secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n let awsEnv: Record<string, string> | undefined;\n\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n // `AWS_ACCESS_KEY_ID=${AccessKeyId} AWS_SECRET_ACCESS_KEY=${SecretAccessKey} AWS_SESSION_TOKEN=${SessionToken}`\n\n if (\n argv.awsAssumeRoleArn &&\n credentialsAndOrigin.value.sessionToken !== undefined\n ) {\n awsEnv = {\n AWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n AWS_SESSION_TOKEN: credentialsAndOrigin.value.sessionToken,\n };\n // this means we have\n }\n if (argv.verbose) {\n console.log({ credentialsAndOrigin, regionAndOrigin });\n }\n\n let env: Record<string, string> | undefined;\n if (argv.envFile) {\n env = parse(fs.readFileSync(argv.envFile, { encoding: 'utf8' }));\n } else if (argv.secFile) {\n env = await handleSec({\n secFile: argv.secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias: argv.awsKeyAlias,\n });\n }\n\n // const secSource = path.resolve(process.cwd(), argv.secFile);\n // if (!(await fileExists(secSource))) {\n // console.error(`Could not open ${redBright(secSource)}`);\n // return;\n // }\n // const parsedSec = parse(\n // fs.readFileSync(secSource, { encoding: 'utf8' }),\n // );\n\n // const kmsClient = new KMSClient({\n // credentials: credentialsAndOrigin.value,\n // region: regionAndOrigin.value,\n // });\n\n // const envEntries: [string, string][] = await Promise.all(\n // Object.entries(parsedSec).map(async ([key, cipherText]) => {\n // const decryptCommand = new DecryptCommand({\n // KeyId: argv.awsKeyAlias,\n // CiphertextBlob: Buffer.from(cipherText, 'base64'),\n // EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n // });\n // const decryptionResult = await kmsClient.send(decryptCommand);\n\n // if (!decryptionResult?.Plaintext) {\n // throw new Error(\n // `No: ${JSON.stringify({\n // key,\n // cipherText,\n // decryptCommand,\n // })}`,\n // );\n // }\n // const value = Buffer.from(\n // decryptionResult.Plaintext,\n // ).toString();\n // return [key, value];\n // }),\n // );\n // const env = Object.fromEntries(envEntries);\n\n //\n const userCommandArgs = process.argv.slice(\n process.argv.indexOf(argv.command) + 1,\n );\n\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...awsEnv, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(\n fs.readFileSync(envSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key,\n value,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(`Encrypting key ${bold(key)} ${underline('ok')}`);\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-secrets-json';\nexport const desc = 'Encrypts an unencrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file reading secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n if (!(await fileExists(secretsPath))) {\n error(`Could not open ${redBright(secretsPath)}`);\n return;\n }\n const secrets = JSON.parse(\n fs.readFileSync(secretsPath, { encoding: 'utf8' }),\n ) as Secrets;\n\n if (!secrets.parameters) {\n throw new Error(`Expected 'parameters' property, but got none`);\n }\n\n const flatParameters: Record<string, string> = flat(\n secrets.parameters,\n { delimiter: '/' },\n );\n if (argv.verbose) {\n console.log(flatParameters);\n }\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const encryptedFlatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatParameters).map(\n async ([parameterName, parameter]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(parameter),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n value: parameter,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return [parameterName, cipherText];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const encryptedParameters: EncryptedSecrets['encryptedParameters'] =\n flat.unflatten(encryptedFlatParameters, { delimiter: '/' });\n const encryptedSecrets: EncryptedSecrets = {\n config: secrets.config,\n encryptedParameters,\n };\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: encryptedSecretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(\n encryptedSecretsPath,\n JSON.stringify(encryptedSecrets, null, 4),\n );\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { PutParameterCommand } from '@aws-sdk/client-ssm';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nimport { getSSMClient } from '../utils/ssm';\nexport const command = 'offload-secrets-json-to-ssm';\nexport const desc =\n 'Sends decrypted values of secrets.encrypted.json file to SSM parameter store';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n // create ssm client\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n await Promise.all(\n Object.entries(flatParameters).map(([parameterName, value]) => {\n const putParameterCommand = new PutParameterCommand({\n Name: `/${parameterName}`,\n Value: value,\n Type: 'String',\n Overwrite: true,\n });\n\n return ssmClient.send(putParameterCommand);\n }),\n );\n } catch (e) {\n error(e);\n }\n};\n"],
5
- "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;AACA;AACA;;;ACFA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACEO,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAGb,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,kBAAkB;AAAA,IACd,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAGd,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAWd,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;AC5DlB;AAAA;AAAA;AAAA;AAAA;AAKA;;;ACLA;AAEA,IAAI;AAEG,IAAM,YAAY,MAAM;AAC3B,MAAI,CAAC,SAAS;AACV,cAAU;AAAA;AAGd,SAAO;AAAA;AAKJ,IAAM,OAAO,CAAC,QAAwB,MAAM,YAAY,KAAK;AAC7D,IAAM,YAAY,CAAC,QAAwB,MAAM,WAAW,KAAK;;;ADDjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAeE;AA/BN;AAgCI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AACnD,MAAI,KAAK,SAAS;AACd,uBAAmB;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAE9C,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,KAAK;AAAA;AAAA,MAElB,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA;AAAA,aAEtB,IAAI,aAAa;AACxB,uBAAmB;AAAA,MACf,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,mBAAmB,UAC5C,IAAI;AAAA;AAGZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,IAAI;AAAA;AAAA,MAEjB,QAAQ,gBAAgB,UAAU,mBAAmB,KACjD,IAAI;AAAA;AAAA,aAGL,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KACtD;AAAA;AAAA,aAGD,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB;AAAA,MACf,OAAO;AAAA,MACP,QAAQ,GAAG,KAAK;AAAA;AAEpB,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS;AAAA;AAAA,MAEb,QAAQ,WAAW,KAAK;AAAA;AAAA;AAIhC,MAAI,KAAK,QAAQ;AACb,sBAAkB;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAAA,aAEvC,IAAI,YAAY;AACvB,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,kBAAkB,UAC3C,IAAI;AAAA;AAAA,aAGL,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UACnD,IAAI;AAAA;AAAA,aAGL,kBAAkB;AACzB,UAAM,cACF,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7D,QAAI,aAAa;AACb,wBAAkB;AAAA,QACd,OAAO;AAAA,QACP,QAAQ,GAAG,KACP,YAAY,iBAAiB;AAAA;AAAA;AAAA;AAM7C,MAAI,KAAK,eAAe;AACpB,YAAQ,IAAI;AACZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,yBAAyB;AAAA,QAClC,mBAAmB,6DAAsB;AAAA,QACzC,QAAQ;AAAA,UACJ,SAAS,KAAK;AAAA;AAAA,QAGlB,cAAc;AAAA,UACV,QAAQ,mDAAiB;AAAA;AAAA;AAAA,MAGjC,QAAQ,eAAe,KAAK,IAAI,KAAK;AAAA;AAAA;AAI7C,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AErJb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAgBE;AACF,QAAM,EAAE,sBAAsB,iBAAiB,qBAC3C,MAAM,4BAA4B;AAAA,IAC9B,MAAM;AAAA,MACF,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA;AAAA,IAExB,KAAK,mBACE;AAAA;AAIf,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IACJ,qCAAqC;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAKZ,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;ACzDnC;AAEO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,UAAU;AAChC,SAAO;AAAA;;;ALFJ,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,6BAA6B,IAAI,2BAA2B;AAAA,MAC9D,MAAM;AAAA,MACN,WAAW;AAAA;AAGf,UAAM,gBAAgB,MAAM,UAAU,KAAK;AAC3C,YAAQ,IAAI;AAAA,WACP,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AM7CtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;;;ACJA;AAEA;AAEO,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,KAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;AAIR,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAIE;AACF,MAAI;AAEJ,MAAK,MAAM,WAAW,aAAc,SAAS,MAAM;AAC/C,wBAAoB,MAAM,QAAQ;AAAA,MAC9B,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,MAAM;AACX,eAAO,cAAc;AAAA;AAAA;AAAA,SAG1B;AACH,wBAAoB;AAAA;AAExB,SAAO;AAAA;;;ADtBJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,mBAAmB,iBAAiB;AAAA,EACpC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,KAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,UAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,MACd,GAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,IAAI,UAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAIZ,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,KAAK;AAAA;AAGrB,OAAG,cACC,KAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAC5C,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAE1D,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AE9EtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;;;ACJA;AAEO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,WAAU;AAEhC,SAAO;AAAA;;;ADEJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,KACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,mBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,aAAoC,KAAK,UAC3C,gBACA,EAAE,WAAW;AAEjB,UAAM,UAAmB;AAAA,MACrB,QAAQ,iBAAiB;AAAA,MACzB;AAAA;AAEJ,UAAM,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,UAAG,cAAc,aAAa,KAAK,UAAU,SAAS,MAAM;AAAA;AAAA,WAE3D,GAAP;AACE,UAAM;AAAA;AAAA;;;AE9Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AACA;AAWO,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAE1B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGvC,IAAM,YAAY,OAAO;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAME;AACF,QAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO;AAC9C,MAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAQ,MAAM,kBAAkB,WAAU;AAC1C;AAAA;AAEJ,QAAM,YAAY,OAAM,IAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,QAAM,YAAY,IAAI,WAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,UAAM,iBAAiB,IAAI,gBAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGrB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEJ,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,QAAI;AAEJ,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAI1B,QACI,KAAK,oBACL,qBAAqB,MAAM,iBAAiB,QAC9C;AACE,eAAS;AAAA,QACL,mBAAmB,qBAAqB,MAAM;AAAA,QAC9C,uBACI,qBAAqB,MAAM;AAAA,QAC/B,mBAAmB,qBAAqB,MAAM;AAAA;AAAA;AAItD,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI,EAAE,sBAAsB;AAAA;AAGxC,QAAI;AACJ,QAAI,KAAK,SAAS;AACd,YAAM,OAAM,IAAG,aAAa,KAAK,SAAS,EAAE,UAAU;AAAA,eAC/C,KAAK,SAAS;AACrB,YAAM,MAAM,UAAU;AAAA,QAClB,SAAS,KAAK;AAAA,QACd;AAAA,QACA;AAAA,QACA,aAAa,KAAK;AAAA;AAAA;AA6C1B,UAAM,kBAAkB,QAAQ,KAAK,MACjC,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAGzC,QAAI,KAAK,SAAS;AACd,YAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,iDAAK,QAAQ,MAAQ,SAAW;AAAA;AAAA;AAAA,WAGxC,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AChLtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;AAQO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,YAAY,OACd,IAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aAAK,kBAAkB,KAAK,QAAQ,UAAU;AAAA;AAGlD,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAEP,QAAG,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,UAAM;AAAA;AAAA;;;AC5Gd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AAQO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,QAAI,CAAE,MAAM,WAAW,cAAe;AAClC,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,UAAU,KAAK,MACjB,IAAG,aAAa,aAAa,EAAE,UAAU;AAG7C,QAAI,CAAC,QAAQ,YAAY;AACrB,YAAM,IAAI,MAAM;AAAA;AAGpB,UAAM,iBAAyC,MAC3C,QAAQ,YACR,EAAE,WAAW;AAEjB,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI;AAAA;AAEhB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,0BAA0B,OAAO,YACnC,MAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAC3B,OAAO,CAAC,eAAe,eAAe;AAClC,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,OAAO;AAAA,UACP;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,sBACF,MAAK,UAAU,yBAAyB,EAAE,WAAW;AACzD,UAAM,mBAAqC;AAAA,MACvC,QAAQ,QAAQ;AAAA,MAChB;AAAA;AAGJ,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,UAAG,cACC,sBACA,KAAK,UAAU,kBAAkB,MAAM;AAAA;AAAA,WAG1C,GAAP;AACE,UAAM;AAAA;AAAA;;;AC/Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;AACA;AASO,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAElC,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,MACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAQvC,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAAI,CAAC,CAAC,eAAe,WAAW;AAC3D,YAAM,sBAAsB,IAAI,oBAAoB;AAAA,QAChD,MAAM,IAAI;AAAA,QACV,OAAO;AAAA,QACP,MAAM;AAAA,QACN,WAAW;AAAA;AAGf,aAAO,UAAU,KAAK;AAAA;AAAA,WAGzB,GAAP;AACE,UAAM;AAAA;AAAA;;;AdjJd,KAAK,MAAM,QAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,6BACR,QAAQ,sBACR,QAAQ,2BACR,QAAQ,2BACR,QAAQ,4BACR,QAAQ,4BAGR;",
4
+ "sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as debugCommand from './commands/debugCommand';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as decryptSecretsJson from './commands/decryptSecretsJson';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\nimport * as encryptSecretsJson from './commands/encryptSecretsJson';\nimport * as offloadToSSMCommand from './commands/offloadToSSMCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(offloadToSSMCommand)\n .command(debugCommand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n .command(encryptSecretsJson)\n .command(decryptSecretsJson)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { GetParametersByPathCommand } from '@aws-sdk/client-ssm';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { getSSMClient } from '../utils/ssm';\n\nexport const command = 'debug';\nexport const desc = 'Debugs all the things';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const getParametersByPathCommand = new GetParametersByPathCommand({\n Path: `arn:aws:ssm:eu-west-1:060014838622:parameter/dotsec/*`,\n Recursive: true,\n });\n\n const commandResult = await ssmClient.send(getParametersByPathCommand);\n console.log(commandResult);\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n default: 'alias/top-secret',\n describe: 'AWS KMS key alias',\n },\n awsKeyArn: {\n string: true,\n describe: 'AWS KMS key id',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS key arn',\n },\n envFile: {\n string: true,\n describe: '.env file',\n default: '.env',\n },\n ignoreMissingEnvFile: {\n boolean: true,\n describe: `Don't halt on missing .env file`,\n },\n secFile: {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n awsAssumeRoleArn: {\n string: true,\n describe:\n 'arn or role to assume. Can also be set using the AWS_ASSUME_ROLE_ARN environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n awsAssumeRoleSessionDuration: {\n number: true,\n describe:\n 'Duration of assume role sessions. Defaults to 3600 seconds. Can also be set using the AWS_ASSUME_ROLE_SESSION_DURATION environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import {\n fromEnv,\n fromIni,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport {\n CredentialsAndOrigin,\n ProfileAndOrigin,\n RegionAndOrigin,\n} from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: {\n profile?: string;\n region?: string;\n assumeRoleArn?: string;\n assumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n if (argv.profile) {\n profileAndOrigin = {\n value: argv.profile,\n origin: `command line option: ${bold(argv.profile)}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: argv.profile,\n })(),\n origin: `${bold(`[${argv.profile}]`)} in credentials file`,\n };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = {\n value: env.AWS_PROFILE,\n origin: `env variable ${bold('AWS_PROFILE')}: ${underline(\n env.AWS_PROFILE,\n )}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: env.AWS_PROFILE,\n })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(\n env.AWS_PROFILE,\n )}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold(\n 'AWS_SECRET_ACCESS_KEY',\n )}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = {\n value: 'default',\n origin: `${bold('[default]')} in credentials file`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: 'default',\n })(),\n origin: `profile ${bold('[default]')}`,\n };\n }\n\n if (argv.region) {\n regionAndOrigin = {\n value: argv.region,\n origin: `command line option: ${bold(argv.region)}`,\n };\n } else if (env.AWS_REGION) {\n regionAndOrigin = {\n value: env.AWS_REGION,\n origin: `env variable ${bold('AWS_REGION')}: ${underline(\n env.AWS_REGION,\n )}`,\n };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(\n env.AWS_DEFAULT_REGION,\n )}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion =\n sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = {\n value: foundRegion,\n origin: `${bold(\n `[profile ${profileAndOrigin.value}]`,\n )} in config file`,\n };\n }\n }\n\n const assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;\n if (assumedRole) {\n const origin = argv.assumeRoleArn\n ? 'command line option'\n : 'env variable';\n credentialsAndOrigin = {\n value: await fromTemporaryCredentials({\n masterCredentials: credentialsAndOrigin?.value,\n\n params: {\n DurationSeconds:\n argv.assumeRoleSessionDuration ||\n Number(env.AWS_ASSUME_ROLE_SESSION_DURATION) ||\n 3600,\n RoleArn: assumedRole,\n },\n\n clientConfig: {\n region: regionAndOrigin?.value,\n },\n })(),\n origin: `${origin} ${bold(`[${assumedRole}]`)}`,\n };\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n _logger = console;\n }\n\n return _logger;\n};\nexport const writeLine = (str: string) => {\n process.stdout.write(str);\n};\nexport const bold = (str: string): string => chalk.greenBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\nexport const clientLogger = {\n debug(content: object) {\n console.log(content);\n },\n info(content: object) {\n console.log(content);\n },\n warn(content: object) {\n console.log(content);\n },\n error(content: object) {\n console.error(content);\n },\n};\n", "import {\n getCredentialsProfileRegion,\n printVerboseCredentialsProfileRegion,\n} from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: {\n awsRegion?: string;\n awsProfile?: string;\n verbose?: boolean;\n awsAssumeRoleArn?: string;\n awsAssumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n await getCredentialsProfileRegion({\n argv: {\n region: argv.awsRegion,\n profile: argv.awsProfile,\n assumeRoleArn: argv.awsAssumeRoleArn,\n assumeRoleSessionDuration: argv.awsAssumeRoleSessionDuration,\n },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(\n printVerboseCredentialsProfileRegion({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n }),\n );\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { SSMClient, SSMClientConfig } from '@aws-sdk/client-ssm';\n\nexport const getSSMClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SSMClientConfig;\n}) => {\n const ssmClient = new SSMClient(configuration);\n return ssmClient;\n};\n", "import { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(\n fs.readFileSync(secSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(\n path.resolve(process.cwd(), argv.envFile || '.env'),\n envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'),\n );\n } catch (e) {\n console.error(e);\n }\n};\n", "import { stat } from 'fs/promises';\n\nimport prompts from 'prompts';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n\nexport const promptOverwriteIfFileExists = async ({\n filePath,\n skip,\n}: {\n filePath: string;\n skip?: boolean;\n}) => {\n let overwriteResponse: prompts.Answers<'overwrite'> | undefined;\n\n if ((await fileExists(filePath)) && skip !== true) {\n overwriteResponse = await prompts({\n type: 'confirm',\n name: 'overwrite',\n message: () => {\n return `Overwrite '${filePath}' ?`;\n },\n });\n } else {\n overwriteResponse = undefined;\n }\n return overwriteResponse;\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'decrypt-secrets-json';\nexport const desc = 'Derypts an encrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file writing secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const parameters: Secrets['parameters'] = flat.unflatten(\n flatParameters,\n { delimiter: '/' },\n );\n const secrets: Secrets = {\n config: encryptedSecrets.config,\n parameters,\n };\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: secretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(secretsPath, JSON.stringify(secrets, null, 4));\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { KMSClient, KMSClientConfig } from '@aws-sdk/client-kms';\n\nexport const getKMSClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: KMSClientConfig;\n}) => {\n const kmsClient = new KMSClient(configuration);\n\n return kmsClient;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport {\n CredentialsAndOrigin,\n RegionAndOrigin,\n YargsHandlerParams,\n} from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = '$0 <command>';\nexport const desc =\n 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'sec-file': commonCliOptions.secFile,\n 'env-file': commonCliOptions.envFile,\n 'ignore-missing-env-file': commonCliOptions.ignoreMissingEnvFile,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nconst handleSec = async ({\n secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n secFile: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const secSource = path.resolve(process.cwd(), secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n let env: Record<string, string> | undefined;\n try {\n if (argv.envFile) {\n env = parse(\n fs.readFileSync(argv.envFile, { encoding: 'utf8' }),\n );\n }\n } catch (e) {\n if (argv.ignoreMissingEnvFile !== true) {\n throw e;\n }\n }\n\n let awsEnv: Record<string, string> | undefined;\n\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: {\n ...process.env,\n ...env,\n // AWS_ASSUME_ROLE_ARN:\n // process.env.AWS_ASSUME_ROLE_ARN ||\n // env?.AWS_ASSUME_ROLE_ARN,\n },\n });\n\n if (\n (argv.awsAssumeRoleArn ||\n process.env.AWS_ASSUME_ROLE_ARN ||\n env?.AWS_ASSUME_ROLE_ARN) &&\n credentialsAndOrigin.value.sessionToken !== undefined\n ) {\n awsEnv = {\n AWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n AWS_SESSION_TOKEN: credentialsAndOrigin.value.sessionToken,\n };\n // this means we have\n }\n if (argv.verbose) {\n console.log({ credentialsAndOrigin, regionAndOrigin });\n }\n\n if (!argv.envFile && argv.secFile) {\n env = await handleSec({\n secFile: argv.secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias: argv.awsKeyAlias,\n });\n }\n\n // const secSource = path.resolve(process.cwd(), argv.secFile);\n // if (!(await fileExists(secSource))) {\n // console.error(`Could not open ${redBright(secSource)}`);\n // return;\n // }\n // const parsedSec = parse(\n // fs.readFileSync(secSource, { encoding: 'utf8' }),\n // );\n\n // const kmsClient = new KMSClient({\n // credentials: credentialsAndOrigin.value,\n // region: regionAndOrigin.value,\n // });\n\n // const envEntries: [string, string][] = await Promise.all(\n // Object.entries(parsedSec).map(async ([key, cipherText]) => {\n // const decryptCommand = new DecryptCommand({\n // KeyId: argv.awsKeyAlias,\n // CiphertextBlob: Buffer.from(cipherText, 'base64'),\n // EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n // });\n // const decryptionResult = await kmsClient.send(decryptCommand);\n\n // if (!decryptionResult?.Plaintext) {\n // throw new Error(\n // `No: ${JSON.stringify({\n // key,\n // cipherText,\n // decryptCommand,\n // })}`,\n // );\n // }\n // const value = Buffer.from(\n // decryptionResult.Plaintext,\n // ).toString();\n // return [key, value];\n // }),\n // );\n // const env = Object.fromEntries(envEntries);\n\n //\n const userCommandArgs = process.argv.slice(\n process.argv.indexOf(argv.command) + 1,\n );\n\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...awsEnv, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(\n fs.readFileSync(envSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key,\n value,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(`Encrypting key ${bold(key)} ${underline('ok')}`);\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-secrets-json';\nexport const desc = 'Encrypts an unencrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file reading secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n if (!(await fileExists(secretsPath))) {\n error(`Could not open ${redBright(secretsPath)}`);\n return;\n }\n const secrets = JSON.parse(\n fs.readFileSync(secretsPath, { encoding: 'utf8' }),\n ) as Secrets;\n\n if (!secrets.parameters) {\n throw new Error(`Expected 'parameters' property, but got none`);\n }\n\n const flatParameters: Record<string, string> = flat(\n secrets.parameters,\n { delimiter: '/' },\n );\n if (argv.verbose) {\n console.log(flatParameters);\n }\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const encryptedFlatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatParameters).map(\n async ([parameterName, parameter]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(parameter),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n value: parameter,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return [parameterName, cipherText];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const encryptedParameters: EncryptedSecrets['encryptedParameters'] =\n flat.unflatten(encryptedFlatParameters, { delimiter: '/' });\n const encryptedSecrets: EncryptedSecrets = {\n config: secrets.config,\n encryptedParameters,\n };\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: encryptedSecretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(\n encryptedSecretsPath,\n JSON.stringify(encryptedSecrets, null, 4),\n );\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { PutParameterCommand } from '@aws-sdk/client-ssm';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nimport { getSSMClient } from '../utils/ssm';\nexport const command = 'offload-secrets-json-to-ssm';\nexport const desc =\n 'Sends decrypted values of secrets.encrypted.json file to SSM parameter store';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n // create ssm client\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n await Promise.all(\n Object.entries(flatParameters).map(([parameterName, value]) => {\n const putParameterCommand = new PutParameterCommand({\n Name: `/${parameterName}`,\n Value: value,\n Type: 'String',\n Overwrite: true,\n });\n\n return ssmClient.send(putParameterCommand);\n }),\n );\n } catch (e) {\n error(e);\n }\n};\n"],
5
+ "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;AACA;AACA;;;ACFA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACEO,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,sBAAsB;AAAA,IAClB,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,kBAAkB;AAAA,IACd,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,8BAA8B;AAAA,IAC1B,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAWd,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;ACnElB;AAAA;AAAA;AAAA;AAAA;AAKA;;;ACLA;AAEA,IAAI;AAEG,IAAM,YAAY,MAAM;AAC3B,MAAI,CAAC,SAAS;AACV,cAAU;AAAA;AAGd,SAAO;AAAA;AAKJ,IAAM,OAAO,CAAC,QAAwB,MAAM,YAAY,KAAK;AAC7D,IAAM,YAAY,CAAC,QAAwB,MAAM,WAAW,KAAK;;;ADDjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAkBE;AAlCN;AAmCI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AACnD,MAAI,KAAK,SAAS;AACd,uBAAmB;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAE9C,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,KAAK;AAAA;AAAA,MAElB,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA;AAAA,aAEtB,IAAI,aAAa;AACxB,uBAAmB;AAAA,MACf,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,mBAAmB,UAC5C,IAAI;AAAA;AAGZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,IAAI;AAAA;AAAA,MAEjB,QAAQ,gBAAgB,UAAU,mBAAmB,KACjD,IAAI;AAAA;AAAA,aAGL,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KACtD;AAAA;AAAA,aAGD,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB;AAAA,MACf,OAAO;AAAA,MACP,QAAQ,GAAG,KAAK;AAAA;AAEpB,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS;AAAA;AAAA,MAEb,QAAQ,WAAW,KAAK;AAAA;AAAA;AAIhC,MAAI,KAAK,QAAQ;AACb,sBAAkB;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAAA,aAEvC,IAAI,YAAY;AACvB,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,kBAAkB,UAC3C,IAAI;AAAA;AAAA,aAGL,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UACnD,IAAI;AAAA;AAAA,aAGL,kBAAkB;AACzB,UAAM,cACF,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7D,QAAI,aAAa;AACb,wBAAkB;AAAA,QACd,OAAO;AAAA,QACP,QAAQ,GAAG,KACP,YAAY,iBAAiB;AAAA;AAAA;AAAA;AAM7C,QAAM,cAAc,KAAK,iBAAiB,IAAI;AAC9C,MAAI,aAAa;AACb,UAAM,SAAS,KAAK,gBACd,wBACA;AACN,2BAAuB;AAAA,MACnB,OAAO,MAAM,yBAAyB;AAAA,QAClC,mBAAmB,6DAAsB;AAAA,QAEzC,QAAQ;AAAA,UACJ,iBACI,KAAK,6BACL,OAAO,IAAI,qCACX;AAAA,UACJ,SAAS;AAAA;AAAA,QAGb,cAAc;AAAA,UACV,QAAQ,mDAAiB;AAAA;AAAA;AAAA,MAGjC,QAAQ,GAAG,UAAU,KAAK,IAAI;AAAA;AAAA;AAItC,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AEhKb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAmBE;AACF,QAAM,EAAE,sBAAsB,iBAAiB,qBAC3C,MAAM,4BAA4B;AAAA,IAC9B,MAAM;AAAA,MACF,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA,MACpB,2BAA2B,KAAK;AAAA;AAAA,IAEpC,KAAK,mBACE;AAAA;AAIf,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IACJ,qCAAqC;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAKZ,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;AC7DnC;AAEO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,UAAU;AAChC,SAAO;AAAA;;;ALFJ,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,6BAA6B,IAAI,2BAA2B;AAAA,MAC9D,MAAM;AAAA,MACN,WAAW;AAAA;AAGf,UAAM,gBAAgB,MAAM,UAAU,KAAK;AAC3C,YAAQ,IAAI;AAAA,WACP,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AM7CtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;;;ACJA;AAEA;AAEO,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,KAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;AAIR,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAIE;AACF,MAAI;AAEJ,MAAK,MAAM,WAAW,aAAc,SAAS,MAAM;AAC/C,wBAAoB,MAAM,QAAQ;AAAA,MAC9B,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,MAAM;AACX,eAAO,cAAc;AAAA;AAAA;AAAA,SAG1B;AACH,wBAAoB;AAAA;AAExB,SAAO;AAAA;;;ADtBJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,mBAAmB,iBAAiB;AAAA,EACpC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,KAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,UAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,MACd,GAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,IAAI,UAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAIZ,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,KAAK;AAAA;AAGrB,OAAG,cACC,KAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAC5C,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAE1D,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AE9EtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;;;ACJA;AAEO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,WAAU;AAEhC,SAAO;AAAA;;;ADEJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,KACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,mBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,aAAoC,KAAK,UAC3C,gBACA,EAAE,WAAW;AAEjB,UAAM,UAAmB;AAAA,MACrB,QAAQ,iBAAiB;AAAA,MACzB;AAAA;AAEJ,UAAM,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,UAAG,cAAc,aAAa,KAAK,UAAU,SAAS,MAAM;AAAA;AAAA,WAE3D,GAAP;AACE,UAAM;AAAA;AAAA;;;AE9Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AACA;AAWO,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,2BAA2B,iBAAiB;AAAA,EAC5C,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,SAAS,iBAAiB;AAAA,EAE1B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGvC,IAAM,YAAY,OAAO;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAME;AACF,QAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO;AAC9C,MAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAQ,MAAM,kBAAkB,WAAU;AAC1C;AAAA;AAEJ,QAAM,YAAY,OAAM,IAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,QAAM,YAAY,IAAI,WAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,UAAM,iBAAiB,IAAI,gBAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGrB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEJ,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,QAAI;AACJ,QAAI;AACA,UAAI,KAAK,SAAS;AACd,cAAM,OACF,IAAG,aAAa,KAAK,SAAS,EAAE,UAAU;AAAA;AAAA,aAG7C,GAAP;AACE,UAAI,KAAK,yBAAyB,MAAM;AACpC,cAAM;AAAA;AAAA;AAId,QAAI;AAEJ,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,kCACE,QAAQ,MACR;AAAA;AAOf,QACK,MAAK,oBACF,QAAQ,IAAI,uBACZ,4BAAK,yBACT,qBAAqB,MAAM,iBAAiB,QAC9C;AACE,eAAS;AAAA,QACL,mBAAmB,qBAAqB,MAAM;AAAA,QAC9C,uBACI,qBAAqB,MAAM;AAAA,QAC/B,mBAAmB,qBAAqB,MAAM;AAAA;AAAA;AAItD,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI,EAAE,sBAAsB;AAAA;AAGxC,QAAI,CAAC,KAAK,WAAW,KAAK,SAAS;AAC/B,YAAM,MAAM,UAAU;AAAA,QAClB,SAAS,KAAK;AAAA,QACd;AAAA,QACA;AAAA,QACA,aAAa,KAAK;AAAA;AAAA;AA6C1B,UAAM,kBAAkB,QAAQ,KAAK,MACjC,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAGzC,QAAI,KAAK,SAAS;AACd,YAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,iDAAK,QAAQ,MAAQ,SAAW;AAAA;AAAA;AAAA,WAGxC,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;ACpMtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;AAQO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,YAAY,OACd,IAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aAAK,kBAAkB,KAAK,QAAQ,UAAU;AAAA;AAGlD,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAEP,QAAG,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,UAAM;AAAA;AAAA;;;AC5Gd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AAQO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,QAAI,CAAE,MAAM,WAAW,cAAe;AAClC,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,UAAU,KAAK,MACjB,IAAG,aAAa,aAAa,EAAE,UAAU;AAG7C,QAAI,CAAC,QAAQ,YAAY;AACrB,YAAM,IAAI,MAAM;AAAA;AAGpB,UAAM,iBAAyC,MAC3C,QAAQ,YACR,EAAE,WAAW;AAEjB,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI;AAAA;AAEhB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,0BAA0B,OAAO,YACnC,MAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAC3B,OAAO,CAAC,eAAe,eAAe;AAClC,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,OAAO;AAAA,UACP;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,sBACF,MAAK,UAAU,yBAAyB,EAAE,WAAW;AACzD,UAAM,mBAAqC;AAAA,MACvC,QAAQ,QAAQ;AAAA,MAChB;AAAA;AAGJ,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,UAAG,cACC,sBACA,KAAK,UAAU,kBAAkB,MAAM;AAAA;AAAA,WAG1C,GAAP;AACE,UAAM;AAAA;AAAA;;;AC/Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;AACA;AASO,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAElC,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,MACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAQvC,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAAI,CAAC,CAAC,eAAe,WAAW;AAC3D,YAAM,sBAAsB,IAAI,oBAAoB;AAAA,QAChD,MAAM,IAAI;AAAA,QACV,OAAO;AAAA,QACP,MAAM;AAAA,QACN,WAAW;AAAA;AAGf,aAAO,UAAU,KAAK;AAAA;AAAA,WAGzB,GAAP;AACE,UAAM;AAAA;AAAA;;;AdjJd,KAAK,MAAM,QAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,6BACR,QAAQ,sBACR,QAAQ,2BACR,QAAQ,2BACR,QAAQ,4BACR,QAAQ,4BAGR;",
6
6
  "names": []
7
7
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "dotsec",
3
- "version": "0.5.0",
3
+ "version": "0.8.0",
4
4
  "description": "",
5
5
  "main": "./dist/index.js",
6
6
  "types": "./dist/index.d.ts",
@@ -61,5 +61,5 @@
61
61
  "prompts": "^2.4.2",
62
62
  "yargs": "^17.4.0"
63
63
  },
64
- "gitHead": "7cca6c1d01dcaee387023ba4e3c081d37295cb7d"
64
+ "gitHead": "7b372afff09dcd245c4ed33b02ee219d05bba117"
65
65
  }