dotsec 0.8.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/cli.js +22 -23
  2. package/dist/cli.js.map +2 -2
  3. package/dist/esm/cli.js +22 -23
  4. package/dist/esm/cli.js.map +2 -2
  5. package/package.json +2 -2
package/dist/cli.js CHANGED
@@ -589,38 +589,37 @@ var handleSec = async ({
589
589
  var handler4 = async (argv) => {
590
590
  try {
591
591
  let env;
592
+ let awsEnv;
592
593
  try {
593
594
  if (argv.envFile) {
594
595
  env = (0, import_dotenv2.parse)(import_node_fs3.default.readFileSync(argv.envFile, { encoding: "utf8" }));
596
+ } else {
597
+ const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({
598
+ argv: __spreadValues({}, argv),
599
+ env: __spreadValues(__spreadValues({}, process.env), env)
600
+ });
601
+ if ((argv.awsAssumeRoleArn || process.env.AWS_ASSUME_ROLE_ARN || (env == null ? void 0 : env.AWS_ASSUME_ROLE_ARN)) && credentialsAndOrigin.value.sessionToken !== void 0) {
602
+ awsEnv = {
603
+ AWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,
604
+ AWS_SECRET_ACCESS_KEY: credentialsAndOrigin.value.secretAccessKey,
605
+ AWS_SESSION_TOKEN: credentialsAndOrigin.value.sessionToken
606
+ };
607
+ }
608
+ if (argv.verbose) {
609
+ console.log({ credentialsAndOrigin, regionAndOrigin });
610
+ }
611
+ env = await handleSec({
612
+ secFile: argv.secFile,
613
+ credentialsAndOrigin,
614
+ regionAndOrigin,
615
+ awsKeyAlias: argv.awsKeyAlias
616
+ });
595
617
  }
596
618
  } catch (e) {
597
619
  if (argv.ignoreMissingEnvFile !== true) {
598
620
  throw e;
599
621
  }
600
622
  }
601
- let awsEnv;
602
- const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({
603
- argv: __spreadValues({}, argv),
604
- env: __spreadValues(__spreadValues({}, process.env), env)
605
- });
606
- if ((argv.awsAssumeRoleArn || process.env.AWS_ASSUME_ROLE_ARN || (env == null ? void 0 : env.AWS_ASSUME_ROLE_ARN)) && credentialsAndOrigin.value.sessionToken !== void 0) {
607
- awsEnv = {
608
- AWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,
609
- AWS_SECRET_ACCESS_KEY: credentialsAndOrigin.value.secretAccessKey,
610
- AWS_SESSION_TOKEN: credentialsAndOrigin.value.sessionToken
611
- };
612
- }
613
- if (argv.verbose) {
614
- console.log({ credentialsAndOrigin, regionAndOrigin });
615
- }
616
- if (!argv.envFile && argv.secFile) {
617
- env = await handleSec({
618
- secFile: argv.secFile,
619
- credentialsAndOrigin,
620
- regionAndOrigin,
621
- awsKeyAlias: argv.awsKeyAlias
622
- });
623
- }
624
623
  const userCommandArgs = process.argv.slice(process.argv.indexOf(argv.command) + 1);
625
624
  if (argv.command) {
626
625
  (0, import_cross_spawn.spawn)(argv.command, [...userCommandArgs], {
package/dist/cli.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../src/cli.ts", "../src/commands/debugCommand.ts", "../src/commonCliOptions.ts", "../src/utils/getCredentialsProfileRegion.ts", "../src/utils/logger.ts", "../src/lib/partial-commands/handleCredentialsAndRegion.ts", "../src/utils/ssm.ts", "../src/commands/decryptSecCommand.ts", "../src/utils/io.ts", "../src/commands/decryptSecretsJson.ts", "../src/utils/kms.ts", "../src/commands/defaultCommand.ts", "../src/commands/encryptEnvCommand.ts", "../src/commands/encryptSecretsJson.ts", "../src/commands/offloadToSSMCommand.ts"],
4
- "sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as debugCommand from './commands/debugCommand';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as decryptSecretsJson from './commands/decryptSecretsJson';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\nimport * as encryptSecretsJson from './commands/encryptSecretsJson';\nimport * as offloadToSSMCommand from './commands/offloadToSSMCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(offloadToSSMCommand)\n .command(debugCommand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n .command(encryptSecretsJson)\n .command(decryptSecretsJson)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { GetParametersByPathCommand } from '@aws-sdk/client-ssm';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { getSSMClient } from '../utils/ssm';\n\nexport const command = 'debug';\nexport const desc = 'Debugs all the things';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const getParametersByPathCommand = new GetParametersByPathCommand({\n Path: `arn:aws:ssm:eu-west-1:060014838622:parameter/dotsec/*`,\n Recursive: true,\n });\n\n const commandResult = await ssmClient.send(getParametersByPathCommand);\n console.log(commandResult);\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n default: 'alias/top-secret',\n describe: 'AWS KMS key alias',\n },\n awsKeyArn: {\n string: true,\n describe: 'AWS KMS key id',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS key arn',\n },\n envFile: {\n string: true,\n describe: '.env file',\n default: '.env',\n },\n ignoreMissingEnvFile: {\n boolean: true,\n describe: `Don't halt on missing .env file`,\n },\n secFile: {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n awsAssumeRoleArn: {\n string: true,\n describe:\n 'arn or role to assume. Can also be set using the AWS_ASSUME_ROLE_ARN environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n awsAssumeRoleSessionDuration: {\n number: true,\n describe:\n 'Duration of assume role sessions. Defaults to 3600 seconds. Can also be set using the AWS_ASSUME_ROLE_SESSION_DURATION environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import {\n fromEnv,\n fromIni,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport {\n CredentialsAndOrigin,\n ProfileAndOrigin,\n RegionAndOrigin,\n} from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: {\n profile?: string;\n region?: string;\n assumeRoleArn?: string;\n assumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n if (argv.profile) {\n profileAndOrigin = {\n value: argv.profile,\n origin: `command line option: ${bold(argv.profile)}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: argv.profile,\n })(),\n origin: `${bold(`[${argv.profile}]`)} in credentials file`,\n };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = {\n value: env.AWS_PROFILE,\n origin: `env variable ${bold('AWS_PROFILE')}: ${underline(\n env.AWS_PROFILE,\n )}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: env.AWS_PROFILE,\n })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(\n env.AWS_PROFILE,\n )}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold(\n 'AWS_SECRET_ACCESS_KEY',\n )}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = {\n value: 'default',\n origin: `${bold('[default]')} in credentials file`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: 'default',\n })(),\n origin: `profile ${bold('[default]')}`,\n };\n }\n\n if (argv.region) {\n regionAndOrigin = {\n value: argv.region,\n origin: `command line option: ${bold(argv.region)}`,\n };\n } else if (env.AWS_REGION) {\n regionAndOrigin = {\n value: env.AWS_REGION,\n origin: `env variable ${bold('AWS_REGION')}: ${underline(\n env.AWS_REGION,\n )}`,\n };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(\n env.AWS_DEFAULT_REGION,\n )}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion =\n sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = {\n value: foundRegion,\n origin: `${bold(\n `[profile ${profileAndOrigin.value}]`,\n )} in config file`,\n };\n }\n }\n\n const assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;\n if (assumedRole) {\n const origin = argv.assumeRoleArn\n ? 'command line option'\n : 'env variable';\n credentialsAndOrigin = {\n value: await fromTemporaryCredentials({\n masterCredentials: credentialsAndOrigin?.value,\n\n params: {\n DurationSeconds:\n argv.assumeRoleSessionDuration ||\n Number(env.AWS_ASSUME_ROLE_SESSION_DURATION) ||\n 3600,\n RoleArn: assumedRole,\n },\n\n clientConfig: {\n region: regionAndOrigin?.value,\n },\n })(),\n origin: `${origin} ${bold(`[${assumedRole}]`)}`,\n };\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n _logger = console;\n }\n\n return _logger;\n};\nexport const writeLine = (str: string) => {\n process.stdout.write(str);\n};\nexport const bold = (str: string): string => chalk.greenBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\nexport const clientLogger = {\n debug(content: object) {\n console.log(content);\n },\n info(content: object) {\n console.log(content);\n },\n warn(content: object) {\n console.log(content);\n },\n error(content: object) {\n console.error(content);\n },\n};\n", "import {\n getCredentialsProfileRegion,\n printVerboseCredentialsProfileRegion,\n} from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: {\n awsRegion?: string;\n awsProfile?: string;\n verbose?: boolean;\n awsAssumeRoleArn?: string;\n awsAssumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n await getCredentialsProfileRegion({\n argv: {\n region: argv.awsRegion,\n profile: argv.awsProfile,\n assumeRoleArn: argv.awsAssumeRoleArn,\n assumeRoleSessionDuration: argv.awsAssumeRoleSessionDuration,\n },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(\n printVerboseCredentialsProfileRegion({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n }),\n );\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { SSMClient, SSMClientConfig } from '@aws-sdk/client-ssm';\n\nexport const getSSMClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SSMClientConfig;\n}) => {\n const ssmClient = new SSMClient(configuration);\n return ssmClient;\n};\n", "import { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(\n fs.readFileSync(secSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(\n path.resolve(process.cwd(), argv.envFile || '.env'),\n envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'),\n );\n } catch (e) {\n console.error(e);\n }\n};\n", "import { stat } from 'fs/promises';\n\nimport prompts from 'prompts';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n\nexport const promptOverwriteIfFileExists = async ({\n filePath,\n skip,\n}: {\n filePath: string;\n skip?: boolean;\n}) => {\n let overwriteResponse: prompts.Answers<'overwrite'> | undefined;\n\n if ((await fileExists(filePath)) && skip !== true) {\n overwriteResponse = await prompts({\n type: 'confirm',\n name: 'overwrite',\n message: () => {\n return `Overwrite '${filePath}' ?`;\n },\n });\n } else {\n overwriteResponse = undefined;\n }\n return overwriteResponse;\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'decrypt-secrets-json';\nexport const desc = 'Derypts an encrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file writing secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const parameters: Secrets['parameters'] = flat.unflatten(\n flatParameters,\n { delimiter: '/' },\n );\n const secrets: Secrets = {\n config: encryptedSecrets.config,\n parameters,\n };\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: secretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(secretsPath, JSON.stringify(secrets, null, 4));\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { KMSClient, KMSClientConfig } from '@aws-sdk/client-kms';\n\nexport const getKMSClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: KMSClientConfig;\n}) => {\n const kmsClient = new KMSClient(configuration);\n\n return kmsClient;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport {\n CredentialsAndOrigin,\n RegionAndOrigin,\n YargsHandlerParams,\n} from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = '$0 <command>';\nexport const desc =\n 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'sec-file': commonCliOptions.secFile,\n 'env-file': commonCliOptions.envFile,\n 'ignore-missing-env-file': commonCliOptions.ignoreMissingEnvFile,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nconst handleSec = async ({\n secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n secFile: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const secSource = path.resolve(process.cwd(), secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n let env: Record<string, string> | undefined;\n try {\n if (argv.envFile) {\n env = parse(\n fs.readFileSync(argv.envFile, { encoding: 'utf8' }),\n );\n }\n } catch (e) {\n if (argv.ignoreMissingEnvFile !== true) {\n throw e;\n }\n }\n\n let awsEnv: Record<string, string> | undefined;\n\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: {\n ...process.env,\n ...env,\n // AWS_ASSUME_ROLE_ARN:\n // process.env.AWS_ASSUME_ROLE_ARN ||\n // env?.AWS_ASSUME_ROLE_ARN,\n },\n });\n\n if (\n (argv.awsAssumeRoleArn ||\n process.env.AWS_ASSUME_ROLE_ARN ||\n env?.AWS_ASSUME_ROLE_ARN) &&\n credentialsAndOrigin.value.sessionToken !== undefined\n ) {\n awsEnv = {\n AWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n AWS_SESSION_TOKEN: credentialsAndOrigin.value.sessionToken,\n };\n // this means we have\n }\n if (argv.verbose) {\n console.log({ credentialsAndOrigin, regionAndOrigin });\n }\n\n if (!argv.envFile && argv.secFile) {\n env = await handleSec({\n secFile: argv.secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias: argv.awsKeyAlias,\n });\n }\n\n // const secSource = path.resolve(process.cwd(), argv.secFile);\n // if (!(await fileExists(secSource))) {\n // console.error(`Could not open ${redBright(secSource)}`);\n // return;\n // }\n // const parsedSec = parse(\n // fs.readFileSync(secSource, { encoding: 'utf8' }),\n // );\n\n // const kmsClient = new KMSClient({\n // credentials: credentialsAndOrigin.value,\n // region: regionAndOrigin.value,\n // });\n\n // const envEntries: [string, string][] = await Promise.all(\n // Object.entries(parsedSec).map(async ([key, cipherText]) => {\n // const decryptCommand = new DecryptCommand({\n // KeyId: argv.awsKeyAlias,\n // CiphertextBlob: Buffer.from(cipherText, 'base64'),\n // EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n // });\n // const decryptionResult = await kmsClient.send(decryptCommand);\n\n // if (!decryptionResult?.Plaintext) {\n // throw new Error(\n // `No: ${JSON.stringify({\n // key,\n // cipherText,\n // decryptCommand,\n // })}`,\n // );\n // }\n // const value = Buffer.from(\n // decryptionResult.Plaintext,\n // ).toString();\n // return [key, value];\n // }),\n // );\n // const env = Object.fromEntries(envEntries);\n\n //\n const userCommandArgs = process.argv.slice(\n process.argv.indexOf(argv.command) + 1,\n );\n\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...awsEnv, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(\n fs.readFileSync(envSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key,\n value,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(`Encrypting key ${bold(key)} ${underline('ok')}`);\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-secrets-json';\nexport const desc = 'Encrypts an unencrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file reading secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n if (!(await fileExists(secretsPath))) {\n error(`Could not open ${redBright(secretsPath)}`);\n return;\n }\n const secrets = JSON.parse(\n fs.readFileSync(secretsPath, { encoding: 'utf8' }),\n ) as Secrets;\n\n if (!secrets.parameters) {\n throw new Error(`Expected 'parameters' property, but got none`);\n }\n\n const flatParameters: Record<string, string> = flat(\n secrets.parameters,\n { delimiter: '/' },\n );\n if (argv.verbose) {\n console.log(flatParameters);\n }\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const encryptedFlatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatParameters).map(\n async ([parameterName, parameter]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(parameter),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n value: parameter,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return [parameterName, cipherText];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const encryptedParameters: EncryptedSecrets['encryptedParameters'] =\n flat.unflatten(encryptedFlatParameters, { delimiter: '/' });\n const encryptedSecrets: EncryptedSecrets = {\n config: secrets.config,\n encryptedParameters,\n };\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: encryptedSecretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(\n encryptedSecretsPath,\n JSON.stringify(encryptedSecrets, null, 4),\n );\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { PutParameterCommand } from '@aws-sdk/client-ssm';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nimport { getSSMClient } from '../utils/ssm';\nexport const command = 'offload-secrets-json-to-ssm';\nexport const desc =\n 'Sends decrypted values of secrets.encrypted.json file to SSM parameter store';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n // create ssm client\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n await Promise.all(\n Object.entries(flatParameters).map(([parameterName, value]) => {\n const putParameterCommand = new PutParameterCommand({\n Name: `/${parameterName}`,\n Value: value,\n Type: 'String',\n Overwrite: true,\n });\n\n return ssmClient.send(putParameterCommand);\n }),\n );\n } catch (e) {\n error(e);\n }\n};\n"],
5
- "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,qBAAwB;AACxB,mBAAkB;;;ACFlB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAA2C;;;ACEpC,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,sBAAsB;AAAA,IAClB,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,kBAAkB;AAAA,IACd,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,8BAA8B;AAAA,IAC1B,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAWd,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;ACnElB,kCAIO;AACP,oCAAsC;;;ACLtC,mBAAkB;AAElB,IAAI;AAEG,IAAM,YAAY,MAAM;AAC3B,MAAI,CAAC,SAAS;AACV,cAAU;AAAA;AAGd,SAAO;AAAA;AAKJ,IAAM,OAAO,CAAC,QAAwB,qBAAM,YAAY,KAAK;AAC7D,IAAM,YAAY,CAAC,QAAwB,qBAAM,WAAW,KAAK;;;ADDjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAkBE;AAlCN;AAmCI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AACnD,MAAI,KAAK,SAAS;AACd,uBAAmB;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAE9C,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS,KAAK;AAAA;AAAA,MAElB,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA;AAAA,aAEtB,IAAI,aAAa;AACxB,uBAAmB;AAAA,MACf,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,mBAAmB,UAC5C,IAAI;AAAA;AAGZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS,IAAI;AAAA;AAAA,MAEjB,QAAQ,gBAAgB,UAAU,mBAAmB,KACjD,IAAI;AAAA;AAAA,aAGL,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KACtD;AAAA;AAAA,aAGD,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB;AAAA,MACf,OAAO;AAAA,MACP,QAAQ,GAAG,KAAK;AAAA;AAEpB,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS;AAAA;AAAA,MAEb,QAAQ,WAAW,KAAK;AAAA;AAAA;AAIhC,MAAI,KAAK,QAAQ;AACb,sBAAkB;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAAA,aAEvC,IAAI,YAAY;AACvB,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,kBAAkB,UAC3C,IAAI;AAAA;AAAA,aAGL,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UACnD,IAAI;AAAA;AAAA,aAGL,kBAAkB;AACzB,UAAM,cACF,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7D,QAAI,aAAa;AACb,wBAAkB;AAAA,QACd,OAAO;AAAA,QACP,QAAQ,GAAG,KACP,YAAY,iBAAiB;AAAA;AAAA;AAAA;AAM7C,QAAM,cAAc,KAAK,iBAAiB,IAAI;AAC9C,MAAI,aAAa;AACb,UAAM,SAAS,KAAK,gBACd,wBACA;AACN,2BAAuB;AAAA,MACnB,OAAO,MAAM,0DAAyB;AAAA,QAClC,mBAAmB,6DAAsB;AAAA,QAEzC,QAAQ;AAAA,UACJ,iBACI,KAAK,6BACL,OAAO,IAAI,qCACX;AAAA,UACJ,SAAS;AAAA;AAAA,QAGb,cAAc;AAAA,UACV,QAAQ,mDAAiB;AAAA;AAAA;AAAA,MAGjC,QAAQ,GAAG,UAAU,KAAK,IAAI;AAAA;AAAA;AAItC,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AEhKb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAmBE;AACF,QAAM,EAAE,sBAAsB,iBAAiB,qBAC3C,MAAM,4BAA4B;AAAA,IAC9B,MAAM;AAAA,MACF,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA,MACpB,2BAA2B,KAAK;AAAA;AAAA,IAEpC,KAAK,mBACE;AAAA;AAIf,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IACJ,qCAAqC;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAKZ,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;AC7DnC,wBAA2C;AAEpC,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,4BAAU;AAChC,SAAO;AAAA;;;ALFJ,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,6BAA6B,IAAI,8CAA2B;AAAA,MAC9D,MAAM;AAAA,MACN,WAAW;AAAA;AAGf,UAAM,gBAAgB,MAAM,UAAU,KAAK;AAC3C,YAAQ,IAAI;AAAA,WACP,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AM7CtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,wBAA0C;AAC1C,oBAA0B;AAC1B,oBAAsB;AACtB,qBAAe;AACf,uBAAiB;;;ACJjB,sBAAqB;AAErB,qBAAoB;AAEb,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,0BAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;AAIR,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAIE;AACF,MAAI;AAEJ,MAAK,MAAM,WAAW,aAAc,SAAS,MAAM;AAC/C,wBAAoB,MAAM,4BAAQ;AAAA,MAC9B,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,MAAM;AACX,eAAO,cAAc;AAAA;AAAA;AAAA,SAG1B;AACH,wBAAoB;AAAA;AAExB,SAAO;AAAA;;;ADtBJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,mBAAmB,iBAAiB;AAAA,EACpC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,yBAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,yBACd,uBAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,IAAI,4BAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,iCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAIZ,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,KAAK;AAAA;AAGrB,2BAAG,cACC,yBAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAC5C,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAE1D,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AE9EtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,oBAA0B;AAC1B,kBAAiB;AACjB,sBAAe;AACf,wBAAiB;;;ACJjB,yBAA2C;AAEpC,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,6BAAU;AAEhC,SAAO;AAAA;;;ADEJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,wBAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,yBACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,aAAoC,oBAAK,UAC3C,gBACA,EAAE,WAAW;AAEjB,UAAM,UAAmB;AAAA,MACrB,QAAQ,iBAAiB;AAAA,MACzB;AAAA;AAEJ,UAAM,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,8BAAG,cAAc,aAAa,KAAK,UAAU,SAAS,MAAM;AAAA;AAAA,WAE3D,GAAP;AACE,UAAM;AAAA;AAAA;;;AE9Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAA0C;AAC1C,oBAA0B;AAC1B,yBAAsB;AACtB,qBAAsB;AAWf,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,2BAA2B,iBAAiB;AAAA,EAC5C,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,SAAS,iBAAiB;AAAA,EAE1B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGvC,IAAM,YAAY,OAAO;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAME;AACF,QAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO;AAC9C,MAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,QAAM,YAAY,0BAAM,wBAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,QAAM,YAAY,IAAI,6BAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,UAAM,iBAAiB,IAAI,kCAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGrB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEJ,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,QAAI;AACJ,QAAI;AACA,UAAI,KAAK,SAAS;AACd,cAAM,0BACF,wBAAG,aAAa,KAAK,SAAS,EAAE,UAAU;AAAA;AAAA,aAG7C,GAAP;AACE,UAAI,KAAK,yBAAyB,MAAM;AACpC,cAAM;AAAA;AAAA;AAId,QAAI;AAEJ,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,kCACE,QAAQ,MACR;AAAA;AAOf,QACK,MAAK,oBACF,QAAQ,IAAI,uBACZ,4BAAK,yBACT,qBAAqB,MAAM,iBAAiB,QAC9C;AACE,eAAS;AAAA,QACL,mBAAmB,qBAAqB,MAAM;AAAA,QAC9C,uBACI,qBAAqB,MAAM;AAAA,QAC/B,mBAAmB,qBAAqB,MAAM;AAAA;AAAA;AAItD,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI,EAAE,sBAAsB;AAAA;AAGxC,QAAI,CAAC,KAAK,WAAW,KAAK,SAAS;AAC/B,YAAM,MAAM,UAAU;AAAA,QAClB,SAAS,KAAK;AAAA,QACd;AAAA,QACA;AAAA,QACA,aAAa,KAAK;AAAA;AAAA;AA6C1B,UAAM,kBAAkB,QAAQ,KAAK,MACjC,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAGzC,QAAI,KAAK,SAAS;AACd,oCAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,iDAAK,QAAQ,MAAQ,SAAW;AAAA;AAAA;AAAA,WAGxC,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;ACpMtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,oBAA0B;AAC1B,qBAAsB;AACtB,sBAAe;AACf,wBAAiB;AAQV,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,YAAY,0BACd,wBAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aAAK,kBAAkB,KAAK,QAAQ,UAAU;AAAA;AAGlD,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAEP,4BAAG,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,UAAM;AAAA;AAAA;;;AC5Gd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAAmD;AACnD,oBAA0B;AAC1B,mBAAiB;AAQV,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,QAAI,CAAE,MAAM,WAAW,cAAe;AAClC,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,UAAU,KAAK,MACjB,wBAAG,aAAa,aAAa,EAAE,UAAU;AAG7C,QAAI,CAAC,QAAQ,YAAY;AACrB,YAAM,IAAI,MAAM;AAAA;AAGpB,UAAM,iBAAyC,0BAC3C,QAAQ,YACR,EAAE,WAAW;AAEjB,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI;AAAA;AAEhB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,0BAA0B,OAAO,YACnC,MAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAC3B,OAAO,CAAC,eAAe,eAAe;AAClC,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,OAAO;AAAA,UACP;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,sBACF,qBAAK,UAAU,yBAAyB,EAAE,WAAW;AACzD,UAAM,mBAAqC;AAAA,MACvC,QAAQ,QAAQ;AAAA,MAChB;AAAA;AAGJ,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,8BAAG,cACC,sBACA,KAAK,UAAU,kBAAkB,MAAM;AAAA;AAAA,WAG1C,GAAP;AACE,UAAM;AAAA;AAAA;;;AC/Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,yBAAoC;AACpC,oBAA0B;AAC1B,mBAAiB;AACjB,sBAAe;AACf,wBAAiB;AASV,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAElC,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,wBAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,0BACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAQvC,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAAI,CAAC,CAAC,eAAe,WAAW;AAC3D,YAAM,sBAAsB,IAAI,uCAAoB;AAAA,QAChD,MAAM,IAAI;AAAA,QACV,OAAO;AAAA,QACP,MAAM;AAAA,QACN,WAAW;AAAA;AAGf,aAAO,UAAU,KAAK;AAAA;AAAA,WAGzB,GAAP;AACE,UAAM;AAAA;AAAA;;;AdjJd,KAAK,0BAAM,4BAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,6BACR,QAAQ,sBACR,QAAQ,2BACR,QAAQ,2BACR,QAAQ,4BACR,QAAQ,4BAGR;",
4
+ "sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as debugCommand from './commands/debugCommand';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as decryptSecretsJson from './commands/decryptSecretsJson';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\nimport * as encryptSecretsJson from './commands/encryptSecretsJson';\nimport * as offloadToSSMCommand from './commands/offloadToSSMCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(offloadToSSMCommand)\n .command(debugCommand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n .command(encryptSecretsJson)\n .command(decryptSecretsJson)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { GetParametersByPathCommand } from '@aws-sdk/client-ssm';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { getSSMClient } from '../utils/ssm';\n\nexport const command = 'debug';\nexport const desc = 'Debugs all the things';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const getParametersByPathCommand = new GetParametersByPathCommand({\n Path: `arn:aws:ssm:eu-west-1:060014838622:parameter/dotsec/*`,\n Recursive: true,\n });\n\n const commandResult = await ssmClient.send(getParametersByPathCommand);\n console.log(commandResult);\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n default: 'alias/top-secret',\n describe: 'AWS KMS key alias',\n },\n awsKeyArn: {\n string: true,\n describe: 'AWS KMS key id',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS key arn',\n },\n envFile: {\n string: true,\n describe: '.env file',\n default: '.env',\n },\n ignoreMissingEnvFile: {\n boolean: true,\n describe: `Don't halt on missing .env file`,\n },\n secFile: {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n awsAssumeRoleArn: {\n string: true,\n describe:\n 'arn or role to assume. Can also be set using the AWS_ASSUME_ROLE_ARN environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n awsAssumeRoleSessionDuration: {\n number: true,\n describe:\n 'Duration of assume role sessions. Defaults to 3600 seconds. Can also be set using the AWS_ASSUME_ROLE_SESSION_DURATION environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import {\n fromEnv,\n fromIni,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport {\n CredentialsAndOrigin,\n ProfileAndOrigin,\n RegionAndOrigin,\n} from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: {\n profile?: string;\n region?: string;\n assumeRoleArn?: string;\n assumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n if (argv.profile) {\n profileAndOrigin = {\n value: argv.profile,\n origin: `command line option: ${bold(argv.profile)}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: argv.profile,\n })(),\n origin: `${bold(`[${argv.profile}]`)} in credentials file`,\n };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = {\n value: env.AWS_PROFILE,\n origin: `env variable ${bold('AWS_PROFILE')}: ${underline(\n env.AWS_PROFILE,\n )}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: env.AWS_PROFILE,\n })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(\n env.AWS_PROFILE,\n )}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold(\n 'AWS_SECRET_ACCESS_KEY',\n )}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = {\n value: 'default',\n origin: `${bold('[default]')} in credentials file`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: 'default',\n })(),\n origin: `profile ${bold('[default]')}`,\n };\n }\n\n if (argv.region) {\n regionAndOrigin = {\n value: argv.region,\n origin: `command line option: ${bold(argv.region)}`,\n };\n } else if (env.AWS_REGION) {\n regionAndOrigin = {\n value: env.AWS_REGION,\n origin: `env variable ${bold('AWS_REGION')}: ${underline(\n env.AWS_REGION,\n )}`,\n };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(\n env.AWS_DEFAULT_REGION,\n )}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion =\n sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = {\n value: foundRegion,\n origin: `${bold(\n `[profile ${profileAndOrigin.value}]`,\n )} in config file`,\n };\n }\n }\n\n const assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;\n if (assumedRole) {\n const origin = argv.assumeRoleArn\n ? 'command line option'\n : 'env variable';\n credentialsAndOrigin = {\n value: await fromTemporaryCredentials({\n masterCredentials: credentialsAndOrigin?.value,\n\n params: {\n DurationSeconds:\n argv.assumeRoleSessionDuration ||\n Number(env.AWS_ASSUME_ROLE_SESSION_DURATION) ||\n 3600,\n RoleArn: assumedRole,\n },\n\n clientConfig: {\n region: regionAndOrigin?.value,\n },\n })(),\n origin: `${origin} ${bold(`[${assumedRole}]`)}`,\n };\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n _logger = console;\n }\n\n return _logger;\n};\nexport const writeLine = (str: string) => {\n process.stdout.write(str);\n};\nexport const bold = (str: string): string => chalk.greenBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\nexport const clientLogger = {\n debug(content: object) {\n console.log(content);\n },\n info(content: object) {\n console.log(content);\n },\n warn(content: object) {\n console.log(content);\n },\n error(content: object) {\n console.error(content);\n },\n};\n", "import {\n getCredentialsProfileRegion,\n printVerboseCredentialsProfileRegion,\n} from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: {\n awsRegion?: string;\n awsProfile?: string;\n verbose?: boolean;\n awsAssumeRoleArn?: string;\n awsAssumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n await getCredentialsProfileRegion({\n argv: {\n region: argv.awsRegion,\n profile: argv.awsProfile,\n assumeRoleArn: argv.awsAssumeRoleArn,\n assumeRoleSessionDuration: argv.awsAssumeRoleSessionDuration,\n },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(\n printVerboseCredentialsProfileRegion({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n }),\n );\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { SSMClient, SSMClientConfig } from '@aws-sdk/client-ssm';\n\nexport const getSSMClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SSMClientConfig;\n}) => {\n const ssmClient = new SSMClient(configuration);\n return ssmClient;\n};\n", "import { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(\n fs.readFileSync(secSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(\n path.resolve(process.cwd(), argv.envFile || '.env'),\n envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'),\n );\n } catch (e) {\n console.error(e);\n }\n};\n", "import { stat } from 'fs/promises';\n\nimport prompts from 'prompts';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n\nexport const promptOverwriteIfFileExists = async ({\n filePath,\n skip,\n}: {\n filePath: string;\n skip?: boolean;\n}) => {\n let overwriteResponse: prompts.Answers<'overwrite'> | undefined;\n\n if ((await fileExists(filePath)) && skip !== true) {\n overwriteResponse = await prompts({\n type: 'confirm',\n name: 'overwrite',\n message: () => {\n return `Overwrite '${filePath}' ?`;\n },\n });\n } else {\n overwriteResponse = undefined;\n }\n return overwriteResponse;\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'decrypt-secrets-json';\nexport const desc = 'Derypts an encrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file writing secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const parameters: Secrets['parameters'] = flat.unflatten(\n flatParameters,\n { delimiter: '/' },\n );\n const secrets: Secrets = {\n config: encryptedSecrets.config,\n parameters,\n };\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: secretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(secretsPath, JSON.stringify(secrets, null, 4));\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { KMSClient, KMSClientConfig } from '@aws-sdk/client-kms';\n\nexport const getKMSClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: KMSClientConfig;\n}) => {\n const kmsClient = new KMSClient(configuration);\n\n return kmsClient;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport {\n CredentialsAndOrigin,\n RegionAndOrigin,\n YargsHandlerParams,\n} from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = '$0 <command>';\nexport const desc =\n 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'sec-file': commonCliOptions.secFile,\n 'env-file': commonCliOptions.envFile,\n 'ignore-missing-env-file': commonCliOptions.ignoreMissingEnvFile,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nconst handleSec = async ({\n secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n secFile: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const secSource = path.resolve(process.cwd(), secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n let env: Record<string, string> | undefined;\n let awsEnv: Record<string, string> | undefined;\n try {\n if (argv.envFile) {\n env = parse(\n fs.readFileSync(argv.envFile, { encoding: 'utf8' }),\n );\n } else {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: {\n ...process.env,\n ...env,\n // AWS_ASSUME_ROLE_ARN:\n // process.env.AWS_ASSUME_ROLE_ARN ||\n // env?.AWS_ASSUME_ROLE_ARN,\n },\n });\n\n if (\n (argv.awsAssumeRoleArn ||\n process.env.AWS_ASSUME_ROLE_ARN ||\n env?.AWS_ASSUME_ROLE_ARN) &&\n credentialsAndOrigin.value.sessionToken !== undefined\n ) {\n awsEnv = {\n AWS_ACCESS_KEY_ID:\n credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n AWS_SESSION_TOKEN:\n credentialsAndOrigin.value.sessionToken,\n };\n // this means we have\n }\n if (argv.verbose) {\n console.log({ credentialsAndOrigin, regionAndOrigin });\n }\n\n env = await handleSec({\n secFile: argv.secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias: argv.awsKeyAlias,\n });\n }\n } catch (e) {\n if (argv.ignoreMissingEnvFile !== true) {\n throw e;\n }\n }\n\n //\n const userCommandArgs = process.argv.slice(\n process.argv.indexOf(argv.command) + 1,\n );\n\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...awsEnv, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(\n fs.readFileSync(envSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key,\n value,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(`Encrypting key ${bold(key)} ${underline('ok')}`);\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-secrets-json';\nexport const desc = 'Encrypts an unencrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file reading secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n if (!(await fileExists(secretsPath))) {\n error(`Could not open ${redBright(secretsPath)}`);\n return;\n }\n const secrets = JSON.parse(\n fs.readFileSync(secretsPath, { encoding: 'utf8' }),\n ) as Secrets;\n\n if (!secrets.parameters) {\n throw new Error(`Expected 'parameters' property, but got none`);\n }\n\n const flatParameters: Record<string, string> = flat(\n secrets.parameters,\n { delimiter: '/' },\n );\n if (argv.verbose) {\n console.log(flatParameters);\n }\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const encryptedFlatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatParameters).map(\n async ([parameterName, parameter]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(parameter),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n value: parameter,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return [parameterName, cipherText];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const encryptedParameters: EncryptedSecrets['encryptedParameters'] =\n flat.unflatten(encryptedFlatParameters, { delimiter: '/' });\n const encryptedSecrets: EncryptedSecrets = {\n config: secrets.config,\n encryptedParameters,\n };\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: encryptedSecretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(\n encryptedSecretsPath,\n JSON.stringify(encryptedSecrets, null, 4),\n );\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { PutParameterCommand } from '@aws-sdk/client-ssm';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nimport { getSSMClient } from '../utils/ssm';\nexport const command = 'offload-secrets-json-to-ssm';\nexport const desc =\n 'Sends decrypted values of secrets.encrypted.json file to SSM parameter store';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n // create ssm client\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n await Promise.all(\n Object.entries(flatParameters).map(([parameterName, value]) => {\n const putParameterCommand = new PutParameterCommand({\n Name: `/${parameterName}`,\n Value: value,\n Type: 'String',\n Overwrite: true,\n });\n\n return ssmClient.send(putParameterCommand);\n }),\n );\n } catch (e) {\n error(e);\n }\n};\n"],
5
+ "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,qBAAwB;AACxB,mBAAkB;;;ACFlB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAA2C;;;ACEpC,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,sBAAsB;AAAA,IAClB,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,kBAAkB;AAAA,IACd,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,8BAA8B;AAAA,IAC1B,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAWd,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;ACnElB,kCAIO;AACP,oCAAsC;;;ACLtC,mBAAkB;AAElB,IAAI;AAEG,IAAM,YAAY,MAAM;AAC3B,MAAI,CAAC,SAAS;AACV,cAAU;AAAA;AAGd,SAAO;AAAA;AAKJ,IAAM,OAAO,CAAC,QAAwB,qBAAM,YAAY,KAAK;AAC7D,IAAM,YAAY,CAAC,QAAwB,qBAAM,WAAW,KAAK;;;ADDjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAkBE;AAlCN;AAmCI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AACnD,MAAI,KAAK,SAAS;AACd,uBAAmB;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAE9C,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS,KAAK;AAAA;AAAA,MAElB,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA;AAAA,aAEtB,IAAI,aAAa;AACxB,uBAAmB;AAAA,MACf,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,mBAAmB,UAC5C,IAAI;AAAA;AAGZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS,IAAI;AAAA;AAAA,MAEjB,QAAQ,gBAAgB,UAAU,mBAAmB,KACjD,IAAI;AAAA;AAAA,aAGL,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KACtD;AAAA;AAAA,aAGD,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB;AAAA,MACf,OAAO;AAAA,MACP,QAAQ,GAAG,KAAK;AAAA;AAEpB,2BAAuB;AAAA,MACnB,OAAO,MAAM,yCAAQ;AAAA,QACjB,SAAS;AAAA;AAAA,MAEb,QAAQ,WAAW,KAAK;AAAA;AAAA;AAIhC,MAAI,KAAK,QAAQ;AACb,sBAAkB;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAAA,aAEvC,IAAI,YAAY;AACvB,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,kBAAkB,UAC3C,IAAI;AAAA;AAAA,aAGL,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UACnD,IAAI;AAAA;AAAA,aAGL,kBAAkB;AACzB,UAAM,cACF,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7D,QAAI,aAAa;AACb,wBAAkB;AAAA,QACd,OAAO;AAAA,QACP,QAAQ,GAAG,KACP,YAAY,iBAAiB;AAAA;AAAA;AAAA;AAM7C,QAAM,cAAc,KAAK,iBAAiB,IAAI;AAC9C,MAAI,aAAa;AACb,UAAM,SAAS,KAAK,gBACd,wBACA;AACN,2BAAuB;AAAA,MACnB,OAAO,MAAM,0DAAyB;AAAA,QAClC,mBAAmB,6DAAsB;AAAA,QAEzC,QAAQ;AAAA,UACJ,iBACI,KAAK,6BACL,OAAO,IAAI,qCACX;AAAA,UACJ,SAAS;AAAA;AAAA,QAGb,cAAc;AAAA,UACV,QAAQ,mDAAiB;AAAA;AAAA;AAAA,MAGjC,QAAQ,GAAG,UAAU,KAAK,IAAI;AAAA;AAAA;AAItC,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AEhKb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAmBE;AACF,QAAM,EAAE,sBAAsB,iBAAiB,qBAC3C,MAAM,4BAA4B;AAAA,IAC9B,MAAM;AAAA,MACF,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA,MACpB,2BAA2B,KAAK;AAAA;AAAA,IAEpC,KAAK,mBACE;AAAA;AAIf,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IACJ,qCAAqC;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAKZ,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;AC7DnC,wBAA2C;AAEpC,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,4BAAU;AAChC,SAAO;AAAA;;;ALFJ,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,6BAA6B,IAAI,8CAA2B;AAAA,MAC9D,MAAM;AAAA,MACN,WAAW;AAAA;AAGf,UAAM,gBAAgB,MAAM,UAAU,KAAK;AAC3C,YAAQ,IAAI;AAAA,WACP,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AM7CtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,wBAA0C;AAC1C,oBAA0B;AAC1B,oBAAsB;AACtB,qBAAe;AACf,uBAAiB;;;ACJjB,sBAAqB;AAErB,qBAAoB;AAEb,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,0BAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;AAIR,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAIE;AACF,MAAI;AAEJ,MAAK,MAAM,WAAW,aAAc,SAAS,MAAM;AAC/C,wBAAoB,MAAM,4BAAQ;AAAA,MAC9B,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,MAAM;AACX,eAAO,cAAc;AAAA;AAAA;AAAA,SAG1B;AACH,wBAAoB;AAAA;AAExB,SAAO;AAAA;;;ADtBJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,mBAAmB,iBAAiB;AAAA,EACpC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,yBAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,yBACd,uBAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,IAAI,4BAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,iCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAIZ,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,KAAK;AAAA;AAGrB,2BAAG,cACC,yBAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAC5C,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAE1D,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AE9EtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,oBAA0B;AAC1B,kBAAiB;AACjB,sBAAe;AACf,wBAAiB;;;ACJjB,yBAA2C;AAEpC,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,6BAAU;AAEhC,SAAO;AAAA;;;ADEJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,wBAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,yBACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,aAAoC,oBAAK,UAC3C,gBACA,EAAE,WAAW;AAEjB,UAAM,UAAmB;AAAA,MACrB,QAAQ,iBAAiB;AAAA,MACzB;AAAA;AAEJ,UAAM,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,8BAAG,cAAc,aAAa,KAAK,UAAU,SAAS,MAAM;AAAA;AAAA,WAE3D,GAAP;AACE,UAAM;AAAA;AAAA;;;AE9Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAA0C;AAC1C,oBAA0B;AAC1B,yBAAsB;AACtB,qBAAsB;AAWf,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,2BAA2B,iBAAiB;AAAA,EAC5C,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,SAAS,iBAAiB;AAAA,EAE1B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGvC,IAAM,YAAY,OAAO;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAME;AACF,QAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO;AAC9C,MAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAQ,MAAM,kBAAkB,6BAAU;AAC1C;AAAA;AAEJ,QAAM,YAAY,0BAAM,wBAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,QAAM,YAAY,IAAI,6BAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,UAAM,iBAAiB,IAAI,kCAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGrB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEJ,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,QAAI;AACJ,QAAI;AACJ,QAAI;AACA,UAAI,KAAK,SAAS;AACd,cAAM,0BACF,wBAAG,aAAa,KAAK,SAAS,EAAE,UAAU;AAAA,aAE3C;AACH,cAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,UAC7B,MAAM,mBAAK;AAAA,UACX,KAAK,kCACE,QAAQ,MACR;AAAA;AAOf,YACK,MAAK,oBACF,QAAQ,IAAI,uBACZ,4BAAK,yBACT,qBAAqB,MAAM,iBAAiB,QAC9C;AACE,mBAAS;AAAA,YACL,mBACI,qBAAqB,MAAM;AAAA,YAC/B,uBACI,qBAAqB,MAAM;AAAA,YAC/B,mBACI,qBAAqB,MAAM;AAAA;AAAA;AAIvC,YAAI,KAAK,SAAS;AACd,kBAAQ,IAAI,EAAE,sBAAsB;AAAA;AAGxC,cAAM,MAAM,UAAU;AAAA,UAClB,SAAS,KAAK;AAAA,UACd;AAAA,UACA;AAAA,UACA,aAAa,KAAK;AAAA;AAAA;AAAA,aAGrB,GAAP;AACE,UAAI,KAAK,yBAAyB,MAAM;AACpC,cAAM;AAAA;AAAA;AAKd,UAAM,kBAAkB,QAAQ,KAAK,MACjC,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAGzC,QAAI,KAAK,SAAS;AACd,oCAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,iDAAK,QAAQ,MAAQ,SAAW;AAAA;AAAA;AAAA,WAGxC,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AC3JtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,oBAA0B;AAC1B,qBAAsB;AACtB,sBAAe;AACf,wBAAiB;AAQV,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,YAAY,0BACd,wBAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aAAK,kBAAkB,KAAK,QAAQ,UAAU;AAAA;AAGlD,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAEP,4BAAG,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,UAAM;AAAA;AAAA;;;AC5Gd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAe;AACf,wBAAiB;AAEjB,yBAAmD;AACnD,oBAA0B;AAC1B,mBAAiB;AAQV,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,cAAc,0BAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,QAAI,CAAE,MAAM,WAAW,cAAe;AAClC,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,UAAU,KAAK,MACjB,wBAAG,aAAa,aAAa,EAAE,UAAU;AAG7C,QAAI,CAAC,QAAQ,YAAY;AACrB,YAAM,IAAI,MAAM;AAAA;AAGpB,UAAM,iBAAyC,0BAC3C,QAAQ,YACR,EAAE,WAAW;AAEjB,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI;AAAA;AAEhB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,0BAA0B,OAAO,YACnC,MAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAC3B,OAAO,CAAC,eAAe,eAAe;AAClC,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,OAAO;AAAA,UACP;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,sBACF,qBAAK,UAAU,yBAAyB,EAAE,WAAW;AACzD,UAAM,mBAAqC;AAAA,MACvC,QAAQ,QAAQ;AAAA,MAChB;AAAA;AAGJ,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,8BAAG,cACC,sBACA,KAAK,UAAU,kBAAkB,MAAM;AAAA;AAAA,WAG1C,GAAP;AACE,UAAM;AAAA;AAAA;;;AC/Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAAmD;AACnD,yBAAoC;AACpC,oBAA0B;AAC1B,mBAAiB;AACjB,sBAAe;AACf,wBAAiB;AASV,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAElC,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,0BAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,6BAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,wBAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,0BACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,sCAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,kCAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAQvC,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAAI,CAAC,CAAC,eAAe,WAAW;AAC3D,YAAM,sBAAsB,IAAI,uCAAoB;AAAA,QAChD,MAAM,IAAI;AAAA,QACV,OAAO;AAAA,QACP,MAAM;AAAA,QACN,WAAW;AAAA;AAGf,aAAO,UAAU,KAAK;AAAA;AAAA,WAGzB,GAAP;AACE,UAAM;AAAA;AAAA;;;AdjJd,KAAK,0BAAM,4BAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,6BACR,QAAQ,sBACR,QAAQ,2BACR,QAAQ,2BACR,QAAQ,4BACR,QAAQ,4BAGR;",
6
6
  "names": []
7
7
  }
package/dist/esm/cli.js CHANGED
@@ -578,38 +578,37 @@ var handleSec = async ({
578
578
  var handler4 = async (argv) => {
579
579
  try {
580
580
  let env;
581
+ let awsEnv;
581
582
  try {
582
583
  if (argv.envFile) {
583
584
  env = parse2(fs3.readFileSync(argv.envFile, { encoding: "utf8" }));
585
+ } else {
586
+ const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({
587
+ argv: __spreadValues({}, argv),
588
+ env: __spreadValues(__spreadValues({}, process.env), env)
589
+ });
590
+ if ((argv.awsAssumeRoleArn || process.env.AWS_ASSUME_ROLE_ARN || (env == null ? void 0 : env.AWS_ASSUME_ROLE_ARN)) && credentialsAndOrigin.value.sessionToken !== void 0) {
591
+ awsEnv = {
592
+ AWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,
593
+ AWS_SECRET_ACCESS_KEY: credentialsAndOrigin.value.secretAccessKey,
594
+ AWS_SESSION_TOKEN: credentialsAndOrigin.value.sessionToken
595
+ };
596
+ }
597
+ if (argv.verbose) {
598
+ console.log({ credentialsAndOrigin, regionAndOrigin });
599
+ }
600
+ env = await handleSec({
601
+ secFile: argv.secFile,
602
+ credentialsAndOrigin,
603
+ regionAndOrigin,
604
+ awsKeyAlias: argv.awsKeyAlias
605
+ });
584
606
  }
585
607
  } catch (e) {
586
608
  if (argv.ignoreMissingEnvFile !== true) {
587
609
  throw e;
588
610
  }
589
611
  }
590
- let awsEnv;
591
- const { credentialsAndOrigin, regionAndOrigin } = await handleCredentialsAndRegion({
592
- argv: __spreadValues({}, argv),
593
- env: __spreadValues(__spreadValues({}, process.env), env)
594
- });
595
- if ((argv.awsAssumeRoleArn || process.env.AWS_ASSUME_ROLE_ARN || (env == null ? void 0 : env.AWS_ASSUME_ROLE_ARN)) && credentialsAndOrigin.value.sessionToken !== void 0) {
596
- awsEnv = {
597
- AWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,
598
- AWS_SECRET_ACCESS_KEY: credentialsAndOrigin.value.secretAccessKey,
599
- AWS_SESSION_TOKEN: credentialsAndOrigin.value.sessionToken
600
- };
601
- }
602
- if (argv.verbose) {
603
- console.log({ credentialsAndOrigin, regionAndOrigin });
604
- }
605
- if (!argv.envFile && argv.secFile) {
606
- env = await handleSec({
607
- secFile: argv.secFile,
608
- credentialsAndOrigin,
609
- regionAndOrigin,
610
- awsKeyAlias: argv.awsKeyAlias
611
- });
612
- }
613
612
  const userCommandArgs = process.argv.slice(process.argv.indexOf(argv.command) + 1);
614
613
  if (argv.command) {
615
614
  spawn(argv.command, [...userCommandArgs], {
package/dist/esm/cli.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../src/cli.ts", "../../src/commands/debugCommand.ts", "../../src/commonCliOptions.ts", "../../src/utils/getCredentialsProfileRegion.ts", "../../src/utils/logger.ts", "../../src/lib/partial-commands/handleCredentialsAndRegion.ts", "../../src/utils/ssm.ts", "../../src/commands/decryptSecCommand.ts", "../../src/utils/io.ts", "../../src/commands/decryptSecretsJson.ts", "../../src/utils/kms.ts", "../../src/commands/defaultCommand.ts", "../../src/commands/encryptEnvCommand.ts", "../../src/commands/encryptSecretsJson.ts", "../../src/commands/offloadToSSMCommand.ts"],
4
- "sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as debugCommand from './commands/debugCommand';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as decryptSecretsJson from './commands/decryptSecretsJson';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\nimport * as encryptSecretsJson from './commands/encryptSecretsJson';\nimport * as offloadToSSMCommand from './commands/offloadToSSMCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(offloadToSSMCommand)\n .command(debugCommand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n .command(encryptSecretsJson)\n .command(decryptSecretsJson)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { GetParametersByPathCommand } from '@aws-sdk/client-ssm';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { getSSMClient } from '../utils/ssm';\n\nexport const command = 'debug';\nexport const desc = 'Debugs all the things';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const getParametersByPathCommand = new GetParametersByPathCommand({\n Path: `arn:aws:ssm:eu-west-1:060014838622:parameter/dotsec/*`,\n Recursive: true,\n });\n\n const commandResult = await ssmClient.send(getParametersByPathCommand);\n console.log(commandResult);\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n default: 'alias/top-secret',\n describe: 'AWS KMS key alias',\n },\n awsKeyArn: {\n string: true,\n describe: 'AWS KMS key id',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS key arn',\n },\n envFile: {\n string: true,\n describe: '.env file',\n default: '.env',\n },\n ignoreMissingEnvFile: {\n boolean: true,\n describe: `Don't halt on missing .env file`,\n },\n secFile: {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n awsAssumeRoleArn: {\n string: true,\n describe:\n 'arn or role to assume. Can also be set using the AWS_ASSUME_ROLE_ARN environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n awsAssumeRoleSessionDuration: {\n number: true,\n describe:\n 'Duration of assume role sessions. Defaults to 3600 seconds. Can also be set using the AWS_ASSUME_ROLE_SESSION_DURATION environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import {\n fromEnv,\n fromIni,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport {\n CredentialsAndOrigin,\n ProfileAndOrigin,\n RegionAndOrigin,\n} from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: {\n profile?: string;\n region?: string;\n assumeRoleArn?: string;\n assumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n if (argv.profile) {\n profileAndOrigin = {\n value: argv.profile,\n origin: `command line option: ${bold(argv.profile)}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: argv.profile,\n })(),\n origin: `${bold(`[${argv.profile}]`)} in credentials file`,\n };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = {\n value: env.AWS_PROFILE,\n origin: `env variable ${bold('AWS_PROFILE')}: ${underline(\n env.AWS_PROFILE,\n )}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: env.AWS_PROFILE,\n })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(\n env.AWS_PROFILE,\n )}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold(\n 'AWS_SECRET_ACCESS_KEY',\n )}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = {\n value: 'default',\n origin: `${bold('[default]')} in credentials file`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: 'default',\n })(),\n origin: `profile ${bold('[default]')}`,\n };\n }\n\n if (argv.region) {\n regionAndOrigin = {\n value: argv.region,\n origin: `command line option: ${bold(argv.region)}`,\n };\n } else if (env.AWS_REGION) {\n regionAndOrigin = {\n value: env.AWS_REGION,\n origin: `env variable ${bold('AWS_REGION')}: ${underline(\n env.AWS_REGION,\n )}`,\n };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(\n env.AWS_DEFAULT_REGION,\n )}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion =\n sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = {\n value: foundRegion,\n origin: `${bold(\n `[profile ${profileAndOrigin.value}]`,\n )} in config file`,\n };\n }\n }\n\n const assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;\n if (assumedRole) {\n const origin = argv.assumeRoleArn\n ? 'command line option'\n : 'env variable';\n credentialsAndOrigin = {\n value: await fromTemporaryCredentials({\n masterCredentials: credentialsAndOrigin?.value,\n\n params: {\n DurationSeconds:\n argv.assumeRoleSessionDuration ||\n Number(env.AWS_ASSUME_ROLE_SESSION_DURATION) ||\n 3600,\n RoleArn: assumedRole,\n },\n\n clientConfig: {\n region: regionAndOrigin?.value,\n },\n })(),\n origin: `${origin} ${bold(`[${assumedRole}]`)}`,\n };\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n _logger = console;\n }\n\n return _logger;\n};\nexport const writeLine = (str: string) => {\n process.stdout.write(str);\n};\nexport const bold = (str: string): string => chalk.greenBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\nexport const clientLogger = {\n debug(content: object) {\n console.log(content);\n },\n info(content: object) {\n console.log(content);\n },\n warn(content: object) {\n console.log(content);\n },\n error(content: object) {\n console.error(content);\n },\n};\n", "import {\n getCredentialsProfileRegion,\n printVerboseCredentialsProfileRegion,\n} from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: {\n awsRegion?: string;\n awsProfile?: string;\n verbose?: boolean;\n awsAssumeRoleArn?: string;\n awsAssumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n await getCredentialsProfileRegion({\n argv: {\n region: argv.awsRegion,\n profile: argv.awsProfile,\n assumeRoleArn: argv.awsAssumeRoleArn,\n assumeRoleSessionDuration: argv.awsAssumeRoleSessionDuration,\n },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(\n printVerboseCredentialsProfileRegion({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n }),\n );\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { SSMClient, SSMClientConfig } from '@aws-sdk/client-ssm';\n\nexport const getSSMClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SSMClientConfig;\n}) => {\n const ssmClient = new SSMClient(configuration);\n return ssmClient;\n};\n", "import { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(\n fs.readFileSync(secSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(\n path.resolve(process.cwd(), argv.envFile || '.env'),\n envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'),\n );\n } catch (e) {\n console.error(e);\n }\n};\n", "import { stat } from 'fs/promises';\n\nimport prompts from 'prompts';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n\nexport const promptOverwriteIfFileExists = async ({\n filePath,\n skip,\n}: {\n filePath: string;\n skip?: boolean;\n}) => {\n let overwriteResponse: prompts.Answers<'overwrite'> | undefined;\n\n if ((await fileExists(filePath)) && skip !== true) {\n overwriteResponse = await prompts({\n type: 'confirm',\n name: 'overwrite',\n message: () => {\n return `Overwrite '${filePath}' ?`;\n },\n });\n } else {\n overwriteResponse = undefined;\n }\n return overwriteResponse;\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'decrypt-secrets-json';\nexport const desc = 'Derypts an encrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file writing secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const parameters: Secrets['parameters'] = flat.unflatten(\n flatParameters,\n { delimiter: '/' },\n );\n const secrets: Secrets = {\n config: encryptedSecrets.config,\n parameters,\n };\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: secretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(secretsPath, JSON.stringify(secrets, null, 4));\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { KMSClient, KMSClientConfig } from '@aws-sdk/client-kms';\n\nexport const getKMSClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: KMSClientConfig;\n}) => {\n const kmsClient = new KMSClient(configuration);\n\n return kmsClient;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport {\n CredentialsAndOrigin,\n RegionAndOrigin,\n YargsHandlerParams,\n} from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = '$0 <command>';\nexport const desc =\n 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'sec-file': commonCliOptions.secFile,\n 'env-file': commonCliOptions.envFile,\n 'ignore-missing-env-file': commonCliOptions.ignoreMissingEnvFile,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nconst handleSec = async ({\n secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n secFile: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const secSource = path.resolve(process.cwd(), secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n let env: Record<string, string> | undefined;\n try {\n if (argv.envFile) {\n env = parse(\n fs.readFileSync(argv.envFile, { encoding: 'utf8' }),\n );\n }\n } catch (e) {\n if (argv.ignoreMissingEnvFile !== true) {\n throw e;\n }\n }\n\n let awsEnv: Record<string, string> | undefined;\n\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: {\n ...process.env,\n ...env,\n // AWS_ASSUME_ROLE_ARN:\n // process.env.AWS_ASSUME_ROLE_ARN ||\n // env?.AWS_ASSUME_ROLE_ARN,\n },\n });\n\n if (\n (argv.awsAssumeRoleArn ||\n process.env.AWS_ASSUME_ROLE_ARN ||\n env?.AWS_ASSUME_ROLE_ARN) &&\n credentialsAndOrigin.value.sessionToken !== undefined\n ) {\n awsEnv = {\n AWS_ACCESS_KEY_ID: credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n AWS_SESSION_TOKEN: credentialsAndOrigin.value.sessionToken,\n };\n // this means we have\n }\n if (argv.verbose) {\n console.log({ credentialsAndOrigin, regionAndOrigin });\n }\n\n if (!argv.envFile && argv.secFile) {\n env = await handleSec({\n secFile: argv.secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias: argv.awsKeyAlias,\n });\n }\n\n // const secSource = path.resolve(process.cwd(), argv.secFile);\n // if (!(await fileExists(secSource))) {\n // console.error(`Could not open ${redBright(secSource)}`);\n // return;\n // }\n // const parsedSec = parse(\n // fs.readFileSync(secSource, { encoding: 'utf8' }),\n // );\n\n // const kmsClient = new KMSClient({\n // credentials: credentialsAndOrigin.value,\n // region: regionAndOrigin.value,\n // });\n\n // const envEntries: [string, string][] = await Promise.all(\n // Object.entries(parsedSec).map(async ([key, cipherText]) => {\n // const decryptCommand = new DecryptCommand({\n // KeyId: argv.awsKeyAlias,\n // CiphertextBlob: Buffer.from(cipherText, 'base64'),\n // EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n // });\n // const decryptionResult = await kmsClient.send(decryptCommand);\n\n // if (!decryptionResult?.Plaintext) {\n // throw new Error(\n // `No: ${JSON.stringify({\n // key,\n // cipherText,\n // decryptCommand,\n // })}`,\n // );\n // }\n // const value = Buffer.from(\n // decryptionResult.Plaintext,\n // ).toString();\n // return [key, value];\n // }),\n // );\n // const env = Object.fromEntries(envEntries);\n\n //\n const userCommandArgs = process.argv.slice(\n process.argv.indexOf(argv.command) + 1,\n );\n\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...awsEnv, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(\n fs.readFileSync(envSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key,\n value,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(`Encrypting key ${bold(key)} ${underline('ok')}`);\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-secrets-json';\nexport const desc = 'Encrypts an unencrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file reading secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n if (!(await fileExists(secretsPath))) {\n error(`Could not open ${redBright(secretsPath)}`);\n return;\n }\n const secrets = JSON.parse(\n fs.readFileSync(secretsPath, { encoding: 'utf8' }),\n ) as Secrets;\n\n if (!secrets.parameters) {\n throw new Error(`Expected 'parameters' property, but got none`);\n }\n\n const flatParameters: Record<string, string> = flat(\n secrets.parameters,\n { delimiter: '/' },\n );\n if (argv.verbose) {\n console.log(flatParameters);\n }\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const encryptedFlatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatParameters).map(\n async ([parameterName, parameter]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(parameter),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n value: parameter,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return [parameterName, cipherText];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const encryptedParameters: EncryptedSecrets['encryptedParameters'] =\n flat.unflatten(encryptedFlatParameters, { delimiter: '/' });\n const encryptedSecrets: EncryptedSecrets = {\n config: secrets.config,\n encryptedParameters,\n };\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: encryptedSecretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(\n encryptedSecretsPath,\n JSON.stringify(encryptedSecrets, null, 4),\n );\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { PutParameterCommand } from '@aws-sdk/client-ssm';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nimport { getSSMClient } from '../utils/ssm';\nexport const command = 'offload-secrets-json-to-ssm';\nexport const desc =\n 'Sends decrypted values of secrets.encrypted.json file to SSM parameter store';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n // create ssm client\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n await Promise.all(\n Object.entries(flatParameters).map(([parameterName, value]) => {\n const putParameterCommand = new PutParameterCommand({\n Name: `/${parameterName}`,\n Value: value,\n Type: 'String',\n Overwrite: true,\n });\n\n return ssmClient.send(putParameterCommand);\n }),\n );\n } catch (e) {\n error(e);\n }\n};\n"],
5
- "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;AACA;AACA;;;ACFA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACEO,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,sBAAsB;AAAA,IAClB,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,kBAAkB;AAAA,IACd,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,8BAA8B;AAAA,IAC1B,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAWd,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;ACnElB;AAAA;AAAA;AAAA;AAAA;AAKA;;;ACLA;AAEA,IAAI;AAEG,IAAM,YAAY,MAAM;AAC3B,MAAI,CAAC,SAAS;AACV,cAAU;AAAA;AAGd,SAAO;AAAA;AAKJ,IAAM,OAAO,CAAC,QAAwB,MAAM,YAAY,KAAK;AAC7D,IAAM,YAAY,CAAC,QAAwB,MAAM,WAAW,KAAK;;;ADDjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAkBE;AAlCN;AAmCI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AACnD,MAAI,KAAK,SAAS;AACd,uBAAmB;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAE9C,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,KAAK;AAAA;AAAA,MAElB,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA;AAAA,aAEtB,IAAI,aAAa;AACxB,uBAAmB;AAAA,MACf,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,mBAAmB,UAC5C,IAAI;AAAA;AAGZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,IAAI;AAAA;AAAA,MAEjB,QAAQ,gBAAgB,UAAU,mBAAmB,KACjD,IAAI;AAAA;AAAA,aAGL,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KACtD;AAAA;AAAA,aAGD,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB;AAAA,MACf,OAAO;AAAA,MACP,QAAQ,GAAG,KAAK;AAAA;AAEpB,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS;AAAA;AAAA,MAEb,QAAQ,WAAW,KAAK;AAAA;AAAA;AAIhC,MAAI,KAAK,QAAQ;AACb,sBAAkB;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAAA,aAEvC,IAAI,YAAY;AACvB,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,kBAAkB,UAC3C,IAAI;AAAA;AAAA,aAGL,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UACnD,IAAI;AAAA;AAAA,aAGL,kBAAkB;AACzB,UAAM,cACF,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7D,QAAI,aAAa;AACb,wBAAkB;AAAA,QACd,OAAO;AAAA,QACP,QAAQ,GAAG,KACP,YAAY,iBAAiB;AAAA;AAAA;AAAA;AAM7C,QAAM,cAAc,KAAK,iBAAiB,IAAI;AAC9C,MAAI,aAAa;AACb,UAAM,SAAS,KAAK,gBACd,wBACA;AACN,2BAAuB;AAAA,MACnB,OAAO,MAAM,yBAAyB;AAAA,QAClC,mBAAmB,6DAAsB;AAAA,QAEzC,QAAQ;AAAA,UACJ,iBACI,KAAK,6BACL,OAAO,IAAI,qCACX;AAAA,UACJ,SAAS;AAAA;AAAA,QAGb,cAAc;AAAA,UACV,QAAQ,mDAAiB;AAAA;AAAA;AAAA,MAGjC,QAAQ,GAAG,UAAU,KAAK,IAAI;AAAA;AAAA;AAItC,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AEhKb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAmBE;AACF,QAAM,EAAE,sBAAsB,iBAAiB,qBAC3C,MAAM,4BAA4B;AAAA,IAC9B,MAAM;AAAA,MACF,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA,MACpB,2BAA2B,KAAK;AAAA;AAAA,IAEpC,KAAK,mBACE;AAAA;AAIf,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IACJ,qCAAqC;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAKZ,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;AC7DnC;AAEO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,UAAU;AAChC,SAAO;AAAA;;;ALFJ,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,6BAA6B,IAAI,2BAA2B;AAAA,MAC9D,MAAM;AAAA,MACN,WAAW;AAAA;AAGf,UAAM,gBAAgB,MAAM,UAAU,KAAK;AAC3C,YAAQ,IAAI;AAAA,WACP,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AM7CtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;;;ACJA;AAEA;AAEO,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,KAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;AAIR,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAIE;AACF,MAAI;AAEJ,MAAK,MAAM,WAAW,aAAc,SAAS,MAAM;AAC/C,wBAAoB,MAAM,QAAQ;AAAA,MAC9B,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,MAAM;AACX,eAAO,cAAc;AAAA;AAAA;AAAA,SAG1B;AACH,wBAAoB;AAAA;AAExB,SAAO;AAAA;;;ADtBJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,mBAAmB,iBAAiB;AAAA,EACpC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,KAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,UAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,MACd,GAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,IAAI,UAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAIZ,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,KAAK;AAAA;AAGrB,OAAG,cACC,KAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAC5C,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAE1D,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AE9EtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;;;ACJA;AAEO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,WAAU;AAEhC,SAAO;AAAA;;;ADEJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,KACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,mBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,aAAoC,KAAK,UAC3C,gBACA,EAAE,WAAW;AAEjB,UAAM,UAAmB;AAAA,MACrB,QAAQ,iBAAiB;AAAA,MACzB;AAAA;AAEJ,UAAM,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,UAAG,cAAc,aAAa,KAAK,UAAU,SAAS,MAAM;AAAA;AAAA,WAE3D,GAAP;AACE,UAAM;AAAA;AAAA;;;AE9Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AACA;AAWO,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,2BAA2B,iBAAiB;AAAA,EAC5C,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,SAAS,iBAAiB;AAAA,EAE1B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGvC,IAAM,YAAY,OAAO;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAME;AACF,QAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO;AAC9C,MAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAQ,MAAM,kBAAkB,WAAU;AAC1C;AAAA;AAEJ,QAAM,YAAY,OAAM,IAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,QAAM,YAAY,IAAI,WAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,UAAM,iBAAiB,IAAI,gBAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGrB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEJ,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,QAAI;AACJ,QAAI;AACA,UAAI,KAAK,SAAS;AACd,cAAM,OACF,IAAG,aAAa,KAAK,SAAS,EAAE,UAAU;AAAA;AAAA,aAG7C,GAAP;AACE,UAAI,KAAK,yBAAyB,MAAM;AACpC,cAAM;AAAA;AAAA;AAId,QAAI;AAEJ,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,kCACE,QAAQ,MACR;AAAA;AAOf,QACK,MAAK,oBACF,QAAQ,IAAI,uBACZ,4BAAK,yBACT,qBAAqB,MAAM,iBAAiB,QAC9C;AACE,eAAS;AAAA,QACL,mBAAmB,qBAAqB,MAAM;AAAA,QAC9C,uBACI,qBAAqB,MAAM;AAAA,QAC/B,mBAAmB,qBAAqB,MAAM;AAAA;AAAA;AAItD,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI,EAAE,sBAAsB;AAAA;AAGxC,QAAI,CAAC,KAAK,WAAW,KAAK,SAAS;AAC/B,YAAM,MAAM,UAAU;AAAA,QAClB,SAAS,KAAK;AAAA,QACd;AAAA,QACA;AAAA,QACA,aAAa,KAAK;AAAA;AAAA;AA6C1B,UAAM,kBAAkB,QAAQ,KAAK,MACjC,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAGzC,QAAI,KAAK,SAAS;AACd,YAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,iDAAK,QAAQ,MAAQ,SAAW;AAAA;AAAA;AAAA,WAGxC,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;ACpMtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;AAQO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,YAAY,OACd,IAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aAAK,kBAAkB,KAAK,QAAQ,UAAU;AAAA;AAGlD,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAEP,QAAG,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,UAAM;AAAA;AAAA;;;AC5Gd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AAQO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,QAAI,CAAE,MAAM,WAAW,cAAe;AAClC,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,UAAU,KAAK,MACjB,IAAG,aAAa,aAAa,EAAE,UAAU;AAG7C,QAAI,CAAC,QAAQ,YAAY;AACrB,YAAM,IAAI,MAAM;AAAA;AAGpB,UAAM,iBAAyC,MAC3C,QAAQ,YACR,EAAE,WAAW;AAEjB,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI;AAAA;AAEhB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,0BAA0B,OAAO,YACnC,MAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAC3B,OAAO,CAAC,eAAe,eAAe;AAClC,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,OAAO;AAAA,UACP;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,sBACF,MAAK,UAAU,yBAAyB,EAAE,WAAW;AACzD,UAAM,mBAAqC;AAAA,MACvC,QAAQ,QAAQ;AAAA,MAChB;AAAA;AAGJ,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,UAAG,cACC,sBACA,KAAK,UAAU,kBAAkB,MAAM;AAAA;AAAA,WAG1C,GAAP;AACE,UAAM;AAAA;AAAA;;;AC/Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;AACA;AASO,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAElC,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,MACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAQvC,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAAI,CAAC,CAAC,eAAe,WAAW;AAC3D,YAAM,sBAAsB,IAAI,oBAAoB;AAAA,QAChD,MAAM,IAAI;AAAA,QACV,OAAO;AAAA,QACP,MAAM;AAAA,QACN,WAAW;AAAA;AAGf,aAAO,UAAU,KAAK;AAAA;AAAA,WAGzB,GAAP;AACE,UAAM;AAAA;AAAA;;;AdjJd,KAAK,MAAM,QAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,6BACR,QAAQ,sBACR,QAAQ,2BACR,QAAQ,2BACR,QAAQ,4BACR,QAAQ,4BAGR;",
4
+ "sourcesContent": ["/* eslint-disable @typescript-eslint/no-shadow */\nimport { hideBin } from 'yargs/helpers';\nimport yargs from 'yargs/yargs';\n\n// import * as createAwsKey from './commands/createAwsKey';\nimport * as debugCommand from './commands/debugCommand';\nimport * as decryptSecCommand from './commands/decryptSecCommand';\nimport * as decryptSecretsJson from './commands/decryptSecretsJson';\nimport * as defaultCommmand from './commands/defaultCommand';\n// import * as deleteAwsKey from './commands/deleteAwsKey';\nimport * as encryptEnvCommand from './commands/encryptEnvCommand';\nimport * as encryptSecretsJson from './commands/encryptSecretsJson';\nimport * as offloadToSSMCommand from './commands/offloadToSSMCommand';\n\nvoid yargs(hideBin(process.argv))\n .command(defaultCommmand)\n .command(offloadToSSMCommand)\n .command(debugCommand)\n .command(encryptEnvCommand)\n .command(decryptSecCommand)\n .command(encryptSecretsJson)\n .command(decryptSecretsJson)\n // .command(createAwsKey)\n // .command(deleteAwsKey)\n .parse();\n", "import { GetParametersByPathCommand } from '@aws-sdk/client-ssm';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { getSSMClient } from '../utils/ssm';\n\nexport const command = 'debug';\nexport const desc = 'Debugs all the things';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n const getParametersByPathCommand = new GetParametersByPathCommand({\n Path: `arn:aws:ssm:eu-west-1:060014838622:parameter/dotsec/*`,\n Recursive: true,\n });\n\n const commandResult = await ssmClient.send(getParametersByPathCommand);\n console.log(commandResult);\n } catch (e) {\n console.error(e);\n }\n};\n", "// import regions from 'aws-regions/regions.json';\n\nexport const commonCliOptions = {\n awsProfile: {\n string: true,\n describe: 'AWS profile',\n },\n awsRegion: {\n string: true,\n describe: 'AWS region',\n },\n awsKeyAlias: {\n string: true,\n default: 'alias/top-secret',\n describe: 'AWS KMS key alias',\n },\n awsKeyArn: {\n string: true,\n describe: 'AWS KMS key id',\n },\n awsKey: {\n string: true,\n describe: 'AWS KMS key arn',\n },\n envFile: {\n string: true,\n describe: '.env file',\n default: '.env',\n },\n ignoreMissingEnvFile: {\n boolean: true,\n describe: `Don't halt on missing .env file`,\n },\n secFile: {\n string: true,\n describe: '.sec file',\n default: '.sec',\n },\n awsAssumeRoleArn: {\n string: true,\n describe:\n 'arn or role to assume. Can also be set using the AWS_ASSUME_ROLE_ARN environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n awsAssumeRoleSessionDuration: {\n number: true,\n describe:\n 'Duration of assume role sessions. Defaults to 3600 seconds. Can also be set using the AWS_ASSUME_ROLE_SESSION_DURATION environment variable, or, when using --env-file in the target env file. The cli option overrides the environment variable.',\n },\n verbose: {\n boolean: true,\n describe: 'Be verbose',\n },\n // regions: {\n // describe: 'AWS region',\n // array: true,\n // choices: regions.map(({ code }) => code),\n // },\n // baseRegion: {\n // describe: 'AWS region where to store encyption secrets. This is also the same region where *you* should deploy the Top Secret! stack.',\n // choices: regions.map(({ code }) => code),\n // },\n yes: {\n boolean: true,\n describe: 'Proceeds without confirmation',\n },\n dryRun: {\n boolean: true,\n describe: 'Do a dry run',\n },\n} as const;\n", "import {\n fromEnv,\n fromIni,\n fromTemporaryCredentials,\n} from '@aws-sdk/credential-providers';\nimport { loadSharedConfigFiles } from '@aws-sdk/shared-ini-file-loader';\n\nimport {\n CredentialsAndOrigin,\n ProfileAndOrigin,\n RegionAndOrigin,\n} from '../types';\nimport { bold, underline } from './logger';\n\nexport const getCredentialsProfileRegion = async ({\n argv,\n env,\n}: {\n argv: {\n profile?: string;\n region?: string;\n assumeRoleArn?: string;\n assumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string;\n AWS_ACCESS_KEY_ID?: string;\n AWS_SECRET_ACCESS_KEY?: string;\n AWS_REGION?: string;\n AWS_DEFAULT_REGION?: string;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const sharedConfigFiles = await loadSharedConfigFiles();\n let credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n let profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n let regionAndOrigin: RegionAndOrigin | undefined = undefined;\n if (argv.profile) {\n profileAndOrigin = {\n value: argv.profile,\n origin: `command line option: ${bold(argv.profile)}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: argv.profile,\n })(),\n origin: `${bold(`[${argv.profile}]`)} in credentials file`,\n };\n } else if (env.AWS_PROFILE) {\n profileAndOrigin = {\n value: env.AWS_PROFILE,\n origin: `env variable ${bold('AWS_PROFILE')}: ${underline(\n env.AWS_PROFILE,\n )}`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: env.AWS_PROFILE,\n })(),\n origin: `env variable ${underline('AWS_PROFILE')}: ${bold(\n env.AWS_PROFILE,\n )}`,\n };\n } else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n credentialsAndOrigin = {\n value: await fromEnv()(),\n origin: `env variables ${bold('AWS_ACCESS_KEY_ID')} and ${bold(\n 'AWS_SECRET_ACCESS_KEY',\n )}`,\n };\n } else if (sharedConfigFiles.credentialsFile?.default) {\n profileAndOrigin = {\n value: 'default',\n origin: `${bold('[default]')} in credentials file`,\n };\n credentialsAndOrigin = {\n value: await fromIni({\n profile: 'default',\n })(),\n origin: `profile ${bold('[default]')}`,\n };\n }\n\n if (argv.region) {\n regionAndOrigin = {\n value: argv.region,\n origin: `command line option: ${bold(argv.region)}`,\n };\n } else if (env.AWS_REGION) {\n regionAndOrigin = {\n value: env.AWS_REGION,\n origin: `env variable ${bold('AWS_REGION')}: ${underline(\n env.AWS_REGION,\n )}`,\n };\n } else if (env.AWS_DEFAULT_REGION) {\n regionAndOrigin = {\n value: env.AWS_DEFAULT_REGION,\n origin: `env variable ${bold('AWS_DEFAULT_REGION')}: ${underline(\n env.AWS_DEFAULT_REGION,\n )}`,\n };\n } else if (profileAndOrigin) {\n const foundRegion =\n sharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n if (foundRegion) {\n regionAndOrigin = {\n value: foundRegion,\n origin: `${bold(\n `[profile ${profileAndOrigin.value}]`,\n )} in config file`,\n };\n }\n }\n\n const assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;\n if (assumedRole) {\n const origin = argv.assumeRoleArn\n ? 'command line option'\n : 'env variable';\n credentialsAndOrigin = {\n value: await fromTemporaryCredentials({\n masterCredentials: credentialsAndOrigin?.value,\n\n params: {\n DurationSeconds:\n argv.assumeRoleSessionDuration ||\n Number(env.AWS_ASSUME_ROLE_SESSION_DURATION) ||\n 3600,\n RoleArn: assumedRole,\n },\n\n clientConfig: {\n region: regionAndOrigin?.value,\n },\n })(),\n origin: `${origin} ${bold(`[${assumedRole}]`)}`,\n };\n }\n\n return { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n}: {\n credentialsAndOrigin?: CredentialsAndOrigin;\n regionAndOrigin?: RegionAndOrigin;\n profileAndOrigin?: ProfileAndOrigin;\n}): string => {\n const out: string[] = [];\n if (profileAndOrigin) {\n out.push(`Got profile name from ${profileAndOrigin.origin}`);\n }\n if (credentialsAndOrigin) {\n out.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n }\n if (regionAndOrigin) {\n out.push(`Resolved region from ${regionAndOrigin.origin}`);\n }\n return out.join('\\n');\n};\n", "import chalk from 'chalk';\n// eslint-disable-next-line @typescript-eslint/naming-convention\nlet _logger: Pick<Console, 'info' | 'error'>;\n\nexport const getLogger = () => {\n if (!_logger) {\n _logger = console;\n }\n\n return _logger;\n};\nexport const writeLine = (str: string) => {\n process.stdout.write(str);\n};\nexport const bold = (str: string): string => chalk.greenBright.bold(str);\nexport const underline = (str: string): string => chalk.cyanBright.bold(str);\nexport const clientLogger = {\n debug(content: object) {\n console.log(content);\n },\n info(content: object) {\n console.log(content);\n },\n warn(content: object) {\n console.log(content);\n },\n error(content: object) {\n console.error(content);\n },\n};\n", "import {\n getCredentialsProfileRegion,\n printVerboseCredentialsProfileRegion,\n} from '../../utils/getCredentialsProfileRegion';\n\nexport const handleCredentialsAndRegion = async ({\n argv,\n env,\n}: {\n argv: {\n awsRegion?: string;\n awsProfile?: string;\n verbose?: boolean;\n awsAssumeRoleArn?: string;\n awsAssumeRoleSessionDuration?: number;\n };\n env: {\n AWS_PROFILE?: string | undefined;\n AWS_ACCESS_KEY_ID?: string | undefined;\n AWS_SECRET_ACCESS_KEY?: string | undefined;\n AWS_REGION?: string | undefined;\n AWS_DEFAULT_REGION?: string | undefined;\n AWS_ASSUME_ROLE_ARN?: string | undefined;\n AWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n TZ?: string;\n };\n}) => {\n const { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n await getCredentialsProfileRegion({\n argv: {\n region: argv.awsRegion,\n profile: argv.awsProfile,\n assumeRoleArn: argv.awsAssumeRoleArn,\n assumeRoleSessionDuration: argv.awsAssumeRoleSessionDuration,\n },\n env: {\n ...env,\n },\n });\n\n if (argv.verbose === true) {\n console.log(\n printVerboseCredentialsProfileRegion({\n credentialsAndOrigin,\n regionAndOrigin,\n profileAndOrigin,\n }),\n );\n }\n\n if (!credentialsAndOrigin || !regionAndOrigin) {\n if (!credentialsAndOrigin) {\n console.error('Could not find credentials');\n throw new Error('Could not find credentials');\n }\n if (!regionAndOrigin) {\n console.error('Could not find region');\n throw new Error('Could not find region');\n }\n }\n\n return { credentialsAndOrigin, regionAndOrigin };\n};\n", "import { SSMClient, SSMClientConfig } from '@aws-sdk/client-ssm';\n\nexport const getSSMClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: SSMClientConfig;\n}) => {\n const ssmClient = new SSMClient(configuration);\n return ssmClient;\n};\n", "import { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = 'decrypt-sec';\nexport const desc = 'Decrypts a dotsec file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secSource = path.resolve(process.cwd(), argv.secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(\n fs.readFileSync(secSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [key, value];\n }),\n );\n fs.writeFileSync(\n path.resolve(process.cwd(), argv.envFile || '.env'),\n envEntries.map(([key, value]) => `${key}=\"${value}\"`).join('\\n'),\n );\n } catch (e) {\n console.error(e);\n }\n};\n", "import { stat } from 'fs/promises';\n\nimport prompts from 'prompts';\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n try {\n await stat(source);\n return true;\n } catch {\n return false;\n }\n};\n\nexport const promptOverwriteIfFileExists = async ({\n filePath,\n skip,\n}: {\n filePath: string;\n skip?: boolean;\n}) => {\n let overwriteResponse: prompts.Answers<'overwrite'> | undefined;\n\n if ((await fileExists(filePath)) && skip !== true) {\n overwriteResponse = await prompts({\n type: 'confirm',\n name: 'overwrite',\n message: () => {\n return `Overwrite '${filePath}' ?`;\n },\n });\n } else {\n overwriteResponse = undefined;\n }\n return overwriteResponse;\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'decrypt-secrets-json';\nexport const desc = 'Derypts an encrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file writing secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const parameters: Secrets['parameters'] = flat.unflatten(\n flatParameters,\n { delimiter: '/' },\n );\n const secrets: Secrets = {\n config: encryptedSecrets.config,\n parameters,\n };\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: secretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(secretsPath, JSON.stringify(secrets, null, 4));\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { KMSClient, KMSClientConfig } from '@aws-sdk/client-kms';\n\nexport const getKMSClient = ({\n configuration,\n}: {\n verbose?: boolean;\n configuration: KMSClientConfig;\n}) => {\n const kmsClient = new KMSClient(configuration);\n\n return kmsClient;\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { KMSClient, DecryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { spawn } from 'cross-spawn';\nimport { parse } from 'dotenv';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport {\n CredentialsAndOrigin,\n RegionAndOrigin,\n YargsHandlerParams,\n} from '../types';\nimport { fileExists } from '../utils/io';\n\nexport const command = '$0 <command>';\nexport const desc =\n 'Decrypts a .sec file, injects the results into a separate process and runs a command';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'sec-file': commonCliOptions.secFile,\n 'env-file': commonCliOptions.envFile,\n 'ignore-missing-env-file': commonCliOptions.ignoreMissingEnvFile,\n 'aws-assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n 'aws-assume-role-session-duration':\n commonCliOptions.awsAssumeRoleSessionDuration,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n command: { string: true, required: true },\n} as const;\n\nconst handleSec = async ({\n secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias,\n}: {\n secFile: string;\n credentialsAndOrigin: CredentialsAndOrigin;\n regionAndOrigin: RegionAndOrigin;\n awsKeyAlias: string;\n}) => {\n const secSource = path.resolve(process.cwd(), secFile);\n if (!(await fileExists(secSource))) {\n console.error(`Could not open ${redBright(secSource)}`);\n return;\n }\n const parsedSec = parse(fs.readFileSync(secSource, { encoding: 'utf8' }));\n\n const kmsClient = new KMSClient({\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n });\n\n const envEntries: [string, string][] = await Promise.all(\n Object.entries(parsedSec).map(async ([key, cipherText]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: awsKeyAlias,\n CiphertextBlob: Buffer.from(cipherText, 'base64'),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n const decryptionResult = await kmsClient.send(decryptCommand);\n\n if (!decryptionResult?.Plaintext) {\n throw new Error(\n `No: ${JSON.stringify({\n key,\n cipherText,\n decryptCommand,\n })}`,\n );\n }\n const value = Buffer.from(decryptionResult.Plaintext).toString();\n return [key, value];\n }),\n );\n const env = Object.fromEntries(envEntries);\n\n return env;\n};\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n try {\n let env: Record<string, string> | undefined;\n let awsEnv: Record<string, string> | undefined;\n try {\n if (argv.envFile) {\n env = parse(\n fs.readFileSync(argv.envFile, { encoding: 'utf8' }),\n );\n } else {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: {\n ...process.env,\n ...env,\n // AWS_ASSUME_ROLE_ARN:\n // process.env.AWS_ASSUME_ROLE_ARN ||\n // env?.AWS_ASSUME_ROLE_ARN,\n },\n });\n\n if (\n (argv.awsAssumeRoleArn ||\n process.env.AWS_ASSUME_ROLE_ARN ||\n env?.AWS_ASSUME_ROLE_ARN) &&\n credentialsAndOrigin.value.sessionToken !== undefined\n ) {\n awsEnv = {\n AWS_ACCESS_KEY_ID:\n credentialsAndOrigin.value.accessKeyId,\n AWS_SECRET_ACCESS_KEY:\n credentialsAndOrigin.value.secretAccessKey,\n AWS_SESSION_TOKEN:\n credentialsAndOrigin.value.sessionToken,\n };\n // this means we have\n }\n if (argv.verbose) {\n console.log({ credentialsAndOrigin, regionAndOrigin });\n }\n\n env = await handleSec({\n secFile: argv.secFile,\n credentialsAndOrigin,\n regionAndOrigin,\n awsKeyAlias: argv.awsKeyAlias,\n });\n }\n } catch (e) {\n if (argv.ignoreMissingEnvFile !== true) {\n throw e;\n }\n }\n\n //\n const userCommandArgs = process.argv.slice(\n process.argv.indexOf(argv.command) + 1,\n );\n\n if (argv.command) {\n spawn(argv.command, [...userCommandArgs], {\n stdio: 'inherit',\n shell: false,\n env: { ...process.env, ...awsEnv, ...env },\n });\n }\n } catch (e) {\n console.error(e);\n }\n};\n", "import { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport { parse } from 'dotenv';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-env';\nexport const desc = 'Encrypts a dotenv file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'env-file': commonCliOptions.envFile,\n 'sec-file': commonCliOptions.secFile,\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n // yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const envSource = path.resolve(process.cwd(), argv.envFile);\n if (!(await fileExists(envSource))) {\n error(`Could not open ${redBright(envSource)}`);\n return;\n }\n const parsedEnv = parse(\n fs.readFileSync(envSource, { encoding: 'utf8' }),\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const sec = (\n await Promise.all(\n Object.entries(parsedEnv).map(async ([key, value]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(value),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key,\n value,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(`Encrypting key ${bold(key)} ${underline('ok')}`);\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return `${key}=\"${cipherText}\"`;\n }),\n )\n ).join('\\n');\n\n fs.writeFileSync(path.resolve(process.cwd(), argv.secFile), sec);\n } catch (e) {\n error(e);\n }\n};\n", "import fs from 'node:fs';\nimport path from 'node:path';\n\nimport { DescribeKeyCommand, EncryptCommand } from '@aws-sdk/client-kms';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, Secrets, YargsHandlerParams } from '../types';\nimport { fileExists, promptOverwriteIfFileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nexport const command = 'encrypt-secrets-json';\nexport const desc = 'Encrypts an unencrypted file';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n 'secrets-file': {\n string: true,\n describe: 'filename of json file reading secrets',\n default: 'secrets.json',\n },\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for writing encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const secretsPath = path.resolve(process.cwd(), argv.secretsFile);\n if (!(await fileExists(secretsPath))) {\n error(`Could not open ${redBright(secretsPath)}`);\n return;\n }\n const secrets = JSON.parse(\n fs.readFileSync(secretsPath, { encoding: 'utf8' }),\n ) as Secrets;\n\n if (!secrets.parameters) {\n throw new Error(`Expected 'parameters' property, but got none`);\n }\n\n const flatParameters: Record<string, string> = flat(\n secrets.parameters,\n { delimiter: '/' },\n );\n if (argv.verbose) {\n console.log(flatParameters);\n }\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const encryptedFlatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatParameters).map(\n async ([parameterName, parameter]) => {\n const encryptCommand = new EncryptCommand({\n KeyId: argv.awsKeyAlias,\n Plaintext: Buffer.from(parameter),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const encryptionResult = await kmsClient.send(\n encryptCommand,\n );\n\n if (!encryptionResult.CiphertextBlob) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n value: parameter,\n encryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const cipherText = Buffer.from(\n encryptionResult.CiphertextBlob,\n ).toString('base64');\n return [parameterName, cipherText];\n },\n ),\n ),\n ) as Record<string, string>;\n\n const encryptedParameters: EncryptedSecrets['encryptedParameters'] =\n flat.unflatten(encryptedFlatParameters, { delimiter: '/' });\n const encryptedSecrets: EncryptedSecrets = {\n config: secrets.config,\n encryptedParameters,\n };\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n const overwriteResponse = await promptOverwriteIfFileExists({\n filePath: encryptedSecretsPath,\n skip: argv.yes,\n });\n\n if (\n overwriteResponse === undefined ||\n overwriteResponse.overwrite === true\n ) {\n fs.writeFileSync(\n encryptedSecretsPath,\n JSON.stringify(encryptedSecrets, null, 4),\n );\n }\n } catch (e) {\n error(e);\n }\n};\n", "import { DecryptCommand, DescribeKeyCommand } from '@aws-sdk/client-kms';\nimport { PutParameterCommand } from '@aws-sdk/client-ssm';\nimport { redBright } from 'chalk';\nimport flat from 'flat';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nimport { commonCliOptions } from '../commonCliOptions';\nimport { handleCredentialsAndRegion } from '../lib/partial-commands/handleCredentialsAndRegion';\nimport { EncryptedSecrets, YargsHandlerParams } from '../types';\nimport { fileExists } from '../utils/io';\nimport { getKMSClient } from '../utils/kms';\nimport { bold, getLogger, underline } from '../utils/logger';\nimport { getSSMClient } from '../utils/ssm';\nexport const command = 'offload-secrets-json-to-ssm';\nexport const desc =\n 'Sends decrypted values of secrets.encrypted.json file to SSM parameter store';\n\nexport const builder = {\n 'aws-profile': commonCliOptions.awsProfile,\n 'aws-region': commonCliOptions.awsRegion,\n 'aws-key-alias': commonCliOptions.awsKeyAlias,\n\n 'encrypted-secrets-file': {\n string: true,\n describe: 'filename of json file for reading encrypted secrets',\n default: 'secrets.encrypted.json',\n },\n 'assume-role-arn': commonCliOptions.awsAssumeRoleArn,\n verbose: commonCliOptions.verbose,\n yes: { ...commonCliOptions.yes },\n} as const;\n\nexport const handler = async (\n argv: YargsHandlerParams<typeof builder>,\n): Promise<void> => {\n const { info, error } = getLogger();\n try {\n const { credentialsAndOrigin, regionAndOrigin } =\n await handleCredentialsAndRegion({\n argv: { ...argv },\n env: { ...process.env },\n });\n\n const encryptedSecretsPath = path.resolve(\n process.cwd(),\n argv.encryptedSecretsFile,\n );\n if (!(await fileExists(encryptedSecretsPath))) {\n error(`Could not open ${redBright(encryptedSecretsPath)}`);\n return;\n }\n const encryptedSecrets = JSON.parse(\n fs.readFileSync(encryptedSecretsPath, { encoding: 'utf8' }),\n ) as EncryptedSecrets;\n\n if (!encryptedSecrets.encryptedParameters) {\n throw new Error(\n `Expected 'encryptedParameters' property, but got none`,\n );\n }\n\n const flatEncryptedParameters: Record<string, string> = flat(\n encryptedSecrets.encryptedParameters,\n { delimiter: '/' },\n );\n\n const kmsClient = getKMSClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n if (argv.verbose) {\n info(\n `Encrypting using key alias ${bold(argv.awsKeyAlias)} in ${bold(\n await kmsClient.config.region(),\n )}`,\n );\n\n // describe key *once*\n\n const describeKeyCommand = new DescribeKeyCommand({\n KeyId: argv.awsKeyAlias,\n });\n\n const describeKeyResult = await kmsClient.send(describeKeyCommand);\n\n console.log('describeKeyResult', { describeKeyResult });\n }\n\n const flatParameters = Object.fromEntries(\n await Promise.all(\n Object.entries(flatEncryptedParameters).map(\n async ([parameterName, encryptedParameter]) => {\n const decryptCommand = new DecryptCommand({\n KeyId: argv.awsKeyAlias,\n CiphertextBlob: Buffer.from(\n encryptedParameter,\n 'base64',\n ),\n EncryptionAlgorithm: 'RSAES_OAEP_SHA_256',\n });\n\n const decryptionResult = await kmsClient.send(\n decryptCommand,\n );\n\n if (!decryptionResult.Plaintext) {\n throw new Error(\n `Something bad happened: ${JSON.stringify({\n key: parameterName,\n cipherText: encryptedParameter,\n decryptCommand: decryptCommand,\n })}`,\n );\n }\n\n if (argv.verbose) {\n info(\n `Encrypting key ${bold(\n parameterName,\n )} ${underline('ok')}`,\n );\n }\n\n const value = Buffer.from(\n decryptionResult.Plaintext,\n ).toString();\n return [parameterName, value];\n },\n ),\n ),\n ) as Record<string, string>;\n\n // create ssm client\n\n const ssmClient = getSSMClient({\n configuration: {\n credentials: credentialsAndOrigin.value,\n region: regionAndOrigin.value,\n },\n verbose: argv.verbose,\n });\n\n await Promise.all(\n Object.entries(flatParameters).map(([parameterName, value]) => {\n const putParameterCommand = new PutParameterCommand({\n Name: `/${parameterName}`,\n Value: value,\n Type: 'String',\n Overwrite: true,\n });\n\n return ssmClient.send(putParameterCommand);\n }),\n );\n } catch (e) {\n error(e);\n }\n};\n"],
5
+ "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;AACA;AACA;;;ACFA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACEO,IAAM,mBAAmB;AAAA,EAC5B,YAAY;AAAA,IACR,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,aAAa;AAAA,IACT,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,WAAW;AAAA,IACP,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,sBAAsB;AAAA,IAClB,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,SAAS;AAAA,IACL,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,kBAAkB;AAAA,IACd,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,8BAA8B;AAAA,IAC1B,QAAQ;AAAA,IACR,UACI;AAAA;AAAA,EAER,SAAS;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAWd,KAAK;AAAA,IACD,SAAS;AAAA,IACT,UAAU;AAAA;AAAA,EAEd,QAAQ;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA;AAAA;;;ACnElB;AAAA;AAAA;AAAA;AAAA;AAKA;;;ACLA;AAEA,IAAI;AAEG,IAAM,YAAY,MAAM;AAC3B,MAAI,CAAC,SAAS;AACV,cAAU;AAAA;AAGd,SAAO;AAAA;AAKJ,IAAM,OAAO,CAAC,QAAwB,MAAM,YAAY,KAAK;AAC7D,IAAM,YAAY,CAAC,QAAwB,MAAM,WAAW,KAAK;;;ADDjE,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAkBE;AAlCN;AAmCI,QAAM,oBAAoB,MAAM;AAChC,MAAI,uBAAyD;AAC7D,MAAI,mBAAiD;AACrD,MAAI,kBAA+C;AACnD,MAAI,KAAK,SAAS;AACd,uBAAmB;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAE9C,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,KAAK;AAAA;AAAA,MAElB,QAAQ,GAAG,KAAK,IAAI,KAAK;AAAA;AAAA,aAEtB,IAAI,aAAa;AACxB,uBAAmB;AAAA,MACf,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,mBAAmB,UAC5C,IAAI;AAAA;AAGZ,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS,IAAI;AAAA;AAAA,MAEjB,QAAQ,gBAAgB,UAAU,mBAAmB,KACjD,IAAI;AAAA;AAAA,aAGL,IAAI,qBAAqB,IAAI,uBAAuB;AAC3D,2BAAuB;AAAA,MACnB,OAAO,MAAM;AAAA,MACb,QAAQ,iBAAiB,KAAK,4BAA4B,KACtD;AAAA;AAAA,aAGD,wBAAkB,oBAAlB,mBAAmC,SAAS;AACnD,uBAAmB;AAAA,MACf,OAAO;AAAA,MACP,QAAQ,GAAG,KAAK;AAAA;AAEpB,2BAAuB;AAAA,MACnB,OAAO,MAAM,QAAQ;AAAA,QACjB,SAAS;AAAA;AAAA,MAEb,QAAQ,WAAW,KAAK;AAAA;AAAA;AAIhC,MAAI,KAAK,QAAQ;AACb,sBAAkB;AAAA,MACd,OAAO,KAAK;AAAA,MACZ,QAAQ,wBAAwB,KAAK,KAAK;AAAA;AAAA,aAEvC,IAAI,YAAY;AACvB,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,kBAAkB,UAC3C,IAAI;AAAA;AAAA,aAGL,IAAI,oBAAoB;AAC/B,sBAAkB;AAAA,MACd,OAAO,IAAI;AAAA,MACX,QAAQ,gBAAgB,KAAK,0BAA0B,UACnD,IAAI;AAAA;AAAA,aAGL,kBAAkB;AACzB,UAAM,cACF,mEAAmB,eAAnB,mBAAgC,iBAAiB,WAAjD,mBAAyD;AAE7D,QAAI,aAAa;AACb,wBAAkB;AAAA,QACd,OAAO;AAAA,QACP,QAAQ,GAAG,KACP,YAAY,iBAAiB;AAAA;AAAA;AAAA;AAM7C,QAAM,cAAc,KAAK,iBAAiB,IAAI;AAC9C,MAAI,aAAa;AACb,UAAM,SAAS,KAAK,gBACd,wBACA;AACN,2BAAuB;AAAA,MACnB,OAAO,MAAM,yBAAyB;AAAA,QAClC,mBAAmB,6DAAsB;AAAA,QAEzC,QAAQ;AAAA,UACJ,iBACI,KAAK,6BACL,OAAO,IAAI,qCACX;AAAA,UACJ,SAAS;AAAA;AAAA,QAGb,cAAc;AAAA,UACV,QAAQ,mDAAiB;AAAA;AAAA;AAAA,MAGjC,QAAQ,GAAG,UAAU,KAAK,IAAI;AAAA;AAAA;AAItC,SAAO,EAAE,sBAAsB,iBAAiB;AAAA;AAG7C,IAAM,uCAAuC,CAAC;AAAA,EACjD;AAAA,EACA;AAAA,EACA;AAAA,MAKU;AACV,QAAM,MAAgB;AACtB,MAAI,kBAAkB;AAClB,QAAI,KAAK,yBAAyB,iBAAiB;AAAA;AAEvD,MAAI,sBAAsB;AACtB,QAAI,KAAK,6BAA6B,qBAAqB;AAAA;AAE/D,MAAI,iBAAiB;AACjB,QAAI,KAAK,wBAAwB,gBAAgB;AAAA;AAErD,SAAO,IAAI,KAAK;AAAA;;;AEhKb,IAAM,6BAA6B,OAAO;AAAA,EAC7C;AAAA,EACA;AAAA,MAmBE;AACF,QAAM,EAAE,sBAAsB,iBAAiB,qBAC3C,MAAM,4BAA4B;AAAA,IAC9B,MAAM;AAAA,MACF,QAAQ,KAAK;AAAA,MACb,SAAS,KAAK;AAAA,MACd,eAAe,KAAK;AAAA,MACpB,2BAA2B,KAAK;AAAA;AAAA,IAEpC,KAAK,mBACE;AAAA;AAIf,MAAI,KAAK,YAAY,MAAM;AACvB,YAAQ,IACJ,qCAAqC;AAAA,MACjC;AAAA,MACA;AAAA,MACA;AAAA;AAAA;AAKZ,MAAI,CAAC,wBAAwB,CAAC,iBAAiB;AAC3C,QAAI,CAAC,sBAAsB;AACvB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAEpB,QAAI,CAAC,iBAAiB;AAClB,cAAQ,MAAM;AACd,YAAM,IAAI,MAAM;AAAA;AAAA;AAIxB,SAAO,EAAE,sBAAsB;AAAA;;;AC7DnC;AAEO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,UAAU;AAChC,SAAO;AAAA;;;ALFJ,IAAM,UAAU;AAChB,IAAM,OAAO;AAEb,IAAM,UAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,uBAAuB,iBAAiB;AAAA,EACxC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,UAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,6BAA6B,IAAI,2BAA2B;AAAA,MAC9D,MAAM;AAAA,MACN,WAAW;AAAA;AAGf,UAAM,gBAAgB,MAAM,UAAU,KAAK;AAC3C,YAAQ,IAAI;AAAA,WACP,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AM7CtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;;;ACJA;AAEA;AAEO,IAAM,aAAa,OAAO,WAAqC;AAClE,MAAI;AACA,UAAM,KAAK;AACX,WAAO;AAAA,UACT;AACE,WAAO;AAAA;AAAA;AAIR,IAAM,8BAA8B,OAAO;AAAA,EAC9C;AAAA,EACA;AAAA,MAIE;AACF,MAAI;AAEJ,MAAK,MAAM,WAAW,aAAc,SAAS,MAAM;AAC/C,wBAAoB,MAAM,QAAQ;AAAA,MAC9B,MAAM;AAAA,MACN,MAAM;AAAA,MACN,SAAS,MAAM;AACX,eAAO,cAAc;AAAA;AAAA;AAAA,SAG1B;AACH,wBAAoB;AAAA;AAExB,SAAO;AAAA;;;ADtBJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,mBAAmB,iBAAiB;AAAA,EACpC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,KAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,cAAQ,MAAM,kBAAkB,UAAU;AAC1C;AAAA;AAEJ,UAAM,YAAY,MACd,GAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,IAAI,UAAU;AAAA,MAC5B,aAAa,qBAAqB;AAAA,MAClC,QAAQ,gBAAgB;AAAA;AAG5B,UAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KAAK,YAAY;AAAA,QACxC,qBAAqB;AAAA;AAEzB,YAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,UAAI,CAAC,sDAAkB,YAAW;AAC9B,cAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,UAClB;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAIZ,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,KAAK;AAAA;AAGrB,OAAG,cACC,KAAK,QAAQ,QAAQ,OAAO,KAAK,WAAW,SAC5C,WAAW,IAAI,CAAC,CAAC,KAAK,WAAW,GAAG,QAAQ,UAAU,KAAK;AAAA,WAE1D,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AE9EtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;;;ACJA;AAEO,IAAM,eAAe,CAAC;AAAA,EACzB;AAAA,MAIE;AACF,QAAM,YAAY,IAAI,WAAU;AAEhC,SAAO;AAAA;;;ADEJ,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,KACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,mBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,aAAoC,KAAK,UAC3C,gBACA,EAAE,WAAW;AAEjB,UAAM,UAAmB;AAAA,MACrB,QAAQ,iBAAiB;AAAA,MACzB;AAAA;AAEJ,UAAM,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,UAAG,cAAc,aAAa,KAAK,UAAU,SAAS,MAAM;AAAA;AAAA,WAE3D,GAAP;AACE,UAAM;AAAA;AAAA;;;AE9Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AACA;AAWO,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,2BAA2B,iBAAiB;AAAA,EAC5C,uBAAuB,iBAAiB;AAAA,EACxC,oCACI,iBAAiB;AAAA,EACrB,SAAS,iBAAiB;AAAA,EAE1B,SAAS,EAAE,QAAQ,MAAM,UAAU;AAAA;AAGvC,IAAM,YAAY,OAAO;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,MAME;AACF,QAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO;AAC9C,MAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAQ,MAAM,kBAAkB,WAAU;AAC1C;AAAA;AAEJ,QAAM,YAAY,OAAM,IAAG,aAAa,WAAW,EAAE,UAAU;AAE/D,QAAM,YAAY,IAAI,WAAU;AAAA,IAC5B,aAAa,qBAAqB;AAAA,IAClC,QAAQ,gBAAgB;AAAA;AAG5B,QAAM,aAAiC,MAAM,QAAQ,IACjD,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,gBAAgB;AACvD,UAAM,iBAAiB,IAAI,gBAAe;AAAA,MACtC,OAAO;AAAA,MACP,gBAAgB,OAAO,KAAK,YAAY;AAAA,MACxC,qBAAqB;AAAA;AAEzB,UAAM,mBAAmB,MAAM,UAAU,KAAK;AAE9C,QAAI,CAAC,sDAAkB,YAAW;AAC9B,YAAM,IAAI,MACN,OAAO,KAAK,UAAU;AAAA,QAClB;AAAA,QACA;AAAA,QACA;AAAA;AAAA;AAIZ,UAAM,QAAQ,OAAO,KAAK,iBAAiB,WAAW;AACtD,WAAO,CAAC,KAAK;AAAA;AAGrB,QAAM,MAAM,OAAO,YAAY;AAE/B,SAAO;AAAA;AAEJ,IAAM,WAAU,OACnB,SACgB;AAChB,MAAI;AACA,QAAI;AACJ,QAAI;AACJ,QAAI;AACA,UAAI,KAAK,SAAS;AACd,cAAM,OACF,IAAG,aAAa,KAAK,SAAS,EAAE,UAAU;AAAA,aAE3C;AACH,cAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,UAC7B,MAAM,mBAAK;AAAA,UACX,KAAK,kCACE,QAAQ,MACR;AAAA;AAOf,YACK,MAAK,oBACF,QAAQ,IAAI,uBACZ,4BAAK,yBACT,qBAAqB,MAAM,iBAAiB,QAC9C;AACE,mBAAS;AAAA,YACL,mBACI,qBAAqB,MAAM;AAAA,YAC/B,uBACI,qBAAqB,MAAM;AAAA,YAC/B,mBACI,qBAAqB,MAAM;AAAA;AAAA;AAIvC,YAAI,KAAK,SAAS;AACd,kBAAQ,IAAI,EAAE,sBAAsB;AAAA;AAGxC,cAAM,MAAM,UAAU;AAAA,UAClB,SAAS,KAAK;AAAA,UACd;AAAA,UACA;AAAA,UACA,aAAa,KAAK;AAAA;AAAA;AAAA,aAGrB,GAAP;AACE,UAAI,KAAK,yBAAyB,MAAM;AACpC,cAAM;AAAA;AAAA;AAKd,UAAM,kBAAkB,QAAQ,KAAK,MACjC,QAAQ,KAAK,QAAQ,KAAK,WAAW;AAGzC,QAAI,KAAK,SAAS;AACd,YAAM,KAAK,SAAS,CAAC,GAAG,kBAAkB;AAAA,QACtC,OAAO;AAAA,QACP,OAAO;AAAA,QACP,KAAK,iDAAK,QAAQ,MAAQ,SAAW;AAAA;AAAA;AAAA,WAGxC,GAAP;AACE,YAAQ,MAAM;AAAA;AAAA;;;AC3JtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;AAQO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,YAAY,iBAAiB;AAAA,EAC7B,YAAY,iBAAiB;AAAA,EAC7B,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA;AAIvB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,YAAY,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACnD,QAAI,CAAE,MAAM,WAAW,YAAa;AAChC,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,YAAY,OACd,IAAG,aAAa,WAAW,EAAE,UAAU;AAG3C,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,MACF,OAAM,QAAQ,IACV,OAAO,QAAQ,WAAW,IAAI,OAAO,CAAC,KAAK,WAAW;AAClD,YAAM,iBAAiB,IAAI,eAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aAAK,kBAAkB,KAAK,QAAQ,UAAU;AAAA;AAGlD,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,GAAG,QAAQ;AAAA,SAG5B,KAAK;AAEP,QAAG,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK,UAAU;AAAA,WACvD,GAAP;AACE,UAAM;AAAA;AAAA;;;AC5Gd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AAEA;AACA;AACA;AAQO,IAAM,WAAU;AAChB,IAAM,QAAO;AAEb,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAClC,gBAAgB;AAAA,IACZ,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,cAAc,MAAK,QAAQ,QAAQ,OAAO,KAAK;AACrD,QAAI,CAAE,MAAM,WAAW,cAAe;AAClC,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,UAAU,KAAK,MACjB,IAAG,aAAa,aAAa,EAAE,UAAU;AAG7C,QAAI,CAAC,QAAQ,YAAY;AACrB,YAAM,IAAI,MAAM;AAAA;AAGpB,UAAM,iBAAyC,MAC3C,QAAQ,YACR,EAAE,WAAW;AAEjB,QAAI,KAAK,SAAS;AACd,cAAQ,IAAI;AAAA;AAEhB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,0BAA0B,OAAO,YACnC,MAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAC3B,OAAO,CAAC,eAAe,eAAe;AAClC,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,WAAW,OAAO,KAAK;AAAA,QACvB,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,gBAAgB;AAClC,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,OAAO;AAAA,UACP;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,aAAa,OAAO,KACtB,iBAAiB,gBACnB,SAAS;AACX,aAAO,CAAC,eAAe;AAAA;AAMvC,UAAM,sBACF,MAAK,UAAU,yBAAyB,EAAE,WAAW;AACzD,UAAM,mBAAqC;AAAA,MACvC,QAAQ,QAAQ;AAAA,MAChB;AAAA;AAGJ,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,UAAM,oBAAoB,MAAM,4BAA4B;AAAA,MACxD,UAAU;AAAA,MACV,MAAM,KAAK;AAAA;AAGf,QACI,sBAAsB,UACtB,kBAAkB,cAAc,MAClC;AACE,UAAG,cACC,sBACA,KAAK,UAAU,kBAAkB,MAAM;AAAA;AAAA,WAG1C,GAAP;AACE,UAAM;AAAA;AAAA;;;AC/Jd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA;AACA;AACA;AACA;AACA;AASO,IAAM,WAAU;AAChB,IAAM,QACT;AAEG,IAAM,WAAU;AAAA,EACnB,eAAe,iBAAiB;AAAA,EAChC,cAAc,iBAAiB;AAAA,EAC/B,iBAAiB,iBAAiB;AAAA,EAElC,0BAA0B;AAAA,IACtB,QAAQ;AAAA,IACR,UAAU;AAAA,IACV,SAAS;AAAA;AAAA,EAEb,mBAAmB,iBAAiB;AAAA,EACpC,SAAS,iBAAiB;AAAA,EAC1B,KAAK,mBAAK,iBAAiB;AAAA;AAGxB,IAAM,WAAU,OACnB,SACgB;AAChB,QAAM,EAAE,MAAM,UAAU;AACxB,MAAI;AACA,UAAM,EAAE,sBAAsB,oBAC1B,MAAM,2BAA2B;AAAA,MAC7B,MAAM,mBAAK;AAAA,MACX,KAAK,mBAAK,QAAQ;AAAA;AAG1B,UAAM,uBAAuB,MAAK,QAC9B,QAAQ,OACR,KAAK;AAET,QAAI,CAAE,MAAM,WAAW,uBAAwB;AAC3C,YAAM,kBAAkB,WAAU;AAClC;AAAA;AAEJ,UAAM,mBAAmB,KAAK,MAC1B,IAAG,aAAa,sBAAsB,EAAE,UAAU;AAGtD,QAAI,CAAC,iBAAiB,qBAAqB;AACvC,YAAM,IAAI,MACN;AAAA;AAIR,UAAM,0BAAkD,MACpD,iBAAiB,qBACjB,EAAE,WAAW;AAGjB,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAElB,QAAI,KAAK,SAAS;AACd,WACI,8BAA8B,KAAK,KAAK,mBAAmB,KACvD,MAAM,UAAU,OAAO;AAM/B,YAAM,qBAAqB,IAAI,oBAAmB;AAAA,QAC9C,OAAO,KAAK;AAAA;AAGhB,YAAM,oBAAoB,MAAM,UAAU,KAAK;AAE/C,cAAQ,IAAI,qBAAqB,EAAE;AAAA;AAGvC,UAAM,iBAAiB,OAAO,YAC1B,MAAM,QAAQ,IACV,OAAO,QAAQ,yBAAyB,IACpC,OAAO,CAAC,eAAe,wBAAwB;AAC3C,YAAM,iBAAiB,IAAI,gBAAe;AAAA,QACtC,OAAO,KAAK;AAAA,QACZ,gBAAgB,OAAO,KACnB,oBACA;AAAA,QAEJ,qBAAqB;AAAA;AAGzB,YAAM,mBAAmB,MAAM,UAAU,KACrC;AAGJ,UAAI,CAAC,iBAAiB,WAAW;AAC7B,cAAM,IAAI,MACN,2BAA2B,KAAK,UAAU;AAAA,UACtC,KAAK;AAAA,UACL,YAAY;AAAA,UACZ;AAAA;AAAA;AAKZ,UAAI,KAAK,SAAS;AACd,aACI,kBAAkB,KACd,kBACC,UAAU;AAAA;AAIvB,YAAM,QAAQ,OAAO,KACjB,iBAAiB,WACnB;AACF,aAAO,CAAC,eAAe;AAAA;AAQvC,UAAM,YAAY,aAAa;AAAA,MAC3B,eAAe;AAAA,QACX,aAAa,qBAAqB;AAAA,QAClC,QAAQ,gBAAgB;AAAA;AAAA,MAE5B,SAAS,KAAK;AAAA;AAGlB,UAAM,QAAQ,IACV,OAAO,QAAQ,gBAAgB,IAAI,CAAC,CAAC,eAAe,WAAW;AAC3D,YAAM,sBAAsB,IAAI,oBAAoB;AAAA,QAChD,MAAM,IAAI;AAAA,QACV,OAAO;AAAA,QACP,MAAM;AAAA,QACN,WAAW;AAAA;AAGf,aAAO,UAAU,KAAK;AAAA;AAAA,WAGzB,GAAP;AACE,UAAM;AAAA;AAAA;;;AdjJd,KAAK,MAAM,QAAQ,QAAQ,OACtB,QAAQ,wBACR,QAAQ,6BACR,QAAQ,sBACR,QAAQ,2BACR,QAAQ,2BACR,QAAQ,4BACR,QAAQ,4BAGR;",
6
6
  "names": []
7
7
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "dotsec",
3
- "version": "0.8.0",
3
+ "version": "0.9.0",
4
4
  "description": "",
5
5
  "main": "./dist/index.js",
6
6
  "types": "./dist/index.d.ts",
@@ -61,5 +61,5 @@
61
61
  "prompts": "^2.4.2",
62
62
  "yargs": "^17.4.0"
63
63
  },
64
- "gitHead": "7b372afff09dcd245c4ed33b02ee219d05bba117"
64
+ "gitHead": "cededf580f82692479f9caf058edd4055a168dba"
65
65
  }