dotsec 1.0.0-alpha.13 → 1.0.0-alpha.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/index.js +5 -5
- package/dist/cli/index.js.map +2 -2
- package/dist/cli/index.mjs +5 -5
- package/dist/cli/index.mjs.map +2 -2
- package/package.json +2 -2
package/dist/cli/index.js
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
var ln=Object.create;var we=Object.defineProperty,gn=Object.defineProperties,pn=Object.getOwnPropertyDescriptor,mn=Object.getOwnPropertyDescriptors,un=Object.getOwnPropertyNames,ve=Object.getOwnPropertySymbols,dn=Object.getPrototypeOf,Re=Object.prototype.hasOwnProperty,fn=Object.prototype.propertyIsEnumerable;var De=(e,n,i)=>n in e?we(e,n,{enumerable:!0,configurable:!0,writable:!0,value:i}):e[n]=i,r=(e,n)=>{for(var i in n||(n={}))Re.call(n,i)&&De(e,i,n[i]);if(ve)for(var i of ve(n))fn.call(n,i)&&De(e,i,n[i]);return e},v=(e,n)=>gn(e,mn(n)),yn=e=>we(e,"__esModule",{value:!0});var wn=(e,n,i)=>{if(n&&typeof n=="object"||typeof n=="function")for(let t of un(n))!Re.call(e,t)&&t!=="default"&&we(e,t,{get:()=>n[t],enumerable:!(i=pn(n,t))||i.enumerable});return e},f=e=>wn(yn(we(e!=null?ln(dn(e)):{},"default",e&&e.__esModule&&"default"in e?{get:()=>e.default,enumerable:!0}:{value:e,enumerable:!0})),e);var an=f(require("commander"));var oe=f(require("@aws-sdk/client-kms"));var te=f(require("@aws-sdk/credential-providers")),ke=f(require("@aws-sdk/shared-ini-file-loader"));var Pe=f(require("chalk"));var _=e=>Pe.default.yellowBright(e),C=e=>Pe.default.yellow.bold(e);var _e=async({argv:e,env:n})=>{var m,
|
|
2
|
-
`)};var ce=async({argv:e,env:n})=>{let{credentialsAndOrigin:i,regionAndOrigin:t,profileAndOrigin:a}=await _e({argv:{region:e.awsRegion,profile:e.awsProfile,assumeRoleArn:e.awsAssumeRoleArn,assumeRoleSessionDuration:e.awsAssumeRoleSessionDuration},env:r({},n)});if(e.verbose===!0&&console.log(xe({credentialsAndOrigin:i,regionAndOrigin:t,profileAndOrigin:a})),!(i&&t)){if(!i)throw console.error("Could not find credentials"),new Error("Could not find credentials");if(!t)throw console.error("Could not find region"),new Error("Could not find region")}return{credentialsAndOrigin:i,regionAndOrigin:t}};var le=async e=>{var y,p;let{kms:{keyAlias:n}={},region:i}=e,{credentialsAndOrigin:t,regionAndOrigin:a}=await ce({argv:{},env:r({},process.env)}),o=new oe.KMSClient({credentials:t.value,region:i||a.value}),c=new oe.DescribeKeyCommand({KeyId:n}),g=(p=(y=(await o.send(c)).KeyMetadata)==null?void 0:y.EncryptionAlgorithms)==null?void 0:p[0];if(g===void 0)throw new Error("Could not determine encryption algorithm");return{async encrypt(l){let u=new oe.EncryptCommand({KeyId:n,Plaintext:Buffer.from(l),EncryptionAlgorithm:g}),w=await o.send(u);if(!w.CiphertextBlob)throw new Error(`Something bad happened: ${JSON.stringify({encryptCommand:u})}`);return Buffer.from(w.CiphertextBlob).toString("base64")},async decrypt(l){let u=new oe.DecryptCommand({KeyId:n,CiphertextBlob:Buffer.from(l,"base64"),EncryptionAlgorithm:g}),w=await o.send(u);if(!w.Plaintext)throw new Error(`Something bad happened: ${JSON.stringify({cipherText:l,decryptCommand:u})}`);let s=Buffer.from(w.Plaintext).toString();return this.verbose&&console.info(`Decrypting key '${l}'`),s},other:()=>{}}};var ue=f(require("node:fs/promises")),Fe=f(require("prompts")),Te=f(require("node:path")),ge=async e=>await ue.default.readFile(e,"utf-8"),se=async(e,n)=>await ue.default.writeFile(e,n,"utf-8"),Sn=async e=>{try{return await(0,ue.stat)(e),!0}catch{return!1}},ae=async({filePath:e,skip:n})=>{let i;return await Sn(e)&&n!==!0?i=await(0,Fe.default)({type:"confirm",name:"overwrite",message:()=>`Overwrite './${Te.default.relative(process.cwd(),e)}' ?`}):i=void 0,i};var Le=f(require("node:path"));var P=f(require("typescript")),Me=f(require("node:fs")),Ie=e=>{let n=P.createPrinter(),i=Me.default.readFileSync(e.configFile,"utf8"),t=g=>y=>{function p(l){var u,w,s,E,h,R,D,T,x,H,N,V,Y,J,B,Z,z,Q;if(l=P.visitEachChild(l,p,g),l.kind===P.SyntaxKind.StringLiteral){let S=(w=(u=l==null?void 0:l.parent)==null?void 0:u.parent)==null?void 0:w.parent;if(((h=(E=(s=e.config)==null?void 0:s.aws)==null?void 0:E.kms)==null?void 0:h.keyAlias)&&((R=S==null?void 0:S.getChildAt(0))==null?void 0:R.getText())==="kms"){let A=(D=S==null?void 0:S.parent)==null?void 0:D.parent;if((A==null?void 0:A.getChildAt(0).getText())==="aws")return P.createStringLiteral((H=(x=(T=e.config)==null?void 0:T.aws)==null?void 0:x.kms)==null?void 0:H.keyAlias)}if(((V=(N=e.config)==null?void 0:N.aws)==null?void 0:V.region)&&((J=(Y=l==null?void 0:l.parent)==null?void 0:Y.getChildAt(0))==null?void 0:J.getText())==="region"){let A=(Z=(B=l==null?void 0:l.parent)==null?void 0:B.parent)==null?void 0:Z.parent;if((A==null?void 0:A.getChildAt(0).getText())==="aws")return P.createStringLiteral((Q=(z=e.config)==null?void 0:z.aws)==null?void 0:Q.region)}}return l}return P.visitNode(y,p)},a=P.createSourceFile("test.ts",i,P.ScriptTarget.ES2015,!0,P.ScriptKind.TS),o=P.transform(a,[t]),c=o.transformed[0],m=n.printFile(c);return o.dispose(),m};var Se="dotsec.config.ts",We=[Se],pe=".sec",me=".env",de="alias/dotsec",Cn="SecureString",O={config:{aws:{kms:{keyAlias:de},ssm:{parameterType:Cn}}}};var An={dotsec:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",Se]}},init:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",Se],env:["--env","Path to .env file",me],sec:["--sec","Path to .sec file",pe],yes:["--yes","Skip confirmation prompts",!1],awsKeyAlias:["--aws-key-alias <awsKeyAlias>","AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)","alias/dotsec"],awsRegion:["--aws-region <awsRegion>","AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION"]}},encrypt:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file",me],sec:["--sec <sec>","Path to .sec file",pe],yes:["--yes","Skip confirmation prompts",!1]}},decrypt:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file",me],sec:["--sec <sec>","Path to .sec file",pe],yes:["--yes","Skip confirmation prompts",!1]}},run:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file"]}},push:{inheritsFrom:["dotsec"],options:{toAwsSsm:["--to-aws-ssm, --toAwsSsm","Push to AWS SSM"],toAwsSecretsManager:["--to-aws-secrets-manager, --toAwsSecretsManager","Push to AWS Secrets Manager"],toGitHubActionsSecrets:["--to-github-actions-secrets, --toGitHubActionsSecrets","Push to GitHub actions secrets"],env:["--env [env]","Path to .env file"],sec:["--sec [sec]","Path to .sec file"],yes:["--yes","Skip confirmation prompts",!1],awsKeyAlias:["--aws-key-alias <awsKeyAlias>","AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)","alias/dotsec"],awsRegion:["--aws-region <awsRegion>","AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION"]}}},Ne=(e,n,i={})=>{let t=e[n];if(t)return t.inheritsFrom?t==null?void 0:t.inheritsFrom.reduce((a,o)=>{let c=Ne(e,o,a);return r({},c)},{options:r(r({},i.options),t.options),requiredOptions:r(r({},i.requiredOptions),t.requiredOptions)}):{options:r(r({},i.options),t.options),requiredOptions:r(r({},i.requiredOptions),t.requiredOptions)}},W=(e,n)=>{let i=Ne(An,n||e.name());(i==null?void 0:i.options)&&Object.values(i.options).forEach(([t,a,o])=>{e.option(t,a,o)}),(i==null?void 0:i.requiredOptions)&&Object.values(i.requiredOptions).forEach(([t,a,o])=>{e.requiredOption(t,a,o)})};var En=async e=>{let n=e.enablePositionalOptions().passThroughOptions().command("init").action(async(i,t)=>{var l,u,w,s,E,h;let{verbose:a,configFile:o,env:c,sec:m,awskeyAlias:g,awsRegion:y,yes:p}=t.optsWithGlobals();try{let R;R=await le({verbose:a,region:y||process.env.AWS_REGION||((u=(l=O.config)==null?void 0:l.aws)==null?void 0:u.region),kms:{keyAlias:g||((h=(E=(s=(w=O)==null?void 0:w.config)==null?void 0:s.aws)==null?void 0:E.kms)==null?void 0:h.keyAlias)}});let D=await ge(c),T=await R.encrypt(D),x=await ae({filePath:m,skip:p});(x===void 0||x.overwrite===!0)&&(await se(m,T),console.log(`Wrote encrypted contents of ${C(c)} contents file to ${C(m)}`));let H=Ie({configFile:Le.default.resolve(__dirname,"../../src/templates/dotsec.config.ts"),config:{aws:{kms:{keyAlias:g||de},region:y||process.env.AWS_REGION}}}),N=await ae({filePath:o,skip:p});(N===void 0||N.overwrite===!0)&&(await se(o,H),console.log(`Wrote config file to ${C(o)}`))}catch(R){t.error(R)}});return W(n),n},He=En;var Oe=f(require("node:fs")),Ue=f(require("dotenv"));var Ke=f(require("node:path")),Ge=f(require("bundle-require")),qe=f(require("joycon"));var je=f(require("fs")),$e=f(require("node:path"));function hn(e){try{return new Function(`return ${e.trim()}`)()}catch{return{}}}var Ce=async e=>{try{return hn(await je.default.promises.readFile(e,"utf8"))}catch(n){throw n instanceof Error?new Error(`Failed to parse ${$e.default.relative(process.cwd(),e)}: ${n.message}`):n}};var Ae=async e=>{var a,o,c,m,g,y,p,l,u,w,s,E,h,R,D,T,x,H,N,V,Y,J,B,Z,z,Q,S,A,L,G,q,k,M,I,b,F,X,ee,j,ne,ie,re;let n=process.cwd(),t=await new qe.default().resolve({files:e?[e]:[...We,"package.json"],cwd:n,stopDir:Ke.default.parse(n).root,packageKey:"dotsec"});if(e&&t===null)throw new Error(`Could not find config file ${e}`);if(t){if(t.endsWith(".json")){let $=await Ce(t),d;return t.endsWith("package.json")&&$.dotsec!==void 0?d=$.dotsec:d=$,{source:"json",contents:v(r(r({},O),d),{config:v(r(r({},d==null?void 0:d.config),O.config),{github:r(r({},(a=d==null?void 0:d.config)==null?void 0:a.github),(c=(o=O)==null?void 0:o.config)==null?void 0:c.github),aws:v(r(r({},(m=d==null?void 0:d.config)==null?void 0:m.aws),(y=(g=O)==null?void 0:g.config)==null?void 0:y.aws),{kms:r(r({},(u=(l=(p=O)==null?void 0:p.config)==null?void 0:l.aws)==null?void 0:u.kms),(s=(w=d.config)==null?void 0:w.aws)==null?void 0:s.kms),ssm:r(r({},(R=(h=(E=O)==null?void 0:E.config)==null?void 0:h.aws)==null?void 0:R.ssm),(T=(D=d.config)==null?void 0:D.aws)==null?void 0:T.ssm),secretsManager:r(r({},(N=(H=(x=O)==null?void 0:x.config)==null?void 0:H.aws)==null?void 0:N.secretsManager),(Y=(V=d.config)==null?void 0:V.aws)==null?void 0:Y.secretsManager)})})})}}else if(t.endsWith(".ts")){let $=await(0,Ge.bundleRequire)({filepath:t}),d=$.mod.dotsec||$.mod.default||$.mod;return{source:"ts",contents:v(r(r({},O),d),{config:v(r(r({},d==null?void 0:d.config),O.config),{github:r(r({},(J=d==null?void 0:d.config)==null?void 0:J.github),(Z=(B=O)==null?void 0:B.config)==null?void 0:Z.github),aws:v(r(r({},(z=d==null?void 0:d.config)==null?void 0:z.aws),(S=(Q=O)==null?void 0:Q.config)==null?void 0:S.aws),{kms:r(r({},(G=(L=(A=O)==null?void 0:A.config)==null?void 0:L.aws)==null?void 0:G.kms),(k=(q=d.config)==null?void 0:q.aws)==null?void 0:k.kms),ssm:r(r({},(b=(I=(M=O)==null?void 0:M.config)==null?void 0:I.aws)==null?void 0:b.ssm),(X=(F=d.config)==null?void 0:F.aws)==null?void 0:X.ssm),secretsManager:r(r({},(ne=(j=(ee=O)==null?void 0:ee.config)==null?void 0:j.aws)==null?void 0:ne.secretsManager),(re=(ie=d.config)==null?void 0:ie.aws)==null?void 0:re.secretsManager)})})})}}}return{source:"defaultConfig",contents:O}};var Ve=f(require("node:child_process")),Pn=(e,n)=>{var t;let i=e.command("run2 <command...>").allowUnknownOption().description("Run a command in a separate process and populate env with decrypted .env or encrypted .sec values").action(async(a,o,c)=>{var E,h,R;let{configFile:m,env:g,sec:y,keyAlias:p,region:l}=c.optsWithGlobals(),{contents:{config:u}={}}=await Ae(m),w=await le({verbose:!0,kms:{keyAlias:p||((h=(E=u==null?void 0:u.aws)==null?void 0:E.kms)==null?void 0:h.keyAlias)||de},region:l||((R=u==null?void 0:u.aws)==null?void 0:R.region)}),s;if(g)s=Oe.default.readFileSync(g,"utf8");else if(y){let D=Oe.default.readFileSync(y,"utf8");s=await w.decrypt(D)}else throw new Error('Must provide either "--env" or "--sec"');if(s){let D=(0,Ue.parse)(s),[T,...x]=a;(0,Ve.spawnSync)(T,[...x],{stdio:"inherit",shell:!1,env:v(r(r({},process.env),D),{__DOTSEC_ENV__:JSON.stringify(Object.keys(D))})}),c.help()}else throw new Error("No .env or .sec file provided")});return W(i,"run"),(t=n==null?void 0:n.run)==null||t.map(a=>{let{options:o,requiredOptions:c}=a;o&&Object.values(o).map(m=>{i.option(...m)}),c&&Object.values(c).map(m=>{i.option(...m)})}),i},Ye=Pn;var fe=e=>typeof e=="boolean";var be=f(require("node:fs"));var ze=f(require("dotenv"));var Je=f(require("prompts")),Ee=async({predicate:e,skip:n,message:i})=>n===!0?{confirm:!0}:(e?await e():!0)?await(0,Je.default)({type:"confirm",name:"confirm",message:()=>i}):{confirm:!0};var he=f(require("@aws-sdk/client-ssm"));var Be=async e=>{let{region:n}=e||{},{credentialsAndOrigin:i,regionAndOrigin:t}=await ce({argv:{},env:r({},process.env)}),a=new he.SSMClient({credentials:i.value,region:n||t.value});return{async put(o){for(let c of o){let m=new he.PutParameterCommand(v(r({},c),{Overwrite:!0}));await a.send(m)}}}};var K=f(require("@aws-sdk/client-secrets-manager"));var Ze=async e=>{let{region:n}=e||{},{credentialsAndOrigin:i,regionAndOrigin:t}=await ce({argv:{},env:r({},process.env)}),a=new K.SecretsManagerClient({credentials:i.value,region:n||t.value});return{async push(o){let c=[];console.log("createSecretReddquests",o);let m=[];for(let g of o){let y=new K.DescribeSecretCommand({SecretId:g.Name});try{let p=await a.send(y);console.log("got one"),m.push(new K.UpdateSecretCommand({SecretId:p.ARN,SecretString:g.SecretString}))}catch(p){p instanceof K.ResourceNotFoundException&&(console.log("got one"),c.push(new K.CreateSecretCommand({Name:g.Name,SecretString:g.SecretString})))}}return{createSecretCommands:c,updateSecretCommands:m,push:async()=>{for(let g of c)await a.send(g);for(let g of m)await a.send(g)}}}}};var On=async e=>{let n=e.enablePositionalOptions().passThroughOptions().command("push").action(async(i,t)=>{var R,D,T,x,H,N,V,Y,J,B,Z,z,Q;let{configFile:a,verbose:o,env:c,sec:m,awskeyAlias:g,awsRegion:y,yes:p,toAwsSsm:l,toAwsSecretsManager:u,toGitHubActionsSecrets:w}=t.optsWithGlobals();if(!(l||u||w))throw new Error("You must specify at least one of --to-aws-ssm, --to-aws-secrets-manager or --to-github-actions-secrets");let{contents:s}=await Ae(a),E;if(c){let S=fe(c)?me:c;E=be.default.readFileSync(S,"utf8")}else if(m){let S=fe(m)?pe:m,A=be.default.readFileSync(S,"utf8");E=await(await le({verbose:o,region:y||process.env.AWS_REGION||((D=(R=s.config)==null?void 0:R.aws)==null?void 0:D.region),kms:{keyAlias:g||((H=(x=(T=s==null?void 0:s.config)==null?void 0:T.aws)==null?void 0:x.kms)==null?void 0:H.keyAlias)}})).decrypt(A)}else throw new Error('Must provide either "--env" or "--sec"');let h=(0,ze.parse)(E);try{if(l){let S=(V=(N=s==null?void 0:s.config)==null?void 0:N.aws)==null?void 0:V.ssm,A=(S==null?void 0:S.parameterType)||"SecureString",L=(S==null?void 0:S.pathPrefix)||"",G=Object.entries(h).reduce((k,[M,I])=>{var b,F,X,ee;if((b=s.variables)==null?void 0:b[M]){let j=(F=s.variables)==null?void 0:F[M];if(j){let ne=`${L}${M}`;if((ee=(X=j.push)==null?void 0:X.aws)==null?void 0:ee.ssm){let ie=fe(j.push.aws.ssm)?{Name:ne,Value:I,Type:A}:v(r({Name:ne,Type:A},j.push.aws.ssm),{Value:I});k.push(ie)}}}return k},[]),{confirm:q}=await Ee({message:`Are you sure you want to push the following variables to AWS SSM Parameter Store?
|
|
1
|
+
var ln=Object.create;var we=Object.defineProperty,gn=Object.defineProperties,pn=Object.getOwnPropertyDescriptor,mn=Object.getOwnPropertyDescriptors,un=Object.getOwnPropertyNames,ve=Object.getOwnPropertySymbols,dn=Object.getPrototypeOf,Re=Object.prototype.hasOwnProperty,fn=Object.prototype.propertyIsEnumerable;var De=(e,n,i)=>n in e?we(e,n,{enumerable:!0,configurable:!0,writable:!0,value:i}):e[n]=i,r=(e,n)=>{for(var i in n||(n={}))Re.call(n,i)&&De(e,i,n[i]);if(ve)for(var i of ve(n))fn.call(n,i)&&De(e,i,n[i]);return e},v=(e,n)=>gn(e,mn(n)),yn=e=>we(e,"__esModule",{value:!0});var wn=(e,n,i)=>{if(n&&typeof n=="object"||typeof n=="function")for(let t of un(n))!Re.call(e,t)&&t!=="default"&&we(e,t,{get:()=>n[t],enumerable:!(i=pn(n,t))||i.enumerable});return e},f=e=>wn(yn(we(e!=null?ln(dn(e)):{},"default",e&&e.__esModule&&"default"in e?{get:()=>e.default,enumerable:!0}:{value:e,enumerable:!0})),e);var an=f(require("commander"));var oe=f(require("@aws-sdk/client-kms"));var te=f(require("@aws-sdk/credential-providers")),ke=f(require("@aws-sdk/shared-ini-file-loader"));var Pe=f(require("chalk"));var _=e=>Pe.default.yellowBright(e),C=e=>Pe.default.yellow.bold(e);var _e=async({argv:e,env:n})=>{var m,p,y;let i=await(0,ke.loadSharedConfigFiles)(),t,a,o;if(e.profile?(a={value:e.profile,origin:`command line option: ${_(e.profile)}`},t={value:await(0,te.fromIni)({profile:e.profile})(),origin:`${_(`[${e.profile}]`)} in credentials file`}):n.AWS_PROFILE?(a={value:n.AWS_PROFILE,origin:`env variable ${_("AWS_PROFILE")}: ${C(n.AWS_PROFILE)}`},t={value:await(0,te.fromIni)({profile:n.AWS_PROFILE})(),origin:`env variable ${_("AWS_PROFILE")}: ${C(n.AWS_PROFILE)}`}):n.AWS_ACCESS_KEY_ID&&n.AWS_SECRET_ACCESS_KEY?t={value:await(0,te.fromEnv)()(),origin:`env variables ${_("AWS_ACCESS_KEY_ID")} and ${_("AWS_SECRET_ACCESS_KEY")}`}:((m=i.credentialsFile)==null?void 0:m.default)&&(a={value:"default",origin:`${_("[default]")} in credentials file`},t={value:await(0,te.fromIni)({profile:"default"})(),origin:`profile ${_("[default]")}`}),e.region)o={value:e.region,origin:`command line option: ${_(e.region)}`};else if(n.AWS_REGION)o={value:n.AWS_REGION,origin:`env variable ${_("AWS_REGION")}: ${C(n.AWS_REGION)}`};else if(n.AWS_DEFAULT_REGION)o={value:n.AWS_DEFAULT_REGION,origin:`env variable ${_("AWS_DEFAULT_REGION")}: ${C(n.AWS_DEFAULT_REGION)}`};else if(a){let g=(y=(p=i==null?void 0:i.configFile)==null?void 0:p[a.value])==null?void 0:y.region;g&&(o={value:g,origin:`${_(`[profile ${a.value}]`)} in config file`})}let c=e.assumeRoleArn||n.AWS_ASSUME_ROLE_ARN;if(c){let g=e.assumeRoleArn?"command line option":"env variable";t={value:await(0,te.fromTemporaryCredentials)({masterCredentials:t==null?void 0:t.value,params:{DurationSeconds:e.assumeRoleSessionDuration||Number(n.AWS_ASSUME_ROLE_SESSION_DURATION)||3600,RoleArn:c},clientConfig:{region:o==null?void 0:o.value}})(),origin:`${g} ${_(`[${c}]`)}`}}return{credentialsAndOrigin:t,regionAndOrigin:o,profileAndOrigin:a}},xe=({credentialsAndOrigin:e,regionAndOrigin:n,profileAndOrigin:i})=>{let t=[];return i&&t.push(`Got profile name from ${i.origin}`),e&&t.push(`Resolved credentials from ${e.origin}`),n&&t.push(`Resolved region from ${n.origin}`),t.join(`
|
|
2
|
+
`)};var ce=async({argv:e,env:n})=>{let{credentialsAndOrigin:i,regionAndOrigin:t,profileAndOrigin:a}=await _e({argv:{region:e.awsRegion,profile:e.awsProfile,assumeRoleArn:e.awsAssumeRoleArn,assumeRoleSessionDuration:e.awsAssumeRoleSessionDuration},env:r({},n)});if(e.verbose===!0&&console.log(xe({credentialsAndOrigin:i,regionAndOrigin:t,profileAndOrigin:a})),!(i&&t)){if(!i)throw console.error("Could not find credentials"),new Error("Could not find credentials");if(!t)throw console.error("Could not find region"),new Error("Could not find region")}return{credentialsAndOrigin:i,regionAndOrigin:t}};var le=async e=>{var y,g;let{kms:{keyAlias:n}={},region:i}=e,{credentialsAndOrigin:t,regionAndOrigin:a}=await ce({argv:{},env:r({},process.env)}),o=new oe.KMSClient({credentials:t.value,region:i||a.value}),c=new oe.DescribeKeyCommand({KeyId:n}),p=(g=(y=(await o.send(c)).KeyMetadata)==null?void 0:y.EncryptionAlgorithms)==null?void 0:g[0];if(p===void 0)throw new Error("Could not determine encryption algorithm");return{async encrypt(l){let u=new oe.EncryptCommand({KeyId:n,Plaintext:Buffer.from(l),EncryptionAlgorithm:p}),w=await o.send(u);if(!w.CiphertextBlob)throw new Error(`Something bad happened: ${JSON.stringify({encryptCommand:u})}`);return Buffer.from(w.CiphertextBlob).toString("base64")},async decrypt(l){let u=new oe.DecryptCommand({KeyId:n,CiphertextBlob:Buffer.from(l,"base64"),EncryptionAlgorithm:p}),w=await o.send(u);if(!w.Plaintext)throw new Error(`Something bad happened: ${JSON.stringify({cipherText:l,decryptCommand:u})}`);let s=Buffer.from(w.Plaintext).toString();return this.verbose&&console.info(`Decrypting key '${l}'`),s},other:()=>{}}};var ue=f(require("node:fs/promises")),Fe=f(require("prompts")),Te=f(require("node:path")),ge=async e=>await ue.default.readFile(e,"utf-8"),se=async(e,n)=>await ue.default.writeFile(e,n,"utf-8"),Sn=async e=>{try{return await(0,ue.stat)(e),!0}catch{return!1}},ae=async({filePath:e,skip:n})=>{let i;return await Sn(e)&&n!==!0?i=await(0,Fe.default)({type:"confirm",name:"overwrite",message:()=>`Overwrite './${Te.default.relative(process.cwd(),e)}' ?`}):i=void 0,i};var Le=f(require("node:path"));var P=f(require("typescript")),Me=f(require("node:fs")),Ie=e=>{let n=P.createPrinter(),i=Me.default.readFileSync(e.configFile,"utf8"),t=p=>y=>{function g(l){var u,w,s,E,h,R,D,T,x,H,N,V,Y,J,B,Z,z,Q;if(l=P.visitEachChild(l,g,p),l.kind===P.SyntaxKind.StringLiteral){let S=(w=(u=l==null?void 0:l.parent)==null?void 0:u.parent)==null?void 0:w.parent;if(((h=(E=(s=e.config)==null?void 0:s.aws)==null?void 0:E.kms)==null?void 0:h.keyAlias)&&((R=S==null?void 0:S.getChildAt(0))==null?void 0:R.getText())==="kms"){let A=(D=S==null?void 0:S.parent)==null?void 0:D.parent;if((A==null?void 0:A.getChildAt(0).getText())==="aws")return P.createStringLiteral((H=(x=(T=e.config)==null?void 0:T.aws)==null?void 0:x.kms)==null?void 0:H.keyAlias)}if(((V=(N=e.config)==null?void 0:N.aws)==null?void 0:V.region)&&((J=(Y=l==null?void 0:l.parent)==null?void 0:Y.getChildAt(0))==null?void 0:J.getText())==="region"){let A=(Z=(B=l==null?void 0:l.parent)==null?void 0:B.parent)==null?void 0:Z.parent;if((A==null?void 0:A.getChildAt(0).getText())==="aws")return P.createStringLiteral((Q=(z=e.config)==null?void 0:z.aws)==null?void 0:Q.region)}}return l}return P.visitNode(y,g)},a=P.createSourceFile("test.ts",i,P.ScriptTarget.ES2015,!0,P.ScriptKind.TS),o=P.transform(a,[t]),c=o.transformed[0],m=n.printFile(c);return o.dispose(),m};var Se="dotsec.config.ts",We=[Se],pe=".sec",me=".env",de="alias/dotsec",Cn="SecureString",O={config:{aws:{kms:{keyAlias:de},ssm:{parameterType:Cn}}}};var An={dotsec:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",Se]}},init:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",Se],env:["--env","Path to .env file",me],sec:["--sec","Path to .sec file",pe],yes:["--yes","Skip confirmation prompts",!1],awsKeyAlias:["--aws-key-alias <awsKeyAlias>","AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)","alias/dotsec"],awsRegion:["--aws-region <awsRegion>","AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION"]}},encrypt:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file",me],sec:["--sec <sec>","Path to .sec file",pe],yes:["--yes","Skip confirmation prompts",!1]}},decrypt:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file",me],sec:["--sec <sec>","Path to .sec file",pe],yes:["--yes","Skip confirmation prompts",!1]}},run:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file"]}},push:{inheritsFrom:["dotsec"],options:{toAwsSsm:["--to-aws-ssm, --toAwsSsm","Push to AWS SSM"],toAwsSecretsManager:["--to-aws-secrets-manager, --toAwsSecretsManager","Push to AWS Secrets Manager"],toGitHubActionsSecrets:["--to-github-actions-secrets, --toGitHubActionsSecrets","Push to GitHub actions secrets"],env:["--env [env]","Path to .env file"],sec:["--sec [sec]","Path to .sec file"],yes:["--yes","Skip confirmation prompts",!1],awsKeyAlias:["--aws-key-alias <awsKeyAlias>","AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)","alias/dotsec"],awsRegion:["--aws-region <awsRegion>","AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION"]}}},Ne=(e,n,i={})=>{let t=e[n];if(t)return t.inheritsFrom?t==null?void 0:t.inheritsFrom.reduce((a,o)=>{let c=Ne(e,o,a);return r({},c)},{options:r(r({},i.options),t.options),requiredOptions:r(r({},i.requiredOptions),t.requiredOptions)}):{options:r(r({},i.options),t.options),requiredOptions:r(r({},i.requiredOptions),t.requiredOptions)}},W=(e,n)=>{let i=Ne(An,n||e.name());(i==null?void 0:i.options)&&Object.values(i.options).forEach(([t,a,o])=>{e.option(t,a,o)}),(i==null?void 0:i.requiredOptions)&&Object.values(i.requiredOptions).forEach(([t,a,o])=>{e.requiredOption(t,a,o)})};var En=async e=>{let n=e.enablePositionalOptions().passThroughOptions().command("init").action(async(i,t)=>{var l,u,w,s,E,h;let{verbose:a,configFile:o,env:c,sec:m,awskeyAlias:p,awsRegion:y,yes:g}=t.optsWithGlobals();try{let R;R=await le({verbose:a,region:y||process.env.AWS_REGION||((u=(l=O.config)==null?void 0:l.aws)==null?void 0:u.region),kms:{keyAlias:p||((h=(E=(s=(w=O)==null?void 0:w.config)==null?void 0:s.aws)==null?void 0:E.kms)==null?void 0:h.keyAlias)}});let D=await ge(c),T=await R.encrypt(D),x=await ae({filePath:m,skip:g});(x===void 0||x.overwrite===!0)&&(await se(m,T),console.log(`Wrote encrypted contents of ${C(c)} contents file to ${C(m)}`));let H=Ie({configFile:Le.default.resolve(__dirname,"../../src/templates/dotsec.config.ts"),config:{aws:{kms:{keyAlias:p||de},region:y||process.env.AWS_REGION}}}),N=await ae({filePath:o,skip:g});(N===void 0||N.overwrite===!0)&&(await se(o,H),console.log(`Wrote config file to ${C(o)}`))}catch(R){t.error(R)}});return W(n),n},He=En;var Oe=f(require("node:fs")),Ue=f(require("dotenv"));var Ke=f(require("node:path")),Ge=f(require("bundle-require")),qe=f(require("joycon"));var je=f(require("fs")),$e=f(require("node:path"));function hn(e){try{return new Function(`return ${e.trim()}`)()}catch{return{}}}var Ce=async e=>{try{return hn(await je.default.promises.readFile(e,"utf8"))}catch(n){throw n instanceof Error?new Error(`Failed to parse ${$e.default.relative(process.cwd(),e)}: ${n.message}`):n}};var Ae=async e=>{var a,o,c,m,p,y,g,l,u,w,s,E,h,R,D,T,x,H,N,V,Y,J,B,Z,z,Q,S,A,L,G,q,k,M,I,b,F,X,ee,j,ne,ie,re;let n=process.cwd(),t=await new qe.default().resolve({files:e?[e]:[...We,"package.json"],cwd:n,stopDir:Ke.default.parse(n).root,packageKey:"dotsec"});if(e&&t===null)throw new Error(`Could not find config file ${e}`);if(t){if(t.endsWith(".json")){let $=await Ce(t),d;return t.endsWith("package.json")&&$.dotsec!==void 0?d=$.dotsec:d=$,{source:"json",contents:v(r(r({},O),d),{config:v(r(r({},d==null?void 0:d.config),O.config),{github:r(r({},(a=d==null?void 0:d.config)==null?void 0:a.github),(c=(o=O)==null?void 0:o.config)==null?void 0:c.github),aws:v(r(r({},(m=d==null?void 0:d.config)==null?void 0:m.aws),(y=(p=O)==null?void 0:p.config)==null?void 0:y.aws),{kms:r(r({},(u=(l=(g=O)==null?void 0:g.config)==null?void 0:l.aws)==null?void 0:u.kms),(s=(w=d.config)==null?void 0:w.aws)==null?void 0:s.kms),ssm:r(r({},(R=(h=(E=O)==null?void 0:E.config)==null?void 0:h.aws)==null?void 0:R.ssm),(T=(D=d.config)==null?void 0:D.aws)==null?void 0:T.ssm),secretsManager:r(r({},(N=(H=(x=O)==null?void 0:x.config)==null?void 0:H.aws)==null?void 0:N.secretsManager),(Y=(V=d.config)==null?void 0:V.aws)==null?void 0:Y.secretsManager)})})})}}else if(t.endsWith(".ts")){let $=await(0,Ge.bundleRequire)({filepath:t}),d=$.mod.dotsec||$.mod.default||$.mod;return{source:"ts",contents:v(r(r({},O),d),{config:v(r(r({},d==null?void 0:d.config),O.config),{github:r(r({},(J=d==null?void 0:d.config)==null?void 0:J.github),(Z=(B=O)==null?void 0:B.config)==null?void 0:Z.github),aws:v(r(r({},(z=d==null?void 0:d.config)==null?void 0:z.aws),(S=(Q=O)==null?void 0:Q.config)==null?void 0:S.aws),{kms:r(r({},(G=(L=(A=O)==null?void 0:A.config)==null?void 0:L.aws)==null?void 0:G.kms),(k=(q=d.config)==null?void 0:q.aws)==null?void 0:k.kms),ssm:r(r({},(b=(I=(M=O)==null?void 0:M.config)==null?void 0:I.aws)==null?void 0:b.ssm),(X=(F=d.config)==null?void 0:F.aws)==null?void 0:X.ssm),secretsManager:r(r({},(ne=(j=(ee=O)==null?void 0:ee.config)==null?void 0:j.aws)==null?void 0:ne.secretsManager),(re=(ie=d.config)==null?void 0:ie.aws)==null?void 0:re.secretsManager)})})})}}}return{source:"defaultConfig",contents:O}};var Ve=f(require("node:child_process")),Pn=(e,n)=>{var t;let i=e.command("run2 <command...>").allowUnknownOption().description("Run a command in a separate process and populate env with decrypted .env or encrypted .sec values").action(async(a,o,c)=>{var E,h,R;let{configFile:m,env:p,sec:y,keyAlias:g,region:l}=c.optsWithGlobals(),{contents:{config:u}={}}=await Ae(m),w=await le({verbose:!0,kms:{keyAlias:g||((h=(E=u==null?void 0:u.aws)==null?void 0:E.kms)==null?void 0:h.keyAlias)||de},region:l||((R=u==null?void 0:u.aws)==null?void 0:R.region)}),s;if(p)s=Oe.default.readFileSync(p,"utf8");else if(y){let D=Oe.default.readFileSync(y,"utf8");s=await w.decrypt(D)}else throw new Error('Must provide either "--env" or "--sec"');if(s){let D=(0,Ue.parse)(s),[T,...x]=a;(0,Ve.spawnSync)(T,[...x],{stdio:"inherit",shell:!1,env:v(r(r({},process.env),D),{__DOTSEC_ENV__:JSON.stringify(Object.keys(D))})}),c.help()}else throw new Error("No .env or .sec file provided")});return W(i,"run"),(t=n==null?void 0:n.run)==null||t.map(a=>{let{options:o,requiredOptions:c}=a;o&&Object.values(o).map(m=>{i.option(...m)}),c&&Object.values(c).map(m=>{i.option(...m)})}),i},Ye=Pn;var fe=e=>typeof e=="boolean";var be=f(require("node:fs"));var ze=f(require("dotenv"));var Je=f(require("prompts")),Ee=async({predicate:e,skip:n,message:i})=>n===!0?{confirm:!0}:(e?await e():!0)?await(0,Je.default)({type:"confirm",name:"confirm",message:()=>i}):{confirm:!0};var he=f(require("@aws-sdk/client-ssm"));var Be=async e=>{let{region:n}=e||{},{credentialsAndOrigin:i,regionAndOrigin:t}=await ce({argv:{},env:r({},process.env)}),a=new he.SSMClient({credentials:i.value,region:n||t.value});return{async put(o){for(let c of o){let m=new he.PutParameterCommand(v(r({},c),{Overwrite:!0}));await a.send(m)}}}};var K=f(require("@aws-sdk/client-secrets-manager"));var Ze=async e=>{let{region:n}=e||{},{credentialsAndOrigin:i,regionAndOrigin:t}=await ce({argv:{},env:r({},process.env)}),a=new K.SecretsManagerClient({credentials:i.value,region:n||t.value});return{async push(o){let c=[];console.log("createSecretReddquests",o);let m=[];for(let p of o){let y=new K.DescribeSecretCommand({SecretId:p.Name});try{let g=await a.send(y);console.log("got one"),m.push(new K.UpdateSecretCommand({SecretId:g.ARN,SecretString:p.SecretString}))}catch(g){g instanceof K.ResourceNotFoundException&&(console.log("got one"),c.push(new K.CreateSecretCommand({Name:p.Name,SecretString:p.SecretString})))}}return{createSecretCommands:c,updateSecretCommands:m,push:async()=>{for(let p of c)await a.send(p);for(let p of m)await a.send(p)}}}}};var On=async e=>{let n=e.enablePositionalOptions().passThroughOptions().command("push").action(async(i,t)=>{var R,D,T,x,H,N,V,Y,J,B,Z,z,Q;let{configFile:a,verbose:o,env:c,sec:m,awskeyAlias:p,awsRegion:y,yes:g,toAwsSsm:l,toAwsSecretsManager:u,toGitHubActionsSecrets:w}=t.optsWithGlobals();if(!(l||u||w))throw new Error("You must specify at least one of --to-aws-ssm, --to-aws-secrets-manager or --to-github-actions-secrets");let{contents:s}=await Ae(a),E;if(c){let S=fe(c)?me:c;E=be.default.readFileSync(S,"utf8")}else if(m){let S=fe(m)?pe:m,A=be.default.readFileSync(S,"utf8");E=await(await le({verbose:o,region:y||process.env.AWS_REGION||((D=(R=s.config)==null?void 0:R.aws)==null?void 0:D.region),kms:{keyAlias:p||((H=(x=(T=s==null?void 0:s.config)==null?void 0:T.aws)==null?void 0:x.kms)==null?void 0:H.keyAlias)}})).decrypt(A)}else throw new Error('Must provide either "--env" or "--sec"');let h=(0,ze.parse)(E);try{if(l){let S=(V=(N=s==null?void 0:s.config)==null?void 0:N.aws)==null?void 0:V.ssm,A=(S==null?void 0:S.parameterType)||"SecureString",L=(S==null?void 0:S.pathPrefix)||"",G=Object.entries(h).reduce((k,[M,I])=>{var b,F,X,ee;if((b=s.variables)==null?void 0:b[M]){let j=(F=s.variables)==null?void 0:F[M];if(j){let ne=`${L}${M}`;if((ee=(X=j.push)==null?void 0:X.aws)==null?void 0:ee.ssm){let ie=fe(j.push.aws.ssm)?{Name:ne,Value:I,Type:A}:v(r({Name:ne,Type:A},j.push.aws.ssm),{Value:I});k.push(ie)}}}return k},[]),{confirm:q}=await Ee({message:`Are you sure you want to push the following variables to AWS SSM Parameter Store?
|
|
3
3
|
${G.map(({Name:k})=>`- ${C(k||"[no name]")}`).join(`
|
|
4
|
-
`)}`,skip:
|
|
4
|
+
`)}`,skip:g});q===!0&&(console.log("pushing to AWS SSM Parameter Store"),await(await Be({region:y||((J=(Y=s==null?void 0:s.config)==null?void 0:Y.aws)==null?void 0:J.region)})).put(G))}if(u){let S=(Z=(B=s==null?void 0:s.config)==null?void 0:B.aws)==null?void 0:Z.secretsManager,A=(S==null?void 0:S.pathPrefix)||"",L=await Ze({region:y||process.env.AWS_REGION||((Q=(z=s.config)==null?void 0:z.aws)==null?void 0:Q.region)}),G=Object.entries(h).reduce((b,[F,X])=>{var ee,j,ne,ie;if((ee=s.variables)==null?void 0:ee[F]){let re=(j=s.variables)==null?void 0:j[F];if(re){let $=`${A}${F}`;if((ie=(ne=re.push)==null?void 0:ne.aws)==null?void 0:ie.ssm){let d=fe(re.push.aws.ssm)?{Name:$,SecretString:X}:v(r({Name:$},re.push.aws.ssm),{SecretString:X});b.push(d)}}}return b},[]),{push:q,updateSecretCommands:k,createSecretCommands:M}=await L.push(G),I=[];if(k.length>0){let{confirm:b}=await Ee({message:`Are you sure you want to update the following variables to AWS SSM Secrets Manager?
|
|
5
5
|
${k.map(({input:{SecretId:F}})=>`- ${C(F||"[no name]")}`).join(`
|
|
6
|
-
`)}`,skip:
|
|
6
|
+
`)}`,skip:g});I.push(b)}if(M.length>0){let{confirm:b}=await Ee({message:`Are you sure you want to create the following variables to AWS SSM Secrets Manager?
|
|
7
7
|
${M.map(({input:{Name:F}})=>`- ${C(F||"[no name]")}`).join(`
|
|
8
|
-
`)}`,skip:
|
|
8
|
+
`)}`,skip:g});I.push(b)}I.find(b=>b===!1)===void 0&&(console.log("xpushing to AWS Secrets Manager"),await q())}if(w){let S=Object.entries(h).reduce((A,[L,G])=>{var q,k,M,I;if((q=s.variables)==null?void 0:q[L]){let b=(k=s.variables)==null?void 0:k[L];b&&((I=(M=b.push)==null?void 0:M.github)==null?void 0:I.actionsSecrets)&&A.push({name:L,value:G})}return A},[]);console.log("githubActionsSecrets",S)}}catch(S){t.error(S)}});return W(n),n},Qe=On;var bn=async(e,n)=>{let i=e.enablePositionalOptions().passThroughOptions().command("encrypt").action(async(t,a)=>{try{let{env:o,sec:c,yes:m}=a.optsWithGlobals(),p=Object.keys(t).reduce((s,E)=>s||n.encryption.find(h=>h.triggerOption===E),void 0);if(!p)throw new Error(`No encryption plugin found, available encryption engine(s): ${n.encryption.map(s=>`--${s.triggerOption}`).join(", ")}`);let y=[...Object.keys(p.options||{}),...Object.keys(p.requiredOptions||{})],g=Object.fromEntries(y.map(s=>[s,t[s]])),l=await ge(o),u=await p.handler(r({plaintext:l},g)),w=await ae({filePath:c,skip:m});(w===void 0||w.overwrite===!0)&&(await se(c,u),console.log(`Wrote encrypted contents of ${C(o)} file to ${C(c)}`))}catch(o){console.error(C(o.message)),a.help()}});return n.encryption.map(t=>{let{options:a,requiredOptions:o}=t;a&&Object.values(a).map(c=>{i.option(...c)}),o&&Object.values(o).map(c=>{i.option(...c)})}),W(i),i},Xe=bn;var vn=async(e,n)=>{let i=e.enablePositionalOptions().passThroughOptions().command("decrypt").action(async(t,a)=>{try{let{env:o,sec:c,yes:m}=a.optsWithGlobals(),p=Object.keys(t).reduce((s,E)=>s||n.decryption.find(h=>h.triggerOption===E),void 0);if(!p)throw new Error(`No decryption plugin found, available decryption engine(s): ${n.decryption.map(s=>`--${s.triggerOption}`).join(", ")}`);let y=[...Object.keys(p.options||{}),...Object.keys(p.requiredOptions||{})],g=Object.fromEntries(y.map(s=>[s,t[s]]));console.log("dotsecFilename",c);let l=await ge(c),u=await p.handler(r({ciphertext:l},g)),w=await ae({filePath:o,skip:m});(w===void 0||w.overwrite===!0)&&(await se(o,u),console.log(`Wrote plaintext contents of ${C(c)} file to ${C(o)}`)),console.log("plaintext",u)}catch(o){console.error(C(o.message)),a.help()}});return n.decryption.map(t=>{let{options:a,requiredOptions:o}=t;a&&Object.values(a).map(c=>{i.option(...c)}),o&&Object.values(o).map(c=>{i.option(...c)})}),W(i),i},en=vn;var nn=f(require("joycon")),tn=f(require("path"));var on=f(require("bundle-require")),Rn="dotsec.config.ts",Dn=[Rn];var ye={},rn=async e=>Promise.resolve().then(()=>f(require(e.name))).then(n=>n.default),sn=async e=>{let n=process.cwd(),t=await new nn.default().resolve({files:e?[e]:[...Dn,"package.json"],cwd:n,stopDir:tn.default.parse(n).root,packageKey:"dotsec"});if(e&&t===null)throw new Error(`Could not find config file ${e}`);if(t){if(t.endsWith(".json")){let a=await Ce(t),o;return t.endsWith("package.json")&&a.dotsec!==void 0?o=a.dotsec:o=a,{source:"json",contents:v(r(r({},ye),o),{plugins:r(r({},o==null?void 0:o.plugins),ye.plugins),variables:r({},o==null?void 0:o.variables)})}}else if(t.endsWith(".ts")){let a=await(0,on.bundleRequire)({filepath:t}),o=a.mod.dotsec||a.mod.default||a.mod;return{source:"ts",contents:v(r(r({},ye),o),{plugins:r(r({},o==null?void 0:o.plugins),ye.plugins),variables:r({},o==null?void 0:o.variables)})}}}return{source:"defaultConfig",contents:ye}};var cn=f(require("ajv")),kn={keyword:"separator",type:"string",metaSchema:{type:"string",description:"value separator"},modifying:!0,valid:!0,errors:!1,compile:e=>(n,i)=>{if(i){let{parentData:t,parentDataProperty:a}=i;return t[a]=n===""?[]:n.split(e),!0}else return!1}},U=new an.Command;(async()=>{let e=process.argv.find(g=>g.startsWith("-c")),n=e?e.includes("=")?e.split("=")[1]:process.argv[process.argv.indexOf(e)+1]:void 0,{contents:i={}}=await sn(n),{plugins:t,variables:a}=i;U.name("dotsec").description(".env, but secure").version("1.0.0").enablePositionalOptions().action((g,l)=>{l.help()}),W(U);let o={};t&&Object.entries(t).forEach(([g,l])=>{(l==null?void 0:l.module)?o[g]=l==null?void 0:l.module:o[g]=`@dotsec/plugin-${g}`}),Object.values(a||{}).forEach(g=>{(g==null?void 0:g.push)&&Object.keys(g.push).forEach(l=>{o[l]||(o[l]=`@dotsec/plugin-${l}`)})});let c=new cn.default({allErrors:!0,removeAdditional:!0,useDefaults:!0,coerceTypes:!0,allowUnionTypes:!0,addUsedSchema:!1,keywords:[kn]}),m=[],p=[],y=[];for(let g of Object.keys(o)){let l=o[g],u=await rn({name:l}),{addCliCommand:w,cliHandlers:s}=await u({ajv:c,dotsecConfig:i});(s==null?void 0:s.encrypt)&&m.push(s.encrypt),(s==null?void 0:s.decrypt)&&p.push(s.decrypt),(s==null?void 0:s.run)&&y.push(s.run),w&&w({program:U})}m.length&&await Xe(U,{encryption:m}),p.length&&await en(U,{decryption:p}),await He(U),await Ye(U,{run:y}),await Qe(U),await U.parse()})();
|
|
9
9
|
//# sourceMappingURL=index.js.map
|
package/dist/cli/index.js.map
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../src/cli/index.ts", "../../src/lib/aws/AwsKmsEncryptionEngine.ts", "../../src/lib/aws/getCredentialsProfileRegion.ts", "../../src/utils/logger.ts", "../../src/lib/aws/handleCredentialsAndRegion.ts", "../../src/lib/io.ts", "../../src/cli/commands/init.ts", "../../src/lib/transformer.ts", "../../src/constants.ts", "../../src/cli/options.ts", "../../src/cli/commands/run2.ts", "../../src/lib/config/index.ts", "../../src/lib/json.ts", "../../src/types.ts", "../../src/cli/commands/push.ts", "../../src/utils/prompts.ts", "../../src/lib/aws/AwsSsm.ts", "../../src/lib/aws/AwsSecretsManager.ts", "../../src/cli/commands/encrypt.ts", "../../src/cli/commands/decrypt.ts", "../../src/lib/plugin.ts"],
|
|
4
|
-
"sourcesContent": ["import { Command } from \"commander\";\n\nimport addInitCommand from \"./commands/init\";\nimport addRunCommand from \"./commands/run2\";\nimport addPushProgram from \"./commands/push\";\nimport addEncryptProgram from \"./commands/encrypt\";\nimport addDecryptProgram from \"./commands/decrypt\";\nimport { setProgramOptions } from \"./options\";\nimport {\n\tgetMagicalConfig,\n\tloadDotsecPlugin,\n\tMagicalDotsecPluginConfig,\n\tCliPluginDecryptHandler,\n\tCliPluginEncryptHandler,\n\tCliPluginRunHandler,\n} from \"../lib/plugin\";\nimport Ajv, { KeywordDefinition } from \"ajv\";\n\nconst separator: KeywordDefinition = {\n\tkeyword: \"separator\",\n\ttype: \"string\",\n\tmetaSchema: {\n\t\ttype: \"string\",\n\t\tdescription: \"value separator\",\n\t},\n\tmodifying: true,\n\tvalid: true,\n\terrors: false,\n\tcompile: (schema) => (data, ctx) => {\n\t\tif (ctx) {\n\t\t\tconst { parentData, parentDataProperty } = ctx;\n\t\t\tparentData[parentDataProperty] = data === \"\" ? [] : data.split(schema);\n\t\t\treturn true;\n\t\t} else {\n\t\t\treturn false;\n\t\t}\n\t},\n};\n\nconst program = new Command();\n\n(async () => {\n\t// find -c value in argv\n\tconst configArg = process.argv.find((arg) => arg.startsWith(\"-c\"));\n\t// if -c contains a =, split it and get the value. otherwise, take the next value\n\tconst configFile = configArg\n\t\t? configArg.includes(\"=\")\n\t\t\t? configArg.split(\"=\")[1]\n\t\t\t: process.argv[process.argv.indexOf(configArg) + 1]\n\t\t: undefined;\n\tconst { contents: config = {} } = await getMagicalConfig(configFile);\n\tconst { plugins, variables } = config;\n\n\tprogram\n\t\t.name(\"dotsec\")\n\t\t.description(\".env, but secure\")\n\t\t.version(\"1.0.0\")\n\t\t.enablePositionalOptions()\n\t\t.action((_options, other: Command) => {\n\t\t\tother.help();\n\t\t});\n\n\tsetProgramOptions(program);\n\n\tconst pluginModules: { [key: string]: string } = {};\n\tif (plugins) {\n\t\tObject.entries(plugins).forEach(\n\t\t\t([pluginName, pluginModule]: [string, MagicalDotsecPluginConfig]) => {\n\t\t\t\tif (pluginModule?.module) {\n\t\t\t\t\tpluginModules[pluginName] = pluginModule?.module;\n\t\t\t\t}\n\t\t\t},\n\t\t);\n\t}\n\n\tObject.values(variables || {}).forEach((variable) => {\n\t\tif (variable?.push) {\n\t\t\tObject.keys(variable.push).forEach((pluginName) => {\n\t\t\t\tif (!pluginModules[pluginName]) {\n\t\t\t\t\tpluginModules[pluginName] = `@dotsec/plugin-${pluginName}`;\n\t\t\t\t}\n\t\t\t});\n\t\t}\n\t});\n\n\tconsole.log(\"pluginModules\", pluginModules);\n\n\tconst ajv = new Ajv({\n\t\tallErrors: true,\n\t\tremoveAdditional: true,\n\t\tuseDefaults: true,\n\t\tcoerceTypes: true,\n\t\tallowUnionTypes: true,\n\t\taddUsedSchema: false,\n\t\tkeywords: [separator],\n\t});\n\n\t// configure encryption command\n\tconst cliPluginEncryptHandlers: CliPluginEncryptHandler[] = [];\n\tconst cliPluginDecryptHandlers: CliPluginDecryptHandler[] = [];\n\tconst cliPluginRunHandlers: CliPluginRunHandler[] = [];\n\n\tfor (const pluginName of Object.keys(pluginModules)) {\n\t\tconst pluginModule = pluginModules[pluginName];\n\t\tconst initDotsecPlugin = await loadDotsecPlugin({ name: pluginModule });\n\t\tconst { addCliCommand, cliHandlers: cli } = await initDotsecPlugin({\n\t\t\tajv,\n\t\t\tdotsecConfig: config,\n\t\t});\n\n\t\tif (cli?.encrypt) {\n\t\t\tcliPluginEncryptHandlers.push(cli.encrypt);\n\t\t}\n\t\tif (cli?.decrypt) {\n\t\t\tcliPluginDecryptHandlers.push(cli.decrypt);\n\t\t}\n\t\tif (cli?.run) {\n\t\t\tcliPluginRunHandlers.push(cli.run);\n\t\t}\n\t\tif (addCliCommand) {\n\t\t\taddCliCommand({ program });\n\t\t}\n\t}\n\tif (cliPluginEncryptHandlers.length) {\n\t\tawait addEncryptProgram(program, {\n\t\t\tencryption: cliPluginEncryptHandlers,\n\t\t});\n\t}\n\tif (cliPluginDecryptHandlers.length) {\n\t\tawait addDecryptProgram(program, {\n\t\t\tdecryption: cliPluginDecryptHandlers,\n\t\t});\n\t}\n\n\t// add other commands\n\tawait addInitCommand(program);\n\tawait addRunCommand(program, { run: cliPluginRunHandlers });\n\t// await addDecryptCommand(program);\n\t// await addEncryptCommand(program);\n\tawait addPushProgram(program);\n\tawait program.parse();\n})();\n", "import {\n\tDecryptCommand,\n\tDescribeKeyCommand,\n\tEncryptCommand,\n\tKMSClient,\n} from \"@aws-sdk/client-kms\";\nimport { EncryptionEngineFactory } from \"../../types\";\nimport { handleCredentialsAndRegion } from \"./handleCredentialsAndRegion\";\n\nexport type AwsEncryptionEngineFactory = EncryptionEngineFactory<\n\t{ region?: string; kms?: { keyAlias?: string } },\n\t{ other: () => void }\n>;\n\nexport const awsEncryptionEngineFactory: AwsEncryptionEngineFactory = async (\n\toptions,\n) => {\n\tconst {\n\t\tkms: { keyAlias } = {},\n\t\tregion,\n\t} = options;\n\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\tawait handleCredentialsAndRegion({\n\t\t\targv: {},\n\t\t\tenv: { ...process.env },\n\t\t});\n\n\tconst kmsClient = new KMSClient({\n\t\tcredentials: credentialsAndOrigin.value,\n\t\tregion: region || regionAndOrigin.value,\n\t});\n\n\tconst describeKeyCommand = new DescribeKeyCommand({\n\t\tKeyId: keyAlias,\n\t});\n\n\tconst describeKeyResult = await kmsClient.send(describeKeyCommand);\n\tconst encryptionAlgorithm =\n\t\tdescribeKeyResult.KeyMetadata?.EncryptionAlgorithms?.[0];\n\n\tif (encryptionAlgorithm === undefined) {\n\t\tthrow new Error(\"Could not determine encryption algorithm\");\n\t}\n\n\treturn {\n\t\tasync encrypt(plaintext: string): Promise<string> {\n\t\t\tconst encryptCommand = new EncryptCommand({\n\t\t\t\tKeyId: keyAlias,\n\t\t\t\tPlaintext: Buffer.from(plaintext),\n\t\t\t\tEncryptionAlgorithm: encryptionAlgorithm,\n\t\t\t});\n\t\t\tconst encryptionResult = await kmsClient.send(encryptCommand);\n\n\t\t\tif (!encryptionResult.CiphertextBlob) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Something bad happened: ${JSON.stringify({\n\t\t\t\t\t\tencryptCommand,\n\t\t\t\t\t})}`,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst cipherText = Buffer.from(encryptionResult.CiphertextBlob).toString(\n\t\t\t\t\"base64\",\n\t\t\t);\n\n\t\t\treturn cipherText;\n\t\t},\n\t\tasync decrypt(cipherText: string): Promise<string> {\n\t\t\tconst decryptCommand = new DecryptCommand({\n\t\t\t\tKeyId: keyAlias,\n\t\t\t\tCiphertextBlob: Buffer.from(cipherText, \"base64\"),\n\t\t\t\tEncryptionAlgorithm: encryptionAlgorithm,\n\t\t\t});\n\n\t\t\tconst decryptionResult = await kmsClient.send(decryptCommand);\n\n\t\t\tif (!decryptionResult.Plaintext) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Something bad happened: ${JSON.stringify({\n\t\t\t\t\t\tcipherText: cipherText,\n\t\t\t\t\t\tdecryptCommand: decryptCommand,\n\t\t\t\t\t})}`,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst decryptedValue = Buffer.from(decryptionResult.Plaintext).toString();\n\n\t\t\tif (this.verbose) {\n\t\t\t\tconsole.info(`Decrypting key '${cipherText}'`);\n\t\t\t}\n\n\t\t\treturn decryptedValue;\n\t\t},\n\t\tother: () => {},\n\t};\n};\n", "import {\n\tfromEnv,\n\tfromIni,\n\tfromTemporaryCredentials,\n} from \"@aws-sdk/credential-providers\";\nimport { loadSharedConfigFiles } from \"@aws-sdk/shared-ini-file-loader\";\nimport { emphasis, strong } from \"../../utils/logger\";\n\nimport {\n\tCredentialsAndOrigin,\n\tProfileAndOrigin,\n\tRegionAndOrigin,\n} from \"./types\";\n\nexport const getCredentialsProfileRegion = async ({\n\targv,\n\tenv,\n}: {\n\targv: {\n\t\tprofile?: string;\n\t\tregion?: string;\n\t\tassumeRoleArn?: string;\n\t\tassumeRoleSessionDuration?: number;\n\t};\n\tenv: {\n\t\tAWS_PROFILE?: string;\n\t\tAWS_ACCESS_KEY_ID?: string;\n\t\tAWS_SECRET_ACCESS_KEY?: string;\n\t\tAWS_REGION?: string;\n\t\tAWS_DEFAULT_REGION?: string;\n\t\tAWS_ASSUME_ROLE_ARN?: string | undefined;\n\t\tAWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n\t\tTZ?: string;\n\t};\n}) => {\n\tconst sharedConfigFiles = await loadSharedConfigFiles();\n\tlet credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n\tlet profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n\tlet regionAndOrigin: RegionAndOrigin | undefined = undefined;\n\tif (argv.profile) {\n\t\tprofileAndOrigin = {\n\t\t\tvalue: argv.profile,\n\t\t\torigin: `command line option: ${emphasis(argv.profile)}`,\n\t\t};\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromIni({\n\t\t\t\tprofile: argv.profile,\n\t\t\t})(),\n\t\t\torigin: `${emphasis(`[${argv.profile}]`)} in credentials file`,\n\t\t};\n\t} else if (env.AWS_PROFILE) {\n\t\tprofileAndOrigin = {\n\t\t\tvalue: env.AWS_PROFILE,\n\t\t\torigin: `env variable ${emphasis(\"AWS_PROFILE\")}: ${strong(\n\t\t\t\tenv.AWS_PROFILE,\n\t\t\t)}`,\n\t\t};\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromIni({\n\t\t\t\tprofile: env.AWS_PROFILE,\n\t\t\t})(),\n\t\t\torigin: `env variable ${emphasis(\"AWS_PROFILE\")}: ${strong(\n\t\t\t\tenv.AWS_PROFILE,\n\t\t\t)}`,\n\t\t};\n\t} else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromEnv()(),\n\t\t\torigin: `env variables ${emphasis(\"AWS_ACCESS_KEY_ID\")} and ${emphasis(\n\t\t\t\t\"AWS_SECRET_ACCESS_KEY\",\n\t\t\t)}`,\n\t\t};\n\t} else if (sharedConfigFiles.credentialsFile?.default) {\n\t\tprofileAndOrigin = {\n\t\t\tvalue: \"default\",\n\t\t\torigin: `${emphasis(\"[default]\")} in credentials file`,\n\t\t};\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromIni({\n\t\t\t\tprofile: \"default\",\n\t\t\t})(),\n\t\t\torigin: `profile ${emphasis(\"[default]\")}`,\n\t\t};\n\t}\n\n\tif (argv.region) {\n\t\tregionAndOrigin = {\n\t\t\tvalue: argv.region,\n\t\t\torigin: `command line option: ${emphasis(argv.region)}`,\n\t\t};\n\t} else if (env.AWS_REGION) {\n\t\tregionAndOrigin = {\n\t\t\tvalue: env.AWS_REGION,\n\t\t\torigin: `env variable ${emphasis(\"AWS_REGION\")}: ${strong(\n\t\t\t\tenv.AWS_REGION,\n\t\t\t)}`,\n\t\t};\n\t} else if (env.AWS_DEFAULT_REGION) {\n\t\tregionAndOrigin = {\n\t\t\tvalue: env.AWS_DEFAULT_REGION,\n\t\t\torigin: `env variable ${emphasis(\"AWS_DEFAULT_REGION\")}: ${strong(\n\t\t\t\tenv.AWS_DEFAULT_REGION,\n\t\t\t)}`,\n\t\t};\n\t} else if (profileAndOrigin) {\n\t\tconst foundRegion =\n\t\t\tsharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n\t\tif (foundRegion) {\n\t\t\tregionAndOrigin = {\n\t\t\t\tvalue: foundRegion,\n\t\t\t\torigin: `${emphasis(\n\t\t\t\t\t`[profile ${profileAndOrigin.value}]`,\n\t\t\t\t)} in config file`,\n\t\t\t};\n\t\t}\n\t}\n\n\tconst assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;\n\tif (assumedRole) {\n\t\tconst origin = argv.assumeRoleArn ? \"command line option\" : \"env variable\";\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromTemporaryCredentials({\n\t\t\t\tmasterCredentials: credentialsAndOrigin?.value,\n\n\t\t\t\tparams: {\n\t\t\t\t\tDurationSeconds:\n\t\t\t\t\t\targv.assumeRoleSessionDuration ||\n\t\t\t\t\t\tNumber(env.AWS_ASSUME_ROLE_SESSION_DURATION) ||\n\t\t\t\t\t\t3600,\n\t\t\t\t\tRoleArn: assumedRole,\n\t\t\t\t},\n\n\t\t\t\tclientConfig: {\n\t\t\t\t\tregion: regionAndOrigin?.value,\n\t\t\t\t},\n\t\t\t})(),\n\t\t\torigin: `${origin} ${emphasis(`[${assumedRole}]`)}`,\n\t\t};\n\t}\n\n\treturn { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n\tcredentialsAndOrigin,\n\tregionAndOrigin,\n\tprofileAndOrigin,\n}: {\n\tcredentialsAndOrigin?: CredentialsAndOrigin;\n\tregionAndOrigin?: RegionAndOrigin;\n\tprofileAndOrigin?: ProfileAndOrigin;\n}): string => {\n\tconst out: string[] = [];\n\tif (profileAndOrigin) {\n\t\tout.push(`Got profile name from ${profileAndOrigin.origin}`);\n\t}\n\tif (credentialsAndOrigin) {\n\t\tout.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n\t}\n\tif (regionAndOrigin) {\n\t\tout.push(`Resolved region from ${regionAndOrigin.origin}`);\n\t}\n\treturn out.join(\"\\n\");\n};\n", "import chalk from \"chalk\";\nlet _logger: Pick<Console, \"info\" | \"error\" | \"table\">;\nexport const getLogger = () => {\n\tif (!_logger) {\n\t\t_logger = console;\n\t}\n\n\treturn _logger;\n};\nexport const writeLine = (str: string) => {\n\tprocess.stdout.write(str);\n};\nexport const emphasis = (str: string): string => chalk.yellowBright(str);\nexport const strong = (str: string): string => chalk.yellow.bold(str);\n\nexport const clientLogger = {\n\tdebug(content: object) {\n\t\tconsole.log(content);\n\t},\n\tinfo(content: object) {\n\t\tconsole.log(content);\n\t},\n\twarn(content: object) {\n\t\tconsole.log(content);\n\t},\n\terror(content: object) {\n\t\tconsole.error(content);\n\t},\n};\n", "import {\n\tgetCredentialsProfileRegion,\n\tprintVerboseCredentialsProfileRegion,\n} from \"./getCredentialsProfileRegion\";\n\nexport const handleCredentialsAndRegion = async ({\n\targv,\n\tenv,\n}: {\n\targv: {\n\t\tawsRegion?: string;\n\t\tawsProfile?: string;\n\t\tverbose?: boolean;\n\t\tawsAssumeRoleArn?: string;\n\t\tawsAssumeRoleSessionDuration?: number;\n\t};\n\tenv: {\n\t\tAWS_PROFILE?: string | undefined;\n\t\tAWS_ACCESS_KEY_ID?: string | undefined;\n\t\tAWS_SECRET_ACCESS_KEY?: string | undefined;\n\t\tAWS_REGION?: string | undefined;\n\t\tAWS_DEFAULT_REGION?: string | undefined;\n\t\tAWS_ASSUME_ROLE_ARN?: string | undefined;\n\t\tAWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n\t\tTZ?: string;\n\t};\n}) => {\n\tconst { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n\t\tawait getCredentialsProfileRegion({\n\t\t\targv: {\n\t\t\t\tregion: argv.awsRegion,\n\t\t\t\tprofile: argv.awsProfile,\n\t\t\t\tassumeRoleArn: argv.awsAssumeRoleArn,\n\t\t\t\tassumeRoleSessionDuration: argv.awsAssumeRoleSessionDuration,\n\t\t\t},\n\t\t\tenv: {\n\t\t\t\t...env,\n\t\t\t},\n\t\t});\n\n\tif (argv.verbose === true) {\n\t\tconsole.log(\n\t\t\tprintVerboseCredentialsProfileRegion({\n\t\t\t\tcredentialsAndOrigin,\n\t\t\t\tregionAndOrigin,\n\t\t\t\tprofileAndOrigin,\n\t\t\t}),\n\t\t);\n\t}\n\n\tif (!(credentialsAndOrigin && regionAndOrigin)) {\n\t\tif (!credentialsAndOrigin) {\n\t\t\tconsole.error(\"Could not find credentials\");\n\t\t\tthrow new Error(\"Could not find credentials\");\n\t\t}\n\t\tif (!regionAndOrigin) {\n\t\t\tconsole.error(\"Could not find region\");\n\t\t\tthrow new Error(\"Could not find region\");\n\t\t}\n\t}\n\n\treturn { credentialsAndOrigin, regionAndOrigin };\n};\n", "import fs, { stat } from \"node:fs/promises\";\nimport prompts from \"prompts\";\nimport path from \"node:path\";\n\nexport const readContentsFromFile = async (\n\tfilePath: string,\n): Promise<string> => {\n\treturn await fs.readFile(filePath, \"utf-8\");\n};\n\nexport const writeContentsToFile = async (\n\tfilePath: string,\n\tcontents: string,\n): Promise<void> => {\n\treturn await fs.writeFile(filePath, contents, \"utf-8\");\n};\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n\ttry {\n\t\tawait stat(source);\n\t\treturn true;\n\t} catch {\n\t\treturn false;\n\t}\n};\n\nexport const promptOverwriteIfFileExists = async ({\n\tfilePath,\n\tskip,\n}: {\n\tfilePath: string;\n\tskip?: boolean;\n}) => {\n\tlet overwriteResponse: prompts.Answers<\"overwrite\"> | undefined;\n\n\tif ((await fileExists(filePath)) && skip !== true) {\n\t\toverwriteResponse = await prompts({\n\t\t\ttype: \"confirm\",\n\t\t\tname: \"overwrite\",\n\t\t\tmessage: () => {\n\t\t\t\treturn `Overwrite './${path.relative(process.cwd(), filePath)}' ?`;\n\t\t\t},\n\t\t});\n\t} else {\n\t\toverwriteResponse = undefined;\n\t}\n\treturn overwriteResponse;\n};\n", "import { Command } from \"commander\";\nimport { awsEncryptionEngineFactory } from \"../../lib/aws/AwsKmsEncryptionEngine\";\nimport {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { EncryptionEngine, Init2CommandOptions } from \"../../types\";\n\nimport path from \"node:path\";\nimport { patchConfigFile } from \"../../lib/transformer\";\nimport { setProgramOptions } from \"../options\";\nimport { strong } from \"../../utils/logger\";\nimport {\n\tdefaultConfig,\n\tDOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n} from \"../../constants\";\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n};\n\nconst addInitProgram = async (program: Command) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"init\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\tconst {\n\t\t\t\tverbose,\n\t\t\t\tconfigFile,\n\t\t\t\tenv: dotenvFilename,\n\t\t\t\tsec: dotsecFilename,\n\t\t\t\tawskeyAlias,\n\t\t\t\tawsRegion,\n\t\t\t\tyes,\n\t\t\t} = command.optsWithGlobals<Init2CommandOptions>();\n\t\t\t// get dotsec config\n\n\t\t\ttry {\n\t\t\t\tlet encryptionEngine: EncryptionEngine;\n\n\t\t\t\tencryptionEngine = await awsEncryptionEngineFactory({\n\t\t\t\t\tverbose,\n\t\t\t\t\tregion:\n\t\t\t\t\t\tawsRegion ||\n\t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t\t\tdefaultConfig.config?.aws?.region,\n\t\t\t\t\tkms: {\n\t\t\t\t\t\tkeyAlias: awskeyAlias || defaultConfig?.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t},\n\t\t\t\t});\n\n\t\t\t\t// get current dot env file\n\t\t\t\tconst dotenvString = await readContentsFromFile(dotenvFilename);\n\n\t\t\t\t// encrypt\n\t\t\t\tconst cipherText = await encryptionEngine.encrypt(dotenvString);\n\n\t\t\t\tconst dotsecOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotsecFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotsecOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotsecFilename, cipherText);\n\t\t\t\t\t// todo: fix type\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote encrypted contents of ${strong(\n\t\t\t\t\t\t\tdotenvFilename,\n\t\t\t\t\t\t)} contents file to ${strong(dotsecFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst patchedConfigTemplate = patchConfigFile({\n\t\t\t\t\tconfigFile: path.resolve(\n\t\t\t\t\t\t__dirname,\n\t\t\t\t\t\t\"../../src/templates/dotsec.config.ts\",\n\t\t\t\t\t),\n\t\t\t\t\tconfig: {\n\t\t\t\t\t\taws: {\n\t\t\t\t\t\t\tkms: {\n\t\t\t\t\t\t\t\tkeyAlias: awskeyAlias || DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tregion: awsRegion || process.env.AWS_REGION,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tconst dotsecConfigOverwriteResponse = await promptOverwriteIfFileExists(\n\t\t\t\t\t{\n\t\t\t\t\t\tfilePath: configFile,\n\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tif (\n\t\t\t\t\tdotsecConfigOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecConfigOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(configFile, patchedConfigTemplate);\n\t\t\t\t\tconsole.log(`Wrote config file to ${strong(configFile)}`);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tcommand.error(e);\n\t\t\t}\n\t\t});\n\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addInitProgram;\n", "import * as ts from \"typescript\";\nimport fs from \"node:fs\";\n\nexport const patchConfigFile = (options: {\n\tconfigFile: string;\n\tconfig?: {\n\t\taws?: {\n\t\t\tregion?: string;\n\t\t\tkms?: {\n\t\t\t\tkeyAlias?: string;\n\t\t\t};\n\t\t};\n\t};\n}) => {\n\tconst printer: ts.Printer = ts.createPrinter();\n\tconst source = fs.readFileSync(options.configFile, \"utf8\");\n\n\tconst transformer =\n\t\t<T extends ts.Node>(context: ts.TransformationContext) =>\n\t\t(rootNode: T) => {\n\t\t\tfunction visit(node: ts.Node): ts.Node {\n\t\t\t\tnode = ts.visitEachChild(node, visit, context);\n\t\t\t\tif (node.kind === ts.SyntaxKind.StringLiteral) {\n\t\t\t\t\tconst kmsNode = node?.parent?.parent?.parent;\n\t\t\t\t\tif (options.config?.aws?.kms?.keyAlias) {\n\t\t\t\t\t\tif (kmsNode?.getChildAt(0)?.getText() === \"kms\") {\n\t\t\t\t\t\t\tconst awsNode = kmsNode?.parent?.parent;\n\t\t\t\t\t\t\tif (awsNode?.getChildAt(0).getText() === \"aws\") {\n\t\t\t\t\t\t\t\t// console.log(\n\t\t\t\t\t\t\t\t// \t\"parent is aws\",\n\t\t\t\t\t\t\t\t// \tnode.parent?.getChildAt(2).getText(),\n\t\t\t\t\t\t\t\t// );\n\t\t\t\t\t\t\t\treturn ts.createStringLiteral(\n\t\t\t\t\t\t\t\t\toptions.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif (options.config?.aws?.region) {\n\t\t\t\t\t\tif (node?.parent?.getChildAt(0)?.getText() === \"region\") {\n\t\t\t\t\t\t\tconst awsNode = node?.parent?.parent?.parent;\n\n\t\t\t\t\t\t\t// const awsNode = kmsNode?.parent?.parent;\n\t\t\t\t\t\t\tif (awsNode?.getChildAt(0).getText() === \"aws\") {\n\t\t\t\t\t\t\t\treturn ts.createStringLiteral(options.config?.aws?.region);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treturn node;\n\t\t\t}\n\t\t\treturn ts.visitNode(rootNode, visit);\n\t\t};\n\n\tconst sourceFile: ts.SourceFile = ts.createSourceFile(\n\t\t\"test.ts\",\n\t\tsource,\n\t\tts.ScriptTarget.ES2015,\n\t\ttrue,\n\t\tts.ScriptKind.TS,\n\t);\n\n\t// Options may be passed to transform\n\tconst result: ts.TransformationResult<ts.SourceFile> =\n\t\tts.transform<ts.SourceFile>(sourceFile, [transformer]);\n\n\tconst transformedSourceFile: ts.SourceFile = result.transformed[0];\n\n\tconst transformedSource = printer.printFile(transformedSourceFile);\n\tresult.dispose();\n\n\treturn transformedSource;\n};\n", "import { DotsecConfig } from \"./types\";\n\nexport const DOTSEC_DEFAULT_CONFIG_FILE = \"dotsec.config.ts\";\nexport const DOTSEC_CONFIG_FILES = [DOTSEC_DEFAULT_CONFIG_FILE];\nexport const DOTSEC_DEFAULT_DOTSEC_FILENAME = \".sec\";\nexport const DOTSEC_DEFAULT_DOTENV_FILENAME = \".env\";\nexport const DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS = \"alias/dotsec\";\nexport const DOTSEC_DEFAULT_AWS_SSM_PARAMETER_TYPE = \"SecureString\";\n\nexport const defaultConfig: DotsecConfig = {\n\tconfig: {\n\t\taws: {\n\t\t\tkms: {\n\t\t\t\tkeyAlias: DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n\t\t\t},\n\t\t\tssm: {\n\t\t\t\tparameterType: DOTSEC_DEFAULT_AWS_SSM_PARAMETER_TYPE,\n\t\t\t},\n\t\t},\n\t},\n};\n", "import { Command } from \"commander\";\nimport {\n\tDOTSEC_DEFAULT_CONFIG_FILE,\n\tDOTSEC_DEFAULT_DOTENV_FILENAME,\n\tDOTSEC_DEFAULT_DOTSEC_FILENAME,\n} from \"../constants\";\n\ntype Options = {\n\t[optionName: string]:\n\t\t| [string, string]\n\t\t| [string, string, string | boolean | string[]];\n};\n\ntype CommandOptions = {\n\t[commandName: string]: {\n\t\tinheritsFrom?: string[];\n\t\toptions?: Options;\n\t\trequiredOptions?: Options;\n\t};\n};\nexport const commandOptions: CommandOptions = {\n\tdotsec: {\n\t\toptions: {\n\t\t\tverbose: [\"--verbose\", \"Verbose output\", false],\n\t\t\tconfigFile: [\n\t\t\t\t\"-c, --config-file, --configFile <configFile>\",\n\t\t\t\t\"Config file\",\n\t\t\t\tDOTSEC_DEFAULT_CONFIG_FILE,\n\t\t\t],\n\t\t},\n\t},\n\tinit: {\n\t\toptions: {\n\t\t\tverbose: [\"--verbose\", \"Verbose output\", false],\n\t\t\tconfigFile: [\n\t\t\t\t\"-c, --config-file, --configFile <configFile>\",\n\t\t\t\t\"Config file\",\n\t\t\t\tDOTSEC_DEFAULT_CONFIG_FILE,\n\t\t\t],\n\n\t\t\tenv: [\"--env\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t\tawsKeyAlias: [\n\t\t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t\t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t\t\t\t\"alias/dotsec\",\n\t\t\t],\n\t\t\tawsRegion: [\n\t\t\t\t\"--aws-region <awsRegion>\",\n\t\t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t\t\t],\n\t\t},\n\t},\n\t// decrypt: {\n\t// \tinheritsFrom: [\"dotsec\"],\n\t// \toptions: {\n\t// \t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t// \t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t// \t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t// \t\tawsKeyAlias: [\n\t// \t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t// \t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t// \t\t\t\"alias/dotsec\",\n\t// \t\t],\n\t// \t\tawsRegion: [\n\t// \t\t\t\"--aws-region <awsRegion>\",\n\t// \t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t// \t\t],\n\t// \t},\n\t// },\n\t// encrypt: {\n\t// \tinheritsFrom: [\"dotsec\"],\n\t// \toptions: {\n\t// \t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t// \t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t// \t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t// \t\tawsKeyAlias: [\n\t// \t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t// \t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t// \t\t\t\"alias/dotsec\",\n\t// \t\t],\n\t// \t\tawsRegion: [\n\t// \t\t\t\"--aws-region <awsRegion>\",\n\t// \t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t// \t\t],\n\t// \t},\n\t// },\n\tencrypt: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t},\n\t},\n\tdecrypt: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t},\n\t},\n\n\t// run: {\n\t// \tinheritsFrom: [\"dotsec\"],\n\t// \toptions: {\n\t// \t\tenv: [\"--env <env>\", \"Path to .env file\"],\n\t// \t\tsec: [\"--sec [sec]\", \"Path to .sec file\"],\n\t// \t\tawsKeyAlias: [\n\t// \t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t// \t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t// \t\t\t\"alias/dotsec\",\n\t// \t\t],\n\t// \t\tawsRegion: [\n\t// \t\t\t\"--aws-region <awsRegion>\",\n\t// \t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t// \t\t],\n\t// \t},\n\t// },\n\trun: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\"],\n\t\t},\n\t},\n\tpush: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\ttoAwsSsm: [\"--to-aws-ssm, --toAwsSsm\", \"Push to AWS SSM\"],\n\t\t\ttoAwsSecretsManager: [\n\t\t\t\t\"--to-aws-secrets-manager, --toAwsSecretsManager\",\n\t\t\t\t\"Push to AWS Secrets Manager\",\n\t\t\t],\n\t\t\ttoGitHubActionsSecrets: [\n\t\t\t\t\"--to-github-actions-secrets, --toGitHubActionsSecrets\",\n\t\t\t\t\"Push to GitHub actions secrets\",\n\t\t\t],\n\n\t\t\tenv: [\"--env [env]\", \"Path to .env file\"],\n\t\t\tsec: [\"--sec [sec]\", \"Path to .sec file\"],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t\tawsKeyAlias: [\n\t\t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t\t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t\t\t\t\"alias/dotsec\",\n\t\t\t],\n\t\t\tawsRegion: [\n\t\t\t\t\"--aws-region <awsRegion>\",\n\t\t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t\t\t],\n\t\t},\n\t},\n};\n\nconst getInheritedOptions = (\n\tcopts: CommandOptions,\n\tcommandName: string,\n\tresult: { options?: Options; requiredOptions?: Options } = {},\n): { options?: Options; requiredOptions?: Options } | undefined => {\n\tconst command = copts[commandName];\n\tif (command) {\n\t\tif (command.inheritsFrom) {\n\t\t\treturn command?.inheritsFrom.reduce(\n\t\t\t\t(acc, inheritedCommandName) => {\n\t\t\t\t\tconst r = getInheritedOptions(copts, inheritedCommandName, acc);\n\t\t\t\t\treturn { ...r };\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\toptions: { ...result.options, ...command.options },\n\t\t\t\t\trequiredOptions: {\n\t\t\t\t\t\t...result.requiredOptions,\n\t\t\t\t\t\t...command.requiredOptions,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t} else {\n\t\t\treturn {\n\t\t\t\toptions: { ...result.options, ...command.options },\n\t\t\t\trequiredOptions: {\n\t\t\t\t\t...result.requiredOptions,\n\t\t\t\t\t...command.requiredOptions,\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n};\n\nexport const setProgramOptions = (program: Command, commandName?: string) => {\n\tconst programOptions = getInheritedOptions(\n\t\tcommandOptions,\n\t\tcommandName || program.name(),\n\t);\n\n\tif (programOptions?.options) {\n\t\tObject.values(programOptions.options).forEach(\n\t\t\t([option, description, defaultValue]) => {\n\t\t\t\tprogram.option(option, description, defaultValue);\n\t\t\t},\n\t\t);\n\t}\n\tif (programOptions?.requiredOptions) {\n\t\tObject.values(programOptions.requiredOptions).forEach(\n\t\t\t([option, description, defaultValue]) => {\n\t\t\t\tprogram.requiredOption(option, description, defaultValue);\n\t\t\t},\n\t\t);\n\t}\n};\n", "import fs from \"node:fs\";\n\nimport { Command } from \"commander\";\nimport { parse } from \"dotenv\";\n\nimport { DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS } from \"../../constants\";\nimport { awsEncryptionEngineFactory } from \"../../lib/aws/AwsKmsEncryptionEngine\";\nimport { RunCommandOptions } from \"../../types\";\nimport { setProgramOptions } from \"../options\";\nimport { getConfig } from \"../../lib/config\";\nimport { spawnSync } from \"node:child_process\";\nimport { CliPluginRunHandler } from \"../../lib/plugin\";\nconst addRunProgam = (\n\tprogram: Command,\n\toptions?: {\n\t\trun?: CliPluginRunHandler[];\n\t},\n) => {\n\tconst subProgram = program\n\t\t.command(\"run2 <command...>\")\n\t\t.allowUnknownOption()\n\t\t.description(\n\t\t\t\"Run a command in a separate process and populate env with decrypted .env or encrypted .sec values\",\n\t\t)\n\t\t.action(\n\t\t\tasync (\n\t\t\t\tcommands: string[],\n\t\t\t\t_options: Record<string, string>,\n\t\t\t\tcommand: Command,\n\t\t\t) => {\n\t\t\t\tconst {\n\t\t\t\t\tconfigFile,\n\t\t\t\t\tenv: dotenv,\n\t\t\t\t\tsec: dotsec,\n\t\t\t\t\tkeyAlias,\n\t\t\t\t\tregion,\n\t\t\t\t} = command.optsWithGlobals<RunCommandOptions>();\n\n\t\t\t\tconst {\n\t\t\t\t\tcontents: { config } = {},\n\t\t\t\t} = await getConfig(configFile);\n\n\t\t\t\tconst encryptionPlugin = await awsEncryptionEngineFactory({\n\t\t\t\t\tverbose: true,\n\t\t\t\t\tkms: {\n\t\t\t\t\t\tkeyAlias:\n\t\t\t\t\t\t\tkeyAlias ||\n\t\t\t\t\t\t\tconfig?.aws?.kms?.keyAlias ||\n\t\t\t\t\t\t\tDOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n\t\t\t\t\t},\n\t\t\t\t\tregion: region || config?.aws?.region,\n\t\t\t\t});\n\n\t\t\t\tlet envContents: string | undefined;\n\n\t\t\t\tif (dotenv) {\n\t\t\t\t\tenvContents = fs.readFileSync(dotenv, \"utf8\");\n\t\t\t\t} else if (dotsec) {\n\t\t\t\t\tconst dotSecContents = fs.readFileSync(dotsec, \"utf8\");\n\t\t\t\t\tenvContents = await encryptionPlugin.decrypt(dotSecContents);\n\t\t\t\t} else {\n\t\t\t\t\tthrow new Error('Must provide either \"--env\" or \"--sec\"');\n\t\t\t\t}\n\t\t\t\tif (envContents) {\n\t\t\t\t\tconst dotenvVars = parse(envContents);\n\t\t\t\t\tconst [userCommand, ...userCommandArgs] = commands;\n\t\t\t\t\tspawnSync(userCommand, [...userCommandArgs], {\n\t\t\t\t\t\tstdio: \"inherit\",\n\t\t\t\t\t\tshell: false,\n\t\t\t\t\t\tenv: {\n\t\t\t\t\t\t\t...process.env,\n\t\t\t\t\t\t\t...dotenvVars,\n\t\t\t\t\t\t\t__DOTSEC_ENV__: JSON.stringify(Object.keys(dotenvVars)),\n\t\t\t\t\t\t},\n\t\t\t\t\t});\n\n\t\t\t\t\tcommand.help();\n\t\t\t\t} else {\n\t\t\t\t\tthrow new Error(\"No .env or .sec file provided\");\n\t\t\t\t}\n\t\t\t},\n\t\t);\n\n\tsetProgramOptions(subProgram, \"run\");\n\toptions?.run?.map((run) => {\n\t\tconst { options, requiredOptions } = run;\n\t\tif (options) {\n\t\t\tObject.values(options).map((option) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...option);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.values(requiredOptions).map((requiredOption) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...requiredOption);\n\t\t\t});\n\t\t}\n\t});\n\n\treturn subProgram;\n};\n\nexport default addRunProgam;\n", "import path from \"node:path\";\n\nimport { bundleRequire } from \"bundle-require\";\nimport JoyCon from \"joycon\";\n\nimport { loadJson } from \"../json\";\nimport { DotsecConfig, DotsecConfigAndSource } from \"../../types\";\nimport { defaultConfig, DOTSEC_CONFIG_FILES } from \"../../constants\";\n\nexport const getConfig = async (\n\tfilename?: string,\n): Promise<DotsecConfigAndSource> => {\n\tconst cwd = process.cwd();\n\tconst configJoycon = new JoyCon();\n\tconst configPath = await configJoycon.resolve({\n\t\tfiles: filename ? [filename] : [...DOTSEC_CONFIG_FILES, \"package.json\"],\n\t\tcwd,\n\t\tstopDir: path.parse(cwd).root,\n\t\tpackageKey: \"dotsec\",\n\t});\n\tif (filename && configPath === null) {\n\t\tthrow new Error(`Could not find config file ${filename}`);\n\t}\n\tif (configPath) {\n\t\tif (configPath.endsWith(\".json\")) {\n\t\t\tconst rawData = (await loadJson(configPath)) as Partial<DotsecConfig>;\n\n\t\t\tlet data: Partial<DotsecConfig>;\n\n\t\t\tif (\n\t\t\t\tconfigPath.endsWith(\"package.json\") &&\n\t\t\t\t(rawData as { dotsec: Partial<DotsecConfig> }).dotsec !== undefined\n\t\t\t) {\n\t\t\t\tdata = (rawData as { dotsec: Partial<DotsecConfig> }).dotsec;\n\t\t\t} else {\n\t\t\t\tdata = rawData as Partial<DotsecConfig>;\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tsource: \"json\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tconfig: {\n\t\t\t\t\t\t...data?.config,\n\t\t\t\t\t\t...defaultConfig.config,\n\t\t\t\t\t\tgithub: {\n\t\t\t\t\t\t\t...data?.config?.github,\n\t\t\t\t\t\t\t...defaultConfig?.config?.github,\n\t\t\t\t\t\t},\n\t\t\t\t\t\taws: {\n\t\t\t\t\t\t\t...data?.config?.aws,\n\t\t\t\t\t\t\t...defaultConfig?.config?.aws,\n\t\t\t\t\t\t\tkms: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.kms,\n\t\t\t\t\t\t\t\t...data.config?.aws?.kms,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tssm: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.ssm,\n\t\t\t\t\t\t\t\t...data.config?.aws?.ssm,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tsecretsManager: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t\t...data.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t} else if (configPath.endsWith(\".ts\")) {\n\t\t\tconst bundleRequireResult = await bundleRequire({\n\t\t\t\tfilepath: configPath,\n\t\t\t});\n\t\t\tconst data = (bundleRequireResult.mod.dotsec ||\n\t\t\t\tbundleRequireResult.mod.default ||\n\t\t\t\tbundleRequireResult.mod) as Partial<DotsecConfig>;\n\n\t\t\treturn {\n\t\t\t\tsource: \"ts\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tconfig: {\n\t\t\t\t\t\t...data?.config,\n\t\t\t\t\t\t...defaultConfig.config,\n\t\t\t\t\t\tgithub: {\n\t\t\t\t\t\t\t...data?.config?.github,\n\t\t\t\t\t\t\t...defaultConfig?.config?.github,\n\t\t\t\t\t\t},\n\t\t\t\t\t\taws: {\n\t\t\t\t\t\t\t...data?.config?.aws,\n\t\t\t\t\t\t\t...defaultConfig?.config?.aws,\n\t\t\t\t\t\t\tkms: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.kms,\n\t\t\t\t\t\t\t\t...data.config?.aws?.kms,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tssm: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.ssm,\n\t\t\t\t\t\t\t\t...data.config?.aws?.ssm,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tsecretsManager: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t\t...data.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n\n\treturn { source: \"defaultConfig\", contents: defaultConfig };\n};\n", "import fs from \"fs\";\nimport path from \"node:path\";\n\nexport function jsoncParse(data: string) {\n\ttry {\n\t\treturn new Function(`return ${data.trim()}`)();\n\t} catch {\n\t\t// Silently ignore any error\n\t\t// That's what tsc/jsonc-parser did after all\n\t\treturn {};\n\t}\n}\n\nexport const loadJson = async (filepath: string) => {\n\ttry {\n\t\treturn jsoncParse(await fs.promises.readFile(filepath, \"utf8\"));\n\t} catch (error) {\n\t\tif (error instanceof Error) {\n\t\t\tthrow new Error(\n\t\t\t\t`Failed to parse ${path.relative(process.cwd(), filepath)}: ${\n\t\t\t\t\terror.message\n\t\t\t\t}`,\n\t\t\t);\n\t\t} else {\n\t\t\tthrow error;\n\t\t}\n\t}\n};\n", "import { PutParameterRequest } from \"@aws-sdk/client-ssm\";\nimport { Command } from \"commander\";\n\n// type Replace<\n// \tSource,\n// \tNeedle extends String,\n// \tReplacement,\n// > = Source extends Record<string, unknown>\n// \t? {\n// \t\t\t[key in keyof Source]: key extends Needle\n// \t\t\t\t? Replacement\n// \t\t\t\t: Replace<Source[key], Needle, Replacement>;\n// \t }\n// \t: Source;\n\n// utility types\nexport type DeepPartial<T> = T extends object\n\t? {\n\t\t\t[P in keyof T]?: DeepPartial<T[P]>;\n\t }\n\t: T;\n\nexport type EncryptionEngineFactoryProps = { verbose?: boolean };\nexport type EncryptionEngine<T = {}> = {\n\tencrypt(plaintext: string): Promise<string>;\n\tdecrypt(ciphertext: string): Promise<string>;\n} & T;\n\nexport type EncryptionEngineFactory<\n\tT = {},\n\tV extends Record<string, unknown> = {},\n> = {\n\t(options: EncryptionEngineFactoryProps & T): Promise<EncryptionEngine<V>>;\n};\n\nexport abstract class EncryptionPlugin {\n\tprotected verbose: boolean | undefined;\n\tconstructor(options: EncryptionEngineFactoryProps) {\n\t\tthis.verbose = options?.verbose;\n\t}\n\tabstract encrypt(plaintext: string): Promise<string>;\n\tabstract decrypt(ciphertext: string): Promise<string>;\n}\n\ntype DotsecPlugin = {\n\t[key: string]: {\n\t\tplugin?: {\n\t\t\tmodule?: string;\n\t\t};\n\t\tconfig: {\n\t\t\t[key: string]: unknown;\n\t\t};\n\t\tpush: Record<string, unknown>;\n\t};\n};\n\ntype DotsecVariables = Record<string, DotsecVariable | boolean>;\nexport type DotsecConfigOptions = {\n\tplugins?: DotsecPlugin;\n\tvariables?: DotsecVariables;\n};\ntype DotSecVariableWithPlugin<\n\tVariable extends DotsecVariable,\n\tPlugins extends DotsecPlugin,\n> = {\n\tpush?: {\n\t\t[key in keyof DotsecAwsPlugin]?: DotsecAwsPlugin[key][\"push\"];\n\t} & {\n\t\t[key in keyof DotsecGitHubPlugin]?: DotsecGitHubPlugin[key][\"push\"];\n\t} & Variable[\"push\"] & {\n\t\t\t[key in keyof Plugins]?: Plugins[key][\"push\"];\n\t\t};\n};\n\nexport type DotsecVariable = {\n\tpush?: {};\n};\n\nexport type DotsecAwsPlugin = {\n\taws: {\n\t\tconfig: {\n\t\t\tregion?: string;\n\t\t\tkms?: {\n\t\t\t\tkeyAlias?: string;\n\t\t\t\tencryptionAlgorithm?:\n\t\t\t\t\t| \"RSAES_OAEP_SHA_1\"\n\t\t\t\t\t| \"RSAES_OAEP_SHA_256\"\n\t\t\t\t\t| \"SYMMETRIC_DEFAULT\";\n\t\t\t};\n\t\t\tssm?: {\n\t\t\t\tpathPrefix?: string;\n\t\t\t\tparameterType?: \"String\" | \"SecureString\";\n\t\t\t};\n\t\t\tsecretsManager?: {\n\t\t\t\tpathPrefix?: string;\n\t\t\t};\n\t\t};\n\t\tpush: {\n\t\t\tssm?:\n\t\t\t\t| boolean\n\t\t\t\t| (Omit<PutParameterRequest, \"Name\" | \"Value\"> & {\n\t\t\t\t\t\tName?: string;\n\t\t\t\t });\n\t\t\tsecretsManager?: boolean;\n\t\t};\n\t};\n};\nexport type DotsecGitHubPlugin = {\n\tgithub: {\n\t\tconfig: {\n\t\t\tpersonalAccessToken?: string | { fromEnv: string };\n\t\t};\n\t\tpush: {\n\t\t\tactionsSecrets: {\n\t\t\t\torganisations?: [{ secretName?: string; organisation: string }];\n\t\t\t};\n\t\t};\n\t};\n};\n\nexport type DotsecConfig<T extends DotsecConfigOptions = DotsecConfigOptions> =\n\t{\n\t\tconfig?: // (\n\n\t\t{\n\t\t\t[key in keyof DotsecPlugin]?: DotsecPlugin[key][\"config\"];\n\t\t} & {\n\t\t\t[key in keyof DotsecAwsPlugin]?: DotsecAwsPlugin[key][\"config\"];\n\t\t} & {\n\t\t\t[key in keyof DotsecGitHubPlugin]?: DotsecGitHubPlugin[key][\"config\"];\n\t\t} & {\n\t\t\t// aws?: {\n\t\t\t// \tregion?: string;\n\t\t\t// \tkms?: {\n\t\t\t// \t\tkeyAlias?: string;\n\t\t\t// \t\tencryptionAlgorithm?:\n\t\t\t// \t\t\t| \"RSAES_OAEP_SHA_1\"\n\t\t\t// \t\t\t| \"RSAES_OAEP_SHA_256\"\n\t\t\t// \t\t\t| \"SYMMETRIC_DEFAULT\";\n\t\t\t// \t};\n\t\t\t// \tssm?: {\n\t\t\t// \t\tpathPrefix?: string;\n\t\t\t// \t\tparameterType?: \"String\" | \"SecureString\";\n\t\t\t// \t};\n\t\t\t// \tsecretsManager?: {\n\t\t\t// \t\tpathPrefix?: string;\n\t\t\t// \t};\n\t\t\t// };\n\t\t\t// github?: {\n\t\t\t// \tpersonalAccessToken:\n\t\t\t// \t\t| {\n\t\t\t// \t\t\t\tvalue: string;\n\t\t\t// \t\t\t\tfromEnv?: never;\n\t\t\t// \t\t }\n\t\t\t// \t\t| {\n\t\t\t// \t\t\t\tvalue?: never;\n\t\t\t// \t\t\t\tfromEnv: keyof T[\"variables\"];\n\t\t\t// \t\t };\n\t\t\t// };\n\t\t};\n\t\tvariables?: {\n\t\t\t[key in keyof T[\"variables\"]]: T[\"variables\"][key] extends DotsecVariable\n\t\t\t\t? DotSecVariableWithPlugin<\n\t\t\t\t\t\tT[\"variables\"][key],\n\t\t\t\t\t\tT[\"plugins\"] extends DotsecPlugin ? T[\"plugins\"] : never\n\t\t\t\t >\n\t\t\t\t: DotSecVariableWithPlugin<\n\t\t\t\t\t\tDotsecVariable,\n\t\t\t\t\t\tT[\"plugins\"] extends DotsecPlugin ? T[\"plugins\"] : never\n\t\t\t\t >;\n\t\t};\n\t};\n\n// Dotsec config file\nexport type DotsecConfigAndSource = {\n\tsource: \"json\" | \"ts\" | \"defaultConfig\";\n\tcontents: DotsecConfig;\n};\n\n// CLI types\nexport type GlobalCommandOptions = {\n\tconfigFile: string;\n\tverbose: false;\n};\n\nexport type Init2CommandOptions = {\n\tconfigFile: string;\n\tverbose: false;\n\tenv: string;\n\tsec: string;\n\tyes: boolean;\n\tawskeyAlias: string;\n\tawsRegion?: string;\n\t// performInit: (encryptionEngine: EncryptionEngine) => Promise<void>;\n};\nexport type Encrypt2CommandOptions = {\n\tverbose: false;\n\tenv: string;\n\tsec: string;\n\tyes: boolean;\n\t// performInit: (encryptionEngine: EncryptionEngine) => Promise<void>;\n};\nexport type Decrypt2CommandOptions = {\n\tverbose: false;\n\tenv: string;\n\tsec: string;\n\tyes: boolean;\n\t// performInit: (encryptionEngine: EncryptionEngine) => Promise<void>;\n};\n\nexport type RunCommandOptions = GlobalCommandOptions & {\n\tenv?: string;\n\tsec?: string;\n\tkeyAlias?: string;\n\tregion?: string;\n};\n\nexport type PushCommandOptions = {\n\tconfigFile: string;\n\tverbose: false;\n\tenv: string | boolean;\n\tsec: string | boolean;\n\tyes: boolean;\n\tawskeyAlias: string;\n\tawsRegion?: string;\n\ttoAwsSsm?: boolean;\n\ttoAwsSecretsManager?: boolean;\n\ttoGitHubActionsSecrets?: boolean;\n};\n\nexport const isString = (value: unknown): value is string => {\n\treturn typeof value === \"string\";\n};\n\nexport const isNumber = (value: unknown): value is number => {\n\treturn typeof value === \"number\";\n};\nexport const isBoolean = (value: unknown): value is boolean => {\n\treturn typeof value === \"boolean\";\n};\n\nexport type DotsecPluginModule<\n\tT extends Record<string, unknown> = Record<string, unknown>,\n> = {\n\tname: string;\n\tinit: (dotsecConfig: DotsecConfig) => Promise<T>;\n\taddCliCommand?: (options: {\n\t\tdotsecConfig: DotsecConfig;\n\t\tprogram: Command;\n\t}) => void;\n};\n", "import { Command } from \"commander\";\nimport { awsEncryptionEngineFactory } from \"../../lib/aws/AwsKmsEncryptionEngine\";\nimport { EncryptionEngine, isBoolean, PushCommandOptions } from \"../../types\";\nimport fs from \"node:fs\";\n\nimport { getConfig } from \"../../lib/config\";\nimport { setProgramOptions } from \"../options\";\nimport {\n\tDOTSEC_DEFAULT_DOTENV_FILENAME,\n\tDOTSEC_DEFAULT_DOTSEC_FILENAME,\n} from \"../../constants\";\nimport { parse } from \"dotenv\";\nimport { PutParameterRequest } from \"@aws-sdk/client-ssm\";\nimport { strong } from \"../../utils/logger\";\nimport { promptConfirm } from \"../../utils/prompts\";\nimport { AwsSsm } from \"../../lib/aws/AwsSsm\";\nimport { AwsSecretsManager } from \"../../lib/aws/AwsSecretsManager\";\nimport { CreateSecretRequest } from \"@aws-sdk/client-secrets-manager\";\n\nconst addPushProgram = async (program: Command) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"push\")\n\t\t.action(async (_options, command: Command) => {\n\t\t\tconst {\n\t\t\t\tconfigFile,\n\t\t\t\tverbose,\n\t\t\t\tenv,\n\t\t\t\tsec,\n\t\t\t\tawskeyAlias,\n\t\t\t\tawsRegion,\n\t\t\t\tyes,\n\t\t\t\ttoAwsSsm,\n\t\t\t\ttoAwsSecretsManager,\n\t\t\t\ttoGitHubActionsSecrets,\n\t\t\t} = command.optsWithGlobals<PushCommandOptions>();\n\t\t\tif (!(toAwsSsm || toAwsSecretsManager || toGitHubActionsSecrets)) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t\"You must specify at least one of --to-aws-ssm, --to-aws-secrets-manager or --to-github-actions-secrets\",\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst { contents: dotsecConfig } = await getConfig(configFile);\n\n\t\t\tlet envContents: string | undefined;\n\n\t\t\tif (env) {\n\t\t\t\tconst dotenvFilename = isBoolean(env)\n\t\t\t\t\t? DOTSEC_DEFAULT_DOTENV_FILENAME\n\t\t\t\t\t: env;\n\t\t\t\tenvContents = fs.readFileSync(dotenvFilename, \"utf8\");\n\t\t\t} else if (sec) {\n\t\t\t\tconst dotsecFilename = isBoolean(sec)\n\t\t\t\t\t? DOTSEC_DEFAULT_DOTSEC_FILENAME\n\t\t\t\t\t: sec;\n\t\t\t\tconst dotSecContents = fs.readFileSync(dotsecFilename, \"utf8\");\n\t\t\t\tconst encryptionEngine = await awsEncryptionEngineFactory({\n\t\t\t\t\tverbose,\n\t\t\t\t\tregion:\n\t\t\t\t\t\tawsRegion ||\n\t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t\t\tdotsecConfig.config?.aws?.region,\n\t\t\t\t\tkms: {\n\t\t\t\t\t\tkeyAlias: awskeyAlias || dotsecConfig?.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t},\n\t\t\t\t});\n\n\t\t\t\tenvContents = await encryptionEngine.decrypt(dotSecContents);\n\t\t\t} else {\n\t\t\t\tthrow new Error('Must provide either \"--env\" or \"--sec\"');\n\t\t\t}\n\n\t\t\tconst envObject = parse(envContents);\n\n\t\t\t// get dotsec config\n\t\t\ttry {\n\t\t\t\tif (toAwsSsm) {\n\t\t\t\t\tconst ssmDefaults = dotsecConfig?.config?.aws?.ssm;\n\t\t\t\t\tconst ssmType = ssmDefaults?.parameterType || \"SecureString\";\n\n\t\t\t\t\tconst pathPrefix = ssmDefaults?.pathPrefix || \"\";\n\t\t\t\t\tconst putParameterRequests = Object.entries(envObject).reduce<\n\t\t\t\t\t\tPutParameterRequest[]\n\t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t\t\t\tif (entry) {\n\t\t\t\t\t\t\t\tconst keyName = `${pathPrefix}${key}`;\n\t\t\t\t\t\t\t\tif (entry.push?.aws?.ssm) {\n\t\t\t\t\t\t\t\t\tconst putParameterRequest: PutParameterRequest = isBoolean(\n\t\t\t\t\t\t\t\t\t\tentry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\tValue: value,\n\t\t\t\t\t\t\t\t\t\t\t\tType: ssmType,\n\t\t\t\t\t\t\t\t\t\t }\n\t\t\t\t\t\t\t\t\t\t: {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\tType: ssmType,\n\t\t\t\t\t\t\t\t\t\t\t\t...entry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t\t\t\tValue: value,\n\t\t\t\t\t\t\t\t\t\t };\n\n\t\t\t\t\t\t\t\t\tacc.push(putParameterRequest);\n\t\t\t\t\t\t\t\t\t// return putParameterRequest;\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\treturn acc;\n\t\t\t\t\t}, []);\n\n\t\t\t\t\tconst { confirm } = await promptConfirm({\n\t\t\t\t\t\tmessage: `Are you sure you want to push the following variables to AWS SSM Parameter Store?\n${putParameterRequests\n\t.map(({ Name }) => `- ${strong(Name || \"[no name]\")}`)\n\t.join(\"\\n\")}`,\n\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t});\n\n\t\t\t\t\tif (confirm === true) {\n\t\t\t\t\t\tconsole.log(\"pushing to AWS SSM Parameter Store\");\n\t\t\t\t\t\tconst meh = await AwsSsm({\n\t\t\t\t\t\t\tregion: awsRegion || dotsecConfig?.config?.aws?.region,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tawait meh.put(putParameterRequests);\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// secrets manager\n\t\t\t\tif (toAwsSecretsManager) {\n\t\t\t\t\t// create secretss\n\t\t\t\t\tconst secretsManagerDefaults =\n\t\t\t\t\t\tdotsecConfig?.config?.aws?.secretsManager;\n\t\t\t\t\tconst pathPrefix = secretsManagerDefaults?.pathPrefix || \"\";\n\t\t\t\t\tconst awsSecretsMananger = await AwsSecretsManager({\n\t\t\t\t\t\tregion:\n\t\t\t\t\t\t\tawsRegion ||\n\t\t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t\t\t\tdotsecConfig.config?.aws?.region,\n\t\t\t\t\t});\n\n\t\t\t\t\tconst createSecretRequests = Object.entries(envObject).reduce<\n\t\t\t\t\t\tCreateSecretRequest[]\n\t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t\t\t\tif (entry) {\n\t\t\t\t\t\t\t\tconst keyName = `${pathPrefix}${key}`;\n\t\t\t\t\t\t\t\tif (entry.push?.aws?.ssm) {\n\t\t\t\t\t\t\t\t\tconst createSecretRequest: CreateSecretRequest = isBoolean(\n\t\t\t\t\t\t\t\t\t\tentry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\tSecretString: value,\n\t\t\t\t\t\t\t\t\t\t }\n\t\t\t\t\t\t\t\t\t\t: {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\t...entry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t\t\t\tSecretString: value,\n\t\t\t\t\t\t\t\t\t\t };\n\n\t\t\t\t\t\t\t\t\tacc.push(createSecretRequest);\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\treturn acc;\n\t\t\t\t\t}, []);\n\t\t\t\t\tconst { push, updateSecretCommands, createSecretCommands } =\n\t\t\t\t\t\tawait awsSecretsMananger.push(createSecretRequests);\n\t\t\t\t\tconst confirmations: boolean[] = [];\n\t\t\t\t\tif (updateSecretCommands.length > 0) {\n\t\t\t\t\t\tconst { confirm: confirmUpdate } = await promptConfirm({\n\t\t\t\t\t\t\tmessage: `Are you sure you want to update the following variables to AWS SSM Secrets Manager?\n${updateSecretCommands\n\t.map(({ input: { SecretId } }) => `- ${strong(SecretId || \"[no name]\")}`)\n\t.join(\"\\n\")}`,\n\t\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tconfirmations.push(confirmUpdate);\n\t\t\t\t\t}\n\t\t\t\t\tif (createSecretCommands.length > 0) {\n\t\t\t\t\t\tconst { confirm: confirmCreate } = await promptConfirm({\n\t\t\t\t\t\t\tmessage: `Are you sure you want to create the following variables to AWS SSM Secrets Manager?\n${createSecretCommands\n\t.map(({ input: { Name } }) => `- ${strong(Name || \"[no name]\")}`)\n\t.join(\"\\n\")}`,\n\t\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tconfirmations.push(confirmCreate);\n\t\t\t\t\t}\n\t\t\t\t\tif (confirmations.find((c) => c === false) === undefined) {\n\t\t\t\t\t\tconsole.log(\"xpushing to AWS Secrets Manager\");\n\n\t\t\t\t\t\tawait push();\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif (toGitHubActionsSecrets) {\n\t\t\t\t\t// which env vars should we push to github actions secrets?\n\t\t\t\t\tconst githubActionsSecrets = Object.entries(envObject).reduce<\n\t\t\t\t\t\t{ name: string; value: string }[]\n\t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t\t\t\tif (entry) {\n\t\t\t\t\t\t\t\tif (entry.push?.github?.actionsSecrets) {\n\t\t\t\t\t\t\t\t\tacc.push({\n\t\t\t\t\t\t\t\t\t\tname: key,\n\t\t\t\t\t\t\t\t\t\tvalue,\n\t\t\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\treturn acc;\n\t\t\t\t\t}, []);\n\n\t\t\t\t\tconsole.log(\"githubActionsSecrets\", githubActionsSecrets);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tcommand.error(e);\n\t\t\t}\n\t\t});\n\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addPushProgram;\n", "import prompts from \"prompts\";\nexport const promptConfirm = async ({\n\tpredicate,\n\tskip,\n\tmessage,\n}: {\n\tpredicate?: (...args: unknown[]) => Promise<boolean> | boolean;\n\tskip?: boolean;\n\tmessage: string;\n}): Promise<{ confirm: boolean }> => {\n\tif (skip === true) {\n\t\treturn { confirm: true };\n\t} else {\n\t\tconst result = predicate ? await predicate() : true;\n\t\tif (result) {\n\t\t\treturn await prompts({\n\t\t\t\ttype: \"confirm\",\n\t\t\t\tname: \"confirm\",\n\t\t\t\tmessage: () => {\n\t\t\t\t\treturn message;\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t}\n\treturn { confirm: true };\n};\n", "import {\n\tPutParameterCommand,\n\tPutParameterRequest,\n\tSSMClient,\n} from \"@aws-sdk/client-ssm\";\nimport { handleCredentialsAndRegion } from \"./handleCredentialsAndRegion\";\n\nexport const AwsSsm = async (options?: {\n\tregion?: string;\n}) => {\n\tconst { region } = options || {};\n\n\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\tawait handleCredentialsAndRegion({\n\t\t\targv: {},\n\t\t\tenv: { ...process.env },\n\t\t});\n\n\tconst ssmClient = new SSMClient({\n\t\tcredentials: credentialsAndOrigin.value,\n\t\tregion: region || regionAndOrigin.value,\n\t});\n\n\treturn {\n\t\tasync put(putParameterRequests: PutParameterRequest[]): Promise<void> {\n\t\t\tfor (const putParameterRequest of putParameterRequests) {\n\t\t\t\tconst command = new PutParameterCommand({\n\t\t\t\t\t...putParameterRequest,\n\t\t\t\t\tOverwrite: true,\n\t\t\t\t});\n\t\t\t\tawait ssmClient.send(command);\n\t\t\t}\n\t\t},\n\t};\n};\n", "import {\n\tCreateSecretCommand,\n\tDescribeSecretCommand,\n\tUpdateSecretCommand,\n\tCreateSecretRequest,\n\tSecretsManagerClient,\n\tResourceNotFoundException,\n} from \"@aws-sdk/client-secrets-manager\";\nimport { handleCredentialsAndRegion } from \"./handleCredentialsAndRegion\";\n\nexport const AwsSecretsManager = async (options?: {\n\tregion?: string;\n}) => {\n\tconst { region } = options || {};\n\n\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\tawait handleCredentialsAndRegion({\n\t\t\targv: {},\n\t\t\tenv: { ...process.env },\n\t\t});\n\n\tconst secretsManagerClient = new SecretsManagerClient({\n\t\tcredentials: credentialsAndOrigin.value,\n\t\tregion: region || regionAndOrigin.value,\n\t});\n\n\treturn {\n\t\tasync push(createSecretRequests: CreateSecretRequest[]) {\n\t\t\tconst createSecretCommands: CreateSecretCommand[] = [];\n\t\t\tconsole.log(\"createSecretReddquests\", createSecretRequests);\n\t\t\tconst updateSecretCommands: UpdateSecretCommand[] = [];\n\t\t\tfor (const createSecretRequest of createSecretRequests) {\n\t\t\t\t// create secret\n\t\t\t\t// check if secret exists\n\t\t\t\tconst describeSecretCommand = new DescribeSecretCommand({\n\t\t\t\t\tSecretId: createSecretRequest.Name,\n\t\t\t\t});\n\t\t\t\ttry {\n\t\t\t\t\tconst result = await secretsManagerClient.send(describeSecretCommand);\n\t\t\t\t\tconsole.log(\"got one\");\n\t\t\t\t\t// update secret\n\t\t\t\t\tupdateSecretCommands.push(\n\t\t\t\t\t\tnew UpdateSecretCommand({\n\t\t\t\t\t\t\tSecretId: result.ARN,\n\t\t\t\t\t\t\tSecretString: createSecretRequest.SecretString,\n\t\t\t\t\t\t}),\n\t\t\t\t\t);\n\t\t\t\t} catch (e) {\n\t\t\t\t\tif (e instanceof ResourceNotFoundException) {\n\t\t\t\t\t\t// create secret\n\t\t\t\t\t\tconsole.log(\"got one\");\n\n\t\t\t\t\t\tcreateSecretCommands.push(\n\t\t\t\t\t\t\tnew CreateSecretCommand({\n\t\t\t\t\t\t\t\tName: createSecretRequest.Name,\n\t\t\t\t\t\t\t\tSecretString: createSecretRequest.SecretString,\n\t\t\t\t\t\t\t}),\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tcreateSecretCommands,\n\t\t\t\tupdateSecretCommands,\n\t\t\t\tpush: async () => {\n\t\t\t\t\tfor (const createSecretCommand of createSecretCommands) {\n\t\t\t\t\t\tawait secretsManagerClient.send(createSecretCommand);\n\t\t\t\t\t}\n\n\t\t\t\t\tfor (const updateSecretCommand of updateSecretCommands) {\n\t\t\t\t\t\tawait secretsManagerClient.send(updateSecretCommand);\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t};\n\t\t},\n\t};\n};\n", "import { Command } from \"commander\";\nimport {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { CliPluginEncryptHandler } from \"../../lib/plugin\";\nimport { Encrypt2CommandOptions } from \"../../types\";\nimport { strong } from \"../../utils/logger\";\nimport { setProgramOptions } from \"../options\";\n\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n} & Record<string, unknown>;\n\nconst addEncryptProgram = async (\n\tprogram: Command,\n\toptions: {\n\t\tencryption: CliPluginEncryptHandler[];\n\t},\n) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"encrypt\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\ttry {\n\t\t\t\tconst {\n\t\t\t\t\t// verbose,\n\t\t\t\t\tenv: dotenvFilename,\n\t\t\t\t\tsec: dotsecFilename,\n\t\t\t\t\tyes,\n\t\t\t\t} = command.optsWithGlobals<Encrypt2CommandOptions>();\n\t\t\t\tconst pluginCliEncrypt = Object.keys(_options).reduce<\n\t\t\t\t\tCliPluginEncryptHandler | undefined\n\t\t\t\t>((acc, key) => {\n\t\t\t\t\tif (!acc) {\n\t\t\t\t\t\treturn options.encryption.find((encryption) => {\n\t\t\t\t\t\t\treturn encryption.triggerOption === key;\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\treturn acc;\n\t\t\t\t}, undefined);\n\n\t\t\t\tif (!pluginCliEncrypt) {\n\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t`No encryption plugin found, available encryption engine(s): ${options.encryption\n\t\t\t\t\t\t\t.map((e) => `--${e.triggerOption}`)\n\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t...Object.keys(pluginCliEncrypt.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliEncrypt.requiredOptions || {}),\n\t\t\t\t];\n\n\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t}),\n\t\t\t\t);\n\n\t\t\t\tconst dotenvString = await readContentsFromFile(dotenvFilename);\n\n\t\t\t\tconst cipherText = await pluginCliEncrypt.handler({\n\t\t\t\t\tplaintext: dotenvString,\n\t\t\t\t\t...allOptionsValues,\n\t\t\t\t});\n\n\t\t\t\tconst dotsecOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotsecFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotsecOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotsecFilename, cipherText);\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote encrypted contents of ${strong(\n\t\t\t\t\t\t\tdotenvFilename,\n\t\t\t\t\t\t)} file to ${strong(dotsecFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tconsole.error(strong(e.message));\n\t\t\t\tcommand.help();\n\t\t\t}\n\t\t});\n\n\toptions.encryption.map((encryption) => {\n\t\tconst { options, requiredOptions } = encryption;\n\t\tif (options) {\n\t\t\tObject.values(options).map((option) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...option);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.values(requiredOptions).map((requiredOption) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...requiredOption);\n\t\t\t});\n\t\t}\n\t});\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addEncryptProgram;\n", "import { Command } from \"commander\";\nimport {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { CliPluginDecryptHandler } from \"../../lib/plugin\";\nimport { Decrypt2CommandOptions } from \"../../types\";\nimport { strong } from \"../../utils/logger\";\nimport { setProgramOptions } from \"../options\";\n\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n} & Record<string, unknown>;\n\nconst addEncryptProgram = async (\n\tprogram: Command,\n\toptions: {\n\t\tdecryption: CliPluginDecryptHandler[];\n\t},\n) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"decrypt\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\ttry {\n\t\t\t\tconst {\n\t\t\t\t\t// verbose,\n\t\t\t\t\tenv: dotenvFilename,\n\t\t\t\t\tsec: dotsecFilename,\n\t\t\t\t\tyes,\n\t\t\t\t} = command.optsWithGlobals<Decrypt2CommandOptions>();\n\n\t\t\t\tconst pluginCliDecrypt = Object.keys(_options).reduce<\n\t\t\t\t\tCliPluginDecryptHandler | undefined\n\t\t\t\t>((acc, key) => {\n\t\t\t\t\tif (!acc) {\n\t\t\t\t\t\treturn options.decryption.find((encryption) => {\n\t\t\t\t\t\t\treturn encryption.triggerOption === key;\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\treturn acc;\n\t\t\t\t}, undefined);\n\n\t\t\t\tif (!pluginCliDecrypt) {\n\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t`No decryption plugin found, available decryption engine(s): ${options.decryption\n\t\t\t\t\t\t\t.map((e) => `--${e.triggerOption}`)\n\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t...Object.keys(pluginCliDecrypt.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliDecrypt.requiredOptions || {}),\n\t\t\t\t];\n\n\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t}),\n\t\t\t\t);\n\t\t\t\tconsole.log(\"dotsecFilename\", dotsecFilename);\n\t\t\t\t// get current dot env file\n\t\t\t\tconst dotsecString = await readContentsFromFile(dotsecFilename);\n\n\t\t\t\tconst plaintext = await pluginCliDecrypt.handler({\n\t\t\t\t\tciphertext: dotsecString,\n\t\t\t\t\t...allOptionsValues,\n\t\t\t\t});\n\n\t\t\t\tconst dotenvOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotenvFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotenvOverwriteResponse === undefined ||\n\t\t\t\t\tdotenvOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotenvFilename, plaintext);\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote plaintext contents of ${strong(\n\t\t\t\t\t\t\tdotsecFilename,\n\t\t\t\t\t\t)} file to ${strong(dotenvFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconsole.log(\"plaintext\", plaintext);\n\t\t\t} catch (e) {\n\t\t\t\tconsole.error(strong(e.message));\n\t\t\t\tcommand.help();\n\t\t\t}\n\t\t});\n\n\toptions.decryption.map((decryption) => {\n\t\tconst { options, requiredOptions } = decryption;\n\t\tif (options) {\n\t\t\tObject.values(options).map((option) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...option);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.values(requiredOptions).map((requiredOption) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...requiredOption);\n\t\t\t});\n\t\t}\n\t});\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addEncryptProgram;\n", "import JoyCon from \"joycon\";\nimport path from \"path\";\nimport { DotsecPluginModule } from \"../types\";\nimport { loadJson } from \"./json\";\nimport { bundleRequire } from \"bundle-require\";\nimport { Command } from \"commander\";\nimport Ajv from \"ajv\";\n\nexport type DotsecAwsPlugin = DotsecPluginModule<{\n\tvalidateKms: () => Promise<boolean>;\n}>;\n\nexport type DotseGithubPlugin = DotsecPluginModule<{\n\tstoreOrganisationSecret: () => boolean;\n\tstoreRepositorySecret: () => void;\n}>;\nexport const DOTSEC_DEFAULT_CONFIG_FILE = \"dotsec.config.ts\";\nexport const DOTSEC_CONFIG_FILES = [DOTSEC_DEFAULT_CONFIG_FILE];\nexport const DOTSEC_DEFAULT_DOTSEC_FILENAME = \".sec\";\nexport const DOTSEC_DEFAULT_DOTENV_FILENAME = \".env\";\nexport const DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS = \"alias/dotsec\";\nexport const DOTSEC_DEFAULT_AWS_SSM_PARAMETER_TYPE = \"SecureString\";\nexport const defaultConfig: MagicalDotsecConfig = {};\n\nexport type DotsecCliOption =\n\t| [\n\t\t\tflags: string,\n\t\t\tdescription?: string,\n\t\t\tdefaultValue?: string | boolean | string[],\n\t ]\n\t| [\n\t\t\tflags: string,\n\t\t\tdescription: string,\n\t\t\tfn: (value: string, previous: unknown) => unknown,\n\t\t\tdefaultValue?: unknown,\n\t ]\n\t| [\n\t\t\tflags: string,\n\t\t\tdescription: string,\n\t\t\tregexp: RegExp,\n\t\t\tdefaultValue?: string | boolean | string[],\n\t ];\n\nexport type CliPluginHandler<\n\tHandlerArgs extends Record<string, unknown>,\n\tHandlerResult,\n\tT extends Record<string, unknown> = Record<string, unknown>,\n> = {\n\ttriggerOption: string;\n\toptions?: {\n\t\t[key in keyof T]: DotsecCliOption;\n\t};\n\trequiredOptions?: {\n\t\t[key in keyof T]: DotsecCliOption;\n\t};\n\thandler: (options: HandlerArgs & T) => Promise<HandlerResult>;\n};\n\nexport type CliPluginEncryptHandler<\n\tHandlerPluginArgs extends Record<string, unknown> = Record<string, unknown>,\n> = CliPluginHandler<{ plaintext: string }, string, HandlerPluginArgs>;\n\nexport type CliPluginDecryptHandler<\n\tHandlerPluginArgs extends Record<string, unknown> = Record<string, unknown>,\n> = CliPluginHandler<{ ciphertext: string }, string, HandlerPluginArgs>;\n\nexport type CliPluginRunHandler<\n\tHandlerPluginArgs extends Record<string, unknown> = Record<string, unknown>,\n> = CliPluginHandler<{ ciphertext: string }, string, HandlerPluginArgs>;\n\n// export type PluginCliEncryptHandler<\n// \tT extends Record<string, unknown> = Record<string, unknown>,\n// > = {\n// \ttriggerOption: string;\n// \toptions?: {\n// \t\t[key in keyof T]: DotsecCliOption;\n// \t};\n// \trequiredOptions?: {\n// \t\t[key in keyof T]: DotsecCliOption;\n// \t};\n// \thandler: (\n// \t\toptions: {\n// \t\t\tplaintext: string;\n// \t\t} & T,\n// \t) => Promise<string>;\n// };\n// export type PluginCliDecryptHandler<\n// \tT extends Record<string, unknown> = Record<string, unknown>,\n// > = {\n// \ttriggerOption: string;\n// \toptions?: {\n// \t\t[key in keyof T]: DotsecCliOption;\n// \t};\n// \trequiredOptions?: {\n// \t\t[kkey in keyof T]: DotsecCliOption;\n// \t};\n// \thandler: (\n// \t\toptions: {\n// \t\t\tciphertext: string;\n// \t\t} & T,\n// \t) => Promise<string>;\n// };\nexport type MagicalDotsecPluginModule<\n\tT extends {\n\t\tplugin: MagicalDotsecPlugin;\n\t\tapi?: Record<string, unknown>;\n\t\tcliHandlers?: {\n\t\t\tencrypt?: Record<string, unknown>;\n\t\t\tdecrypt?: Record<string, unknown>;\n\t\t\trun?: Record<string, unknown>;\n\t\t};\n\t} = {\n\t\tplugin: MagicalDotsecPlugin;\n\t\tapi?: Record<string, unknown>;\n\t\tcliHandlers?: {\n\t\t\tencrypt?: Record<string, unknown>;\n\t\t\tdecrypt?: Record<string, unknown>;\n\t\t\trun?: Record<string, unknown>;\n\t\t};\n\t},\n> = (options: { dotsecConfig: MagicalDotsecConfig; ajv: Ajv }) => Promise<{\n\tname: keyof T[\"plugin\"];\n\tapi: T[\"api\"] extends Record<string, unknown> ? T[\"api\"] : never;\n\taddCliCommand?: (options: {\n\t\tprogram: Command;\n\t}) => Promise<void>;\n\tcliHandlers?: {\n\t\tencrypt?: CliPluginEncryptHandler<\n\t\t\tT[\"cliHandlers\"] extends { encrypt: Record<string, unknown> }\n\t\t\t\t? T[\"cliHandlers\"][\"encrypt\"]\n\t\t\t\t: Record<string, unknown>\n\t\t>;\n\t\tdecrypt?: CliPluginDecryptHandler<\n\t\t\tT[\"cliHandlers\"] extends { decrypt: Record<string, unknown> }\n\t\t\t\t? T[\"cliHandlers\"][\"decrypt\"]\n\t\t\t\t: Record<string, unknown>\n\t\t>;\n\t\trun?: CliPluginRunHandler<\n\t\t\tT[\"cliHandlers\"] extends { run: Record<string, unknown> }\n\t\t\t\t? T[\"cliHandlers\"][\"run\"]\n\t\t\t\t: Record<string, unknown>\n\t\t>;\n\t\tpush?: {\n\t\t\toptions: [string, string];\n\t\t\thandler: () => Promise<void>;\n\t\t}[];\n\t};\n}>;\n\nexport const loadDotsecPlugin = async (options: {\n\tname: string;\n}): Promise<MagicalDotsecPluginModule> => {\n\treturn import(options.name).then((imported) => {\n\t\treturn imported.default;\n\t});\n};\n// Dotsec config file\nexport type MagicalDotsecConfigAndSource = {\n\tsource: \"json\" | \"ts\" | \"defaultConfig\";\n\tcontents: MagicalDotsecConfig;\n};\n\nexport const getMagicalConfig = async (\n\tfilename?: string,\n): Promise<MagicalDotsecConfigAndSource> => {\n\tconst cwd = process.cwd();\n\tconst configJoycon = new JoyCon();\n\tconst configPath = await configJoycon.resolve({\n\t\tfiles: filename ? [filename] : [...DOTSEC_CONFIG_FILES, \"package.json\"],\n\t\tcwd,\n\t\tstopDir: path.parse(cwd).root,\n\t\tpackageKey: \"dotsec\",\n\t});\n\tif (filename && configPath === null) {\n\t\tthrow new Error(`Could not find config file ${filename}`);\n\t}\n\tif (configPath) {\n\t\tif (configPath.endsWith(\".json\")) {\n\t\t\tconst rawData = (await loadJson(\n\t\t\t\tconfigPath,\n\t\t\t)) as Partial<MagicalDotsecConfig>;\n\n\t\t\tlet data: Partial<MagicalDotsecConfig>;\n\n\t\t\tif (\n\t\t\t\tconfigPath.endsWith(\"package.json\") &&\n\t\t\t\t(rawData as { dotsec: Partial<MagicalDotsecConfig> }).dotsec !==\n\t\t\t\t\tundefined\n\t\t\t) {\n\t\t\t\tdata = (rawData as { dotsec: Partial<MagicalDotsecConfig> }).dotsec;\n\t\t\t} else {\n\t\t\t\tdata = rawData as Partial<MagicalDotsecConfig>;\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tsource: \"json\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tplugins: {\n\t\t\t\t\t\t...data?.plugins,\n\t\t\t\t\t\t...defaultConfig.plugins,\n\t\t\t\t\t},\n\t\t\t\t\tvariables: {\n\t\t\t\t\t\t...data?.variables,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t} else if (configPath.endsWith(\".ts\")) {\n\t\t\tconst bundleRequireResult = await bundleRequire({\n\t\t\t\tfilepath: configPath,\n\t\t\t});\n\t\t\tconst data = (bundleRequireResult.mod.dotsec ||\n\t\t\t\tbundleRequireResult.mod.default ||\n\t\t\t\tbundleRequireResult.mod) as Partial<MagicalDotsecConfig>;\n\n\t\t\treturn {\n\t\t\t\tsource: \"ts\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tplugins: {\n\t\t\t\t\t\t...data?.plugins,\n\t\t\t\t\t\t...defaultConfig.plugins,\n\t\t\t\t\t},\n\t\t\t\t\tvariables: {\n\t\t\t\t\t\t...data?.variables,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n\n\treturn { source: \"defaultConfig\", contents: defaultConfig };\n};\n\nexport type MagicalDotsecPluginConfig = {\n\tmodule?: string;\n\tconfig?: { [key: string]: unknown };\n\tpush?: { [key: string]: unknown };\n};\n\nexport type MagicalDotsecPlugin<\n\tT extends {\n\t\t[key: string]: MagicalDotsecPluginConfig;\n\t} = {\n\t\t[key: string]: MagicalDotsecPluginConfig;\n\t},\n> = T;\nexport type MagicalDotsecPlugins = {\n\tplugins: MagicalDotsecPlugin;\n};\n\nexport type MagicalDotsecConfig<\n\tT extends MagicalDotsecPlugins = { plugins: {} },\n> = {\n\tplugins?: {\n\t\t[PluginKey in keyof T[\"plugins\"]]?: {\n\t\t\tmodule?: T[\"plugins\"][PluginKey][\"module\"];\n\t\t} & T[\"plugins\"][PluginKey][\"config\"];\n\t};\n\tpush?: {\n\t\tvariables?: string[];\n\t\tto: {\n\t\t\t[PluginKey in keyof T[\"plugins\"]]?: T[\"plugins\"][PluginKey][\"push\"];\n\t\t};\n\t};\n\tvariables?: {\n\t\t[key: string]: {\n\t\t\tpush?: {\n\t\t\t\t[PluginKey in keyof T[\"plugins\"]]?: T[\"plugins\"][PluginKey][\"push\"];\n\t\t\t\t// [PluginKey in keyof T[\"plugins\"]]?: T[\"plugins\"][PluginKey][\"push\"];\n\t\t\t};\n\t\t};\n\t};\n};\n\n// type F = MagicalDotsecConfig<{\n// \tplugins: {\n// \t\taws: {\n// \t\t\tmodule: string;\n// \t\t\tconfig: { region: string };\n// \t\t\tpush: { ssm?: boolean };\n// \t\t};\n// \t};\n// }>;\n\n// const f: F = {\n// \tplugins: {\n// \t\taws: {\n// \t\t\tmodule: \"@dotsec/plugin-aws\",\n// \t\t\tconfig: {\n// \t\t\t\tregion: \"eu-west-1\",\n// \t\t\t},\n// \t\t},\n// \t},\n// \tvariables: {\n// \t\tOMG: {\n// \t\t\tpush: {\n// \t\t\t\taws: {\n// \t\t\t\t\tssm: true,\n// \t\t\t\t},\n// \t\t\t},\n// \t\t},\n// \t},\n// };\n"],
|
|
5
|
-
"mappings": "u4BAAA,OAAwB,wBCAxB,OAKO,kCCLP,OAIO,4CACP,GAAsC,8CCLtC,OAAkB,oBAYX,GAAM,GAAW,AAAC,GAAwB,WAAM,aAAa,GACvD,EAAS,AAAC,GAAwB,WAAM,OAAO,KAAK,GDC1D,GAAM,IAA8B,MAAO,CACjD,OACA,SAkBK,CAlCN,UAmCC,GAAM,GAAoB,KAAM,+BAC5B,EACA,EACA,EA+CJ,GA9CA,AAAI,EAAK,QACR,GAAmB,CAClB,MAAO,EAAK,QACZ,OAAQ,wBAAwB,EAAS,EAAK,YAE/C,EAAuB,CACtB,MAAO,KAAM,eAAQ,CACpB,QAAS,EAAK,YAEf,OAAQ,GAAG,EAAS,IAAI,EAAK,oCAExB,AAAI,EAAI,YACd,GAAmB,CAClB,MAAO,EAAI,YACX,OAAQ,gBAAgB,EAAS,mBAAmB,EACnD,EAAI,gBAGN,EAAuB,CACtB,MAAO,KAAM,eAAQ,CACpB,QAAS,EAAI,gBAEd,OAAQ,gBAAgB,EAAS,mBAAmB,EACnD,EAAI,iBAGA,AAAI,EAAI,mBAAqB,EAAI,sBACvC,EAAuB,CACtB,MAAO,KAAM,mBACb,OAAQ,iBAAiB,EAAS,4BAA4B,EAC7D,4BAGQ,MAAkB,kBAAlB,cAAmC,UAC7C,GAAmB,CAClB,MAAO,UACP,OAAQ,GAAG,EAAS,oCAErB,EAAuB,CACtB,MAAO,KAAM,eAAQ,CACpB,QAAS,cAEV,OAAQ,WAAW,EAAS,iBAI1B,EAAK,OACR,EAAkB,CACjB,MAAO,EAAK,OACZ,OAAQ,wBAAwB,EAAS,EAAK,mBAErC,EAAI,WACd,EAAkB,CACjB,MAAO,EAAI,WACX,OAAQ,gBAAgB,EAAS,kBAAkB,EAClD,EAAI,uBAGI,EAAI,mBACd,EAAkB,CACjB,MAAO,EAAI,mBACX,OAAQ,gBAAgB,EAAS,0BAA0B,EAC1D,EAAI,+BAGI,EAAkB,CAC5B,GAAM,GACL,uBAAmB,aAAnB,cAAgC,EAAiB,SAAjD,cAAyD,OAE1D,AAAI,GACH,GAAkB,CACjB,MAAO,EACP,OAAQ,GAAG,EACV,YAAY,EAAiB,6BAMjC,GAAM,GAAc,EAAK,eAAiB,EAAI,oBAC9C,GAAI,EAAa,CAChB,GAAM,GAAS,EAAK,cAAgB,sBAAwB,eAC5D,EAAuB,CACtB,MAAO,KAAM,gCAAyB,CACrC,kBAAmB,iBAAsB,MAEzC,OAAQ,CACP,gBACC,EAAK,2BACL,OAAO,EAAI,mCACX,KACD,QAAS,GAGV,aAAc,CACb,OAAQ,iBAAiB,WAG3B,OAAQ,GAAG,KAAU,EAAS,IAAI,SAIpC,MAAO,CAAE,uBAAsB,kBAAiB,qBAGpC,GAAuC,CAAC,CACpD,uBACA,kBACA,sBAKa,CACb,GAAM,GAAgB,GACtB,MAAI,IACH,EAAI,KAAK,yBAAyB,EAAiB,UAEhD,GACH,EAAI,KAAK,6BAA6B,EAAqB,UAExD,GACH,EAAI,KAAK,wBAAwB,EAAgB,UAE3C,EAAI,KAAK;IE9JV,GAAM,IAA6B,MAAO,CAChD,OACA,SAmBK,CACL,GAAM,CAAE,uBAAsB,kBAAiB,oBAC9C,KAAM,IAA4B,CACjC,KAAM,CACL,OAAQ,EAAK,UACb,QAAS,EAAK,WACd,cAAe,EAAK,iBACpB,0BAA2B,EAAK,8BAEjC,IAAK,KACD,KAcN,GAVI,EAAK,UAAY,IACpB,QAAQ,IACP,GAAqC,CACpC,uBACA,kBACA,sBAKC,CAAE,IAAwB,GAAkB,CAC/C,GAAI,CAAC,EACJ,cAAQ,MAAM,8BACR,GAAI,OAAM,8BAEjB,GAAI,CAAC,EACJ,cAAQ,MAAM,yBACR,GAAI,OAAM,yBAIlB,MAAO,CAAE,uBAAsB,oBH/CzB,GAAM,IAAyD,KACrE,IACI,CAhBL,QAiBC,GAAM,CACL,IAAK,CAAE,YAAa,GACpB,UACG,EACE,CAAE,uBAAsB,mBAC7B,KAAM,IAA2B,CAChC,KAAM,GACN,IAAK,KAAK,QAAQ,OAGd,EAAY,GAAI,cAAU,CAC/B,YAAa,EAAqB,MAClC,OAAQ,GAAU,EAAgB,QAG7B,EAAqB,GAAI,uBAAmB,CACjD,MAAO,IAIF,EACL,MAFyB,MAAM,GAAU,KAAK,IAE5B,cAAlB,cAA+B,uBAA/B,cAAsD,GAEvD,GAAI,IAAwB,OAC3B,KAAM,IAAI,OAAM,4CAGjB,MAAO,MACA,SAAQ,EAAoC,CACjD,GAAM,GAAiB,GAAI,mBAAe,CACzC,MAAO,EACP,UAAW,OAAO,KAAK,GACvB,oBAAqB,IAEhB,EAAmB,KAAM,GAAU,KAAK,GAE9C,GAAI,CAAC,EAAiB,eACrB,KAAM,IAAI,OACT,2BAA2B,KAAK,UAAU,CACzC,sBASH,MAJmB,QAAO,KAAK,EAAiB,gBAAgB,SAC/D,gBAKI,SAAQ,EAAqC,CAClD,GAAM,GAAiB,GAAI,mBAAe,CACzC,MAAO,EACP,eAAgB,OAAO,KAAK,EAAY,UACxC,oBAAqB,IAGhB,EAAmB,KAAM,GAAU,KAAK,GAE9C,GAAI,CAAC,EAAiB,UACrB,KAAM,IAAI,OACT,2BAA2B,KAAK,UAAU,CACzC,WAAY,EACZ,eAAgB,OAKnB,GAAM,GAAiB,OAAO,KAAK,EAAiB,WAAW,WAE/D,MAAI,MAAK,SACR,QAAQ,KAAK,mBAAmB,MAG1B,GAER,MAAO,IAAM,KI7Ff,OAAyB,+BACzB,GAAoB,sBACpB,GAAiB,wBAEJ,GAAuB,KACnC,IAEO,KAAM,YAAG,SAAS,EAAU,SAGvB,GAAsB,MAClC,EACA,IAEO,KAAM,YAAG,UAAU,EAAU,EAAU,SAGlC,GAAa,KAAO,IAAqC,CACrE,GAAI,CACH,YAAM,YAAK,GACJ,QACN,CACD,MAAO,KAII,GAA8B,MAAO,CACjD,WACA,UAIK,CACL,GAAI,GAEJ,MAAK,MAAM,IAAW,IAAc,IAAS,GAC5C,EAAoB,KAAM,eAAQ,CACjC,KAAM,UACN,KAAM,YACN,QAAS,IACD,gBAAgB,WAAK,SAAS,QAAQ,MAAO,UAItD,EAAoB,OAEd,GCrCR,OAAiB,wBCTjB,MAAoB,yBACpB,GAAe,sBAEF,GAAkB,AAAC,GAU1B,CACL,GAAM,GAAsB,AAAG,kBACzB,EAAS,WAAG,aAAa,EAAQ,WAAY,QAE7C,EACL,AAAoB,GACpB,AAAC,GAAgB,CAChB,WAAe,EAAwB,CApB1C,wCAsBI,GADA,EAAO,AAAG,iBAAe,EAAM,EAAO,GAClC,EAAK,OAAS,AAAG,aAAW,cAAe,CAC9C,GAAM,GAAU,uBAAM,SAAN,cAAc,SAAd,cAAsB,OACtC,GAAI,YAAQ,SAAR,cAAgB,MAAhB,cAAqB,MAArB,cAA0B,WACzB,qBAAS,WAAW,KAApB,cAAwB,aAAc,MAAO,CAChD,GAAM,GAAU,oBAAS,SAAT,cAAiB,OACjC,GAAI,kBAAS,WAAW,GAAG,aAAc,MAKxC,MAAO,AAAG,uBACT,WAAQ,SAAR,cAAgB,MAAhB,cAAqB,MAArB,cAA0B,UAK9B,GAAI,SAAQ,SAAR,cAAgB,MAAhB,cAAqB,SACpB,wBAAM,SAAN,cAAc,WAAW,KAAzB,cAA6B,aAAc,SAAU,CACxD,GAAM,GAAU,uBAAM,SAAN,cAAc,SAAd,cAAsB,OAGtC,GAAI,kBAAS,WAAW,GAAG,aAAc,MACxC,MAAO,AAAG,uBAAoB,QAAQ,SAAR,cAAgB,MAAhB,cAAqB,SAMvD,MAAO,GAER,MAAO,AAAG,aAAU,EAAU,IAG1B,EAA4B,AAAG,mBACpC,UACA,EACA,AAAG,eAAa,OAChB,GACA,AAAG,aAAW,IAIT,EACL,AAAG,YAAyB,EAAY,CAAC,IAEpC,EAAuC,EAAO,YAAY,GAE1D,EAAoB,EAAQ,UAAU,GAC5C,SAAO,UAEA,GCtED,GAAM,IAA6B,mBAC7B,GAAsB,CAAC,IACvB,GAAiC,OACjC,GAAiC,OACjC,GAAmC,eACnC,GAAwC,eAExC,EAA8B,CAC1C,OAAQ,CACP,IAAK,CACJ,IAAK,CACJ,SAAU,IAEX,IAAK,CACJ,cAAe,OCIZ,GAAM,IAAiC,CAC7C,OAAQ,CACP,QAAS,CACR,QAAS,CAAC,YAAa,iBAAkB,IACzC,WAAY,CACX,+CACA,cACA,MAIH,KAAM,CACL,QAAS,CACR,QAAS,CAAC,YAAa,iBAAkB,IACzC,WAAY,CACX,+CACA,cACA,IAGD,IAAK,CAAC,QAAS,oBAAqB,IACpC,IAAK,CAAC,QAAS,oBAAqB,IACpC,IAAK,CAAC,QAAS,4BAA6B,IAC5C,YAAa,CACZ,gCACA,6FACA,gBAED,UAAW,CACV,2BACA,kGAsCH,QAAS,CACR,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,QAAS,4BAA6B,MAG9C,QAAS,CACR,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,QAAS,4BAA6B,MAoB9C,IAAK,CACJ,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,uBAGvB,KAAM,CACL,aAAc,CAAC,UACf,QAAS,CACR,SAAU,CAAC,2BAA4B,mBACvC,oBAAqB,CACpB,kDACA,+BAED,uBAAwB,CACvB,wDACA,kCAGD,IAAK,CAAC,cAAe,qBACrB,IAAK,CAAC,cAAe,qBACrB,IAAK,CAAC,QAAS,4BAA6B,IAC5C,YAAa,CACZ,gCACA,6FACA,gBAED,UAAW,CACV,2BACA,mGAME,GAAsB,CAC3B,EACA,EACA,EAA2D,KACO,CAClE,GAAM,GAAU,EAAM,GACtB,GAAI,EACH,MAAI,GAAQ,aACJ,iBAAS,aAAa,OAC5B,CAAC,EAAK,IAAyB,CAC9B,GAAM,GAAI,GAAoB,EAAO,EAAsB,GAC3D,MAAO,MAAK,IAEb,CACC,QAAS,OAAK,EAAO,SAAY,EAAQ,SACzC,gBAAiB,OACb,EAAO,iBACP,EAAQ,mBAKP,CACN,QAAS,OAAK,EAAO,SAAY,EAAQ,SACzC,gBAAiB,OACb,EAAO,iBACP,EAAQ,mBAOH,EAAoB,CAAC,EAAkB,IAAyB,CAC5E,GAAM,GAAiB,GACtB,GACA,GAAe,EAAQ,QAGxB,AAAI,kBAAgB,UACnB,OAAO,OAAO,EAAe,SAAS,QACrC,CAAC,CAAC,EAAQ,EAAa,KAAkB,CACxC,EAAQ,OAAO,EAAQ,EAAa,KAInC,kBAAgB,kBACnB,OAAO,OAAO,EAAe,iBAAiB,QAC7C,CAAC,CAAC,EAAQ,EAAa,KAAkB,CACxC,EAAQ,eAAe,EAAQ,EAAa,MHvLhD,GAAM,IAAiB,KAAO,IAAqB,CAClD,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,QACR,OAAO,MAAO,EAAmB,IAAqB,CA3BzD,gBA4BG,GAAM,CACL,UACA,aACA,IAAK,EACL,IAAK,EACL,cACA,YACA,OACG,EAAQ,kBAGZ,GAAI,CACH,GAAI,GAEJ,EAAmB,KAAM,IAA2B,CACnD,UACA,OACC,GACA,QAAQ,IAAI,YACZ,SAAc,SAAd,cAAsB,MAAtB,cAA2B,QAC5B,IAAK,CACJ,SAAU,GAAe,+BAAe,SAAf,cAAuB,MAAvB,cAA4B,MAA5B,cAAiC,aAK5D,GAAM,GAAe,KAAM,IAAqB,GAG1C,EAAa,KAAM,GAAiB,QAAQ,GAE5C,EAA0B,KAAM,IAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,IAAoB,EAAgB,GAE1C,QAAQ,IACP,+BAA+B,EAC9B,uBACqB,EAAO,OAI/B,GAAM,GAAwB,GAAgB,CAC7C,WAAY,WAAK,QAChB,UACA,wCAED,OAAQ,CACP,IAAK,CACJ,IAAK,CACJ,SAAU,GAAe,IAE1B,OAAQ,GAAa,QAAQ,IAAI,eAI9B,EAAgC,KAAM,IAC3C,CACC,SAAU,EACV,KAAM,IAGR,AACC,KAAkC,QAClC,EAA8B,YAAc,KAE5C,MAAM,IAAoB,EAAY,GACtC,QAAQ,IAAI,wBAAwB,EAAO,aAEpC,EAAP,CACD,EAAQ,MAAM,MAIjB,SAAkB,GAEX,GAGD,GAAQ,GIjHf,OAAe,sBAGf,GAAsB,qBCHtB,OAAiB,wBAEjB,GAA8B,6BAC9B,GAAmB,qBCHnB,OAAe,iBACf,GAAiB,wBAEV,YAAoB,EAAc,CACxC,GAAI,CACH,MAAO,IAAI,UAAS,UAAU,EAAK,iBAClC,CAGD,MAAO,IAIF,GAAM,IAAW,KAAO,IAAqB,CACnD,GAAI,CACH,MAAO,IAAW,KAAM,YAAG,SAAS,SAAS,EAAU,eAC/C,EAAP,CACD,KAAI,aAAiB,OACd,GAAI,OACT,mBAAmB,WAAK,SAAS,QAAQ,MAAO,OAC/C,EAAM,WAIF,IDfF,GAAM,IAAY,KACxB,IACoC,CAXrC,4FAYC,GAAM,GAAM,QAAQ,MAEd,EAAa,KAAM,AADJ,IAAI,cACa,QAAQ,CAC7C,MAAO,EAAW,CAAC,GAAY,CAAC,GAAG,GAAqB,gBACxD,MACA,QAAS,WAAK,MAAM,GAAK,KACzB,WAAY,WAEb,GAAI,GAAY,IAAe,KAC9B,KAAM,IAAI,OAAM,8BAA8B,KAE/C,GAAI,GACH,GAAI,EAAW,SAAS,SAAU,CACjC,GAAM,GAAW,KAAM,IAAS,GAE5B,EAEJ,MACC,GAAW,SAAS,iBACnB,EAA8C,SAAW,OAE1D,EAAQ,EAA8C,OAEtD,EAAO,EAGD,CACN,OAAQ,OACR,SAAU,SACN,GACA,GAFM,CAGT,OAAQ,SACJ,iBAAM,QACN,EAAc,QAFV,CAGP,OAAQ,OACJ,oBAAM,SAAN,cAAc,QACd,wBAAe,SAAf,cAAuB,QAE3B,IAAK,SACD,oBAAM,SAAN,cAAc,KACd,wBAAe,SAAf,cAAuB,KAFtB,CAGJ,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,eAAgB,OACZ,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,gBAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,+BAMhB,EAAW,SAAS,OAAQ,CACtC,GAAM,GAAsB,KAAM,qBAAc,CAC/C,SAAU,IAEL,EAAQ,EAAoB,IAAI,QACrC,EAAoB,IAAI,SACxB,EAAoB,IAErB,MAAO,CACN,OAAQ,KACR,SAAU,SACN,GACA,GAFM,CAGT,OAAQ,SACJ,iBAAM,QACN,EAAc,QAFV,CAGP,OAAQ,OACJ,oBAAM,SAAN,cAAc,QACd,wBAAe,SAAf,cAAuB,QAE3B,IAAK,SACD,oBAAM,SAAN,cAAc,KACd,wBAAe,SAAf,cAAuB,KAFtB,CAGJ,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,eAAgB,OACZ,8BAAe,SAAf,cAAuB,MAAvB,eAA4B,gBAC5B,UAAK,SAAL,eAAa,MAAb,eAAkB,wBAS5B,MAAO,CAAE,OAAQ,gBAAiB,SAAU,IDrG7C,OAA0B,iCAEpB,GAAe,CACpB,EACA,IAGI,CAjBL,MAkBC,GAAM,GAAa,EACjB,QAAQ,qBACR,qBACA,YACA,qGAEA,OACA,MACC,EACA,EACA,IACI,CA7BR,UA8BI,GAAM,CACL,aACA,IAAK,EACL,IAAK,EACL,WACA,UACG,EAAQ,kBAEN,CACL,SAAU,CAAE,UAAW,IACpB,KAAM,IAAU,GAEd,EAAmB,KAAM,IAA2B,CACzD,QAAS,GACT,IAAK,CACJ,SACC,GACA,wBAAQ,MAAR,cAAa,MAAb,cAAkB,WAClB,IAEF,OAAQ,GAAU,qBAAQ,MAAR,cAAa,UAG5B,EAEJ,GAAI,EACH,EAAc,WAAG,aAAa,EAAQ,gBAC5B,EAAQ,CAClB,GAAM,GAAiB,WAAG,aAAa,EAAQ,QAC/C,EAAc,KAAM,GAAiB,QAAQ,OAE7C,MAAM,IAAI,OAAM,0CAEjB,GAAI,EAAa,CAChB,GAAM,GAAa,aAAM,GACnB,CAAC,KAAgB,GAAmB,EAC1C,iBAAU,EAAa,CAAC,GAAG,GAAkB,CAC5C,MAAO,UACP,MAAO,GACP,IAAK,SACD,QAAQ,KACR,GAFC,CAGJ,eAAgB,KAAK,UAAU,OAAO,KAAK,QAI7C,EAAQ,WAER,MAAM,IAAI,OAAM,mCAKpB,SAAkB,EAAY,OAC9B,oBAAS,MAAT,QAAc,IAAI,AAAC,GAAQ,CAC1B,GAAM,CAAE,UAAS,mBAAoB,EACrC,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CAEtC,EAAW,OAAO,GAAG,KAGnB,GACH,OAAO,OAAO,GAAiB,IAAI,AAAC,GAAmB,CAEtD,EAAW,OAAO,GAAG,OAKjB,GAGD,GAAQ,GGsIR,GAAM,IAAY,AAAC,GAClB,MAAO,IAAU,UC3OzB,OAAe,sBAQf,OAAsB,qBCXtB,OAAoB,sBACP,GAAgB,MAAO,CACnC,YACA,OACA,aAMI,IAAS,GACL,CAAE,QAAS,IAEH,GAAY,KAAM,KAAc,IAEvC,KAAM,eAAQ,CACpB,KAAM,UACN,KAAM,UACN,QAAS,IACD,IAKJ,CAAE,QAAS,ICxBnB,OAIO,kCAGA,GAAM,IAAS,KAAO,IAEvB,CACL,GAAM,CAAE,UAAW,GAAW,GAExB,CAAE,uBAAsB,mBAC7B,KAAM,IAA2B,CAChC,KAAM,GACN,IAAK,KAAK,QAAQ,OAGd,EAAY,GAAI,cAAU,CAC/B,YAAa,EAAqB,MAClC,OAAQ,GAAU,EAAgB,QAGnC,MAAO,MACA,KAAI,EAA4D,CACrE,OAAW,KAAuB,GAAsB,CACvD,GAAM,GAAU,GAAI,wBAAoB,OACpC,GADoC,CAEvC,UAAW,MAEZ,KAAM,GAAU,KAAK,OC9BzB,MAOO,8CAGA,GAAM,IAAoB,KAAO,IAElC,CACL,GAAM,CAAE,UAAW,GAAW,GAExB,CAAE,uBAAsB,mBAC7B,KAAM,IAA2B,CAChC,KAAM,GACN,IAAK,KAAK,QAAQ,OAGd,EAAuB,GAAI,wBAAqB,CACrD,YAAa,EAAqB,MAClC,OAAQ,GAAU,EAAgB,QAGnC,MAAO,MACA,MAAK,EAA6C,CACvD,GAAM,GAA8C,GACpD,QAAQ,IAAI,yBAA0B,GACtC,GAAM,GAA8C,GACpD,OAAW,KAAuB,GAAsB,CAGvD,GAAM,GAAwB,GAAI,yBAAsB,CACvD,SAAU,EAAoB,OAE/B,GAAI,CACH,GAAM,GAAS,KAAM,GAAqB,KAAK,GAC/C,QAAQ,IAAI,WAEZ,EAAqB,KACpB,GAAI,uBAAoB,CACvB,SAAU,EAAO,IACjB,aAAc,EAAoB,sBAG5B,EAAP,CACD,AAAI,YAAa,8BAEhB,SAAQ,IAAI,WAEZ,EAAqB,KACpB,GAAI,uBAAoB,CACvB,KAAM,EAAoB,KAC1B,aAAc,EAAoB,kBAOvC,MAAO,CACN,uBACA,uBACA,KAAM,SAAY,CACjB,OAAW,KAAuB,GACjC,KAAM,GAAqB,KAAK,GAGjC,OAAW,KAAuB,GACjC,KAAM,GAAqB,KAAK,QHpDtC,GAAM,IAAiB,KAAO,IAAqB,CAClD,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,QACR,OAAO,MAAO,EAAU,IAAqB,CAxBhD,8BAyBG,GAAM,CACL,aACA,UACA,MACA,MACA,cACA,YACA,MACA,WACA,sBACA,0BACG,EAAQ,kBACZ,GAAI,CAAE,IAAY,GAAuB,GACxC,KAAM,IAAI,OACT,0GAGF,GAAM,CAAE,SAAU,GAAiB,KAAM,IAAU,GAE/C,EAEJ,GAAI,EAAK,CACR,GAAM,GAAiB,GAAU,GAC9B,GACA,EACH,EAAc,WAAG,aAAa,EAAgB,gBACpC,EAAK,CACf,GAAM,GAAiB,GAAU,GAC9B,GACA,EACG,EAAiB,WAAG,aAAa,EAAgB,QAYvD,EAAc,KAAM,AAXK,MAAM,IAA2B,CACzD,UACA,OACC,GACA,QAAQ,IAAI,YACZ,SAAa,SAAb,cAAqB,MAArB,cAA0B,QAC3B,IAAK,CACJ,SAAU,GAAe,2BAAc,SAAd,cAAsB,MAAtB,cAA2B,MAA3B,cAAgC,cAItB,QAAQ,OAE7C,MAAM,IAAI,OAAM,0CAGjB,GAAM,GAAY,aAAM,GAGxB,GAAI,CACH,GAAI,EAAU,CACb,GAAM,GAAc,uBAAc,SAAd,cAAsB,MAAtB,cAA2B,IACzC,EAAU,kBAAa,gBAAiB,eAExC,EAAa,kBAAa,aAAc,GACxC,EAAuB,OAAO,QAAQ,GAAW,OAErD,CAAC,EAAK,CAAC,EAAK,KAAW,CAnF9B,aAoFM,GAAI,KAAa,YAAb,cAAyB,GAAM,CAClC,GAAM,GAAQ,KAAa,YAAb,cAAyB,GACvC,GAAI,EAAO,CACV,GAAM,IAAU,GAAG,IAAa,IAChC,GAAI,SAAM,OAAN,cAAY,MAAZ,eAAiB,IAAK,CACzB,GAAM,IAA2C,GAChD,EAAM,KAAK,IAAI,KAEb,CACA,KAAM,GACN,MAAO,EACP,KAAM,GAEN,KACA,KAAM,GACN,KAAM,GACH,EAAM,KAAK,IAAI,KAHlB,CAIA,MAAO,IAGV,EAAI,KAAK,MAMZ,MAAO,IACL,IAEG,CAAE,WAAY,KAAM,IAAc,CACvC,QAAS;AAAA,EACb,EACA,IAAI,CAAC,CAAE,UAAW,KAAK,EAAO,GAAQ,gBACtC,KAAK;AAAA,KACD,KAAM,IAGP,AAAI,IAAY,IACf,SAAQ,IAAI,sCAKZ,KAAM,AAJM,MAAM,IAAO,CACxB,OAAQ,GAAa,wBAAc,SAAd,cAAsB,MAAtB,cAA2B,WAGvC,IAAI,IAKhB,GAAI,EAAqB,CAExB,GAAM,GACL,uBAAc,SAAd,cAAsB,MAAtB,cAA2B,eACtB,EAAa,kBAAwB,aAAc,GACnD,EAAqB,KAAM,IAAkB,CAClD,OACC,GACA,QAAQ,IAAI,YACZ,SAAa,SAAb,cAAqB,MAArB,cAA0B,UAGtB,EAAuB,OAAO,QAAQ,GAAW,OAErD,CAAC,EAAK,CAAC,EAAK,KAAW,CAlJ9B,eAmJM,GAAI,MAAa,YAAb,eAAyB,GAAM,CAClC,GAAM,IAAQ,KAAa,YAAb,cAAyB,GACvC,GAAI,GAAO,CACV,GAAM,GAAU,GAAG,IAAa,IAChC,GAAI,WAAM,OAAN,eAAY,MAAZ,eAAiB,IAAK,CACzB,GAAM,GAA2C,GAChD,GAAM,KAAK,IAAI,KAEb,CACA,KAAM,EACN,aAAc,GAEd,KACA,KAAM,GACH,GAAM,KAAK,IAAI,KAFlB,CAGA,aAAc,IAGjB,EAAI,KAAK,KAKZ,MAAO,IACL,IACG,CAAE,OAAM,uBAAsB,wBACnC,KAAM,GAAmB,KAAK,GACzB,EAA2B,GACjC,GAAI,EAAqB,OAAS,EAAG,CACpC,GAAM,CAAE,QAAS,GAAkB,KAAM,IAAc,CACtD,QAAS;AAAA,EACd,EACA,IAAI,CAAC,CAAE,MAAO,CAAE,eAAiB,KAAK,EAAO,GAAY,gBACzD,KAAK;AAAA,KACA,KAAM,IAGP,EAAc,KAAK,GAEpB,GAAI,EAAqB,OAAS,EAAG,CACpC,GAAM,CAAE,QAAS,GAAkB,KAAM,IAAc,CACtD,QAAS;AAAA,EACd,EACA,IAAI,CAAC,CAAE,MAAO,CAAE,WAAa,KAAK,EAAO,GAAQ,gBACjD,KAAK;AAAA,KACA,KAAM,IAGP,EAAc,KAAK,GAEpB,AAAI,EAAc,KAAK,AAAC,GAAM,IAAM,MAAW,QAC9C,SAAQ,IAAI,mCAEZ,KAAM,MAIR,GAAI,EAAwB,CAE3B,GAAM,GAAuB,OAAO,QAAQ,GAAW,OAErD,CAAC,EAAK,CAAC,EAAK,KAAW,CAhN9B,YAiNM,GAAI,KAAa,YAAb,cAAyB,GAAM,CAClC,GAAM,GAAQ,KAAa,YAAb,cAAyB,GACvC,AAAI,GACC,SAAM,OAAN,cAAY,SAAZ,cAAoB,iBACvB,EAAI,KAAK,CACR,KAAM,EACN,UAMJ,MAAO,IACL,IAEH,QAAQ,IAAI,uBAAwB,UAE7B,EAAP,CACD,EAAQ,MAAM,MAIjB,SAAkB,GAEX,GAGD,GAAQ,GI5Nf,GAAM,IAAoB,MACzB,EACA,IAGI,CACJ,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,WACR,OAAO,MAAO,EAAmB,IAAqB,CACtD,GAAI,CACH,GAAM,CAEL,IAAK,EACL,IAAK,EACL,OACG,EAAQ,kBACN,EAAmB,OAAO,KAAK,GAAU,OAE7C,CAAC,EAAK,IACF,GACG,EAAQ,WAAW,KAAK,AAAC,GACxB,EAAW,gBAAkB,GAIpC,QAEH,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DAA+D,EAAQ,WACrE,IAAI,AAAC,GAAM,KAAK,EAAE,iBAClB,KAAK,SAIT,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,EAAiB,SAAW,IAC3C,GAAG,OAAO,KAAK,EAAiB,iBAAmB,KAG9C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAIlB,EAAe,KAAM,IAAqB,GAE1C,EAAa,KAAM,GAAiB,QAAQ,GACjD,UAAW,GACR,IAGE,EAA0B,KAAM,IAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,IAAoB,EAAgB,GAC1C,QAAQ,IACP,+BAA+B,EAC9B,cACY,EAAO,aAGd,EAAP,CACD,QAAQ,MAAM,EAAO,EAAE,UACvB,EAAQ,UAIX,SAAQ,WAAW,IAAI,AAAC,GAAe,CACtC,GAAM,CAAE,UAAS,mBAAoB,EACrC,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CAEtC,EAAW,OAAO,GAAG,KAGnB,GACH,OAAO,OAAO,GAAiB,IAAI,AAAC,GAAmB,CAEtD,EAAW,OAAO,GAAG,OAIxB,EAAkB,GAEX,GAGD,GAAQ,GChGf,GAAM,IAAoB,MACzB,EACA,IAGI,CACJ,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,WACR,OAAO,MAAO,EAAmB,IAAqB,CACtD,GAAI,CACH,GAAM,CAEL,IAAK,EACL,IAAK,EACL,OACG,EAAQ,kBAEN,EAAmB,OAAO,KAAK,GAAU,OAE7C,CAAC,EAAK,IACF,GACG,EAAQ,WAAW,KAAK,AAAC,GACxB,EAAW,gBAAkB,GAIpC,QAEH,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DAA+D,EAAQ,WACrE,IAAI,AAAC,GAAM,KAAK,EAAE,iBAClB,KAAK,SAIT,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,EAAiB,SAAW,IAC3C,GAAG,OAAO,KAAK,EAAiB,iBAAmB,KAG9C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAGxB,QAAQ,IAAI,iBAAkB,GAE9B,GAAM,GAAe,KAAM,IAAqB,GAE1C,EAAY,KAAM,GAAiB,QAAQ,GAChD,WAAY,GACT,IAGE,EAA0B,KAAM,IAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,IAAoB,EAAgB,GAC1C,QAAQ,IACP,+BAA+B,EAC9B,cACY,EAAO,OAItB,QAAQ,IAAI,YAAa,SACjB,EAAP,CACD,QAAQ,MAAM,EAAO,EAAE,UACvB,EAAQ,UAIX,SAAQ,WAAW,IAAI,AAAC,GAAe,CACtC,GAAM,CAAE,UAAS,mBAAoB,EACrC,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CAEtC,EAAW,OAAO,GAAG,KAGnB,GACH,OAAO,OAAO,GAAiB,IAAI,AAAC,GAAmB,CAEtD,EAAW,OAAO,GAAG,OAIxB,EAAkB,GAEX,GAGD,GAAQ,GCpHf,OAAmB,qBACnB,GAAiB,mBAGjB,OAA8B,6BAYjB,GAA6B,mBAC7B,GAAsB,CAAC,IAK7B,GAAM,IAAqC,GA+HrC,GAAmB,KAAO,IAG/B,2BAAO,EAAP,QAAO,EAAQ,QAAM,KAAK,AAAC,GAC1B,EAAS,SASL,GAAmB,KAC/B,IAC2C,CAC3C,GAAM,GAAM,QAAQ,MAEd,EAAa,KAAM,AADJ,IAAI,cACa,QAAQ,CAC7C,MAAO,EAAW,CAAC,GAAY,CAAC,GAAG,GAAqB,gBACxD,MACA,QAAS,WAAK,MAAM,GAAK,KACzB,WAAY,WAEb,GAAI,GAAY,IAAe,KAC9B,KAAM,IAAI,OAAM,8BAA8B,KAE/C,GAAI,GACH,GAAI,EAAW,SAAS,SAAU,CACjC,GAAM,GAAW,KAAM,IACtB,GAGG,EAEJ,MACC,GAAW,SAAS,iBACnB,EAAqD,SACrD,OAED,EAAQ,EAAqD,OAE7D,EAAO,EAGD,CACN,OAAQ,OACR,SAAU,SACN,IACA,GAFM,CAGT,QAAS,OACL,iBAAM,SACN,GAAc,SAElB,UAAW,KACP,iBAAM,sBAIF,EAAW,SAAS,OAAQ,CACtC,GAAM,GAAsB,KAAM,qBAAc,CAC/C,SAAU,IAEL,EAAQ,EAAoB,IAAI,QACrC,EAAoB,IAAI,SACxB,EAAoB,IAErB,MAAO,CACN,OAAQ,KACR,SAAU,SACN,IACA,GAFM,CAGT,QAAS,OACL,iBAAM,SACN,GAAc,SAElB,UAAW,KACP,iBAAM,eAOd,MAAO,CAAE,OAAQ,gBAAiB,SAAU,KpBzN7C,OAAuC,kBAEjC,GAA+B,CACpC,QAAS,YACT,KAAM,SACN,WAAY,CACX,KAAM,SACN,YAAa,mBAEd,UAAW,GACX,MAAO,GACP,OAAQ,GACR,QAAS,AAAC,GAAW,CAAC,EAAM,IAAQ,CACnC,GAAI,EAAK,CACR,GAAM,CAAE,aAAY,sBAAuB,EAC3C,SAAW,GAAsB,IAAS,GAAK,GAAK,EAAK,MAAM,GACxD,OAEP,OAAO,KAKJ,EAAU,GAAI,YAEpB,AAAC,UAAY,CAEZ,GAAM,GAAY,QAAQ,KAAK,KAAK,AAAC,GAAQ,EAAI,WAAW,OAEtD,EAAa,EAChB,EAAU,SAAS,KAClB,EAAU,MAAM,KAAK,GACrB,QAAQ,KAAK,QAAQ,KAAK,QAAQ,GAAa,GAChD,OACG,CAAE,SAAU,EAAS,IAAO,KAAM,IAAiB,GACnD,CAAE,UAAS,aAAc,EAE/B,EACE,KAAK,UACL,YAAY,oBACZ,QAAQ,SACR,0BACA,OAAO,CAAC,EAAU,IAAmB,CACrC,EAAM,SAGR,EAAkB,GAElB,GAAM,GAA2C,GACjD,AAAI,GACH,OAAO,QAAQ,GAAS,QACvB,CAAC,CAAC,EAAY,KAAuD,CACpE,AAAI,kBAAc,SACjB,GAAc,GAAc,iBAAc,UAM9C,OAAO,OAAO,GAAa,IAAI,QAAQ,AAAC,GAAa,CACpD,AAAI,kBAAU,OACb,OAAO,KAAK,EAAS,MAAM,QAAQ,AAAC,GAAe,CAClD,AAAK,EAAc,IAClB,GAAc,GAAc,kBAAkB,SAMlD,QAAQ,IAAI,gBAAiB,GAE7B,GAAM,GAAM,GAAI,YAAI,CACnB,UAAW,GACX,iBAAkB,GAClB,YAAa,GACb,YAAa,GACb,gBAAiB,GACjB,cAAe,GACf,SAAU,CAAC,MAIN,EAAsD,GACtD,EAAsD,GACtD,EAA8C,GAEpD,OAAW,KAAc,QAAO,KAAK,GAAgB,CACpD,GAAM,GAAe,EAAc,GAC7B,EAAmB,KAAM,IAAiB,CAAE,KAAM,IAClD,CAAE,gBAAe,YAAa,GAAQ,KAAM,GAAiB,CAClE,MACA,aAAc,IAGf,AAAI,kBAAK,UACR,EAAyB,KAAK,EAAI,SAE/B,kBAAK,UACR,EAAyB,KAAK,EAAI,SAE/B,kBAAK,MACR,EAAqB,KAAK,EAAI,KAE3B,GACH,EAAc,CAAE,YAGlB,AAAI,EAAyB,QAC5B,KAAM,IAAkB,EAAS,CAChC,WAAY,IAGV,EAAyB,QAC5B,KAAM,IAAkB,EAAS,CAChC,WAAY,IAKd,KAAM,IAAe,GACrB,KAAM,IAAc,EAAS,CAAE,IAAK,IAGpC,KAAM,IAAe,GACrB,KAAM,GAAQ",
|
|
4
|
+
"sourcesContent": ["import { Command } from \"commander\";\n\nimport addInitCommand from \"./commands/init\";\nimport addRunCommand from \"./commands/run2\";\nimport addPushProgram from \"./commands/push\";\nimport addEncryptProgram from \"./commands/encrypt\";\nimport addDecryptProgram from \"./commands/decrypt\";\nimport { setProgramOptions } from \"./options\";\nimport {\n\tgetMagicalConfig,\n\tloadDotsecPlugin,\n\tMagicalDotsecPluginConfig,\n\tCliPluginDecryptHandler,\n\tCliPluginEncryptHandler,\n\tCliPluginRunHandler,\n} from \"../lib/plugin\";\nimport Ajv, { KeywordDefinition } from \"ajv\";\n\nconst separator: KeywordDefinition = {\n\tkeyword: \"separator\",\n\ttype: \"string\",\n\tmetaSchema: {\n\t\ttype: \"string\",\n\t\tdescription: \"value separator\",\n\t},\n\tmodifying: true,\n\tvalid: true,\n\terrors: false,\n\tcompile: (schema) => (data, ctx) => {\n\t\tif (ctx) {\n\t\t\tconst { parentData, parentDataProperty } = ctx;\n\t\t\tparentData[parentDataProperty] = data === \"\" ? [] : data.split(schema);\n\t\t\treturn true;\n\t\t} else {\n\t\t\treturn false;\n\t\t}\n\t},\n};\n\nconst program = new Command();\n\n(async () => {\n\t// find -c value in argv\n\tconst configArg = process.argv.find((arg) => arg.startsWith(\"-c\"));\n\t// if -c contains a =, split it and get the value. otherwise, take the next value\n\tconst configFile = configArg\n\t\t? configArg.includes(\"=\")\n\t\t\t? configArg.split(\"=\")[1]\n\t\t\t: process.argv[process.argv.indexOf(configArg) + 1]\n\t\t: undefined;\n\tconst { contents: config = {} } = await getMagicalConfig(configFile);\n\tconst { plugins, variables } = config;\n\n\tprogram\n\t\t.name(\"dotsec\")\n\t\t.description(\".env, but secure\")\n\t\t.version(\"1.0.0\")\n\t\t.enablePositionalOptions()\n\t\t.action((_options, other: Command) => {\n\t\t\tother.help();\n\t\t});\n\n\tsetProgramOptions(program);\n\n\tconst pluginModules: { [key: string]: string } = {};\n\tif (plugins) {\n\t\tObject.entries(plugins).forEach(\n\t\t\t([pluginName, pluginModule]: [string, MagicalDotsecPluginConfig]) => {\n\t\t\t\tif (pluginModule?.module) {\n\t\t\t\t\tpluginModules[pluginName] = pluginModule?.module;\n\t\t\t\t} else {\n\t\t\t\t\tpluginModules[pluginName] = `@dotsec/plugin-${pluginName}`;\n\t\t\t\t}\n\t\t\t},\n\t\t);\n\t}\n\n\tObject.values(variables || {}).forEach((variable) => {\n\t\tif (variable?.push) {\n\t\t\tObject.keys(variable.push).forEach((pluginName) => {\n\t\t\t\tif (!pluginModules[pluginName]) {\n\t\t\t\t\tpluginModules[pluginName] = `@dotsec/plugin-${pluginName}`;\n\t\t\t\t}\n\t\t\t});\n\t\t}\n\t});\n\n\tconst ajv = new Ajv({\n\t\tallErrors: true,\n\t\tremoveAdditional: true,\n\t\tuseDefaults: true,\n\t\tcoerceTypes: true,\n\t\tallowUnionTypes: true,\n\t\taddUsedSchema: false,\n\t\tkeywords: [separator],\n\t});\n\n\t// configure encryption command\n\tconst cliPluginEncryptHandlers: CliPluginEncryptHandler[] = [];\n\tconst cliPluginDecryptHandlers: CliPluginDecryptHandler[] = [];\n\tconst cliPluginRunHandlers: CliPluginRunHandler[] = [];\n\n\tfor (const pluginName of Object.keys(pluginModules)) {\n\t\tconst pluginModule = pluginModules[pluginName];\n\t\tconst initDotsecPlugin = await loadDotsecPlugin({ name: pluginModule });\n\t\tconst { addCliCommand, cliHandlers: cli } = await initDotsecPlugin({\n\t\t\tajv,\n\t\t\tdotsecConfig: config,\n\t\t});\n\n\t\tif (cli?.encrypt) {\n\t\t\tcliPluginEncryptHandlers.push(cli.encrypt);\n\t\t}\n\t\tif (cli?.decrypt) {\n\t\t\tcliPluginDecryptHandlers.push(cli.decrypt);\n\t\t}\n\t\tif (cli?.run) {\n\t\t\tcliPluginRunHandlers.push(cli.run);\n\t\t}\n\t\tif (addCliCommand) {\n\t\t\taddCliCommand({ program });\n\t\t}\n\t}\n\tif (cliPluginEncryptHandlers.length) {\n\t\tawait addEncryptProgram(program, {\n\t\t\tencryption: cliPluginEncryptHandlers,\n\t\t});\n\t}\n\tif (cliPluginDecryptHandlers.length) {\n\t\tawait addDecryptProgram(program, {\n\t\t\tdecryption: cliPluginDecryptHandlers,\n\t\t});\n\t}\n\n\t// add other commands\n\tawait addInitCommand(program);\n\tawait addRunCommand(program, { run: cliPluginRunHandlers });\n\t// await addDecryptCommand(program);\n\t// await addEncryptCommand(program);\n\tawait addPushProgram(program);\n\tawait program.parse();\n})();\n", "import {\n\tDecryptCommand,\n\tDescribeKeyCommand,\n\tEncryptCommand,\n\tKMSClient,\n} from \"@aws-sdk/client-kms\";\nimport { EncryptionEngineFactory } from \"../../types\";\nimport { handleCredentialsAndRegion } from \"./handleCredentialsAndRegion\";\n\nexport type AwsEncryptionEngineFactory = EncryptionEngineFactory<\n\t{ region?: string; kms?: { keyAlias?: string } },\n\t{ other: () => void }\n>;\n\nexport const awsEncryptionEngineFactory: AwsEncryptionEngineFactory = async (\n\toptions,\n) => {\n\tconst {\n\t\tkms: { keyAlias } = {},\n\t\tregion,\n\t} = options;\n\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\tawait handleCredentialsAndRegion({\n\t\t\targv: {},\n\t\t\tenv: { ...process.env },\n\t\t});\n\n\tconst kmsClient = new KMSClient({\n\t\tcredentials: credentialsAndOrigin.value,\n\t\tregion: region || regionAndOrigin.value,\n\t});\n\n\tconst describeKeyCommand = new DescribeKeyCommand({\n\t\tKeyId: keyAlias,\n\t});\n\n\tconst describeKeyResult = await kmsClient.send(describeKeyCommand);\n\tconst encryptionAlgorithm =\n\t\tdescribeKeyResult.KeyMetadata?.EncryptionAlgorithms?.[0];\n\n\tif (encryptionAlgorithm === undefined) {\n\t\tthrow new Error(\"Could not determine encryption algorithm\");\n\t}\n\n\treturn {\n\t\tasync encrypt(plaintext: string): Promise<string> {\n\t\t\tconst encryptCommand = new EncryptCommand({\n\t\t\t\tKeyId: keyAlias,\n\t\t\t\tPlaintext: Buffer.from(plaintext),\n\t\t\t\tEncryptionAlgorithm: encryptionAlgorithm,\n\t\t\t});\n\t\t\tconst encryptionResult = await kmsClient.send(encryptCommand);\n\n\t\t\tif (!encryptionResult.CiphertextBlob) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Something bad happened: ${JSON.stringify({\n\t\t\t\t\t\tencryptCommand,\n\t\t\t\t\t})}`,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst cipherText = Buffer.from(encryptionResult.CiphertextBlob).toString(\n\t\t\t\t\"base64\",\n\t\t\t);\n\n\t\t\treturn cipherText;\n\t\t},\n\t\tasync decrypt(cipherText: string): Promise<string> {\n\t\t\tconst decryptCommand = new DecryptCommand({\n\t\t\t\tKeyId: keyAlias,\n\t\t\t\tCiphertextBlob: Buffer.from(cipherText, \"base64\"),\n\t\t\t\tEncryptionAlgorithm: encryptionAlgorithm,\n\t\t\t});\n\n\t\t\tconst decryptionResult = await kmsClient.send(decryptCommand);\n\n\t\t\tif (!decryptionResult.Plaintext) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Something bad happened: ${JSON.stringify({\n\t\t\t\t\t\tcipherText: cipherText,\n\t\t\t\t\t\tdecryptCommand: decryptCommand,\n\t\t\t\t\t})}`,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst decryptedValue = Buffer.from(decryptionResult.Plaintext).toString();\n\n\t\t\tif (this.verbose) {\n\t\t\t\tconsole.info(`Decrypting key '${cipherText}'`);\n\t\t\t}\n\n\t\t\treturn decryptedValue;\n\t\t},\n\t\tother: () => {},\n\t};\n};\n", "import {\n\tfromEnv,\n\tfromIni,\n\tfromTemporaryCredentials,\n} from \"@aws-sdk/credential-providers\";\nimport { loadSharedConfigFiles } from \"@aws-sdk/shared-ini-file-loader\";\nimport { emphasis, strong } from \"../../utils/logger\";\n\nimport {\n\tCredentialsAndOrigin,\n\tProfileAndOrigin,\n\tRegionAndOrigin,\n} from \"./types\";\n\nexport const getCredentialsProfileRegion = async ({\n\targv,\n\tenv,\n}: {\n\targv: {\n\t\tprofile?: string;\n\t\tregion?: string;\n\t\tassumeRoleArn?: string;\n\t\tassumeRoleSessionDuration?: number;\n\t};\n\tenv: {\n\t\tAWS_PROFILE?: string;\n\t\tAWS_ACCESS_KEY_ID?: string;\n\t\tAWS_SECRET_ACCESS_KEY?: string;\n\t\tAWS_REGION?: string;\n\t\tAWS_DEFAULT_REGION?: string;\n\t\tAWS_ASSUME_ROLE_ARN?: string | undefined;\n\t\tAWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n\t\tTZ?: string;\n\t};\n}) => {\n\tconst sharedConfigFiles = await loadSharedConfigFiles();\n\tlet credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n\tlet profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n\tlet regionAndOrigin: RegionAndOrigin | undefined = undefined;\n\tif (argv.profile) {\n\t\tprofileAndOrigin = {\n\t\t\tvalue: argv.profile,\n\t\t\torigin: `command line option: ${emphasis(argv.profile)}`,\n\t\t};\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromIni({\n\t\t\t\tprofile: argv.profile,\n\t\t\t})(),\n\t\t\torigin: `${emphasis(`[${argv.profile}]`)} in credentials file`,\n\t\t};\n\t} else if (env.AWS_PROFILE) {\n\t\tprofileAndOrigin = {\n\t\t\tvalue: env.AWS_PROFILE,\n\t\t\torigin: `env variable ${emphasis(\"AWS_PROFILE\")}: ${strong(\n\t\t\t\tenv.AWS_PROFILE,\n\t\t\t)}`,\n\t\t};\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromIni({\n\t\t\t\tprofile: env.AWS_PROFILE,\n\t\t\t})(),\n\t\t\torigin: `env variable ${emphasis(\"AWS_PROFILE\")}: ${strong(\n\t\t\t\tenv.AWS_PROFILE,\n\t\t\t)}`,\n\t\t};\n\t} else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromEnv()(),\n\t\t\torigin: `env variables ${emphasis(\"AWS_ACCESS_KEY_ID\")} and ${emphasis(\n\t\t\t\t\"AWS_SECRET_ACCESS_KEY\",\n\t\t\t)}`,\n\t\t};\n\t} else if (sharedConfigFiles.credentialsFile?.default) {\n\t\tprofileAndOrigin = {\n\t\t\tvalue: \"default\",\n\t\t\torigin: `${emphasis(\"[default]\")} in credentials file`,\n\t\t};\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromIni({\n\t\t\t\tprofile: \"default\",\n\t\t\t})(),\n\t\t\torigin: `profile ${emphasis(\"[default]\")}`,\n\t\t};\n\t}\n\n\tif (argv.region) {\n\t\tregionAndOrigin = {\n\t\t\tvalue: argv.region,\n\t\t\torigin: `command line option: ${emphasis(argv.region)}`,\n\t\t};\n\t} else if (env.AWS_REGION) {\n\t\tregionAndOrigin = {\n\t\t\tvalue: env.AWS_REGION,\n\t\t\torigin: `env variable ${emphasis(\"AWS_REGION\")}: ${strong(\n\t\t\t\tenv.AWS_REGION,\n\t\t\t)}`,\n\t\t};\n\t} else if (env.AWS_DEFAULT_REGION) {\n\t\tregionAndOrigin = {\n\t\t\tvalue: env.AWS_DEFAULT_REGION,\n\t\t\torigin: `env variable ${emphasis(\"AWS_DEFAULT_REGION\")}: ${strong(\n\t\t\t\tenv.AWS_DEFAULT_REGION,\n\t\t\t)}`,\n\t\t};\n\t} else if (profileAndOrigin) {\n\t\tconst foundRegion =\n\t\t\tsharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n\t\tif (foundRegion) {\n\t\t\tregionAndOrigin = {\n\t\t\t\tvalue: foundRegion,\n\t\t\t\torigin: `${emphasis(\n\t\t\t\t\t`[profile ${profileAndOrigin.value}]`,\n\t\t\t\t)} in config file`,\n\t\t\t};\n\t\t}\n\t}\n\n\tconst assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;\n\tif (assumedRole) {\n\t\tconst origin = argv.assumeRoleArn ? \"command line option\" : \"env variable\";\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromTemporaryCredentials({\n\t\t\t\tmasterCredentials: credentialsAndOrigin?.value,\n\n\t\t\t\tparams: {\n\t\t\t\t\tDurationSeconds:\n\t\t\t\t\t\targv.assumeRoleSessionDuration ||\n\t\t\t\t\t\tNumber(env.AWS_ASSUME_ROLE_SESSION_DURATION) ||\n\t\t\t\t\t\t3600,\n\t\t\t\t\tRoleArn: assumedRole,\n\t\t\t\t},\n\n\t\t\t\tclientConfig: {\n\t\t\t\t\tregion: regionAndOrigin?.value,\n\t\t\t\t},\n\t\t\t})(),\n\t\t\torigin: `${origin} ${emphasis(`[${assumedRole}]`)}`,\n\t\t};\n\t}\n\n\treturn { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n\tcredentialsAndOrigin,\n\tregionAndOrigin,\n\tprofileAndOrigin,\n}: {\n\tcredentialsAndOrigin?: CredentialsAndOrigin;\n\tregionAndOrigin?: RegionAndOrigin;\n\tprofileAndOrigin?: ProfileAndOrigin;\n}): string => {\n\tconst out: string[] = [];\n\tif (profileAndOrigin) {\n\t\tout.push(`Got profile name from ${profileAndOrigin.origin}`);\n\t}\n\tif (credentialsAndOrigin) {\n\t\tout.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n\t}\n\tif (regionAndOrigin) {\n\t\tout.push(`Resolved region from ${regionAndOrigin.origin}`);\n\t}\n\treturn out.join(\"\\n\");\n};\n", "import chalk from \"chalk\";\nlet _logger: Pick<Console, \"info\" | \"error\" | \"table\">;\nexport const getLogger = () => {\n\tif (!_logger) {\n\t\t_logger = console;\n\t}\n\n\treturn _logger;\n};\nexport const writeLine = (str: string) => {\n\tprocess.stdout.write(str);\n};\nexport const emphasis = (str: string): string => chalk.yellowBright(str);\nexport const strong = (str: string): string => chalk.yellow.bold(str);\n\nexport const clientLogger = {\n\tdebug(content: object) {\n\t\tconsole.log(content);\n\t},\n\tinfo(content: object) {\n\t\tconsole.log(content);\n\t},\n\twarn(content: object) {\n\t\tconsole.log(content);\n\t},\n\terror(content: object) {\n\t\tconsole.error(content);\n\t},\n};\n", "import {\n\tgetCredentialsProfileRegion,\n\tprintVerboseCredentialsProfileRegion,\n} from \"./getCredentialsProfileRegion\";\n\nexport const handleCredentialsAndRegion = async ({\n\targv,\n\tenv,\n}: {\n\targv: {\n\t\tawsRegion?: string;\n\t\tawsProfile?: string;\n\t\tverbose?: boolean;\n\t\tawsAssumeRoleArn?: string;\n\t\tawsAssumeRoleSessionDuration?: number;\n\t};\n\tenv: {\n\t\tAWS_PROFILE?: string | undefined;\n\t\tAWS_ACCESS_KEY_ID?: string | undefined;\n\t\tAWS_SECRET_ACCESS_KEY?: string | undefined;\n\t\tAWS_REGION?: string | undefined;\n\t\tAWS_DEFAULT_REGION?: string | undefined;\n\t\tAWS_ASSUME_ROLE_ARN?: string | undefined;\n\t\tAWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n\t\tTZ?: string;\n\t};\n}) => {\n\tconst { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n\t\tawait getCredentialsProfileRegion({\n\t\t\targv: {\n\t\t\t\tregion: argv.awsRegion,\n\t\t\t\tprofile: argv.awsProfile,\n\t\t\t\tassumeRoleArn: argv.awsAssumeRoleArn,\n\t\t\t\tassumeRoleSessionDuration: argv.awsAssumeRoleSessionDuration,\n\t\t\t},\n\t\t\tenv: {\n\t\t\t\t...env,\n\t\t\t},\n\t\t});\n\n\tif (argv.verbose === true) {\n\t\tconsole.log(\n\t\t\tprintVerboseCredentialsProfileRegion({\n\t\t\t\tcredentialsAndOrigin,\n\t\t\t\tregionAndOrigin,\n\t\t\t\tprofileAndOrigin,\n\t\t\t}),\n\t\t);\n\t}\n\n\tif (!(credentialsAndOrigin && regionAndOrigin)) {\n\t\tif (!credentialsAndOrigin) {\n\t\t\tconsole.error(\"Could not find credentials\");\n\t\t\tthrow new Error(\"Could not find credentials\");\n\t\t}\n\t\tif (!regionAndOrigin) {\n\t\t\tconsole.error(\"Could not find region\");\n\t\t\tthrow new Error(\"Could not find region\");\n\t\t}\n\t}\n\n\treturn { credentialsAndOrigin, regionAndOrigin };\n};\n", "import fs, { stat } from \"node:fs/promises\";\nimport prompts from \"prompts\";\nimport path from \"node:path\";\n\nexport const readContentsFromFile = async (\n\tfilePath: string,\n): Promise<string> => {\n\treturn await fs.readFile(filePath, \"utf-8\");\n};\n\nexport const writeContentsToFile = async (\n\tfilePath: string,\n\tcontents: string,\n): Promise<void> => {\n\treturn await fs.writeFile(filePath, contents, \"utf-8\");\n};\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n\ttry {\n\t\tawait stat(source);\n\t\treturn true;\n\t} catch {\n\t\treturn false;\n\t}\n};\n\nexport const promptOverwriteIfFileExists = async ({\n\tfilePath,\n\tskip,\n}: {\n\tfilePath: string;\n\tskip?: boolean;\n}) => {\n\tlet overwriteResponse: prompts.Answers<\"overwrite\"> | undefined;\n\n\tif ((await fileExists(filePath)) && skip !== true) {\n\t\toverwriteResponse = await prompts({\n\t\t\ttype: \"confirm\",\n\t\t\tname: \"overwrite\",\n\t\t\tmessage: () => {\n\t\t\t\treturn `Overwrite './${path.relative(process.cwd(), filePath)}' ?`;\n\t\t\t},\n\t\t});\n\t} else {\n\t\toverwriteResponse = undefined;\n\t}\n\treturn overwriteResponse;\n};\n", "import { Command } from \"commander\";\nimport { awsEncryptionEngineFactory } from \"../../lib/aws/AwsKmsEncryptionEngine\";\nimport {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { EncryptionEngine, Init2CommandOptions } from \"../../types\";\n\nimport path from \"node:path\";\nimport { patchConfigFile } from \"../../lib/transformer\";\nimport { setProgramOptions } from \"../options\";\nimport { strong } from \"../../utils/logger\";\nimport {\n\tdefaultConfig,\n\tDOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n} from \"../../constants\";\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n};\n\nconst addInitProgram = async (program: Command) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"init\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\tconst {\n\t\t\t\tverbose,\n\t\t\t\tconfigFile,\n\t\t\t\tenv: dotenvFilename,\n\t\t\t\tsec: dotsecFilename,\n\t\t\t\tawskeyAlias,\n\t\t\t\tawsRegion,\n\t\t\t\tyes,\n\t\t\t} = command.optsWithGlobals<Init2CommandOptions>();\n\t\t\t// get dotsec config\n\n\t\t\ttry {\n\t\t\t\tlet encryptionEngine: EncryptionEngine;\n\n\t\t\t\tencryptionEngine = await awsEncryptionEngineFactory({\n\t\t\t\t\tverbose,\n\t\t\t\t\tregion:\n\t\t\t\t\t\tawsRegion ||\n\t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t\t\tdefaultConfig.config?.aws?.region,\n\t\t\t\t\tkms: {\n\t\t\t\t\t\tkeyAlias: awskeyAlias || defaultConfig?.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t},\n\t\t\t\t});\n\n\t\t\t\t// get current dot env file\n\t\t\t\tconst dotenvString = await readContentsFromFile(dotenvFilename);\n\n\t\t\t\t// encrypt\n\t\t\t\tconst cipherText = await encryptionEngine.encrypt(dotenvString);\n\n\t\t\t\tconst dotsecOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotsecFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotsecOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotsecFilename, cipherText);\n\t\t\t\t\t// todo: fix type\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote encrypted contents of ${strong(\n\t\t\t\t\t\t\tdotenvFilename,\n\t\t\t\t\t\t)} contents file to ${strong(dotsecFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst patchedConfigTemplate = patchConfigFile({\n\t\t\t\t\tconfigFile: path.resolve(\n\t\t\t\t\t\t__dirname,\n\t\t\t\t\t\t\"../../src/templates/dotsec.config.ts\",\n\t\t\t\t\t),\n\t\t\t\t\tconfig: {\n\t\t\t\t\t\taws: {\n\t\t\t\t\t\t\tkms: {\n\t\t\t\t\t\t\t\tkeyAlias: awskeyAlias || DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tregion: awsRegion || process.env.AWS_REGION,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tconst dotsecConfigOverwriteResponse = await promptOverwriteIfFileExists(\n\t\t\t\t\t{\n\t\t\t\t\t\tfilePath: configFile,\n\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tif (\n\t\t\t\t\tdotsecConfigOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecConfigOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(configFile, patchedConfigTemplate);\n\t\t\t\t\tconsole.log(`Wrote config file to ${strong(configFile)}`);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tcommand.error(e);\n\t\t\t}\n\t\t});\n\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addInitProgram;\n", "import * as ts from \"typescript\";\nimport fs from \"node:fs\";\n\nexport const patchConfigFile = (options: {\n\tconfigFile: string;\n\tconfig?: {\n\t\taws?: {\n\t\t\tregion?: string;\n\t\t\tkms?: {\n\t\t\t\tkeyAlias?: string;\n\t\t\t};\n\t\t};\n\t};\n}) => {\n\tconst printer: ts.Printer = ts.createPrinter();\n\tconst source = fs.readFileSync(options.configFile, \"utf8\");\n\n\tconst transformer =\n\t\t<T extends ts.Node>(context: ts.TransformationContext) =>\n\t\t(rootNode: T) => {\n\t\t\tfunction visit(node: ts.Node): ts.Node {\n\t\t\t\tnode = ts.visitEachChild(node, visit, context);\n\t\t\t\tif (node.kind === ts.SyntaxKind.StringLiteral) {\n\t\t\t\t\tconst kmsNode = node?.parent?.parent?.parent;\n\t\t\t\t\tif (options.config?.aws?.kms?.keyAlias) {\n\t\t\t\t\t\tif (kmsNode?.getChildAt(0)?.getText() === \"kms\") {\n\t\t\t\t\t\t\tconst awsNode = kmsNode?.parent?.parent;\n\t\t\t\t\t\t\tif (awsNode?.getChildAt(0).getText() === \"aws\") {\n\t\t\t\t\t\t\t\t// console.log(\n\t\t\t\t\t\t\t\t// \t\"parent is aws\",\n\t\t\t\t\t\t\t\t// \tnode.parent?.getChildAt(2).getText(),\n\t\t\t\t\t\t\t\t// );\n\t\t\t\t\t\t\t\treturn ts.createStringLiteral(\n\t\t\t\t\t\t\t\t\toptions.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif (options.config?.aws?.region) {\n\t\t\t\t\t\tif (node?.parent?.getChildAt(0)?.getText() === \"region\") {\n\t\t\t\t\t\t\tconst awsNode = node?.parent?.parent?.parent;\n\n\t\t\t\t\t\t\t// const awsNode = kmsNode?.parent?.parent;\n\t\t\t\t\t\t\tif (awsNode?.getChildAt(0).getText() === \"aws\") {\n\t\t\t\t\t\t\t\treturn ts.createStringLiteral(options.config?.aws?.region);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treturn node;\n\t\t\t}\n\t\t\treturn ts.visitNode(rootNode, visit);\n\t\t};\n\n\tconst sourceFile: ts.SourceFile = ts.createSourceFile(\n\t\t\"test.ts\",\n\t\tsource,\n\t\tts.ScriptTarget.ES2015,\n\t\ttrue,\n\t\tts.ScriptKind.TS,\n\t);\n\n\t// Options may be passed to transform\n\tconst result: ts.TransformationResult<ts.SourceFile> =\n\t\tts.transform<ts.SourceFile>(sourceFile, [transformer]);\n\n\tconst transformedSourceFile: ts.SourceFile = result.transformed[0];\n\n\tconst transformedSource = printer.printFile(transformedSourceFile);\n\tresult.dispose();\n\n\treturn transformedSource;\n};\n", "import { DotsecConfig } from \"./types\";\n\nexport const DOTSEC_DEFAULT_CONFIG_FILE = \"dotsec.config.ts\";\nexport const DOTSEC_CONFIG_FILES = [DOTSEC_DEFAULT_CONFIG_FILE];\nexport const DOTSEC_DEFAULT_DOTSEC_FILENAME = \".sec\";\nexport const DOTSEC_DEFAULT_DOTENV_FILENAME = \".env\";\nexport const DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS = \"alias/dotsec\";\nexport const DOTSEC_DEFAULT_AWS_SSM_PARAMETER_TYPE = \"SecureString\";\n\nexport const defaultConfig: DotsecConfig = {\n\tconfig: {\n\t\taws: {\n\t\t\tkms: {\n\t\t\t\tkeyAlias: DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n\t\t\t},\n\t\t\tssm: {\n\t\t\t\tparameterType: DOTSEC_DEFAULT_AWS_SSM_PARAMETER_TYPE,\n\t\t\t},\n\t\t},\n\t},\n};\n", "import { Command } from \"commander\";\nimport {\n\tDOTSEC_DEFAULT_CONFIG_FILE,\n\tDOTSEC_DEFAULT_DOTENV_FILENAME,\n\tDOTSEC_DEFAULT_DOTSEC_FILENAME,\n} from \"../constants\";\n\ntype Options = {\n\t[optionName: string]:\n\t\t| [string, string]\n\t\t| [string, string, string | boolean | string[]];\n};\n\ntype CommandOptions = {\n\t[commandName: string]: {\n\t\tinheritsFrom?: string[];\n\t\toptions?: Options;\n\t\trequiredOptions?: Options;\n\t};\n};\nexport const commandOptions: CommandOptions = {\n\tdotsec: {\n\t\toptions: {\n\t\t\tverbose: [\"--verbose\", \"Verbose output\", false],\n\t\t\tconfigFile: [\n\t\t\t\t\"-c, --config-file, --configFile <configFile>\",\n\t\t\t\t\"Config file\",\n\t\t\t\tDOTSEC_DEFAULT_CONFIG_FILE,\n\t\t\t],\n\t\t},\n\t},\n\tinit: {\n\t\toptions: {\n\t\t\tverbose: [\"--verbose\", \"Verbose output\", false],\n\t\t\tconfigFile: [\n\t\t\t\t\"-c, --config-file, --configFile <configFile>\",\n\t\t\t\t\"Config file\",\n\t\t\t\tDOTSEC_DEFAULT_CONFIG_FILE,\n\t\t\t],\n\n\t\t\tenv: [\"--env\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t\tawsKeyAlias: [\n\t\t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t\t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t\t\t\t\"alias/dotsec\",\n\t\t\t],\n\t\t\tawsRegion: [\n\t\t\t\t\"--aws-region <awsRegion>\",\n\t\t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t\t\t],\n\t\t},\n\t},\n\t// decrypt: {\n\t// \tinheritsFrom: [\"dotsec\"],\n\t// \toptions: {\n\t// \t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t// \t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t// \t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t// \t\tawsKeyAlias: [\n\t// \t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t// \t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t// \t\t\t\"alias/dotsec\",\n\t// \t\t],\n\t// \t\tawsRegion: [\n\t// \t\t\t\"--aws-region <awsRegion>\",\n\t// \t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t// \t\t],\n\t// \t},\n\t// },\n\t// encrypt: {\n\t// \tinheritsFrom: [\"dotsec\"],\n\t// \toptions: {\n\t// \t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t// \t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t// \t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t// \t\tawsKeyAlias: [\n\t// \t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t// \t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t// \t\t\t\"alias/dotsec\",\n\t// \t\t],\n\t// \t\tawsRegion: [\n\t// \t\t\t\"--aws-region <awsRegion>\",\n\t// \t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t// \t\t],\n\t// \t},\n\t// },\n\tencrypt: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t},\n\t},\n\tdecrypt: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t},\n\t},\n\n\t// run: {\n\t// \tinheritsFrom: [\"dotsec\"],\n\t// \toptions: {\n\t// \t\tenv: [\"--env <env>\", \"Path to .env file\"],\n\t// \t\tsec: [\"--sec [sec]\", \"Path to .sec file\"],\n\t// \t\tawsKeyAlias: [\n\t// \t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t// \t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t// \t\t\t\"alias/dotsec\",\n\t// \t\t],\n\t// \t\tawsRegion: [\n\t// \t\t\t\"--aws-region <awsRegion>\",\n\t// \t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t// \t\t],\n\t// \t},\n\t// },\n\trun: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\"],\n\t\t},\n\t},\n\tpush: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\ttoAwsSsm: [\"--to-aws-ssm, --toAwsSsm\", \"Push to AWS SSM\"],\n\t\t\ttoAwsSecretsManager: [\n\t\t\t\t\"--to-aws-secrets-manager, --toAwsSecretsManager\",\n\t\t\t\t\"Push to AWS Secrets Manager\",\n\t\t\t],\n\t\t\ttoGitHubActionsSecrets: [\n\t\t\t\t\"--to-github-actions-secrets, --toGitHubActionsSecrets\",\n\t\t\t\t\"Push to GitHub actions secrets\",\n\t\t\t],\n\n\t\t\tenv: [\"--env [env]\", \"Path to .env file\"],\n\t\t\tsec: [\"--sec [sec]\", \"Path to .sec file\"],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t\tawsKeyAlias: [\n\t\t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t\t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t\t\t\t\"alias/dotsec\",\n\t\t\t],\n\t\t\tawsRegion: [\n\t\t\t\t\"--aws-region <awsRegion>\",\n\t\t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t\t\t],\n\t\t},\n\t},\n};\n\nconst getInheritedOptions = (\n\tcopts: CommandOptions,\n\tcommandName: string,\n\tresult: { options?: Options; requiredOptions?: Options } = {},\n): { options?: Options; requiredOptions?: Options } | undefined => {\n\tconst command = copts[commandName];\n\tif (command) {\n\t\tif (command.inheritsFrom) {\n\t\t\treturn command?.inheritsFrom.reduce(\n\t\t\t\t(acc, inheritedCommandName) => {\n\t\t\t\t\tconst r = getInheritedOptions(copts, inheritedCommandName, acc);\n\t\t\t\t\treturn { ...r };\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\toptions: { ...result.options, ...command.options },\n\t\t\t\t\trequiredOptions: {\n\t\t\t\t\t\t...result.requiredOptions,\n\t\t\t\t\t\t...command.requiredOptions,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t} else {\n\t\t\treturn {\n\t\t\t\toptions: { ...result.options, ...command.options },\n\t\t\t\trequiredOptions: {\n\t\t\t\t\t...result.requiredOptions,\n\t\t\t\t\t...command.requiredOptions,\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n};\n\nexport const setProgramOptions = (program: Command, commandName?: string) => {\n\tconst programOptions = getInheritedOptions(\n\t\tcommandOptions,\n\t\tcommandName || program.name(),\n\t);\n\n\tif (programOptions?.options) {\n\t\tObject.values(programOptions.options).forEach(\n\t\t\t([option, description, defaultValue]) => {\n\t\t\t\tprogram.option(option, description, defaultValue);\n\t\t\t},\n\t\t);\n\t}\n\tif (programOptions?.requiredOptions) {\n\t\tObject.values(programOptions.requiredOptions).forEach(\n\t\t\t([option, description, defaultValue]) => {\n\t\t\t\tprogram.requiredOption(option, description, defaultValue);\n\t\t\t},\n\t\t);\n\t}\n};\n", "import fs from \"node:fs\";\n\nimport { Command } from \"commander\";\nimport { parse } from \"dotenv\";\n\nimport { DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS } from \"../../constants\";\nimport { awsEncryptionEngineFactory } from \"../../lib/aws/AwsKmsEncryptionEngine\";\nimport { RunCommandOptions } from \"../../types\";\nimport { setProgramOptions } from \"../options\";\nimport { getConfig } from \"../../lib/config\";\nimport { spawnSync } from \"node:child_process\";\nimport { CliPluginRunHandler } from \"../../lib/plugin\";\nconst addRunProgam = (\n\tprogram: Command,\n\toptions?: {\n\t\trun?: CliPluginRunHandler[];\n\t},\n) => {\n\tconst subProgram = program\n\t\t.command(\"run2 <command...>\")\n\t\t.allowUnknownOption()\n\t\t.description(\n\t\t\t\"Run a command in a separate process and populate env with decrypted .env or encrypted .sec values\",\n\t\t)\n\t\t.action(\n\t\t\tasync (\n\t\t\t\tcommands: string[],\n\t\t\t\t_options: Record<string, string>,\n\t\t\t\tcommand: Command,\n\t\t\t) => {\n\t\t\t\tconst {\n\t\t\t\t\tconfigFile,\n\t\t\t\t\tenv: dotenv,\n\t\t\t\t\tsec: dotsec,\n\t\t\t\t\tkeyAlias,\n\t\t\t\t\tregion,\n\t\t\t\t} = command.optsWithGlobals<RunCommandOptions>();\n\n\t\t\t\tconst {\n\t\t\t\t\tcontents: { config } = {},\n\t\t\t\t} = await getConfig(configFile);\n\n\t\t\t\tconst encryptionPlugin = await awsEncryptionEngineFactory({\n\t\t\t\t\tverbose: true,\n\t\t\t\t\tkms: {\n\t\t\t\t\t\tkeyAlias:\n\t\t\t\t\t\t\tkeyAlias ||\n\t\t\t\t\t\t\tconfig?.aws?.kms?.keyAlias ||\n\t\t\t\t\t\t\tDOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n\t\t\t\t\t},\n\t\t\t\t\tregion: region || config?.aws?.region,\n\t\t\t\t});\n\n\t\t\t\tlet envContents: string | undefined;\n\n\t\t\t\tif (dotenv) {\n\t\t\t\t\tenvContents = fs.readFileSync(dotenv, \"utf8\");\n\t\t\t\t} else if (dotsec) {\n\t\t\t\t\tconst dotSecContents = fs.readFileSync(dotsec, \"utf8\");\n\t\t\t\t\tenvContents = await encryptionPlugin.decrypt(dotSecContents);\n\t\t\t\t} else {\n\t\t\t\t\tthrow new Error('Must provide either \"--env\" or \"--sec\"');\n\t\t\t\t}\n\t\t\t\tif (envContents) {\n\t\t\t\t\tconst dotenvVars = parse(envContents);\n\t\t\t\t\tconst [userCommand, ...userCommandArgs] = commands;\n\t\t\t\t\tspawnSync(userCommand, [...userCommandArgs], {\n\t\t\t\t\t\tstdio: \"inherit\",\n\t\t\t\t\t\tshell: false,\n\t\t\t\t\t\tenv: {\n\t\t\t\t\t\t\t...process.env,\n\t\t\t\t\t\t\t...dotenvVars,\n\t\t\t\t\t\t\t__DOTSEC_ENV__: JSON.stringify(Object.keys(dotenvVars)),\n\t\t\t\t\t\t},\n\t\t\t\t\t});\n\n\t\t\t\t\tcommand.help();\n\t\t\t\t} else {\n\t\t\t\t\tthrow new Error(\"No .env or .sec file provided\");\n\t\t\t\t}\n\t\t\t},\n\t\t);\n\n\tsetProgramOptions(subProgram, \"run\");\n\toptions?.run?.map((run) => {\n\t\tconst { options, requiredOptions } = run;\n\t\tif (options) {\n\t\t\tObject.values(options).map((option) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...option);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.values(requiredOptions).map((requiredOption) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...requiredOption);\n\t\t\t});\n\t\t}\n\t});\n\n\treturn subProgram;\n};\n\nexport default addRunProgam;\n", "import path from \"node:path\";\n\nimport { bundleRequire } from \"bundle-require\";\nimport JoyCon from \"joycon\";\n\nimport { loadJson } from \"../json\";\nimport { DotsecConfig, DotsecConfigAndSource } from \"../../types\";\nimport { defaultConfig, DOTSEC_CONFIG_FILES } from \"../../constants\";\n\nexport const getConfig = async (\n\tfilename?: string,\n): Promise<DotsecConfigAndSource> => {\n\tconst cwd = process.cwd();\n\tconst configJoycon = new JoyCon();\n\tconst configPath = await configJoycon.resolve({\n\t\tfiles: filename ? [filename] : [...DOTSEC_CONFIG_FILES, \"package.json\"],\n\t\tcwd,\n\t\tstopDir: path.parse(cwd).root,\n\t\tpackageKey: \"dotsec\",\n\t});\n\tif (filename && configPath === null) {\n\t\tthrow new Error(`Could not find config file ${filename}`);\n\t}\n\tif (configPath) {\n\t\tif (configPath.endsWith(\".json\")) {\n\t\t\tconst rawData = (await loadJson(configPath)) as Partial<DotsecConfig>;\n\n\t\t\tlet data: Partial<DotsecConfig>;\n\n\t\t\tif (\n\t\t\t\tconfigPath.endsWith(\"package.json\") &&\n\t\t\t\t(rawData as { dotsec: Partial<DotsecConfig> }).dotsec !== undefined\n\t\t\t) {\n\t\t\t\tdata = (rawData as { dotsec: Partial<DotsecConfig> }).dotsec;\n\t\t\t} else {\n\t\t\t\tdata = rawData as Partial<DotsecConfig>;\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tsource: \"json\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tconfig: {\n\t\t\t\t\t\t...data?.config,\n\t\t\t\t\t\t...defaultConfig.config,\n\t\t\t\t\t\tgithub: {\n\t\t\t\t\t\t\t...data?.config?.github,\n\t\t\t\t\t\t\t...defaultConfig?.config?.github,\n\t\t\t\t\t\t},\n\t\t\t\t\t\taws: {\n\t\t\t\t\t\t\t...data?.config?.aws,\n\t\t\t\t\t\t\t...defaultConfig?.config?.aws,\n\t\t\t\t\t\t\tkms: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.kms,\n\t\t\t\t\t\t\t\t...data.config?.aws?.kms,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tssm: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.ssm,\n\t\t\t\t\t\t\t\t...data.config?.aws?.ssm,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tsecretsManager: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t\t...data.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t} else if (configPath.endsWith(\".ts\")) {\n\t\t\tconst bundleRequireResult = await bundleRequire({\n\t\t\t\tfilepath: configPath,\n\t\t\t});\n\t\t\tconst data = (bundleRequireResult.mod.dotsec ||\n\t\t\t\tbundleRequireResult.mod.default ||\n\t\t\t\tbundleRequireResult.mod) as Partial<DotsecConfig>;\n\n\t\t\treturn {\n\t\t\t\tsource: \"ts\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tconfig: {\n\t\t\t\t\t\t...data?.config,\n\t\t\t\t\t\t...defaultConfig.config,\n\t\t\t\t\t\tgithub: {\n\t\t\t\t\t\t\t...data?.config?.github,\n\t\t\t\t\t\t\t...defaultConfig?.config?.github,\n\t\t\t\t\t\t},\n\t\t\t\t\t\taws: {\n\t\t\t\t\t\t\t...data?.config?.aws,\n\t\t\t\t\t\t\t...defaultConfig?.config?.aws,\n\t\t\t\t\t\t\tkms: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.kms,\n\t\t\t\t\t\t\t\t...data.config?.aws?.kms,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tssm: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.ssm,\n\t\t\t\t\t\t\t\t...data.config?.aws?.ssm,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tsecretsManager: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t\t...data.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n\n\treturn { source: \"defaultConfig\", contents: defaultConfig };\n};\n", "import fs from \"fs\";\nimport path from \"node:path\";\n\nexport function jsoncParse(data: string) {\n\ttry {\n\t\treturn new Function(`return ${data.trim()}`)();\n\t} catch {\n\t\t// Silently ignore any error\n\t\t// That's what tsc/jsonc-parser did after all\n\t\treturn {};\n\t}\n}\n\nexport const loadJson = async (filepath: string) => {\n\ttry {\n\t\treturn jsoncParse(await fs.promises.readFile(filepath, \"utf8\"));\n\t} catch (error) {\n\t\tif (error instanceof Error) {\n\t\t\tthrow new Error(\n\t\t\t\t`Failed to parse ${path.relative(process.cwd(), filepath)}: ${\n\t\t\t\t\terror.message\n\t\t\t\t}`,\n\t\t\t);\n\t\t} else {\n\t\t\tthrow error;\n\t\t}\n\t}\n};\n", "import { PutParameterRequest } from \"@aws-sdk/client-ssm\";\nimport { Command } from \"commander\";\n\n// type Replace<\n// \tSource,\n// \tNeedle extends String,\n// \tReplacement,\n// > = Source extends Record<string, unknown>\n// \t? {\n// \t\t\t[key in keyof Source]: key extends Needle\n// \t\t\t\t? Replacement\n// \t\t\t\t: Replace<Source[key], Needle, Replacement>;\n// \t }\n// \t: Source;\n\n// utility types\nexport type DeepPartial<T> = T extends object\n\t? {\n\t\t\t[P in keyof T]?: DeepPartial<T[P]>;\n\t }\n\t: T;\n\nexport type EncryptionEngineFactoryProps = { verbose?: boolean };\nexport type EncryptionEngine<T = {}> = {\n\tencrypt(plaintext: string): Promise<string>;\n\tdecrypt(ciphertext: string): Promise<string>;\n} & T;\n\nexport type EncryptionEngineFactory<\n\tT = {},\n\tV extends Record<string, unknown> = {},\n> = {\n\t(options: EncryptionEngineFactoryProps & T): Promise<EncryptionEngine<V>>;\n};\n\nexport abstract class EncryptionPlugin {\n\tprotected verbose: boolean | undefined;\n\tconstructor(options: EncryptionEngineFactoryProps) {\n\t\tthis.verbose = options?.verbose;\n\t}\n\tabstract encrypt(plaintext: string): Promise<string>;\n\tabstract decrypt(ciphertext: string): Promise<string>;\n}\n\ntype DotsecPlugin = {\n\t[key: string]: {\n\t\tplugin?: {\n\t\t\tmodule?: string;\n\t\t};\n\t\tconfig: {\n\t\t\t[key: string]: unknown;\n\t\t};\n\t\tpush: Record<string, unknown>;\n\t};\n};\n\ntype DotsecVariables = Record<string, DotsecVariable | boolean>;\nexport type DotsecConfigOptions = {\n\tplugins?: DotsecPlugin;\n\tvariables?: DotsecVariables;\n};\ntype DotSecVariableWithPlugin<\n\tVariable extends DotsecVariable,\n\tPlugins extends DotsecPlugin,\n> = {\n\tpush?: {\n\t\t[key in keyof DotsecAwsPlugin]?: DotsecAwsPlugin[key][\"push\"];\n\t} & {\n\t\t[key in keyof DotsecGitHubPlugin]?: DotsecGitHubPlugin[key][\"push\"];\n\t} & Variable[\"push\"] & {\n\t\t\t[key in keyof Plugins]?: Plugins[key][\"push\"];\n\t\t};\n};\n\nexport type DotsecVariable = {\n\tpush?: {};\n};\n\nexport type DotsecAwsPlugin = {\n\taws: {\n\t\tconfig: {\n\t\t\tregion?: string;\n\t\t\tkms?: {\n\t\t\t\tkeyAlias?: string;\n\t\t\t\tencryptionAlgorithm?:\n\t\t\t\t\t| \"RSAES_OAEP_SHA_1\"\n\t\t\t\t\t| \"RSAES_OAEP_SHA_256\"\n\t\t\t\t\t| \"SYMMETRIC_DEFAULT\";\n\t\t\t};\n\t\t\tssm?: {\n\t\t\t\tpathPrefix?: string;\n\t\t\t\tparameterType?: \"String\" | \"SecureString\";\n\t\t\t};\n\t\t\tsecretsManager?: {\n\t\t\t\tpathPrefix?: string;\n\t\t\t};\n\t\t};\n\t\tpush: {\n\t\t\tssm?:\n\t\t\t\t| boolean\n\t\t\t\t| (Omit<PutParameterRequest, \"Name\" | \"Value\"> & {\n\t\t\t\t\t\tName?: string;\n\t\t\t\t });\n\t\t\tsecretsManager?: boolean;\n\t\t};\n\t};\n};\nexport type DotsecGitHubPlugin = {\n\tgithub: {\n\t\tconfig: {\n\t\t\tpersonalAccessToken?: string | { fromEnv: string };\n\t\t};\n\t\tpush: {\n\t\t\tactionsSecrets: {\n\t\t\t\torganisations?: [{ secretName?: string; organisation: string }];\n\t\t\t};\n\t\t};\n\t};\n};\n\nexport type DotsecConfig<T extends DotsecConfigOptions = DotsecConfigOptions> =\n\t{\n\t\tconfig?: // (\n\n\t\t{\n\t\t\t[key in keyof DotsecPlugin]?: DotsecPlugin[key][\"config\"];\n\t\t} & {\n\t\t\t[key in keyof DotsecAwsPlugin]?: DotsecAwsPlugin[key][\"config\"];\n\t\t} & {\n\t\t\t[key in keyof DotsecGitHubPlugin]?: DotsecGitHubPlugin[key][\"config\"];\n\t\t} & {\n\t\t\t// aws?: {\n\t\t\t// \tregion?: string;\n\t\t\t// \tkms?: {\n\t\t\t// \t\tkeyAlias?: string;\n\t\t\t// \t\tencryptionAlgorithm?:\n\t\t\t// \t\t\t| \"RSAES_OAEP_SHA_1\"\n\t\t\t// \t\t\t| \"RSAES_OAEP_SHA_256\"\n\t\t\t// \t\t\t| \"SYMMETRIC_DEFAULT\";\n\t\t\t// \t};\n\t\t\t// \tssm?: {\n\t\t\t// \t\tpathPrefix?: string;\n\t\t\t// \t\tparameterType?: \"String\" | \"SecureString\";\n\t\t\t// \t};\n\t\t\t// \tsecretsManager?: {\n\t\t\t// \t\tpathPrefix?: string;\n\t\t\t// \t};\n\t\t\t// };\n\t\t\t// github?: {\n\t\t\t// \tpersonalAccessToken:\n\t\t\t// \t\t| {\n\t\t\t// \t\t\t\tvalue: string;\n\t\t\t// \t\t\t\tfromEnv?: never;\n\t\t\t// \t\t }\n\t\t\t// \t\t| {\n\t\t\t// \t\t\t\tvalue?: never;\n\t\t\t// \t\t\t\tfromEnv: keyof T[\"variables\"];\n\t\t\t// \t\t };\n\t\t\t// };\n\t\t};\n\t\tvariables?: {\n\t\t\t[key in keyof T[\"variables\"]]: T[\"variables\"][key] extends DotsecVariable\n\t\t\t\t? DotSecVariableWithPlugin<\n\t\t\t\t\t\tT[\"variables\"][key],\n\t\t\t\t\t\tT[\"plugins\"] extends DotsecPlugin ? T[\"plugins\"] : never\n\t\t\t\t >\n\t\t\t\t: DotSecVariableWithPlugin<\n\t\t\t\t\t\tDotsecVariable,\n\t\t\t\t\t\tT[\"plugins\"] extends DotsecPlugin ? T[\"plugins\"] : never\n\t\t\t\t >;\n\t\t};\n\t};\n\n// Dotsec config file\nexport type DotsecConfigAndSource = {\n\tsource: \"json\" | \"ts\" | \"defaultConfig\";\n\tcontents: DotsecConfig;\n};\n\n// CLI types\nexport type GlobalCommandOptions = {\n\tconfigFile: string;\n\tverbose: false;\n};\n\nexport type Init2CommandOptions = {\n\tconfigFile: string;\n\tverbose: false;\n\tenv: string;\n\tsec: string;\n\tyes: boolean;\n\tawskeyAlias: string;\n\tawsRegion?: string;\n\t// performInit: (encryptionEngine: EncryptionEngine) => Promise<void>;\n};\nexport type Encrypt2CommandOptions = {\n\tverbose: false;\n\tenv: string;\n\tsec: string;\n\tyes: boolean;\n\t// performInit: (encryptionEngine: EncryptionEngine) => Promise<void>;\n};\nexport type Decrypt2CommandOptions = {\n\tverbose: false;\n\tenv: string;\n\tsec: string;\n\tyes: boolean;\n\t// performInit: (encryptionEngine: EncryptionEngine) => Promise<void>;\n};\n\nexport type RunCommandOptions = GlobalCommandOptions & {\n\tenv?: string;\n\tsec?: string;\n\tkeyAlias?: string;\n\tregion?: string;\n};\n\nexport type PushCommandOptions = {\n\tconfigFile: string;\n\tverbose: false;\n\tenv: string | boolean;\n\tsec: string | boolean;\n\tyes: boolean;\n\tawskeyAlias: string;\n\tawsRegion?: string;\n\ttoAwsSsm?: boolean;\n\ttoAwsSecretsManager?: boolean;\n\ttoGitHubActionsSecrets?: boolean;\n};\n\nexport const isString = (value: unknown): value is string => {\n\treturn typeof value === \"string\";\n};\n\nexport const isNumber = (value: unknown): value is number => {\n\treturn typeof value === \"number\";\n};\nexport const isBoolean = (value: unknown): value is boolean => {\n\treturn typeof value === \"boolean\";\n};\n\nexport type DotsecPluginModule<\n\tT extends Record<string, unknown> = Record<string, unknown>,\n> = {\n\tname: string;\n\tinit: (dotsecConfig: DotsecConfig) => Promise<T>;\n\taddCliCommand?: (options: {\n\t\tdotsecConfig: DotsecConfig;\n\t\tprogram: Command;\n\t}) => void;\n};\n", "import { Command } from \"commander\";\nimport { awsEncryptionEngineFactory } from \"../../lib/aws/AwsKmsEncryptionEngine\";\nimport { EncryptionEngine, isBoolean, PushCommandOptions } from \"../../types\";\nimport fs from \"node:fs\";\n\nimport { getConfig } from \"../../lib/config\";\nimport { setProgramOptions } from \"../options\";\nimport {\n\tDOTSEC_DEFAULT_DOTENV_FILENAME,\n\tDOTSEC_DEFAULT_DOTSEC_FILENAME,\n} from \"../../constants\";\nimport { parse } from \"dotenv\";\nimport { PutParameterRequest } from \"@aws-sdk/client-ssm\";\nimport { strong } from \"../../utils/logger\";\nimport { promptConfirm } from \"../../utils/prompts\";\nimport { AwsSsm } from \"../../lib/aws/AwsSsm\";\nimport { AwsSecretsManager } from \"../../lib/aws/AwsSecretsManager\";\nimport { CreateSecretRequest } from \"@aws-sdk/client-secrets-manager\";\n\nconst addPushProgram = async (program: Command) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"push\")\n\t\t.action(async (_options, command: Command) => {\n\t\t\tconst {\n\t\t\t\tconfigFile,\n\t\t\t\tverbose,\n\t\t\t\tenv,\n\t\t\t\tsec,\n\t\t\t\tawskeyAlias,\n\t\t\t\tawsRegion,\n\t\t\t\tyes,\n\t\t\t\ttoAwsSsm,\n\t\t\t\ttoAwsSecretsManager,\n\t\t\t\ttoGitHubActionsSecrets,\n\t\t\t} = command.optsWithGlobals<PushCommandOptions>();\n\t\t\tif (!(toAwsSsm || toAwsSecretsManager || toGitHubActionsSecrets)) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t\"You must specify at least one of --to-aws-ssm, --to-aws-secrets-manager or --to-github-actions-secrets\",\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst { contents: dotsecConfig } = await getConfig(configFile);\n\n\t\t\tlet envContents: string | undefined;\n\n\t\t\tif (env) {\n\t\t\t\tconst dotenvFilename = isBoolean(env)\n\t\t\t\t\t? DOTSEC_DEFAULT_DOTENV_FILENAME\n\t\t\t\t\t: env;\n\t\t\t\tenvContents = fs.readFileSync(dotenvFilename, \"utf8\");\n\t\t\t} else if (sec) {\n\t\t\t\tconst dotsecFilename = isBoolean(sec)\n\t\t\t\t\t? DOTSEC_DEFAULT_DOTSEC_FILENAME\n\t\t\t\t\t: sec;\n\t\t\t\tconst dotSecContents = fs.readFileSync(dotsecFilename, \"utf8\");\n\t\t\t\tconst encryptionEngine = await awsEncryptionEngineFactory({\n\t\t\t\t\tverbose,\n\t\t\t\t\tregion:\n\t\t\t\t\t\tawsRegion ||\n\t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t\t\tdotsecConfig.config?.aws?.region,\n\t\t\t\t\tkms: {\n\t\t\t\t\t\tkeyAlias: awskeyAlias || dotsecConfig?.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t},\n\t\t\t\t});\n\n\t\t\t\tenvContents = await encryptionEngine.decrypt(dotSecContents);\n\t\t\t} else {\n\t\t\t\tthrow new Error('Must provide either \"--env\" or \"--sec\"');\n\t\t\t}\n\n\t\t\tconst envObject = parse(envContents);\n\n\t\t\t// get dotsec config\n\t\t\ttry {\n\t\t\t\tif (toAwsSsm) {\n\t\t\t\t\tconst ssmDefaults = dotsecConfig?.config?.aws?.ssm;\n\t\t\t\t\tconst ssmType = ssmDefaults?.parameterType || \"SecureString\";\n\n\t\t\t\t\tconst pathPrefix = ssmDefaults?.pathPrefix || \"\";\n\t\t\t\t\tconst putParameterRequests = Object.entries(envObject).reduce<\n\t\t\t\t\t\tPutParameterRequest[]\n\t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t\t\t\tif (entry) {\n\t\t\t\t\t\t\t\tconst keyName = `${pathPrefix}${key}`;\n\t\t\t\t\t\t\t\tif (entry.push?.aws?.ssm) {\n\t\t\t\t\t\t\t\t\tconst putParameterRequest: PutParameterRequest = isBoolean(\n\t\t\t\t\t\t\t\t\t\tentry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\tValue: value,\n\t\t\t\t\t\t\t\t\t\t\t\tType: ssmType,\n\t\t\t\t\t\t\t\t\t\t }\n\t\t\t\t\t\t\t\t\t\t: {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\tType: ssmType,\n\t\t\t\t\t\t\t\t\t\t\t\t...entry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t\t\t\tValue: value,\n\t\t\t\t\t\t\t\t\t\t };\n\n\t\t\t\t\t\t\t\t\tacc.push(putParameterRequest);\n\t\t\t\t\t\t\t\t\t// return putParameterRequest;\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\treturn acc;\n\t\t\t\t\t}, []);\n\n\t\t\t\t\tconst { confirm } = await promptConfirm({\n\t\t\t\t\t\tmessage: `Are you sure you want to push the following variables to AWS SSM Parameter Store?\n${putParameterRequests\n\t.map(({ Name }) => `- ${strong(Name || \"[no name]\")}`)\n\t.join(\"\\n\")}`,\n\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t});\n\n\t\t\t\t\tif (confirm === true) {\n\t\t\t\t\t\tconsole.log(\"pushing to AWS SSM Parameter Store\");\n\t\t\t\t\t\tconst meh = await AwsSsm({\n\t\t\t\t\t\t\tregion: awsRegion || dotsecConfig?.config?.aws?.region,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tawait meh.put(putParameterRequests);\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// secrets manager\n\t\t\t\tif (toAwsSecretsManager) {\n\t\t\t\t\t// create secretss\n\t\t\t\t\tconst secretsManagerDefaults =\n\t\t\t\t\t\tdotsecConfig?.config?.aws?.secretsManager;\n\t\t\t\t\tconst pathPrefix = secretsManagerDefaults?.pathPrefix || \"\";\n\t\t\t\t\tconst awsSecretsMananger = await AwsSecretsManager({\n\t\t\t\t\t\tregion:\n\t\t\t\t\t\t\tawsRegion ||\n\t\t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t\t\t\tdotsecConfig.config?.aws?.region,\n\t\t\t\t\t});\n\n\t\t\t\t\tconst createSecretRequests = Object.entries(envObject).reduce<\n\t\t\t\t\t\tCreateSecretRequest[]\n\t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t\t\t\tif (entry) {\n\t\t\t\t\t\t\t\tconst keyName = `${pathPrefix}${key}`;\n\t\t\t\t\t\t\t\tif (entry.push?.aws?.ssm) {\n\t\t\t\t\t\t\t\t\tconst createSecretRequest: CreateSecretRequest = isBoolean(\n\t\t\t\t\t\t\t\t\t\tentry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\tSecretString: value,\n\t\t\t\t\t\t\t\t\t\t }\n\t\t\t\t\t\t\t\t\t\t: {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\t...entry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t\t\t\tSecretString: value,\n\t\t\t\t\t\t\t\t\t\t };\n\n\t\t\t\t\t\t\t\t\tacc.push(createSecretRequest);\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\treturn acc;\n\t\t\t\t\t}, []);\n\t\t\t\t\tconst { push, updateSecretCommands, createSecretCommands } =\n\t\t\t\t\t\tawait awsSecretsMananger.push(createSecretRequests);\n\t\t\t\t\tconst confirmations: boolean[] = [];\n\t\t\t\t\tif (updateSecretCommands.length > 0) {\n\t\t\t\t\t\tconst { confirm: confirmUpdate } = await promptConfirm({\n\t\t\t\t\t\t\tmessage: `Are you sure you want to update the following variables to AWS SSM Secrets Manager?\n${updateSecretCommands\n\t.map(({ input: { SecretId } }) => `- ${strong(SecretId || \"[no name]\")}`)\n\t.join(\"\\n\")}`,\n\t\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tconfirmations.push(confirmUpdate);\n\t\t\t\t\t}\n\t\t\t\t\tif (createSecretCommands.length > 0) {\n\t\t\t\t\t\tconst { confirm: confirmCreate } = await promptConfirm({\n\t\t\t\t\t\t\tmessage: `Are you sure you want to create the following variables to AWS SSM Secrets Manager?\n${createSecretCommands\n\t.map(({ input: { Name } }) => `- ${strong(Name || \"[no name]\")}`)\n\t.join(\"\\n\")}`,\n\t\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tconfirmations.push(confirmCreate);\n\t\t\t\t\t}\n\t\t\t\t\tif (confirmations.find((c) => c === false) === undefined) {\n\t\t\t\t\t\tconsole.log(\"xpushing to AWS Secrets Manager\");\n\n\t\t\t\t\t\tawait push();\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif (toGitHubActionsSecrets) {\n\t\t\t\t\t// which env vars should we push to github actions secrets?\n\t\t\t\t\tconst githubActionsSecrets = Object.entries(envObject).reduce<\n\t\t\t\t\t\t{ name: string; value: string }[]\n\t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t\t\t\tif (entry) {\n\t\t\t\t\t\t\t\tif (entry.push?.github?.actionsSecrets) {\n\t\t\t\t\t\t\t\t\tacc.push({\n\t\t\t\t\t\t\t\t\t\tname: key,\n\t\t\t\t\t\t\t\t\t\tvalue,\n\t\t\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\treturn acc;\n\t\t\t\t\t}, []);\n\n\t\t\t\t\tconsole.log(\"githubActionsSecrets\", githubActionsSecrets);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tcommand.error(e);\n\t\t\t}\n\t\t});\n\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addPushProgram;\n", "import prompts from \"prompts\";\nexport const promptConfirm = async ({\n\tpredicate,\n\tskip,\n\tmessage,\n}: {\n\tpredicate?: (...args: unknown[]) => Promise<boolean> | boolean;\n\tskip?: boolean;\n\tmessage: string;\n}): Promise<{ confirm: boolean }> => {\n\tif (skip === true) {\n\t\treturn { confirm: true };\n\t} else {\n\t\tconst result = predicate ? await predicate() : true;\n\t\tif (result) {\n\t\t\treturn await prompts({\n\t\t\t\ttype: \"confirm\",\n\t\t\t\tname: \"confirm\",\n\t\t\t\tmessage: () => {\n\t\t\t\t\treturn message;\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t}\n\treturn { confirm: true };\n};\n", "import {\n\tPutParameterCommand,\n\tPutParameterRequest,\n\tSSMClient,\n} from \"@aws-sdk/client-ssm\";\nimport { handleCredentialsAndRegion } from \"./handleCredentialsAndRegion\";\n\nexport const AwsSsm = async (options?: {\n\tregion?: string;\n}) => {\n\tconst { region } = options || {};\n\n\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\tawait handleCredentialsAndRegion({\n\t\t\targv: {},\n\t\t\tenv: { ...process.env },\n\t\t});\n\n\tconst ssmClient = new SSMClient({\n\t\tcredentials: credentialsAndOrigin.value,\n\t\tregion: region || regionAndOrigin.value,\n\t});\n\n\treturn {\n\t\tasync put(putParameterRequests: PutParameterRequest[]): Promise<void> {\n\t\t\tfor (const putParameterRequest of putParameterRequests) {\n\t\t\t\tconst command = new PutParameterCommand({\n\t\t\t\t\t...putParameterRequest,\n\t\t\t\t\tOverwrite: true,\n\t\t\t\t});\n\t\t\t\tawait ssmClient.send(command);\n\t\t\t}\n\t\t},\n\t};\n};\n", "import {\n\tCreateSecretCommand,\n\tDescribeSecretCommand,\n\tUpdateSecretCommand,\n\tCreateSecretRequest,\n\tSecretsManagerClient,\n\tResourceNotFoundException,\n} from \"@aws-sdk/client-secrets-manager\";\nimport { handleCredentialsAndRegion } from \"./handleCredentialsAndRegion\";\n\nexport const AwsSecretsManager = async (options?: {\n\tregion?: string;\n}) => {\n\tconst { region } = options || {};\n\n\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\tawait handleCredentialsAndRegion({\n\t\t\targv: {},\n\t\t\tenv: { ...process.env },\n\t\t});\n\n\tconst secretsManagerClient = new SecretsManagerClient({\n\t\tcredentials: credentialsAndOrigin.value,\n\t\tregion: region || regionAndOrigin.value,\n\t});\n\n\treturn {\n\t\tasync push(createSecretRequests: CreateSecretRequest[]) {\n\t\t\tconst createSecretCommands: CreateSecretCommand[] = [];\n\t\t\tconsole.log(\"createSecretReddquests\", createSecretRequests);\n\t\t\tconst updateSecretCommands: UpdateSecretCommand[] = [];\n\t\t\tfor (const createSecretRequest of createSecretRequests) {\n\t\t\t\t// create secret\n\t\t\t\t// check if secret exists\n\t\t\t\tconst describeSecretCommand = new DescribeSecretCommand({\n\t\t\t\t\tSecretId: createSecretRequest.Name,\n\t\t\t\t});\n\t\t\t\ttry {\n\t\t\t\t\tconst result = await secretsManagerClient.send(describeSecretCommand);\n\t\t\t\t\tconsole.log(\"got one\");\n\t\t\t\t\t// update secret\n\t\t\t\t\tupdateSecretCommands.push(\n\t\t\t\t\t\tnew UpdateSecretCommand({\n\t\t\t\t\t\t\tSecretId: result.ARN,\n\t\t\t\t\t\t\tSecretString: createSecretRequest.SecretString,\n\t\t\t\t\t\t}),\n\t\t\t\t\t);\n\t\t\t\t} catch (e) {\n\t\t\t\t\tif (e instanceof ResourceNotFoundException) {\n\t\t\t\t\t\t// create secret\n\t\t\t\t\t\tconsole.log(\"got one\");\n\n\t\t\t\t\t\tcreateSecretCommands.push(\n\t\t\t\t\t\t\tnew CreateSecretCommand({\n\t\t\t\t\t\t\t\tName: createSecretRequest.Name,\n\t\t\t\t\t\t\t\tSecretString: createSecretRequest.SecretString,\n\t\t\t\t\t\t\t}),\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tcreateSecretCommands,\n\t\t\t\tupdateSecretCommands,\n\t\t\t\tpush: async () => {\n\t\t\t\t\tfor (const createSecretCommand of createSecretCommands) {\n\t\t\t\t\t\tawait secretsManagerClient.send(createSecretCommand);\n\t\t\t\t\t}\n\n\t\t\t\t\tfor (const updateSecretCommand of updateSecretCommands) {\n\t\t\t\t\t\tawait secretsManagerClient.send(updateSecretCommand);\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t};\n\t\t},\n\t};\n};\n", "import { Command } from \"commander\";\nimport {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { CliPluginEncryptHandler } from \"../../lib/plugin\";\nimport { Encrypt2CommandOptions } from \"../../types\";\nimport { strong } from \"../../utils/logger\";\nimport { setProgramOptions } from \"../options\";\n\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n} & Record<string, unknown>;\n\nconst addEncryptProgram = async (\n\tprogram: Command,\n\toptions: {\n\t\tencryption: CliPluginEncryptHandler[];\n\t},\n) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"encrypt\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\ttry {\n\t\t\t\tconst {\n\t\t\t\t\t// verbose,\n\t\t\t\t\tenv: dotenvFilename,\n\t\t\t\t\tsec: dotsecFilename,\n\t\t\t\t\tyes,\n\t\t\t\t} = command.optsWithGlobals<Encrypt2CommandOptions>();\n\t\t\t\tconst pluginCliEncrypt = Object.keys(_options).reduce<\n\t\t\t\t\tCliPluginEncryptHandler | undefined\n\t\t\t\t>((acc, key) => {\n\t\t\t\t\tif (!acc) {\n\t\t\t\t\t\treturn options.encryption.find((encryption) => {\n\t\t\t\t\t\t\treturn encryption.triggerOption === key;\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\treturn acc;\n\t\t\t\t}, undefined);\n\n\t\t\t\tif (!pluginCliEncrypt) {\n\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t`No encryption plugin found, available encryption engine(s): ${options.encryption\n\t\t\t\t\t\t\t.map((e) => `--${e.triggerOption}`)\n\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t...Object.keys(pluginCliEncrypt.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliEncrypt.requiredOptions || {}),\n\t\t\t\t];\n\n\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t}),\n\t\t\t\t);\n\n\t\t\t\tconst dotenvString = await readContentsFromFile(dotenvFilename);\n\n\t\t\t\tconst cipherText = await pluginCliEncrypt.handler({\n\t\t\t\t\tplaintext: dotenvString,\n\t\t\t\t\t...allOptionsValues,\n\t\t\t\t});\n\n\t\t\t\tconst dotsecOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotsecFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotsecOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotsecFilename, cipherText);\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote encrypted contents of ${strong(\n\t\t\t\t\t\t\tdotenvFilename,\n\t\t\t\t\t\t)} file to ${strong(dotsecFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tconsole.error(strong(e.message));\n\t\t\t\tcommand.help();\n\t\t\t}\n\t\t});\n\n\toptions.encryption.map((encryption) => {\n\t\tconst { options, requiredOptions } = encryption;\n\t\tif (options) {\n\t\t\tObject.values(options).map((option) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...option);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.values(requiredOptions).map((requiredOption) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...requiredOption);\n\t\t\t});\n\t\t}\n\t});\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addEncryptProgram;\n", "import { Command } from \"commander\";\nimport {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { CliPluginDecryptHandler } from \"../../lib/plugin\";\nimport { Decrypt2CommandOptions } from \"../../types\";\nimport { strong } from \"../../utils/logger\";\nimport { setProgramOptions } from \"../options\";\n\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n} & Record<string, unknown>;\n\nconst addEncryptProgram = async (\n\tprogram: Command,\n\toptions: {\n\t\tdecryption: CliPluginDecryptHandler[];\n\t},\n) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"decrypt\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\ttry {\n\t\t\t\tconst {\n\t\t\t\t\t// verbose,\n\t\t\t\t\tenv: dotenvFilename,\n\t\t\t\t\tsec: dotsecFilename,\n\t\t\t\t\tyes,\n\t\t\t\t} = command.optsWithGlobals<Decrypt2CommandOptions>();\n\n\t\t\t\tconst pluginCliDecrypt = Object.keys(_options).reduce<\n\t\t\t\t\tCliPluginDecryptHandler | undefined\n\t\t\t\t>((acc, key) => {\n\t\t\t\t\tif (!acc) {\n\t\t\t\t\t\treturn options.decryption.find((encryption) => {\n\t\t\t\t\t\t\treturn encryption.triggerOption === key;\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\treturn acc;\n\t\t\t\t}, undefined);\n\n\t\t\t\tif (!pluginCliDecrypt) {\n\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t`No decryption plugin found, available decryption engine(s): ${options.decryption\n\t\t\t\t\t\t\t.map((e) => `--${e.triggerOption}`)\n\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t...Object.keys(pluginCliDecrypt.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliDecrypt.requiredOptions || {}),\n\t\t\t\t];\n\n\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t}),\n\t\t\t\t);\n\t\t\t\tconsole.log(\"dotsecFilename\", dotsecFilename);\n\t\t\t\t// get current dot env file\n\t\t\t\tconst dotsecString = await readContentsFromFile(dotsecFilename);\n\n\t\t\t\tconst plaintext = await pluginCliDecrypt.handler({\n\t\t\t\t\tciphertext: dotsecString,\n\t\t\t\t\t...allOptionsValues,\n\t\t\t\t});\n\n\t\t\t\tconst dotenvOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotenvFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotenvOverwriteResponse === undefined ||\n\t\t\t\t\tdotenvOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotenvFilename, plaintext);\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote plaintext contents of ${strong(\n\t\t\t\t\t\t\tdotsecFilename,\n\t\t\t\t\t\t)} file to ${strong(dotenvFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconsole.log(\"plaintext\", plaintext);\n\t\t\t} catch (e) {\n\t\t\t\tconsole.error(strong(e.message));\n\t\t\t\tcommand.help();\n\t\t\t}\n\t\t});\n\n\toptions.decryption.map((decryption) => {\n\t\tconst { options, requiredOptions } = decryption;\n\t\tif (options) {\n\t\t\tObject.values(options).map((option) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...option);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.values(requiredOptions).map((requiredOption) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...requiredOption);\n\t\t\t});\n\t\t}\n\t});\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addEncryptProgram;\n", "import JoyCon from \"joycon\";\nimport path from \"path\";\nimport { DotsecPluginModule } from \"../types\";\nimport { loadJson } from \"./json\";\nimport { bundleRequire } from \"bundle-require\";\nimport { Command } from \"commander\";\nimport Ajv from \"ajv\";\n\nexport type DotsecAwsPlugin = DotsecPluginModule<{\n\tvalidateKms: () => Promise<boolean>;\n}>;\n\nexport type DotseGithubPlugin = DotsecPluginModule<{\n\tstoreOrganisationSecret: () => boolean;\n\tstoreRepositorySecret: () => void;\n}>;\nexport const DOTSEC_DEFAULT_CONFIG_FILE = \"dotsec.config.ts\";\nexport const DOTSEC_CONFIG_FILES = [DOTSEC_DEFAULT_CONFIG_FILE];\nexport const DOTSEC_DEFAULT_DOTSEC_FILENAME = \".sec\";\nexport const DOTSEC_DEFAULT_DOTENV_FILENAME = \".env\";\nexport const DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS = \"alias/dotsec\";\nexport const DOTSEC_DEFAULT_AWS_SSM_PARAMETER_TYPE = \"SecureString\";\nexport const defaultConfig: MagicalDotsecConfig = {};\n\nexport type DotsecCliOption =\n\t| [\n\t\t\tflags: string,\n\t\t\tdescription?: string,\n\t\t\tdefaultValue?: string | boolean | string[],\n\t ]\n\t| [\n\t\t\tflags: string,\n\t\t\tdescription: string,\n\t\t\tfn: (value: string, previous: unknown) => unknown,\n\t\t\tdefaultValue?: unknown,\n\t ]\n\t| [\n\t\t\tflags: string,\n\t\t\tdescription: string,\n\t\t\tregexp: RegExp,\n\t\t\tdefaultValue?: string | boolean | string[],\n\t ];\n\nexport type CliPluginHandler<\n\tHandlerArgs extends Record<string, unknown>,\n\tHandlerResult,\n\tT extends Record<string, unknown> = Record<string, unknown>,\n> = {\n\ttriggerOption: string;\n\toptions?: {\n\t\t[key in keyof T]: DotsecCliOption;\n\t};\n\trequiredOptions?: {\n\t\t[key in keyof T]: DotsecCliOption;\n\t};\n\thandler: (options: HandlerArgs & T) => Promise<HandlerResult>;\n};\n\nexport type CliPluginEncryptHandler<\n\tHandlerPluginArgs extends Record<string, unknown> = Record<string, unknown>,\n> = CliPluginHandler<{ plaintext: string }, string, HandlerPluginArgs>;\n\nexport type CliPluginDecryptHandler<\n\tHandlerPluginArgs extends Record<string, unknown> = Record<string, unknown>,\n> = CliPluginHandler<{ ciphertext: string }, string, HandlerPluginArgs>;\n\nexport type CliPluginRunHandler<\n\tHandlerPluginArgs extends Record<string, unknown> = Record<string, unknown>,\n> = CliPluginHandler<{ ciphertext: string }, string, HandlerPluginArgs>;\n\n// export type PluginCliEncryptHandler<\n// \tT extends Record<string, unknown> = Record<string, unknown>,\n// > = {\n// \ttriggerOption: string;\n// \toptions?: {\n// \t\t[key in keyof T]: DotsecCliOption;\n// \t};\n// \trequiredOptions?: {\n// \t\t[key in keyof T]: DotsecCliOption;\n// \t};\n// \thandler: (\n// \t\toptions: {\n// \t\t\tplaintext: string;\n// \t\t} & T,\n// \t) => Promise<string>;\n// };\n// export type PluginCliDecryptHandler<\n// \tT extends Record<string, unknown> = Record<string, unknown>,\n// > = {\n// \ttriggerOption: string;\n// \toptions?: {\n// \t\t[key in keyof T]: DotsecCliOption;\n// \t};\n// \trequiredOptions?: {\n// \t\t[kkey in keyof T]: DotsecCliOption;\n// \t};\n// \thandler: (\n// \t\toptions: {\n// \t\t\tciphertext: string;\n// \t\t} & T,\n// \t) => Promise<string>;\n// };\nexport type MagicalDotsecPluginModule<\n\tT extends {\n\t\tplugin: MagicalDotsecPlugin;\n\t\tapi?: Record<string, unknown>;\n\t\tcliHandlers?: {\n\t\t\tencrypt?: Record<string, unknown>;\n\t\t\tdecrypt?: Record<string, unknown>;\n\t\t\trun?: Record<string, unknown>;\n\t\t};\n\t} = {\n\t\tplugin: MagicalDotsecPlugin;\n\t\tapi?: Record<string, unknown>;\n\t\tcliHandlers?: {\n\t\t\tencrypt?: Record<string, unknown>;\n\t\t\tdecrypt?: Record<string, unknown>;\n\t\t\trun?: Record<string, unknown>;\n\t\t};\n\t},\n> = (options: { dotsecConfig: MagicalDotsecConfig; ajv: Ajv }) => Promise<{\n\tname: keyof T[\"plugin\"];\n\tapi: T[\"api\"] extends Record<string, unknown> ? T[\"api\"] : never;\n\taddCliCommand?: (options: {\n\t\tprogram: Command;\n\t}) => Promise<void>;\n\tcliHandlers?: {\n\t\tencrypt?: CliPluginEncryptHandler<\n\t\t\tT[\"cliHandlers\"] extends { encrypt: Record<string, unknown> }\n\t\t\t\t? T[\"cliHandlers\"][\"encrypt\"]\n\t\t\t\t: Record<string, unknown>\n\t\t>;\n\t\tdecrypt?: CliPluginDecryptHandler<\n\t\t\tT[\"cliHandlers\"] extends { decrypt: Record<string, unknown> }\n\t\t\t\t? T[\"cliHandlers\"][\"decrypt\"]\n\t\t\t\t: Record<string, unknown>\n\t\t>;\n\t\trun?: CliPluginRunHandler<\n\t\t\tT[\"cliHandlers\"] extends { run: Record<string, unknown> }\n\t\t\t\t? T[\"cliHandlers\"][\"run\"]\n\t\t\t\t: Record<string, unknown>\n\t\t>;\n\t\tpush?: {\n\t\t\toptions: [string, string];\n\t\t\thandler: () => Promise<void>;\n\t\t}[];\n\t};\n}>;\n\nexport const loadDotsecPlugin = async (options: {\n\tname: string;\n}): Promise<MagicalDotsecPluginModule> => {\n\treturn import(options.name).then((imported) => {\n\t\treturn imported.default;\n\t});\n};\n// Dotsec config file\nexport type MagicalDotsecConfigAndSource = {\n\tsource: \"json\" | \"ts\" | \"defaultConfig\";\n\tcontents: MagicalDotsecConfig;\n};\n\nexport const getMagicalConfig = async (\n\tfilename?: string,\n): Promise<MagicalDotsecConfigAndSource> => {\n\tconst cwd = process.cwd();\n\tconst configJoycon = new JoyCon();\n\tconst configPath = await configJoycon.resolve({\n\t\tfiles: filename ? [filename] : [...DOTSEC_CONFIG_FILES, \"package.json\"],\n\t\tcwd,\n\t\tstopDir: path.parse(cwd).root,\n\t\tpackageKey: \"dotsec\",\n\t});\n\tif (filename && configPath === null) {\n\t\tthrow new Error(`Could not find config file ${filename}`);\n\t}\n\tif (configPath) {\n\t\tif (configPath.endsWith(\".json\")) {\n\t\t\tconst rawData = (await loadJson(\n\t\t\t\tconfigPath,\n\t\t\t)) as Partial<MagicalDotsecConfig>;\n\n\t\t\tlet data: Partial<MagicalDotsecConfig>;\n\n\t\t\tif (\n\t\t\t\tconfigPath.endsWith(\"package.json\") &&\n\t\t\t\t(rawData as { dotsec: Partial<MagicalDotsecConfig> }).dotsec !==\n\t\t\t\t\tundefined\n\t\t\t) {\n\t\t\t\tdata = (rawData as { dotsec: Partial<MagicalDotsecConfig> }).dotsec;\n\t\t\t} else {\n\t\t\t\tdata = rawData as Partial<MagicalDotsecConfig>;\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tsource: \"json\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tplugins: {\n\t\t\t\t\t\t...data?.plugins,\n\t\t\t\t\t\t...defaultConfig.plugins,\n\t\t\t\t\t},\n\t\t\t\t\tvariables: {\n\t\t\t\t\t\t...data?.variables,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t} else if (configPath.endsWith(\".ts\")) {\n\t\t\tconst bundleRequireResult = await bundleRequire({\n\t\t\t\tfilepath: configPath,\n\t\t\t});\n\t\t\tconst data = (bundleRequireResult.mod.dotsec ||\n\t\t\t\tbundleRequireResult.mod.default ||\n\t\t\t\tbundleRequireResult.mod) as Partial<MagicalDotsecConfig>;\n\n\t\t\treturn {\n\t\t\t\tsource: \"ts\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tplugins: {\n\t\t\t\t\t\t...data?.plugins,\n\t\t\t\t\t\t...defaultConfig.plugins,\n\t\t\t\t\t},\n\t\t\t\t\tvariables: {\n\t\t\t\t\t\t...data?.variables,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n\n\treturn { source: \"defaultConfig\", contents: defaultConfig };\n};\n\nexport type MagicalDotsecPluginConfig = {\n\tmodule?: string;\n\tconfig?: { [key: string]: unknown };\n\tpush?: { [key: string]: unknown };\n};\n\nexport type MagicalDotsecPlugin<\n\tT extends {\n\t\t[key: string]: MagicalDotsecPluginConfig;\n\t} = {\n\t\t[key: string]: MagicalDotsecPluginConfig;\n\t},\n> = T;\nexport type MagicalDotsecPlugins = {\n\tplugins: MagicalDotsecPlugin;\n};\n\nexport type MagicalDotsecConfig<\n\tT extends MagicalDotsecPlugins = { plugins: {} },\n> = {\n\tplugins?: {\n\t\t[PluginKey in keyof T[\"plugins\"]]?: {\n\t\t\tmodule?: T[\"plugins\"][PluginKey][\"module\"];\n\t\t} & T[\"plugins\"][PluginKey][\"config\"];\n\t};\n\tpush?: {\n\t\tvariables?: string[];\n\t\tto: {\n\t\t\t[PluginKey in keyof T[\"plugins\"]]?: T[\"plugins\"][PluginKey][\"push\"];\n\t\t};\n\t};\n\tvariables?: {\n\t\t[key: string]: {\n\t\t\tpush?: {\n\t\t\t\t[PluginKey in keyof T[\"plugins\"]]?: T[\"plugins\"][PluginKey][\"push\"];\n\t\t\t\t// [PluginKey in keyof T[\"plugins\"]]?: T[\"plugins\"][PluginKey][\"push\"];\n\t\t\t};\n\t\t};\n\t};\n};\n\n// type F = MagicalDotsecConfig<{\n// \tplugins: {\n// \t\taws: {\n// \t\t\tmodule: string;\n// \t\t\tconfig: { region: string };\n// \t\t\tpush: { ssm?: boolean };\n// \t\t};\n// \t};\n// }>;\n\n// const f: F = {\n// \tplugins: {\n// \t\taws: {\n// \t\t\tmodule: \"@dotsec/plugin-aws\",\n// \t\t\tconfig: {\n// \t\t\t\tregion: \"eu-west-1\",\n// \t\t\t},\n// \t\t},\n// \t},\n// \tvariables: {\n// \t\tOMG: {\n// \t\t\tpush: {\n// \t\t\t\taws: {\n// \t\t\t\t\tssm: true,\n// \t\t\t\t},\n// \t\t\t},\n// \t\t},\n// \t},\n// };\n"],
|
|
5
|
+
"mappings": "u4BAAA,OAAwB,wBCAxB,OAKO,kCCLP,OAIO,4CACP,GAAsC,8CCLtC,OAAkB,oBAYX,GAAM,GAAW,AAAC,GAAwB,WAAM,aAAa,GACvD,EAAS,AAAC,GAAwB,WAAM,OAAO,KAAK,GDC1D,GAAM,IAA8B,MAAO,CACjD,OACA,SAkBK,CAlCN,UAmCC,GAAM,GAAoB,KAAM,+BAC5B,EACA,EACA,EA+CJ,GA9CA,AAAI,EAAK,QACR,GAAmB,CAClB,MAAO,EAAK,QACZ,OAAQ,wBAAwB,EAAS,EAAK,YAE/C,EAAuB,CACtB,MAAO,KAAM,eAAQ,CACpB,QAAS,EAAK,YAEf,OAAQ,GAAG,EAAS,IAAI,EAAK,oCAExB,AAAI,EAAI,YACd,GAAmB,CAClB,MAAO,EAAI,YACX,OAAQ,gBAAgB,EAAS,mBAAmB,EACnD,EAAI,gBAGN,EAAuB,CACtB,MAAO,KAAM,eAAQ,CACpB,QAAS,EAAI,gBAEd,OAAQ,gBAAgB,EAAS,mBAAmB,EACnD,EAAI,iBAGA,AAAI,EAAI,mBAAqB,EAAI,sBACvC,EAAuB,CACtB,MAAO,KAAM,mBACb,OAAQ,iBAAiB,EAAS,4BAA4B,EAC7D,4BAGQ,MAAkB,kBAAlB,cAAmC,UAC7C,GAAmB,CAClB,MAAO,UACP,OAAQ,GAAG,EAAS,oCAErB,EAAuB,CACtB,MAAO,KAAM,eAAQ,CACpB,QAAS,cAEV,OAAQ,WAAW,EAAS,iBAI1B,EAAK,OACR,EAAkB,CACjB,MAAO,EAAK,OACZ,OAAQ,wBAAwB,EAAS,EAAK,mBAErC,EAAI,WACd,EAAkB,CACjB,MAAO,EAAI,WACX,OAAQ,gBAAgB,EAAS,kBAAkB,EAClD,EAAI,uBAGI,EAAI,mBACd,EAAkB,CACjB,MAAO,EAAI,mBACX,OAAQ,gBAAgB,EAAS,0BAA0B,EAC1D,EAAI,+BAGI,EAAkB,CAC5B,GAAM,GACL,uBAAmB,aAAnB,cAAgC,EAAiB,SAAjD,cAAyD,OAE1D,AAAI,GACH,GAAkB,CACjB,MAAO,EACP,OAAQ,GAAG,EACV,YAAY,EAAiB,6BAMjC,GAAM,GAAc,EAAK,eAAiB,EAAI,oBAC9C,GAAI,EAAa,CAChB,GAAM,GAAS,EAAK,cAAgB,sBAAwB,eAC5D,EAAuB,CACtB,MAAO,KAAM,gCAAyB,CACrC,kBAAmB,iBAAsB,MAEzC,OAAQ,CACP,gBACC,EAAK,2BACL,OAAO,EAAI,mCACX,KACD,QAAS,GAGV,aAAc,CACb,OAAQ,iBAAiB,WAG3B,OAAQ,GAAG,KAAU,EAAS,IAAI,SAIpC,MAAO,CAAE,uBAAsB,kBAAiB,qBAGpC,GAAuC,CAAC,CACpD,uBACA,kBACA,sBAKa,CACb,GAAM,GAAgB,GACtB,MAAI,IACH,EAAI,KAAK,yBAAyB,EAAiB,UAEhD,GACH,EAAI,KAAK,6BAA6B,EAAqB,UAExD,GACH,EAAI,KAAK,wBAAwB,EAAgB,UAE3C,EAAI,KAAK;IE9JV,GAAM,IAA6B,MAAO,CAChD,OACA,SAmBK,CACL,GAAM,CAAE,uBAAsB,kBAAiB,oBAC9C,KAAM,IAA4B,CACjC,KAAM,CACL,OAAQ,EAAK,UACb,QAAS,EAAK,WACd,cAAe,EAAK,iBACpB,0BAA2B,EAAK,8BAEjC,IAAK,KACD,KAcN,GAVI,EAAK,UAAY,IACpB,QAAQ,IACP,GAAqC,CACpC,uBACA,kBACA,sBAKC,CAAE,IAAwB,GAAkB,CAC/C,GAAI,CAAC,EACJ,cAAQ,MAAM,8BACR,GAAI,OAAM,8BAEjB,GAAI,CAAC,EACJ,cAAQ,MAAM,yBACR,GAAI,OAAM,yBAIlB,MAAO,CAAE,uBAAsB,oBH/CzB,GAAM,IAAyD,KACrE,IACI,CAhBL,QAiBC,GAAM,CACL,IAAK,CAAE,YAAa,GACpB,UACG,EACE,CAAE,uBAAsB,mBAC7B,KAAM,IAA2B,CAChC,KAAM,GACN,IAAK,KAAK,QAAQ,OAGd,EAAY,GAAI,cAAU,CAC/B,YAAa,EAAqB,MAClC,OAAQ,GAAU,EAAgB,QAG7B,EAAqB,GAAI,uBAAmB,CACjD,MAAO,IAIF,EACL,MAFyB,MAAM,GAAU,KAAK,IAE5B,cAAlB,cAA+B,uBAA/B,cAAsD,GAEvD,GAAI,IAAwB,OAC3B,KAAM,IAAI,OAAM,4CAGjB,MAAO,MACA,SAAQ,EAAoC,CACjD,GAAM,GAAiB,GAAI,mBAAe,CACzC,MAAO,EACP,UAAW,OAAO,KAAK,GACvB,oBAAqB,IAEhB,EAAmB,KAAM,GAAU,KAAK,GAE9C,GAAI,CAAC,EAAiB,eACrB,KAAM,IAAI,OACT,2BAA2B,KAAK,UAAU,CACzC,sBASH,MAJmB,QAAO,KAAK,EAAiB,gBAAgB,SAC/D,gBAKI,SAAQ,EAAqC,CAClD,GAAM,GAAiB,GAAI,mBAAe,CACzC,MAAO,EACP,eAAgB,OAAO,KAAK,EAAY,UACxC,oBAAqB,IAGhB,EAAmB,KAAM,GAAU,KAAK,GAE9C,GAAI,CAAC,EAAiB,UACrB,KAAM,IAAI,OACT,2BAA2B,KAAK,UAAU,CACzC,WAAY,EACZ,eAAgB,OAKnB,GAAM,GAAiB,OAAO,KAAK,EAAiB,WAAW,WAE/D,MAAI,MAAK,SACR,QAAQ,KAAK,mBAAmB,MAG1B,GAER,MAAO,IAAM,KI7Ff,OAAyB,+BACzB,GAAoB,sBACpB,GAAiB,wBAEJ,GAAuB,KACnC,IAEO,KAAM,YAAG,SAAS,EAAU,SAGvB,GAAsB,MAClC,EACA,IAEO,KAAM,YAAG,UAAU,EAAU,EAAU,SAGlC,GAAa,KAAO,IAAqC,CACrE,GAAI,CACH,YAAM,YAAK,GACJ,QACN,CACD,MAAO,KAII,GAA8B,MAAO,CACjD,WACA,UAIK,CACL,GAAI,GAEJ,MAAK,MAAM,IAAW,IAAc,IAAS,GAC5C,EAAoB,KAAM,eAAQ,CACjC,KAAM,UACN,KAAM,YACN,QAAS,IACD,gBAAgB,WAAK,SAAS,QAAQ,MAAO,UAItD,EAAoB,OAEd,GCrCR,OAAiB,wBCTjB,MAAoB,yBACpB,GAAe,sBAEF,GAAkB,AAAC,GAU1B,CACL,GAAM,GAAsB,AAAG,kBACzB,EAAS,WAAG,aAAa,EAAQ,WAAY,QAE7C,EACL,AAAoB,GACpB,AAAC,GAAgB,CAChB,WAAe,EAAwB,CApB1C,wCAsBI,GADA,EAAO,AAAG,iBAAe,EAAM,EAAO,GAClC,EAAK,OAAS,AAAG,aAAW,cAAe,CAC9C,GAAM,GAAU,uBAAM,SAAN,cAAc,SAAd,cAAsB,OACtC,GAAI,YAAQ,SAAR,cAAgB,MAAhB,cAAqB,MAArB,cAA0B,WACzB,qBAAS,WAAW,KAApB,cAAwB,aAAc,MAAO,CAChD,GAAM,GAAU,oBAAS,SAAT,cAAiB,OACjC,GAAI,kBAAS,WAAW,GAAG,aAAc,MAKxC,MAAO,AAAG,uBACT,WAAQ,SAAR,cAAgB,MAAhB,cAAqB,MAArB,cAA0B,UAK9B,GAAI,SAAQ,SAAR,cAAgB,MAAhB,cAAqB,SACpB,wBAAM,SAAN,cAAc,WAAW,KAAzB,cAA6B,aAAc,SAAU,CACxD,GAAM,GAAU,uBAAM,SAAN,cAAc,SAAd,cAAsB,OAGtC,GAAI,kBAAS,WAAW,GAAG,aAAc,MACxC,MAAO,AAAG,uBAAoB,QAAQ,SAAR,cAAgB,MAAhB,cAAqB,SAMvD,MAAO,GAER,MAAO,AAAG,aAAU,EAAU,IAG1B,EAA4B,AAAG,mBACpC,UACA,EACA,AAAG,eAAa,OAChB,GACA,AAAG,aAAW,IAIT,EACL,AAAG,YAAyB,EAAY,CAAC,IAEpC,EAAuC,EAAO,YAAY,GAE1D,EAAoB,EAAQ,UAAU,GAC5C,SAAO,UAEA,GCtED,GAAM,IAA6B,mBAC7B,GAAsB,CAAC,IACvB,GAAiC,OACjC,GAAiC,OACjC,GAAmC,eACnC,GAAwC,eAExC,EAA8B,CAC1C,OAAQ,CACP,IAAK,CACJ,IAAK,CACJ,SAAU,IAEX,IAAK,CACJ,cAAe,OCIZ,GAAM,IAAiC,CAC7C,OAAQ,CACP,QAAS,CACR,QAAS,CAAC,YAAa,iBAAkB,IACzC,WAAY,CACX,+CACA,cACA,MAIH,KAAM,CACL,QAAS,CACR,QAAS,CAAC,YAAa,iBAAkB,IACzC,WAAY,CACX,+CACA,cACA,IAGD,IAAK,CAAC,QAAS,oBAAqB,IACpC,IAAK,CAAC,QAAS,oBAAqB,IACpC,IAAK,CAAC,QAAS,4BAA6B,IAC5C,YAAa,CACZ,gCACA,6FACA,gBAED,UAAW,CACV,2BACA,kGAsCH,QAAS,CACR,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,QAAS,4BAA6B,MAG9C,QAAS,CACR,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,QAAS,4BAA6B,MAoB9C,IAAK,CACJ,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,uBAGvB,KAAM,CACL,aAAc,CAAC,UACf,QAAS,CACR,SAAU,CAAC,2BAA4B,mBACvC,oBAAqB,CACpB,kDACA,+BAED,uBAAwB,CACvB,wDACA,kCAGD,IAAK,CAAC,cAAe,qBACrB,IAAK,CAAC,cAAe,qBACrB,IAAK,CAAC,QAAS,4BAA6B,IAC5C,YAAa,CACZ,gCACA,6FACA,gBAED,UAAW,CACV,2BACA,mGAME,GAAsB,CAC3B,EACA,EACA,EAA2D,KACO,CAClE,GAAM,GAAU,EAAM,GACtB,GAAI,EACH,MAAI,GAAQ,aACJ,iBAAS,aAAa,OAC5B,CAAC,EAAK,IAAyB,CAC9B,GAAM,GAAI,GAAoB,EAAO,EAAsB,GAC3D,MAAO,MAAK,IAEb,CACC,QAAS,OAAK,EAAO,SAAY,EAAQ,SACzC,gBAAiB,OACb,EAAO,iBACP,EAAQ,mBAKP,CACN,QAAS,OAAK,EAAO,SAAY,EAAQ,SACzC,gBAAiB,OACb,EAAO,iBACP,EAAQ,mBAOH,EAAoB,CAAC,EAAkB,IAAyB,CAC5E,GAAM,GAAiB,GACtB,GACA,GAAe,EAAQ,QAGxB,AAAI,kBAAgB,UACnB,OAAO,OAAO,EAAe,SAAS,QACrC,CAAC,CAAC,EAAQ,EAAa,KAAkB,CACxC,EAAQ,OAAO,EAAQ,EAAa,KAInC,kBAAgB,kBACnB,OAAO,OAAO,EAAe,iBAAiB,QAC7C,CAAC,CAAC,EAAQ,EAAa,KAAkB,CACxC,EAAQ,eAAe,EAAQ,EAAa,MHvLhD,GAAM,IAAiB,KAAO,IAAqB,CAClD,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,QACR,OAAO,MAAO,EAAmB,IAAqB,CA3BzD,gBA4BG,GAAM,CACL,UACA,aACA,IAAK,EACL,IAAK,EACL,cACA,YACA,OACG,EAAQ,kBAGZ,GAAI,CACH,GAAI,GAEJ,EAAmB,KAAM,IAA2B,CACnD,UACA,OACC,GACA,QAAQ,IAAI,YACZ,SAAc,SAAd,cAAsB,MAAtB,cAA2B,QAC5B,IAAK,CACJ,SAAU,GAAe,+BAAe,SAAf,cAAuB,MAAvB,cAA4B,MAA5B,cAAiC,aAK5D,GAAM,GAAe,KAAM,IAAqB,GAG1C,EAAa,KAAM,GAAiB,QAAQ,GAE5C,EAA0B,KAAM,IAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,IAAoB,EAAgB,GAE1C,QAAQ,IACP,+BAA+B,EAC9B,uBACqB,EAAO,OAI/B,GAAM,GAAwB,GAAgB,CAC7C,WAAY,WAAK,QAChB,UACA,wCAED,OAAQ,CACP,IAAK,CACJ,IAAK,CACJ,SAAU,GAAe,IAE1B,OAAQ,GAAa,QAAQ,IAAI,eAI9B,EAAgC,KAAM,IAC3C,CACC,SAAU,EACV,KAAM,IAGR,AACC,KAAkC,QAClC,EAA8B,YAAc,KAE5C,MAAM,IAAoB,EAAY,GACtC,QAAQ,IAAI,wBAAwB,EAAO,aAEpC,EAAP,CACD,EAAQ,MAAM,MAIjB,SAAkB,GAEX,GAGD,GAAQ,GIjHf,OAAe,sBAGf,GAAsB,qBCHtB,OAAiB,wBAEjB,GAA8B,6BAC9B,GAAmB,qBCHnB,OAAe,iBACf,GAAiB,wBAEV,YAAoB,EAAc,CACxC,GAAI,CACH,MAAO,IAAI,UAAS,UAAU,EAAK,iBAClC,CAGD,MAAO,IAIF,GAAM,IAAW,KAAO,IAAqB,CACnD,GAAI,CACH,MAAO,IAAW,KAAM,YAAG,SAAS,SAAS,EAAU,eAC/C,EAAP,CACD,KAAI,aAAiB,OACd,GAAI,OACT,mBAAmB,WAAK,SAAS,QAAQ,MAAO,OAC/C,EAAM,WAIF,IDfF,GAAM,IAAY,KACxB,IACoC,CAXrC,4FAYC,GAAM,GAAM,QAAQ,MAEd,EAAa,KAAM,AADJ,IAAI,cACa,QAAQ,CAC7C,MAAO,EAAW,CAAC,GAAY,CAAC,GAAG,GAAqB,gBACxD,MACA,QAAS,WAAK,MAAM,GAAK,KACzB,WAAY,WAEb,GAAI,GAAY,IAAe,KAC9B,KAAM,IAAI,OAAM,8BAA8B,KAE/C,GAAI,GACH,GAAI,EAAW,SAAS,SAAU,CACjC,GAAM,GAAW,KAAM,IAAS,GAE5B,EAEJ,MACC,GAAW,SAAS,iBACnB,EAA8C,SAAW,OAE1D,EAAQ,EAA8C,OAEtD,EAAO,EAGD,CACN,OAAQ,OACR,SAAU,SACN,GACA,GAFM,CAGT,OAAQ,SACJ,iBAAM,QACN,EAAc,QAFV,CAGP,OAAQ,OACJ,oBAAM,SAAN,cAAc,QACd,wBAAe,SAAf,cAAuB,QAE3B,IAAK,SACD,oBAAM,SAAN,cAAc,KACd,wBAAe,SAAf,cAAuB,KAFtB,CAGJ,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,eAAgB,OACZ,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,gBAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,+BAMhB,EAAW,SAAS,OAAQ,CACtC,GAAM,GAAsB,KAAM,qBAAc,CAC/C,SAAU,IAEL,EAAQ,EAAoB,IAAI,QACrC,EAAoB,IAAI,SACxB,EAAoB,IAErB,MAAO,CACN,OAAQ,KACR,SAAU,SACN,GACA,GAFM,CAGT,OAAQ,SACJ,iBAAM,QACN,EAAc,QAFV,CAGP,OAAQ,OACJ,oBAAM,SAAN,cAAc,QACd,wBAAe,SAAf,cAAuB,QAE3B,IAAK,SACD,oBAAM,SAAN,cAAc,KACd,wBAAe,SAAf,cAAuB,KAFtB,CAGJ,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,eAAgB,OACZ,8BAAe,SAAf,cAAuB,MAAvB,eAA4B,gBAC5B,UAAK,SAAL,eAAa,MAAb,eAAkB,wBAS5B,MAAO,CAAE,OAAQ,gBAAiB,SAAU,IDrG7C,OAA0B,iCAEpB,GAAe,CACpB,EACA,IAGI,CAjBL,MAkBC,GAAM,GAAa,EACjB,QAAQ,qBACR,qBACA,YACA,qGAEA,OACA,MACC,EACA,EACA,IACI,CA7BR,UA8BI,GAAM,CACL,aACA,IAAK,EACL,IAAK,EACL,WACA,UACG,EAAQ,kBAEN,CACL,SAAU,CAAE,UAAW,IACpB,KAAM,IAAU,GAEd,EAAmB,KAAM,IAA2B,CACzD,QAAS,GACT,IAAK,CACJ,SACC,GACA,wBAAQ,MAAR,cAAa,MAAb,cAAkB,WAClB,IAEF,OAAQ,GAAU,qBAAQ,MAAR,cAAa,UAG5B,EAEJ,GAAI,EACH,EAAc,WAAG,aAAa,EAAQ,gBAC5B,EAAQ,CAClB,GAAM,GAAiB,WAAG,aAAa,EAAQ,QAC/C,EAAc,KAAM,GAAiB,QAAQ,OAE7C,MAAM,IAAI,OAAM,0CAEjB,GAAI,EAAa,CAChB,GAAM,GAAa,aAAM,GACnB,CAAC,KAAgB,GAAmB,EAC1C,iBAAU,EAAa,CAAC,GAAG,GAAkB,CAC5C,MAAO,UACP,MAAO,GACP,IAAK,SACD,QAAQ,KACR,GAFC,CAGJ,eAAgB,KAAK,UAAU,OAAO,KAAK,QAI7C,EAAQ,WAER,MAAM,IAAI,OAAM,mCAKpB,SAAkB,EAAY,OAC9B,oBAAS,MAAT,QAAc,IAAI,AAAC,GAAQ,CAC1B,GAAM,CAAE,UAAS,mBAAoB,EACrC,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CAEtC,EAAW,OAAO,GAAG,KAGnB,GACH,OAAO,OAAO,GAAiB,IAAI,AAAC,GAAmB,CAEtD,EAAW,OAAO,GAAG,OAKjB,GAGD,GAAQ,GGsIR,GAAM,IAAY,AAAC,GAClB,MAAO,IAAU,UC3OzB,OAAe,sBAQf,OAAsB,qBCXtB,OAAoB,sBACP,GAAgB,MAAO,CACnC,YACA,OACA,aAMI,IAAS,GACL,CAAE,QAAS,IAEH,GAAY,KAAM,KAAc,IAEvC,KAAM,eAAQ,CACpB,KAAM,UACN,KAAM,UACN,QAAS,IACD,IAKJ,CAAE,QAAS,ICxBnB,OAIO,kCAGA,GAAM,IAAS,KAAO,IAEvB,CACL,GAAM,CAAE,UAAW,GAAW,GAExB,CAAE,uBAAsB,mBAC7B,KAAM,IAA2B,CAChC,KAAM,GACN,IAAK,KAAK,QAAQ,OAGd,EAAY,GAAI,cAAU,CAC/B,YAAa,EAAqB,MAClC,OAAQ,GAAU,EAAgB,QAGnC,MAAO,MACA,KAAI,EAA4D,CACrE,OAAW,KAAuB,GAAsB,CACvD,GAAM,GAAU,GAAI,wBAAoB,OACpC,GADoC,CAEvC,UAAW,MAEZ,KAAM,GAAU,KAAK,OC9BzB,MAOO,8CAGA,GAAM,IAAoB,KAAO,IAElC,CACL,GAAM,CAAE,UAAW,GAAW,GAExB,CAAE,uBAAsB,mBAC7B,KAAM,IAA2B,CAChC,KAAM,GACN,IAAK,KAAK,QAAQ,OAGd,EAAuB,GAAI,wBAAqB,CACrD,YAAa,EAAqB,MAClC,OAAQ,GAAU,EAAgB,QAGnC,MAAO,MACA,MAAK,EAA6C,CACvD,GAAM,GAA8C,GACpD,QAAQ,IAAI,yBAA0B,GACtC,GAAM,GAA8C,GACpD,OAAW,KAAuB,GAAsB,CAGvD,GAAM,GAAwB,GAAI,yBAAsB,CACvD,SAAU,EAAoB,OAE/B,GAAI,CACH,GAAM,GAAS,KAAM,GAAqB,KAAK,GAC/C,QAAQ,IAAI,WAEZ,EAAqB,KACpB,GAAI,uBAAoB,CACvB,SAAU,EAAO,IACjB,aAAc,EAAoB,sBAG5B,EAAP,CACD,AAAI,YAAa,8BAEhB,SAAQ,IAAI,WAEZ,EAAqB,KACpB,GAAI,uBAAoB,CACvB,KAAM,EAAoB,KAC1B,aAAc,EAAoB,kBAOvC,MAAO,CACN,uBACA,uBACA,KAAM,SAAY,CACjB,OAAW,KAAuB,GACjC,KAAM,GAAqB,KAAK,GAGjC,OAAW,KAAuB,GACjC,KAAM,GAAqB,KAAK,QHpDtC,GAAM,IAAiB,KAAO,IAAqB,CAClD,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,QACR,OAAO,MAAO,EAAU,IAAqB,CAxBhD,8BAyBG,GAAM,CACL,aACA,UACA,MACA,MACA,cACA,YACA,MACA,WACA,sBACA,0BACG,EAAQ,kBACZ,GAAI,CAAE,IAAY,GAAuB,GACxC,KAAM,IAAI,OACT,0GAGF,GAAM,CAAE,SAAU,GAAiB,KAAM,IAAU,GAE/C,EAEJ,GAAI,EAAK,CACR,GAAM,GAAiB,GAAU,GAC9B,GACA,EACH,EAAc,WAAG,aAAa,EAAgB,gBACpC,EAAK,CACf,GAAM,GAAiB,GAAU,GAC9B,GACA,EACG,EAAiB,WAAG,aAAa,EAAgB,QAYvD,EAAc,KAAM,AAXK,MAAM,IAA2B,CACzD,UACA,OACC,GACA,QAAQ,IAAI,YACZ,SAAa,SAAb,cAAqB,MAArB,cAA0B,QAC3B,IAAK,CACJ,SAAU,GAAe,2BAAc,SAAd,cAAsB,MAAtB,cAA2B,MAA3B,cAAgC,cAItB,QAAQ,OAE7C,MAAM,IAAI,OAAM,0CAGjB,GAAM,GAAY,aAAM,GAGxB,GAAI,CACH,GAAI,EAAU,CACb,GAAM,GAAc,uBAAc,SAAd,cAAsB,MAAtB,cAA2B,IACzC,EAAU,kBAAa,gBAAiB,eAExC,EAAa,kBAAa,aAAc,GACxC,EAAuB,OAAO,QAAQ,GAAW,OAErD,CAAC,EAAK,CAAC,EAAK,KAAW,CAnF9B,aAoFM,GAAI,KAAa,YAAb,cAAyB,GAAM,CAClC,GAAM,GAAQ,KAAa,YAAb,cAAyB,GACvC,GAAI,EAAO,CACV,GAAM,IAAU,GAAG,IAAa,IAChC,GAAI,SAAM,OAAN,cAAY,MAAZ,eAAiB,IAAK,CACzB,GAAM,IAA2C,GAChD,EAAM,KAAK,IAAI,KAEb,CACA,KAAM,GACN,MAAO,EACP,KAAM,GAEN,KACA,KAAM,GACN,KAAM,GACH,EAAM,KAAK,IAAI,KAHlB,CAIA,MAAO,IAGV,EAAI,KAAK,MAMZ,MAAO,IACL,IAEG,CAAE,WAAY,KAAM,IAAc,CACvC,QAAS;AAAA,EACb,EACA,IAAI,CAAC,CAAE,UAAW,KAAK,EAAO,GAAQ,gBACtC,KAAK;AAAA,KACD,KAAM,IAGP,AAAI,IAAY,IACf,SAAQ,IAAI,sCAKZ,KAAM,AAJM,MAAM,IAAO,CACxB,OAAQ,GAAa,wBAAc,SAAd,cAAsB,MAAtB,cAA2B,WAGvC,IAAI,IAKhB,GAAI,EAAqB,CAExB,GAAM,GACL,uBAAc,SAAd,cAAsB,MAAtB,cAA2B,eACtB,EAAa,kBAAwB,aAAc,GACnD,EAAqB,KAAM,IAAkB,CAClD,OACC,GACA,QAAQ,IAAI,YACZ,SAAa,SAAb,cAAqB,MAArB,cAA0B,UAGtB,EAAuB,OAAO,QAAQ,GAAW,OAErD,CAAC,EAAK,CAAC,EAAK,KAAW,CAlJ9B,eAmJM,GAAI,MAAa,YAAb,eAAyB,GAAM,CAClC,GAAM,IAAQ,KAAa,YAAb,cAAyB,GACvC,GAAI,GAAO,CACV,GAAM,GAAU,GAAG,IAAa,IAChC,GAAI,WAAM,OAAN,eAAY,MAAZ,eAAiB,IAAK,CACzB,GAAM,GAA2C,GAChD,GAAM,KAAK,IAAI,KAEb,CACA,KAAM,EACN,aAAc,GAEd,KACA,KAAM,GACH,GAAM,KAAK,IAAI,KAFlB,CAGA,aAAc,IAGjB,EAAI,KAAK,KAKZ,MAAO,IACL,IACG,CAAE,OAAM,uBAAsB,wBACnC,KAAM,GAAmB,KAAK,GACzB,EAA2B,GACjC,GAAI,EAAqB,OAAS,EAAG,CACpC,GAAM,CAAE,QAAS,GAAkB,KAAM,IAAc,CACtD,QAAS;AAAA,EACd,EACA,IAAI,CAAC,CAAE,MAAO,CAAE,eAAiB,KAAK,EAAO,GAAY,gBACzD,KAAK;AAAA,KACA,KAAM,IAGP,EAAc,KAAK,GAEpB,GAAI,EAAqB,OAAS,EAAG,CACpC,GAAM,CAAE,QAAS,GAAkB,KAAM,IAAc,CACtD,QAAS;AAAA,EACd,EACA,IAAI,CAAC,CAAE,MAAO,CAAE,WAAa,KAAK,EAAO,GAAQ,gBACjD,KAAK;AAAA,KACA,KAAM,IAGP,EAAc,KAAK,GAEpB,AAAI,EAAc,KAAK,AAAC,GAAM,IAAM,MAAW,QAC9C,SAAQ,IAAI,mCAEZ,KAAM,MAIR,GAAI,EAAwB,CAE3B,GAAM,GAAuB,OAAO,QAAQ,GAAW,OAErD,CAAC,EAAK,CAAC,EAAK,KAAW,CAhN9B,YAiNM,GAAI,KAAa,YAAb,cAAyB,GAAM,CAClC,GAAM,GAAQ,KAAa,YAAb,cAAyB,GACvC,AAAI,GACC,SAAM,OAAN,cAAY,SAAZ,cAAoB,iBACvB,EAAI,KAAK,CACR,KAAM,EACN,UAMJ,MAAO,IACL,IAEH,QAAQ,IAAI,uBAAwB,UAE7B,EAAP,CACD,EAAQ,MAAM,MAIjB,SAAkB,GAEX,GAGD,GAAQ,GI5Nf,GAAM,IAAoB,MACzB,EACA,IAGI,CACJ,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,WACR,OAAO,MAAO,EAAmB,IAAqB,CACtD,GAAI,CACH,GAAM,CAEL,IAAK,EACL,IAAK,EACL,OACG,EAAQ,kBACN,EAAmB,OAAO,KAAK,GAAU,OAE7C,CAAC,EAAK,IACF,GACG,EAAQ,WAAW,KAAK,AAAC,GACxB,EAAW,gBAAkB,GAIpC,QAEH,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DAA+D,EAAQ,WACrE,IAAI,AAAC,GAAM,KAAK,EAAE,iBAClB,KAAK,SAIT,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,EAAiB,SAAW,IAC3C,GAAG,OAAO,KAAK,EAAiB,iBAAmB,KAG9C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAIlB,EAAe,KAAM,IAAqB,GAE1C,EAAa,KAAM,GAAiB,QAAQ,GACjD,UAAW,GACR,IAGE,EAA0B,KAAM,IAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,IAAoB,EAAgB,GAC1C,QAAQ,IACP,+BAA+B,EAC9B,cACY,EAAO,aAGd,EAAP,CACD,QAAQ,MAAM,EAAO,EAAE,UACvB,EAAQ,UAIX,SAAQ,WAAW,IAAI,AAAC,GAAe,CACtC,GAAM,CAAE,UAAS,mBAAoB,EACrC,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CAEtC,EAAW,OAAO,GAAG,KAGnB,GACH,OAAO,OAAO,GAAiB,IAAI,AAAC,GAAmB,CAEtD,EAAW,OAAO,GAAG,OAIxB,EAAkB,GAEX,GAGD,GAAQ,GChGf,GAAM,IAAoB,MACzB,EACA,IAGI,CACJ,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,WACR,OAAO,MAAO,EAAmB,IAAqB,CACtD,GAAI,CACH,GAAM,CAEL,IAAK,EACL,IAAK,EACL,OACG,EAAQ,kBAEN,EAAmB,OAAO,KAAK,GAAU,OAE7C,CAAC,EAAK,IACF,GACG,EAAQ,WAAW,KAAK,AAAC,GACxB,EAAW,gBAAkB,GAIpC,QAEH,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DAA+D,EAAQ,WACrE,IAAI,AAAC,GAAM,KAAK,EAAE,iBAClB,KAAK,SAIT,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,EAAiB,SAAW,IAC3C,GAAG,OAAO,KAAK,EAAiB,iBAAmB,KAG9C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAGxB,QAAQ,IAAI,iBAAkB,GAE9B,GAAM,GAAe,KAAM,IAAqB,GAE1C,EAAY,KAAM,GAAiB,QAAQ,GAChD,WAAY,GACT,IAGE,EAA0B,KAAM,IAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,IAAoB,EAAgB,GAC1C,QAAQ,IACP,+BAA+B,EAC9B,cACY,EAAO,OAItB,QAAQ,IAAI,YAAa,SACjB,EAAP,CACD,QAAQ,MAAM,EAAO,EAAE,UACvB,EAAQ,UAIX,SAAQ,WAAW,IAAI,AAAC,GAAe,CACtC,GAAM,CAAE,UAAS,mBAAoB,EACrC,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CAEtC,EAAW,OAAO,GAAG,KAGnB,GACH,OAAO,OAAO,GAAiB,IAAI,AAAC,GAAmB,CAEtD,EAAW,OAAO,GAAG,OAIxB,EAAkB,GAEX,GAGD,GAAQ,GCpHf,OAAmB,qBACnB,GAAiB,mBAGjB,OAA8B,6BAYjB,GAA6B,mBAC7B,GAAsB,CAAC,IAK7B,GAAM,IAAqC,GA+HrC,GAAmB,KAAO,IAG/B,2BAAO,EAAP,QAAO,EAAQ,QAAM,KAAK,AAAC,GAC1B,EAAS,SASL,GAAmB,KAC/B,IAC2C,CAC3C,GAAM,GAAM,QAAQ,MAEd,EAAa,KAAM,AADJ,IAAI,cACa,QAAQ,CAC7C,MAAO,EAAW,CAAC,GAAY,CAAC,GAAG,GAAqB,gBACxD,MACA,QAAS,WAAK,MAAM,GAAK,KACzB,WAAY,WAEb,GAAI,GAAY,IAAe,KAC9B,KAAM,IAAI,OAAM,8BAA8B,KAE/C,GAAI,GACH,GAAI,EAAW,SAAS,SAAU,CACjC,GAAM,GAAW,KAAM,IACtB,GAGG,EAEJ,MACC,GAAW,SAAS,iBACnB,EAAqD,SACrD,OAED,EAAQ,EAAqD,OAE7D,EAAO,EAGD,CACN,OAAQ,OACR,SAAU,SACN,IACA,GAFM,CAGT,QAAS,OACL,iBAAM,SACN,GAAc,SAElB,UAAW,KACP,iBAAM,sBAIF,EAAW,SAAS,OAAQ,CACtC,GAAM,GAAsB,KAAM,qBAAc,CAC/C,SAAU,IAEL,EAAQ,EAAoB,IAAI,QACrC,EAAoB,IAAI,SACxB,EAAoB,IAErB,MAAO,CACN,OAAQ,KACR,SAAU,SACN,IACA,GAFM,CAGT,QAAS,OACL,iBAAM,SACN,GAAc,SAElB,UAAW,KACP,iBAAM,eAOd,MAAO,CAAE,OAAQ,gBAAiB,SAAU,KpBzN7C,OAAuC,kBAEjC,GAA+B,CACpC,QAAS,YACT,KAAM,SACN,WAAY,CACX,KAAM,SACN,YAAa,mBAEd,UAAW,GACX,MAAO,GACP,OAAQ,GACR,QAAS,AAAC,GAAW,CAAC,EAAM,IAAQ,CACnC,GAAI,EAAK,CACR,GAAM,CAAE,aAAY,sBAAuB,EAC3C,SAAW,GAAsB,IAAS,GAAK,GAAK,EAAK,MAAM,GACxD,OAEP,OAAO,KAKJ,EAAU,GAAI,YAEpB,AAAC,UAAY,CAEZ,GAAM,GAAY,QAAQ,KAAK,KAAK,AAAC,GAAQ,EAAI,WAAW,OAEtD,EAAa,EAChB,EAAU,SAAS,KAClB,EAAU,MAAM,KAAK,GACrB,QAAQ,KAAK,QAAQ,KAAK,QAAQ,GAAa,GAChD,OACG,CAAE,SAAU,EAAS,IAAO,KAAM,IAAiB,GACnD,CAAE,UAAS,aAAc,EAE/B,EACE,KAAK,UACL,YAAY,oBACZ,QAAQ,SACR,0BACA,OAAO,CAAC,EAAU,IAAmB,CACrC,EAAM,SAGR,EAAkB,GAElB,GAAM,GAA2C,GACjD,AAAI,GACH,OAAO,QAAQ,GAAS,QACvB,CAAC,CAAC,EAAY,KAAuD,CACpE,AAAI,kBAAc,QACjB,EAAc,GAAc,iBAAc,OAE1C,EAAc,GAAc,kBAAkB,MAMlD,OAAO,OAAO,GAAa,IAAI,QAAQ,AAAC,GAAa,CACpD,AAAI,kBAAU,OACb,OAAO,KAAK,EAAS,MAAM,QAAQ,AAAC,GAAe,CAClD,AAAK,EAAc,IAClB,GAAc,GAAc,kBAAkB,SAMlD,GAAM,GAAM,GAAI,YAAI,CACnB,UAAW,GACX,iBAAkB,GAClB,YAAa,GACb,YAAa,GACb,gBAAiB,GACjB,cAAe,GACf,SAAU,CAAC,MAIN,EAAsD,GACtD,EAAsD,GACtD,EAA8C,GAEpD,OAAW,KAAc,QAAO,KAAK,GAAgB,CACpD,GAAM,GAAe,EAAc,GAC7B,EAAmB,KAAM,IAAiB,CAAE,KAAM,IAClD,CAAE,gBAAe,YAAa,GAAQ,KAAM,GAAiB,CAClE,MACA,aAAc,IAGf,AAAI,kBAAK,UACR,EAAyB,KAAK,EAAI,SAE/B,kBAAK,UACR,EAAyB,KAAK,EAAI,SAE/B,kBAAK,MACR,EAAqB,KAAK,EAAI,KAE3B,GACH,EAAc,CAAE,YAGlB,AAAI,EAAyB,QAC5B,KAAM,IAAkB,EAAS,CAChC,WAAY,IAGV,EAAyB,QAC5B,KAAM,IAAkB,EAAS,CAChC,WAAY,IAKd,KAAM,IAAe,GACrB,KAAM,IAAc,EAAS,CAAE,IAAK,IAGpC,KAAM,IAAe,GACrB,KAAM,GAAQ",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
package/dist/cli/index.mjs
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
var $e=Object.create;var pe=Object.defineProperty,Ke=Object.defineProperties,Ge=Object.getOwnPropertyDescriptor,qe=Object.getOwnPropertyDescriptors,Ue=Object.getOwnPropertyNames,we=Object.getOwnPropertySymbols,Ve=Object.getPrototypeOf,Se=Object.prototype.hasOwnProperty,Ye=Object.prototype.propertyIsEnumerable;var Ce=(e,n,o)=>n in e?pe(e,n,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[n]=o,r=(e,n)=>{for(var o in n||(n={}))Se.call(n,o)&&Ce(e,o,n[o]);if(we)for(var o of we(n))Ye.call(n,o)&&Ce(e,o,n[o]);return e},O=(e,n)=>Ke(e,qe(n)),Je=e=>pe(e,"__esModule",{value:!0});var Ae=(e=>typeof require!="undefined"?require:typeof Proxy!="undefined"?new Proxy(e,{get:(n,o)=>(typeof require!="undefined"?require:n)[o]}):e)(function(e){if(typeof require!="undefined")return require.apply(this,arguments);throw new Error('Dynamic require of "'+e+'" is not supported')});var Be=(e,n,o)=>{if(n&&typeof n=="object"||typeof n=="function")for(let t of Ue(n))!Se.call(e,t)&&t!=="default"&&pe(e,t,{get:()=>n[t],enumerable:!(o=Ge(n,t))||o.enumerable});return e},Ee=e=>Be(Je(pe(e!=null?$e(Ve(e)):{},"default",e&&e.__esModule&&"default"in e?{get:()=>e.default,enumerable:!0}:{value:e,enumerable:!0})),e);import{Command as Yn}from"commander";import{DecryptCommand as Xe,DescribeKeyCommand as en,EncryptCommand as nn,KMSClient as tn}from"@aws-sdk/client-kms";import{fromEnv as Ze,fromIni as ye,fromTemporaryCredentials as ze}from"@aws-sdk/credential-providers";import{loadSharedConfigFiles as Qe}from"@aws-sdk/shared-ini-file-loader";import he from"chalk";var D=e=>he.yellowBright(e),S=e=>he.yellow.bold(e);var Pe=async({argv:e,env:n})=>{var m,
|
|
2
|
-
`)};var oe=async({argv:e,env:n})=>{let{credentialsAndOrigin:o,regionAndOrigin:t,profileAndOrigin:a}=await Pe({argv:{region:e.awsRegion,profile:e.awsProfile,assumeRoleArn:e.awsAssumeRoleArn,assumeRoleSessionDuration:e.awsAssumeRoleSessionDuration},env:r({},n)});if(e.verbose===!0&&console.log(Oe({credentialsAndOrigin:o,regionAndOrigin:t,profileAndOrigin:a})),!(o&&t)){if(!o)throw console.error("Could not find credentials"),new Error("Could not find credentials");if(!t)throw console.error("Could not find region"),new Error("Could not find region")}return{credentialsAndOrigin:o,regionAndOrigin:t}};var ie=async e=>{var f,p;let{kms:{keyAlias:n}={},region:o}=e,{credentialsAndOrigin:t,regionAndOrigin:a}=await oe({argv:{},env:r({},process.env)}),i=new tn({credentials:t.value,region:o||a.value}),c=new en({KeyId:n}),g=(p=(f=(await i.send(c)).KeyMetadata)==null?void 0:f.EncryptionAlgorithms)==null?void 0:p[0];if(g===void 0)throw new Error("Could not determine encryption algorithm");return{async encrypt(l){let u=new nn({KeyId:n,Plaintext:Buffer.from(l),EncryptionAlgorithm:g}),y=await i.send(u);if(!y.CiphertextBlob)throw new Error(`Something bad happened: ${JSON.stringify({encryptCommand:u})}`);return Buffer.from(y.CiphertextBlob).toString("base64")},async decrypt(l){let u=new Xe({KeyId:n,CiphertextBlob:Buffer.from(l,"base64"),EncryptionAlgorithm:g}),y=await i.send(u);if(!y.Plaintext)throw new Error(`Something bad happened: ${JSON.stringify({cipherText:l,decryptCommand:u})}`);let s=Buffer.from(y.Plaintext).toString();return this.verbose&&console.info(`Decrypting key '${l}'`),s},other:()=>{}}};import be,{stat as on}from"node:fs/promises";import rn from"prompts";import sn from"node:path";var re=async e=>await be.readFile(e,"utf-8"),ne=async(e,n)=>await be.writeFile(e,n,"utf-8"),an=async e=>{try{return await on(e),!0}catch{return!1}},te=async({filePath:e,skip:n})=>{let o;return await an(e)&&n!==!0?o=await rn({type:"confirm",name:"overwrite",message:()=>`Overwrite './${sn.relative(process.cwd(),e)}' ?`}):o=void 0,o};import Cn from"node:path";import{ScriptKind as fn,ScriptTarget as dn,SyntaxKind as pn,createPrinter as ln,createSourceFile as un,createStringLiteral as Re,transform as yn,visitEachChild as gn,visitNode as mn}from"typescript";import cn from"node:fs";var ve=e=>{let n=ln(),o=cn.readFileSync(e.configFile,"utf8"),t=g=>f=>{function p(l){var u,y,s,A,E,b,v,x,k,N,I,G,q,U,V,Y,J,B;if(l=gn(l,p,g),l.kind===pn.StringLiteral){let w=(y=(u=l==null?void 0:l.parent)==null?void 0:u.parent)==null?void 0:y.parent;if(((E=(A=(s=e.config)==null?void 0:s.aws)==null?void 0:A.kms)==null?void 0:E.keyAlias)&&((b=w==null?void 0:w.getChildAt(0))==null?void 0:b.getText())==="kms"){let C=(v=w==null?void 0:w.parent)==null?void 0:v.parent;if((C==null?void 0:C.getChildAt(0).getText())==="aws")return Re((N=(k=(x=e.config)==null?void 0:x.aws)==null?void 0:k.kms)==null?void 0:N.keyAlias)}if(((G=(I=e.config)==null?void 0:I.aws)==null?void 0:G.region)&&((U=(q=l==null?void 0:l.parent)==null?void 0:q.getChildAt(0))==null?void 0:U.getText())==="region"){let C=(Y=(V=l==null?void 0:l.parent)==null?void 0:V.parent)==null?void 0:Y.parent;if((C==null?void 0:C.getChildAt(0).getText())==="aws")return Re((B=(J=e.config)==null?void 0:J.aws)==null?void 0:B.region)}}return l}return mn(f,p)},a=un("test.ts",o,dn.ES2015,!0,fn.TS),i=yn(a,[t]),c=i.transformed[0],m=n.printFile(c);return i.dispose(),m};var me="dotsec.config.ts",De=[me],se=".sec",ae=".env",ce="alias/dotsec",wn="SecureString",h={config:{aws:{kms:{keyAlias:ce},ssm:{parameterType:wn}}}};var Sn={dotsec:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",me]}},init:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",me],env:["--env","Path to .env file",ae],sec:["--sec","Path to .sec file",se],yes:["--yes","Skip confirmation prompts",!1],awsKeyAlias:["--aws-key-alias <awsKeyAlias>","AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)","alias/dotsec"],awsRegion:["--aws-region <awsRegion>","AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION"]}},encrypt:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file",ae],sec:["--sec <sec>","Path to .sec file",se],yes:["--yes","Skip confirmation prompts",!1]}},decrypt:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file",ae],sec:["--sec <sec>","Path to .sec file",se],yes:["--yes","Skip confirmation prompts",!1]}},run:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file"]}},push:{inheritsFrom:["dotsec"],options:{toAwsSsm:["--to-aws-ssm, --toAwsSsm","Push to AWS SSM"],toAwsSecretsManager:["--to-aws-secrets-manager, --toAwsSecretsManager","Push to AWS Secrets Manager"],toGitHubActionsSecrets:["--to-github-actions-secrets, --toGitHubActionsSecrets","Push to GitHub actions secrets"],env:["--env [env]","Path to .env file"],sec:["--sec [sec]","Path to .sec file"],yes:["--yes","Skip confirmation prompts",!1],awsKeyAlias:["--aws-key-alias <awsKeyAlias>","AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)","alias/dotsec"],awsRegion:["--aws-region <awsRegion>","AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION"]}}},ke=(e,n,o={})=>{let t=e[n];if(t)return t.inheritsFrom?t==null?void 0:t.inheritsFrom.reduce((a,i)=>{let c=ke(e,i,a);return r({},c)},{options:r(r({},o.options),t.options),requiredOptions:r(r({},o.requiredOptions),t.requiredOptions)}):{options:r(r({},o.options),t.options),requiredOptions:r(r({},o.requiredOptions),t.requiredOptions)}},M=(e,n)=>{let o=ke(Sn,n||e.name());(o==null?void 0:o.options)&&Object.values(o.options).forEach(([t,a,i])=>{e.option(t,a,i)}),(o==null?void 0:o.requiredOptions)&&Object.values(o.requiredOptions).forEach(([t,a,i])=>{e.requiredOption(t,a,i)})};var An=async e=>{let n=e.enablePositionalOptions().passThroughOptions().command("init").action(async(o,t)=>{var l,u,y,s,A,E;let{verbose:a,configFile:i,env:c,sec:m,awskeyAlias:g,awsRegion:f,yes:p}=t.optsWithGlobals();try{let b;b=await ie({verbose:a,region:f||process.env.AWS_REGION||((u=(l=h.config)==null?void 0:l.aws)==null?void 0:u.region),kms:{keyAlias:g||((E=(A=(s=(y=h)==null?void 0:y.config)==null?void 0:s.aws)==null?void 0:A.kms)==null?void 0:E.keyAlias)}});let v=await re(c),x=await b.encrypt(v),k=await te({filePath:m,skip:p});(k===void 0||k.overwrite===!0)&&(await ne(m,x),console.log(`Wrote encrypted contents of ${S(c)} contents file to ${S(m)}`));let N=ve({configFile:Cn.resolve(__dirname,"../../src/templates/dotsec.config.ts"),config:{aws:{kms:{keyAlias:g||ce},region:f||process.env.AWS_REGION}}}),I=await te({filePath:i,skip:p});(I===void 0||I.overwrite===!0)&&(await ne(i,N),console.log(`Wrote config file to ${S(i)}`))}catch(b){t.error(b)}});return M(n),n},_e=An;import xe from"node:fs";import{parse as Rn}from"dotenv";import On from"node:path";import{bundleRequire as bn}from"bundle-require";import vn from"joycon";import En from"fs";import hn from"node:path";function Pn(e){try{return new Function(`return ${e.trim()}`)()}catch{return{}}}var ue=async e=>{try{return Pn(await En.promises.readFile(e,"utf8"))}catch(n){throw n instanceof Error?new Error(`Failed to parse ${hn.relative(process.cwd(),e)}: ${n.message}`):n}};var de=async e=>{var a,i,c,m,g,f,p,l,u,y,s,A,E,b,v,x,k,N,I,G,q,U,V,Y,J,B,w,C,W,j,$,R,F,T,P,_,Z,z,L,Q,X,ee;let n=process.cwd(),t=await new vn().resolve({files:e?[e]:[...De,"package.json"],cwd:n,stopDir:On.parse(n).root,packageKey:"dotsec"});if(e&&t===null)throw new Error(`Could not find config file ${e}`);if(t){if(t.endsWith(".json")){let H=await ue(t),d;return t.endsWith("package.json")&&H.dotsec!==void 0?d=H.dotsec:d=H,{source:"json",contents:O(r(r({},h),d),{config:O(r(r({},d==null?void 0:d.config),h.config),{github:r(r({},(a=d==null?void 0:d.config)==null?void 0:a.github),(c=(i=h)==null?void 0:i.config)==null?void 0:c.github),aws:O(r(r({},(m=d==null?void 0:d.config)==null?void 0:m.aws),(f=(g=h)==null?void 0:g.config)==null?void 0:f.aws),{kms:r(r({},(u=(l=(p=h)==null?void 0:p.config)==null?void 0:l.aws)==null?void 0:u.kms),(s=(y=d.config)==null?void 0:y.aws)==null?void 0:s.kms),ssm:r(r({},(b=(E=(A=h)==null?void 0:A.config)==null?void 0:E.aws)==null?void 0:b.ssm),(x=(v=d.config)==null?void 0:v.aws)==null?void 0:x.ssm),secretsManager:r(r({},(I=(N=(k=h)==null?void 0:k.config)==null?void 0:N.aws)==null?void 0:I.secretsManager),(q=(G=d.config)==null?void 0:G.aws)==null?void 0:q.secretsManager)})})})}}else if(t.endsWith(".ts")){let H=await bn({filepath:t}),d=H.mod.dotsec||H.mod.default||H.mod;return{source:"ts",contents:O(r(r({},h),d),{config:O(r(r({},d==null?void 0:d.config),h.config),{github:r(r({},(U=d==null?void 0:d.config)==null?void 0:U.github),(Y=(V=h)==null?void 0:V.config)==null?void 0:Y.github),aws:O(r(r({},(J=d==null?void 0:d.config)==null?void 0:J.aws),(w=(B=h)==null?void 0:B.config)==null?void 0:w.aws),{kms:r(r({},(j=(W=(C=h)==null?void 0:C.config)==null?void 0:W.aws)==null?void 0:j.kms),(R=($=d.config)==null?void 0:$.aws)==null?void 0:R.kms),ssm:r(r({},(P=(T=(F=h)==null?void 0:F.config)==null?void 0:T.aws)==null?void 0:P.ssm),(Z=(_=d.config)==null?void 0:_.aws)==null?void 0:Z.ssm),secretsManager:r(r({},(Q=(L=(z=h)==null?void 0:z.config)==null?void 0:L.aws)==null?void 0:Q.secretsManager),(ee=(X=d.config)==null?void 0:X.aws)==null?void 0:ee.secretsManager)})})})}}}return{source:"defaultConfig",contents:h}};import{spawnSync as Dn}from"node:child_process";var kn=(e,n)=>{var t;let o=e.command("run2 <command...>").allowUnknownOption().description("Run a command in a separate process and populate env with decrypted .env or encrypted .sec values").action(async(a,i,c)=>{var A,E,b;let{configFile:m,env:g,sec:f,keyAlias:p,region:l}=c.optsWithGlobals(),{contents:{config:u}={}}=await de(m),y=await ie({verbose:!0,kms:{keyAlias:p||((E=(A=u==null?void 0:u.aws)==null?void 0:A.kms)==null?void 0:E.keyAlias)||ce},region:l||((b=u==null?void 0:u.aws)==null?void 0:b.region)}),s;if(g)s=xe.readFileSync(g,"utf8");else if(f){let v=xe.readFileSync(f,"utf8");s=await y.decrypt(v)}else throw new Error('Must provide either "--env" or "--sec"');if(s){let v=Rn(s),[x,...k]=a;Dn(x,[...k],{stdio:"inherit",shell:!1,env:O(r(r({},process.env),v),{__DOTSEC_ENV__:JSON.stringify(Object.keys(v))})}),c.help()}else throw new Error("No .env or .sec file provided")});return M(o,"run"),(t=n==null?void 0:n.run)==null||t.map(a=>{let{options:i,requiredOptions:c}=a;i&&Object.values(i).map(m=>{o.option(...m)}),c&&Object.values(c).map(m=>{o.option(...m)})}),o},Fe=kn;var le=e=>typeof e=="boolean";import Ie from"node:fs";import{parse as Ln}from"dotenv";import _n from"prompts";var fe=async({predicate:e,skip:n,message:o})=>n===!0?{confirm:!0}:(e?await e():!0)?await _n({type:"confirm",name:"confirm",message:()=>o}):{confirm:!0};import{PutParameterCommand as xn,SSMClient as Fn}from"@aws-sdk/client-ssm";var Te=async e=>{let{region:n}=e||{},{credentialsAndOrigin:o,regionAndOrigin:t}=await oe({argv:{},env:r({},process.env)}),a=new Fn({credentials:o.value,region:n||t.value});return{async put(i){for(let c of i){let m=new xn(O(r({},c),{Overwrite:!0}));await a.send(m)}}}};import{CreateSecretCommand as Tn,DescribeSecretCommand as Mn,UpdateSecretCommand as In,SecretsManagerClient as Wn,ResourceNotFoundException as Nn}from"@aws-sdk/client-secrets-manager";var Me=async e=>{let{region:n}=e||{},{credentialsAndOrigin:o,regionAndOrigin:t}=await oe({argv:{},env:r({},process.env)}),a=new Wn({credentials:o.value,region:n||t.value});return{async push(i){let c=[];console.log("createSecretReddquests",i);let m=[];for(let g of i){let f=new Mn({SecretId:g.Name});try{let p=await a.send(f);console.log("got one"),m.push(new In({SecretId:p.ARN,SecretString:g.SecretString}))}catch(p){p instanceof Nn&&(console.log("got one"),c.push(new Tn({Name:g.Name,SecretString:g.SecretString})))}}return{createSecretCommands:c,updateSecretCommands:m,push:async()=>{for(let g of c)await a.send(g);for(let g of m)await a.send(g)}}}}};var Hn=async e=>{let n=e.enablePositionalOptions().passThroughOptions().command("push").action(async(o,t)=>{var b,v,x,k,N,I,G,q,U,V,Y,J,B;let{configFile:a,verbose:i,env:c,sec:m,awskeyAlias:g,awsRegion:f,yes:p,toAwsSsm:l,toAwsSecretsManager:u,toGitHubActionsSecrets:y}=t.optsWithGlobals();if(!(l||u||y))throw new Error("You must specify at least one of --to-aws-ssm, --to-aws-secrets-manager or --to-github-actions-secrets");let{contents:s}=await de(a),A;if(c){let w=le(c)?ae:c;A=Ie.readFileSync(w,"utf8")}else if(m){let w=le(m)?se:m,C=Ie.readFileSync(w,"utf8");A=await(await ie({verbose:i,region:f||process.env.AWS_REGION||((v=(b=s.config)==null?void 0:b.aws)==null?void 0:v.region),kms:{keyAlias:g||((N=(k=(x=s==null?void 0:s.config)==null?void 0:x.aws)==null?void 0:k.kms)==null?void 0:N.keyAlias)}})).decrypt(C)}else throw new Error('Must provide either "--env" or "--sec"');let E=Ln(A);try{if(l){let w=(G=(I=s==null?void 0:s.config)==null?void 0:I.aws)==null?void 0:G.ssm,C=(w==null?void 0:w.parameterType)||"SecureString",W=(w==null?void 0:w.pathPrefix)||"",j=Object.entries(E).reduce((R,[F,T])=>{var P,_,Z,z;if((P=s.variables)==null?void 0:P[F]){let L=(_=s.variables)==null?void 0:_[F];if(L){let Q=`${W}${F}`;if((z=(Z=L.push)==null?void 0:Z.aws)==null?void 0:z.ssm){let X=le(L.push.aws.ssm)?{Name:Q,Value:T,Type:C}:O(r({Name:Q,Type:C},L.push.aws.ssm),{Value:T});R.push(X)}}}return R},[]),{confirm:$}=await fe({message:`Are you sure you want to push the following variables to AWS SSM Parameter Store?
|
|
1
|
+
var $e=Object.create;var pe=Object.defineProperty,Ke=Object.defineProperties,Ge=Object.getOwnPropertyDescriptor,qe=Object.getOwnPropertyDescriptors,Ue=Object.getOwnPropertyNames,we=Object.getOwnPropertySymbols,Ve=Object.getPrototypeOf,Se=Object.prototype.hasOwnProperty,Ye=Object.prototype.propertyIsEnumerable;var Ce=(e,n,o)=>n in e?pe(e,n,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[n]=o,r=(e,n)=>{for(var o in n||(n={}))Se.call(n,o)&&Ce(e,o,n[o]);if(we)for(var o of we(n))Ye.call(n,o)&&Ce(e,o,n[o]);return e},O=(e,n)=>Ke(e,qe(n)),Je=e=>pe(e,"__esModule",{value:!0});var Ae=(e=>typeof require!="undefined"?require:typeof Proxy!="undefined"?new Proxy(e,{get:(n,o)=>(typeof require!="undefined"?require:n)[o]}):e)(function(e){if(typeof require!="undefined")return require.apply(this,arguments);throw new Error('Dynamic require of "'+e+'" is not supported')});var Be=(e,n,o)=>{if(n&&typeof n=="object"||typeof n=="function")for(let t of Ue(n))!Se.call(e,t)&&t!=="default"&&pe(e,t,{get:()=>n[t],enumerable:!(o=Ge(n,t))||o.enumerable});return e},Ee=e=>Be(Je(pe(e!=null?$e(Ve(e)):{},"default",e&&e.__esModule&&"default"in e?{get:()=>e.default,enumerable:!0}:{value:e,enumerable:!0})),e);import{Command as Yn}from"commander";import{DecryptCommand as Xe,DescribeKeyCommand as en,EncryptCommand as nn,KMSClient as tn}from"@aws-sdk/client-kms";import{fromEnv as Ze,fromIni as ye,fromTemporaryCredentials as ze}from"@aws-sdk/credential-providers";import{loadSharedConfigFiles as Qe}from"@aws-sdk/shared-ini-file-loader";import he from"chalk";var D=e=>he.yellowBright(e),S=e=>he.yellow.bold(e);var Pe=async({argv:e,env:n})=>{var m,p,f;let o=await Qe(),t,a,i;if(e.profile?(a={value:e.profile,origin:`command line option: ${D(e.profile)}`},t={value:await ye({profile:e.profile})(),origin:`${D(`[${e.profile}]`)} in credentials file`}):n.AWS_PROFILE?(a={value:n.AWS_PROFILE,origin:`env variable ${D("AWS_PROFILE")}: ${S(n.AWS_PROFILE)}`},t={value:await ye({profile:n.AWS_PROFILE})(),origin:`env variable ${D("AWS_PROFILE")}: ${S(n.AWS_PROFILE)}`}):n.AWS_ACCESS_KEY_ID&&n.AWS_SECRET_ACCESS_KEY?t={value:await Ze()(),origin:`env variables ${D("AWS_ACCESS_KEY_ID")} and ${D("AWS_SECRET_ACCESS_KEY")}`}:((m=o.credentialsFile)==null?void 0:m.default)&&(a={value:"default",origin:`${D("[default]")} in credentials file`},t={value:await ye({profile:"default"})(),origin:`profile ${D("[default]")}`}),e.region)i={value:e.region,origin:`command line option: ${D(e.region)}`};else if(n.AWS_REGION)i={value:n.AWS_REGION,origin:`env variable ${D("AWS_REGION")}: ${S(n.AWS_REGION)}`};else if(n.AWS_DEFAULT_REGION)i={value:n.AWS_DEFAULT_REGION,origin:`env variable ${D("AWS_DEFAULT_REGION")}: ${S(n.AWS_DEFAULT_REGION)}`};else if(a){let g=(f=(p=o==null?void 0:o.configFile)==null?void 0:p[a.value])==null?void 0:f.region;g&&(i={value:g,origin:`${D(`[profile ${a.value}]`)} in config file`})}let c=e.assumeRoleArn||n.AWS_ASSUME_ROLE_ARN;if(c){let g=e.assumeRoleArn?"command line option":"env variable";t={value:await ze({masterCredentials:t==null?void 0:t.value,params:{DurationSeconds:e.assumeRoleSessionDuration||Number(n.AWS_ASSUME_ROLE_SESSION_DURATION)||3600,RoleArn:c},clientConfig:{region:i==null?void 0:i.value}})(),origin:`${g} ${D(`[${c}]`)}`}}return{credentialsAndOrigin:t,regionAndOrigin:i,profileAndOrigin:a}},Oe=({credentialsAndOrigin:e,regionAndOrigin:n,profileAndOrigin:o})=>{let t=[];return o&&t.push(`Got profile name from ${o.origin}`),e&&t.push(`Resolved credentials from ${e.origin}`),n&&t.push(`Resolved region from ${n.origin}`),t.join(`
|
|
2
|
+
`)};var oe=async({argv:e,env:n})=>{let{credentialsAndOrigin:o,regionAndOrigin:t,profileAndOrigin:a}=await Pe({argv:{region:e.awsRegion,profile:e.awsProfile,assumeRoleArn:e.awsAssumeRoleArn,assumeRoleSessionDuration:e.awsAssumeRoleSessionDuration},env:r({},n)});if(e.verbose===!0&&console.log(Oe({credentialsAndOrigin:o,regionAndOrigin:t,profileAndOrigin:a})),!(o&&t)){if(!o)throw console.error("Could not find credentials"),new Error("Could not find credentials");if(!t)throw console.error("Could not find region"),new Error("Could not find region")}return{credentialsAndOrigin:o,regionAndOrigin:t}};var ie=async e=>{var f,g;let{kms:{keyAlias:n}={},region:o}=e,{credentialsAndOrigin:t,regionAndOrigin:a}=await oe({argv:{},env:r({},process.env)}),i=new tn({credentials:t.value,region:o||a.value}),c=new en({KeyId:n}),p=(g=(f=(await i.send(c)).KeyMetadata)==null?void 0:f.EncryptionAlgorithms)==null?void 0:g[0];if(p===void 0)throw new Error("Could not determine encryption algorithm");return{async encrypt(l){let u=new nn({KeyId:n,Plaintext:Buffer.from(l),EncryptionAlgorithm:p}),y=await i.send(u);if(!y.CiphertextBlob)throw new Error(`Something bad happened: ${JSON.stringify({encryptCommand:u})}`);return Buffer.from(y.CiphertextBlob).toString("base64")},async decrypt(l){let u=new Xe({KeyId:n,CiphertextBlob:Buffer.from(l,"base64"),EncryptionAlgorithm:p}),y=await i.send(u);if(!y.Plaintext)throw new Error(`Something bad happened: ${JSON.stringify({cipherText:l,decryptCommand:u})}`);let s=Buffer.from(y.Plaintext).toString();return this.verbose&&console.info(`Decrypting key '${l}'`),s},other:()=>{}}};import be,{stat as on}from"node:fs/promises";import rn from"prompts";import sn from"node:path";var re=async e=>await be.readFile(e,"utf-8"),ne=async(e,n)=>await be.writeFile(e,n,"utf-8"),an=async e=>{try{return await on(e),!0}catch{return!1}},te=async({filePath:e,skip:n})=>{let o;return await an(e)&&n!==!0?o=await rn({type:"confirm",name:"overwrite",message:()=>`Overwrite './${sn.relative(process.cwd(),e)}' ?`}):o=void 0,o};import Cn from"node:path";import{ScriptKind as fn,ScriptTarget as dn,SyntaxKind as pn,createPrinter as ln,createSourceFile as un,createStringLiteral as Re,transform as yn,visitEachChild as gn,visitNode as mn}from"typescript";import cn from"node:fs";var ve=e=>{let n=ln(),o=cn.readFileSync(e.configFile,"utf8"),t=p=>f=>{function g(l){var u,y,s,A,E,b,v,x,k,N,I,G,q,U,V,Y,J,B;if(l=gn(l,g,p),l.kind===pn.StringLiteral){let w=(y=(u=l==null?void 0:l.parent)==null?void 0:u.parent)==null?void 0:y.parent;if(((E=(A=(s=e.config)==null?void 0:s.aws)==null?void 0:A.kms)==null?void 0:E.keyAlias)&&((b=w==null?void 0:w.getChildAt(0))==null?void 0:b.getText())==="kms"){let C=(v=w==null?void 0:w.parent)==null?void 0:v.parent;if((C==null?void 0:C.getChildAt(0).getText())==="aws")return Re((N=(k=(x=e.config)==null?void 0:x.aws)==null?void 0:k.kms)==null?void 0:N.keyAlias)}if(((G=(I=e.config)==null?void 0:I.aws)==null?void 0:G.region)&&((U=(q=l==null?void 0:l.parent)==null?void 0:q.getChildAt(0))==null?void 0:U.getText())==="region"){let C=(Y=(V=l==null?void 0:l.parent)==null?void 0:V.parent)==null?void 0:Y.parent;if((C==null?void 0:C.getChildAt(0).getText())==="aws")return Re((B=(J=e.config)==null?void 0:J.aws)==null?void 0:B.region)}}return l}return mn(f,g)},a=un("test.ts",o,dn.ES2015,!0,fn.TS),i=yn(a,[t]),c=i.transformed[0],m=n.printFile(c);return i.dispose(),m};var me="dotsec.config.ts",De=[me],se=".sec",ae=".env",ce="alias/dotsec",wn="SecureString",h={config:{aws:{kms:{keyAlias:ce},ssm:{parameterType:wn}}}};var Sn={dotsec:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",me]}},init:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",me],env:["--env","Path to .env file",ae],sec:["--sec","Path to .sec file",se],yes:["--yes","Skip confirmation prompts",!1],awsKeyAlias:["--aws-key-alias <awsKeyAlias>","AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)","alias/dotsec"],awsRegion:["--aws-region <awsRegion>","AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION"]}},encrypt:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file",ae],sec:["--sec <sec>","Path to .sec file",se],yes:["--yes","Skip confirmation prompts",!1]}},decrypt:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file",ae],sec:["--sec <sec>","Path to .sec file",se],yes:["--yes","Skip confirmation prompts",!1]}},run:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file"]}},push:{inheritsFrom:["dotsec"],options:{toAwsSsm:["--to-aws-ssm, --toAwsSsm","Push to AWS SSM"],toAwsSecretsManager:["--to-aws-secrets-manager, --toAwsSecretsManager","Push to AWS Secrets Manager"],toGitHubActionsSecrets:["--to-github-actions-secrets, --toGitHubActionsSecrets","Push to GitHub actions secrets"],env:["--env [env]","Path to .env file"],sec:["--sec [sec]","Path to .sec file"],yes:["--yes","Skip confirmation prompts",!1],awsKeyAlias:["--aws-key-alias <awsKeyAlias>","AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)","alias/dotsec"],awsRegion:["--aws-region <awsRegion>","AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION"]}}},ke=(e,n,o={})=>{let t=e[n];if(t)return t.inheritsFrom?t==null?void 0:t.inheritsFrom.reduce((a,i)=>{let c=ke(e,i,a);return r({},c)},{options:r(r({},o.options),t.options),requiredOptions:r(r({},o.requiredOptions),t.requiredOptions)}):{options:r(r({},o.options),t.options),requiredOptions:r(r({},o.requiredOptions),t.requiredOptions)}},M=(e,n)=>{let o=ke(Sn,n||e.name());(o==null?void 0:o.options)&&Object.values(o.options).forEach(([t,a,i])=>{e.option(t,a,i)}),(o==null?void 0:o.requiredOptions)&&Object.values(o.requiredOptions).forEach(([t,a,i])=>{e.requiredOption(t,a,i)})};var An=async e=>{let n=e.enablePositionalOptions().passThroughOptions().command("init").action(async(o,t)=>{var l,u,y,s,A,E;let{verbose:a,configFile:i,env:c,sec:m,awskeyAlias:p,awsRegion:f,yes:g}=t.optsWithGlobals();try{let b;b=await ie({verbose:a,region:f||process.env.AWS_REGION||((u=(l=h.config)==null?void 0:l.aws)==null?void 0:u.region),kms:{keyAlias:p||((E=(A=(s=(y=h)==null?void 0:y.config)==null?void 0:s.aws)==null?void 0:A.kms)==null?void 0:E.keyAlias)}});let v=await re(c),x=await b.encrypt(v),k=await te({filePath:m,skip:g});(k===void 0||k.overwrite===!0)&&(await ne(m,x),console.log(`Wrote encrypted contents of ${S(c)} contents file to ${S(m)}`));let N=ve({configFile:Cn.resolve(__dirname,"../../src/templates/dotsec.config.ts"),config:{aws:{kms:{keyAlias:p||ce},region:f||process.env.AWS_REGION}}}),I=await te({filePath:i,skip:g});(I===void 0||I.overwrite===!0)&&(await ne(i,N),console.log(`Wrote config file to ${S(i)}`))}catch(b){t.error(b)}});return M(n),n},_e=An;import xe from"node:fs";import{parse as Rn}from"dotenv";import On from"node:path";import{bundleRequire as bn}from"bundle-require";import vn from"joycon";import En from"fs";import hn from"node:path";function Pn(e){try{return new Function(`return ${e.trim()}`)()}catch{return{}}}var ue=async e=>{try{return Pn(await En.promises.readFile(e,"utf8"))}catch(n){throw n instanceof Error?new Error(`Failed to parse ${hn.relative(process.cwd(),e)}: ${n.message}`):n}};var de=async e=>{var a,i,c,m,p,f,g,l,u,y,s,A,E,b,v,x,k,N,I,G,q,U,V,Y,J,B,w,C,W,j,$,R,F,T,P,_,Z,z,L,Q,X,ee;let n=process.cwd(),t=await new vn().resolve({files:e?[e]:[...De,"package.json"],cwd:n,stopDir:On.parse(n).root,packageKey:"dotsec"});if(e&&t===null)throw new Error(`Could not find config file ${e}`);if(t){if(t.endsWith(".json")){let H=await ue(t),d;return t.endsWith("package.json")&&H.dotsec!==void 0?d=H.dotsec:d=H,{source:"json",contents:O(r(r({},h),d),{config:O(r(r({},d==null?void 0:d.config),h.config),{github:r(r({},(a=d==null?void 0:d.config)==null?void 0:a.github),(c=(i=h)==null?void 0:i.config)==null?void 0:c.github),aws:O(r(r({},(m=d==null?void 0:d.config)==null?void 0:m.aws),(f=(p=h)==null?void 0:p.config)==null?void 0:f.aws),{kms:r(r({},(u=(l=(g=h)==null?void 0:g.config)==null?void 0:l.aws)==null?void 0:u.kms),(s=(y=d.config)==null?void 0:y.aws)==null?void 0:s.kms),ssm:r(r({},(b=(E=(A=h)==null?void 0:A.config)==null?void 0:E.aws)==null?void 0:b.ssm),(x=(v=d.config)==null?void 0:v.aws)==null?void 0:x.ssm),secretsManager:r(r({},(I=(N=(k=h)==null?void 0:k.config)==null?void 0:N.aws)==null?void 0:I.secretsManager),(q=(G=d.config)==null?void 0:G.aws)==null?void 0:q.secretsManager)})})})}}else if(t.endsWith(".ts")){let H=await bn({filepath:t}),d=H.mod.dotsec||H.mod.default||H.mod;return{source:"ts",contents:O(r(r({},h),d),{config:O(r(r({},d==null?void 0:d.config),h.config),{github:r(r({},(U=d==null?void 0:d.config)==null?void 0:U.github),(Y=(V=h)==null?void 0:V.config)==null?void 0:Y.github),aws:O(r(r({},(J=d==null?void 0:d.config)==null?void 0:J.aws),(w=(B=h)==null?void 0:B.config)==null?void 0:w.aws),{kms:r(r({},(j=(W=(C=h)==null?void 0:C.config)==null?void 0:W.aws)==null?void 0:j.kms),(R=($=d.config)==null?void 0:$.aws)==null?void 0:R.kms),ssm:r(r({},(P=(T=(F=h)==null?void 0:F.config)==null?void 0:T.aws)==null?void 0:P.ssm),(Z=(_=d.config)==null?void 0:_.aws)==null?void 0:Z.ssm),secretsManager:r(r({},(Q=(L=(z=h)==null?void 0:z.config)==null?void 0:L.aws)==null?void 0:Q.secretsManager),(ee=(X=d.config)==null?void 0:X.aws)==null?void 0:ee.secretsManager)})})})}}}return{source:"defaultConfig",contents:h}};import{spawnSync as Dn}from"node:child_process";var kn=(e,n)=>{var t;let o=e.command("run2 <command...>").allowUnknownOption().description("Run a command in a separate process and populate env with decrypted .env or encrypted .sec values").action(async(a,i,c)=>{var A,E,b;let{configFile:m,env:p,sec:f,keyAlias:g,region:l}=c.optsWithGlobals(),{contents:{config:u}={}}=await de(m),y=await ie({verbose:!0,kms:{keyAlias:g||((E=(A=u==null?void 0:u.aws)==null?void 0:A.kms)==null?void 0:E.keyAlias)||ce},region:l||((b=u==null?void 0:u.aws)==null?void 0:b.region)}),s;if(p)s=xe.readFileSync(p,"utf8");else if(f){let v=xe.readFileSync(f,"utf8");s=await y.decrypt(v)}else throw new Error('Must provide either "--env" or "--sec"');if(s){let v=Rn(s),[x,...k]=a;Dn(x,[...k],{stdio:"inherit",shell:!1,env:O(r(r({},process.env),v),{__DOTSEC_ENV__:JSON.stringify(Object.keys(v))})}),c.help()}else throw new Error("No .env or .sec file provided")});return M(o,"run"),(t=n==null?void 0:n.run)==null||t.map(a=>{let{options:i,requiredOptions:c}=a;i&&Object.values(i).map(m=>{o.option(...m)}),c&&Object.values(c).map(m=>{o.option(...m)})}),o},Fe=kn;var le=e=>typeof e=="boolean";import Ie from"node:fs";import{parse as Ln}from"dotenv";import _n from"prompts";var fe=async({predicate:e,skip:n,message:o})=>n===!0?{confirm:!0}:(e?await e():!0)?await _n({type:"confirm",name:"confirm",message:()=>o}):{confirm:!0};import{PutParameterCommand as xn,SSMClient as Fn}from"@aws-sdk/client-ssm";var Te=async e=>{let{region:n}=e||{},{credentialsAndOrigin:o,regionAndOrigin:t}=await oe({argv:{},env:r({},process.env)}),a=new Fn({credentials:o.value,region:n||t.value});return{async put(i){for(let c of i){let m=new xn(O(r({},c),{Overwrite:!0}));await a.send(m)}}}};import{CreateSecretCommand as Tn,DescribeSecretCommand as Mn,UpdateSecretCommand as In,SecretsManagerClient as Wn,ResourceNotFoundException as Nn}from"@aws-sdk/client-secrets-manager";var Me=async e=>{let{region:n}=e||{},{credentialsAndOrigin:o,regionAndOrigin:t}=await oe({argv:{},env:r({},process.env)}),a=new Wn({credentials:o.value,region:n||t.value});return{async push(i){let c=[];console.log("createSecretReddquests",i);let m=[];for(let p of i){let f=new Mn({SecretId:p.Name});try{let g=await a.send(f);console.log("got one"),m.push(new In({SecretId:g.ARN,SecretString:p.SecretString}))}catch(g){g instanceof Nn&&(console.log("got one"),c.push(new Tn({Name:p.Name,SecretString:p.SecretString})))}}return{createSecretCommands:c,updateSecretCommands:m,push:async()=>{for(let p of c)await a.send(p);for(let p of m)await a.send(p)}}}}};var Hn=async e=>{let n=e.enablePositionalOptions().passThroughOptions().command("push").action(async(o,t)=>{var b,v,x,k,N,I,G,q,U,V,Y,J,B;let{configFile:a,verbose:i,env:c,sec:m,awskeyAlias:p,awsRegion:f,yes:g,toAwsSsm:l,toAwsSecretsManager:u,toGitHubActionsSecrets:y}=t.optsWithGlobals();if(!(l||u||y))throw new Error("You must specify at least one of --to-aws-ssm, --to-aws-secrets-manager or --to-github-actions-secrets");let{contents:s}=await de(a),A;if(c){let w=le(c)?ae:c;A=Ie.readFileSync(w,"utf8")}else if(m){let w=le(m)?se:m,C=Ie.readFileSync(w,"utf8");A=await(await ie({verbose:i,region:f||process.env.AWS_REGION||((v=(b=s.config)==null?void 0:b.aws)==null?void 0:v.region),kms:{keyAlias:p||((N=(k=(x=s==null?void 0:s.config)==null?void 0:x.aws)==null?void 0:k.kms)==null?void 0:N.keyAlias)}})).decrypt(C)}else throw new Error('Must provide either "--env" or "--sec"');let E=Ln(A);try{if(l){let w=(G=(I=s==null?void 0:s.config)==null?void 0:I.aws)==null?void 0:G.ssm,C=(w==null?void 0:w.parameterType)||"SecureString",W=(w==null?void 0:w.pathPrefix)||"",j=Object.entries(E).reduce((R,[F,T])=>{var P,_,Z,z;if((P=s.variables)==null?void 0:P[F]){let L=(_=s.variables)==null?void 0:_[F];if(L){let Q=`${W}${F}`;if((z=(Z=L.push)==null?void 0:Z.aws)==null?void 0:z.ssm){let X=le(L.push.aws.ssm)?{Name:Q,Value:T,Type:C}:O(r({Name:Q,Type:C},L.push.aws.ssm),{Value:T});R.push(X)}}}return R},[]),{confirm:$}=await fe({message:`Are you sure you want to push the following variables to AWS SSM Parameter Store?
|
|
3
3
|
${j.map(({Name:R})=>`- ${S(R||"[no name]")}`).join(`
|
|
4
|
-
`)}`,skip:
|
|
4
|
+
`)}`,skip:g});$===!0&&(console.log("pushing to AWS SSM Parameter Store"),await(await Te({region:f||((U=(q=s==null?void 0:s.config)==null?void 0:q.aws)==null?void 0:U.region)})).put(j))}if(u){let w=(Y=(V=s==null?void 0:s.config)==null?void 0:V.aws)==null?void 0:Y.secretsManager,C=(w==null?void 0:w.pathPrefix)||"",W=await Me({region:f||process.env.AWS_REGION||((B=(J=s.config)==null?void 0:J.aws)==null?void 0:B.region)}),j=Object.entries(E).reduce((P,[_,Z])=>{var z,L,Q,X;if((z=s.variables)==null?void 0:z[_]){let ee=(L=s.variables)==null?void 0:L[_];if(ee){let H=`${C}${_}`;if((X=(Q=ee.push)==null?void 0:Q.aws)==null?void 0:X.ssm){let d=le(ee.push.aws.ssm)?{Name:H,SecretString:Z}:O(r({Name:H},ee.push.aws.ssm),{SecretString:Z});P.push(d)}}}return P},[]),{push:$,updateSecretCommands:R,createSecretCommands:F}=await W.push(j),T=[];if(R.length>0){let{confirm:P}=await fe({message:`Are you sure you want to update the following variables to AWS SSM Secrets Manager?
|
|
5
5
|
${R.map(({input:{SecretId:_}})=>`- ${S(_||"[no name]")}`).join(`
|
|
6
|
-
`)}`,skip:
|
|
6
|
+
`)}`,skip:g});T.push(P)}if(F.length>0){let{confirm:P}=await fe({message:`Are you sure you want to create the following variables to AWS SSM Secrets Manager?
|
|
7
7
|
${F.map(({input:{Name:_}})=>`- ${S(_||"[no name]")}`).join(`
|
|
8
|
-
`)}`,skip:
|
|
8
|
+
`)}`,skip:g});T.push(P)}T.find(P=>P===!1)===void 0&&(console.log("xpushing to AWS Secrets Manager"),await $())}if(y){let w=Object.entries(E).reduce((C,[W,j])=>{var $,R,F,T;if(($=s.variables)==null?void 0:$[W]){let P=(R=s.variables)==null?void 0:R[W];P&&((T=(F=P.push)==null?void 0:F.github)==null?void 0:T.actionsSecrets)&&C.push({name:W,value:j})}return C},[]);console.log("githubActionsSecrets",w)}}catch(w){t.error(w)}});return M(n),n},We=Hn;var jn=async(e,n)=>{let o=e.enablePositionalOptions().passThroughOptions().command("encrypt").action(async(t,a)=>{try{let{env:i,sec:c,yes:m}=a.optsWithGlobals(),p=Object.keys(t).reduce((s,A)=>s||n.encryption.find(E=>E.triggerOption===A),void 0);if(!p)throw new Error(`No encryption plugin found, available encryption engine(s): ${n.encryption.map(s=>`--${s.triggerOption}`).join(", ")}`);let f=[...Object.keys(p.options||{}),...Object.keys(p.requiredOptions||{})],g=Object.fromEntries(f.map(s=>[s,t[s]])),l=await re(i),u=await p.handler(r({plaintext:l},g)),y=await te({filePath:c,skip:m});(y===void 0||y.overwrite===!0)&&(await ne(c,u),console.log(`Wrote encrypted contents of ${S(i)} file to ${S(c)}`))}catch(i){console.error(S(i.message)),a.help()}});return n.encryption.map(t=>{let{options:a,requiredOptions:i}=t;a&&Object.values(a).map(c=>{o.option(...c)}),i&&Object.values(i).map(c=>{o.option(...c)})}),M(o),o},Ne=jn;var $n=async(e,n)=>{let o=e.enablePositionalOptions().passThroughOptions().command("decrypt").action(async(t,a)=>{try{let{env:i,sec:c,yes:m}=a.optsWithGlobals(),p=Object.keys(t).reduce((s,A)=>s||n.decryption.find(E=>E.triggerOption===A),void 0);if(!p)throw new Error(`No decryption plugin found, available decryption engine(s): ${n.decryption.map(s=>`--${s.triggerOption}`).join(", ")}`);let f=[...Object.keys(p.options||{}),...Object.keys(p.requiredOptions||{})],g=Object.fromEntries(f.map(s=>[s,t[s]]));console.log("dotsecFilename",c);let l=await re(c),u=await p.handler(r({ciphertext:l},g)),y=await te({filePath:i,skip:m});(y===void 0||y.overwrite===!0)&&(await ne(i,u),console.log(`Wrote plaintext contents of ${S(c)} file to ${S(i)}`)),console.log("plaintext",u)}catch(i){console.error(S(i.message)),a.help()}});return n.decryption.map(t=>{let{options:a,requiredOptions:i}=t;a&&Object.values(a).map(c=>{o.option(...c)}),i&&Object.values(i).map(c=>{o.option(...c)})}),M(o),o},Le=$n;import Kn from"joycon";import Gn from"path";import{bundleRequire as qn}from"bundle-require";var Un="dotsec.config.ts",Vn=[Un];var ge={},He=async e=>Promise.resolve().then(()=>Ee(Ae(e.name))).then(n=>n.default),je=async e=>{let n=process.cwd(),t=await new Kn().resolve({files:e?[e]:[...Vn,"package.json"],cwd:n,stopDir:Gn.parse(n).root,packageKey:"dotsec"});if(e&&t===null)throw new Error(`Could not find config file ${e}`);if(t){if(t.endsWith(".json")){let a=await ue(t),i;return t.endsWith("package.json")&&a.dotsec!==void 0?i=a.dotsec:i=a,{source:"json",contents:O(r(r({},ge),i),{plugins:r(r({},i==null?void 0:i.plugins),ge.plugins),variables:r({},i==null?void 0:i.variables)})}}else if(t.endsWith(".ts")){let a=await qn({filepath:t}),i=a.mod.dotsec||a.mod.default||a.mod;return{source:"ts",contents:O(r(r({},ge),i),{plugins:r(r({},i==null?void 0:i.plugins),ge.plugins),variables:r({},i==null?void 0:i.variables)})}}}return{source:"defaultConfig",contents:ge}};import Jn from"ajv";var Bn={keyword:"separator",type:"string",metaSchema:{type:"string",description:"value separator"},modifying:!0,valid:!0,errors:!1,compile:e=>(n,o)=>{if(o){let{parentData:t,parentDataProperty:a}=o;return t[a]=n===""?[]:n.split(e),!0}else return!1}},K=new Yn;(async()=>{let e=process.argv.find(g=>g.startsWith("-c")),n=e?e.includes("=")?e.split("=")[1]:process.argv[process.argv.indexOf(e)+1]:void 0,{contents:o={}}=await je(n),{plugins:t,variables:a}=o;K.name("dotsec").description(".env, but secure").version("1.0.0").enablePositionalOptions().action((g,l)=>{l.help()}),M(K);let i={};t&&Object.entries(t).forEach(([g,l])=>{(l==null?void 0:l.module)?i[g]=l==null?void 0:l.module:i[g]=`@dotsec/plugin-${g}`}),Object.values(a||{}).forEach(g=>{(g==null?void 0:g.push)&&Object.keys(g.push).forEach(l=>{i[l]||(i[l]=`@dotsec/plugin-${l}`)})});let c=new Jn({allErrors:!0,removeAdditional:!0,useDefaults:!0,coerceTypes:!0,allowUnionTypes:!0,addUsedSchema:!1,keywords:[Bn]}),m=[],p=[],f=[];for(let g of Object.keys(i)){let l=i[g],u=await He({name:l}),{addCliCommand:y,cliHandlers:s}=await u({ajv:c,dotsecConfig:o});(s==null?void 0:s.encrypt)&&m.push(s.encrypt),(s==null?void 0:s.decrypt)&&p.push(s.decrypt),(s==null?void 0:s.run)&&f.push(s.run),y&&y({program:K})}m.length&&await Ne(K,{encryption:m}),p.length&&await Le(K,{decryption:p}),await _e(K),await Fe(K,{run:f}),await We(K),await K.parse()})();
|
|
9
9
|
//# sourceMappingURL=index.mjs.map
|
package/dist/cli/index.mjs.map
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../src/cli/index.ts", "../../src/lib/aws/AwsKmsEncryptionEngine.ts", "../../src/lib/aws/getCredentialsProfileRegion.ts", "../../src/utils/logger.ts", "../../src/lib/aws/handleCredentialsAndRegion.ts", "../../src/lib/io.ts", "../../src/cli/commands/init.ts", "../../src/lib/transformer.ts", "../../src/constants.ts", "../../src/cli/options.ts", "../../src/cli/commands/run2.ts", "../../src/lib/config/index.ts", "../../src/lib/json.ts", "../../src/types.ts", "../../src/cli/commands/push.ts", "../../src/utils/prompts.ts", "../../src/lib/aws/AwsSsm.ts", "../../src/lib/aws/AwsSecretsManager.ts", "../../src/cli/commands/encrypt.ts", "../../src/cli/commands/decrypt.ts", "../../src/lib/plugin.ts"],
|
|
4
|
-
"sourcesContent": ["import { Command } from \"commander\";\n\nimport addInitCommand from \"./commands/init\";\nimport addRunCommand from \"./commands/run2\";\nimport addPushProgram from \"./commands/push\";\nimport addEncryptProgram from \"./commands/encrypt\";\nimport addDecryptProgram from \"./commands/decrypt\";\nimport { setProgramOptions } from \"./options\";\nimport {\n\tgetMagicalConfig,\n\tloadDotsecPlugin,\n\tMagicalDotsecPluginConfig,\n\tCliPluginDecryptHandler,\n\tCliPluginEncryptHandler,\n\tCliPluginRunHandler,\n} from \"../lib/plugin\";\nimport Ajv, { KeywordDefinition } from \"ajv\";\n\nconst separator: KeywordDefinition = {\n\tkeyword: \"separator\",\n\ttype: \"string\",\n\tmetaSchema: {\n\t\ttype: \"string\",\n\t\tdescription: \"value separator\",\n\t},\n\tmodifying: true,\n\tvalid: true,\n\terrors: false,\n\tcompile: (schema) => (data, ctx) => {\n\t\tif (ctx) {\n\t\t\tconst { parentData, parentDataProperty } = ctx;\n\t\t\tparentData[parentDataProperty] = data === \"\" ? [] : data.split(schema);\n\t\t\treturn true;\n\t\t} else {\n\t\t\treturn false;\n\t\t}\n\t},\n};\n\nconst program = new Command();\n\n(async () => {\n\t// find -c value in argv\n\tconst configArg = process.argv.find((arg) => arg.startsWith(\"-c\"));\n\t// if -c contains a =, split it and get the value. otherwise, take the next value\n\tconst configFile = configArg\n\t\t? configArg.includes(\"=\")\n\t\t\t? configArg.split(\"=\")[1]\n\t\t\t: process.argv[process.argv.indexOf(configArg) + 1]\n\t\t: undefined;\n\tconst { contents: config = {} } = await getMagicalConfig(configFile);\n\tconst { plugins, variables } = config;\n\n\tprogram\n\t\t.name(\"dotsec\")\n\t\t.description(\".env, but secure\")\n\t\t.version(\"1.0.0\")\n\t\t.enablePositionalOptions()\n\t\t.action((_options, other: Command) => {\n\t\t\tother.help();\n\t\t});\n\n\tsetProgramOptions(program);\n\n\tconst pluginModules: { [key: string]: string } = {};\n\tif (plugins) {\n\t\tObject.entries(plugins).forEach(\n\t\t\t([pluginName, pluginModule]: [string, MagicalDotsecPluginConfig]) => {\n\t\t\t\tif (pluginModule?.module) {\n\t\t\t\t\tpluginModules[pluginName] = pluginModule?.module;\n\t\t\t\t}\n\t\t\t},\n\t\t);\n\t}\n\n\tObject.values(variables || {}).forEach((variable) => {\n\t\tif (variable?.push) {\n\t\t\tObject.keys(variable.push).forEach((pluginName) => {\n\t\t\t\tif (!pluginModules[pluginName]) {\n\t\t\t\t\tpluginModules[pluginName] = `@dotsec/plugin-${pluginName}`;\n\t\t\t\t}\n\t\t\t});\n\t\t}\n\t});\n\n\tconsole.log(\"pluginModules\", pluginModules);\n\n\tconst ajv = new Ajv({\n\t\tallErrors: true,\n\t\tremoveAdditional: true,\n\t\tuseDefaults: true,\n\t\tcoerceTypes: true,\n\t\tallowUnionTypes: true,\n\t\taddUsedSchema: false,\n\t\tkeywords: [separator],\n\t});\n\n\t// configure encryption command\n\tconst cliPluginEncryptHandlers: CliPluginEncryptHandler[] = [];\n\tconst cliPluginDecryptHandlers: CliPluginDecryptHandler[] = [];\n\tconst cliPluginRunHandlers: CliPluginRunHandler[] = [];\n\n\tfor (const pluginName of Object.keys(pluginModules)) {\n\t\tconst pluginModule = pluginModules[pluginName];\n\t\tconst initDotsecPlugin = await loadDotsecPlugin({ name: pluginModule });\n\t\tconst { addCliCommand, cliHandlers: cli } = await initDotsecPlugin({\n\t\t\tajv,\n\t\t\tdotsecConfig: config,\n\t\t});\n\n\t\tif (cli?.encrypt) {\n\t\t\tcliPluginEncryptHandlers.push(cli.encrypt);\n\t\t}\n\t\tif (cli?.decrypt) {\n\t\t\tcliPluginDecryptHandlers.push(cli.decrypt);\n\t\t}\n\t\tif (cli?.run) {\n\t\t\tcliPluginRunHandlers.push(cli.run);\n\t\t}\n\t\tif (addCliCommand) {\n\t\t\taddCliCommand({ program });\n\t\t}\n\t}\n\tif (cliPluginEncryptHandlers.length) {\n\t\tawait addEncryptProgram(program, {\n\t\t\tencryption: cliPluginEncryptHandlers,\n\t\t});\n\t}\n\tif (cliPluginDecryptHandlers.length) {\n\t\tawait addDecryptProgram(program, {\n\t\t\tdecryption: cliPluginDecryptHandlers,\n\t\t});\n\t}\n\n\t// add other commands\n\tawait addInitCommand(program);\n\tawait addRunCommand(program, { run: cliPluginRunHandlers });\n\t// await addDecryptCommand(program);\n\t// await addEncryptCommand(program);\n\tawait addPushProgram(program);\n\tawait program.parse();\n})();\n", "import {\n\tDecryptCommand,\n\tDescribeKeyCommand,\n\tEncryptCommand,\n\tKMSClient,\n} from \"@aws-sdk/client-kms\";\nimport { EncryptionEngineFactory } from \"../../types\";\nimport { handleCredentialsAndRegion } from \"./handleCredentialsAndRegion\";\n\nexport type AwsEncryptionEngineFactory = EncryptionEngineFactory<\n\t{ region?: string; kms?: { keyAlias?: string } },\n\t{ other: () => void }\n>;\n\nexport const awsEncryptionEngineFactory: AwsEncryptionEngineFactory = async (\n\toptions,\n) => {\n\tconst {\n\t\tkms: { keyAlias } = {},\n\t\tregion,\n\t} = options;\n\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\tawait handleCredentialsAndRegion({\n\t\t\targv: {},\n\t\t\tenv: { ...process.env },\n\t\t});\n\n\tconst kmsClient = new KMSClient({\n\t\tcredentials: credentialsAndOrigin.value,\n\t\tregion: region || regionAndOrigin.value,\n\t});\n\n\tconst describeKeyCommand = new DescribeKeyCommand({\n\t\tKeyId: keyAlias,\n\t});\n\n\tconst describeKeyResult = await kmsClient.send(describeKeyCommand);\n\tconst encryptionAlgorithm =\n\t\tdescribeKeyResult.KeyMetadata?.EncryptionAlgorithms?.[0];\n\n\tif (encryptionAlgorithm === undefined) {\n\t\tthrow new Error(\"Could not determine encryption algorithm\");\n\t}\n\n\treturn {\n\t\tasync encrypt(plaintext: string): Promise<string> {\n\t\t\tconst encryptCommand = new EncryptCommand({\n\t\t\t\tKeyId: keyAlias,\n\t\t\t\tPlaintext: Buffer.from(plaintext),\n\t\t\t\tEncryptionAlgorithm: encryptionAlgorithm,\n\t\t\t});\n\t\t\tconst encryptionResult = await kmsClient.send(encryptCommand);\n\n\t\t\tif (!encryptionResult.CiphertextBlob) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Something bad happened: ${JSON.stringify({\n\t\t\t\t\t\tencryptCommand,\n\t\t\t\t\t})}`,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst cipherText = Buffer.from(encryptionResult.CiphertextBlob).toString(\n\t\t\t\t\"base64\",\n\t\t\t);\n\n\t\t\treturn cipherText;\n\t\t},\n\t\tasync decrypt(cipherText: string): Promise<string> {\n\t\t\tconst decryptCommand = new DecryptCommand({\n\t\t\t\tKeyId: keyAlias,\n\t\t\t\tCiphertextBlob: Buffer.from(cipherText, \"base64\"),\n\t\t\t\tEncryptionAlgorithm: encryptionAlgorithm,\n\t\t\t});\n\n\t\t\tconst decryptionResult = await kmsClient.send(decryptCommand);\n\n\t\t\tif (!decryptionResult.Plaintext) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Something bad happened: ${JSON.stringify({\n\t\t\t\t\t\tcipherText: cipherText,\n\t\t\t\t\t\tdecryptCommand: decryptCommand,\n\t\t\t\t\t})}`,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst decryptedValue = Buffer.from(decryptionResult.Plaintext).toString();\n\n\t\t\tif (this.verbose) {\n\t\t\t\tconsole.info(`Decrypting key '${cipherText}'`);\n\t\t\t}\n\n\t\t\treturn decryptedValue;\n\t\t},\n\t\tother: () => {},\n\t};\n};\n", "import {\n\tfromEnv,\n\tfromIni,\n\tfromTemporaryCredentials,\n} from \"@aws-sdk/credential-providers\";\nimport { loadSharedConfigFiles } from \"@aws-sdk/shared-ini-file-loader\";\nimport { emphasis, strong } from \"../../utils/logger\";\n\nimport {\n\tCredentialsAndOrigin,\n\tProfileAndOrigin,\n\tRegionAndOrigin,\n} from \"./types\";\n\nexport const getCredentialsProfileRegion = async ({\n\targv,\n\tenv,\n}: {\n\targv: {\n\t\tprofile?: string;\n\t\tregion?: string;\n\t\tassumeRoleArn?: string;\n\t\tassumeRoleSessionDuration?: number;\n\t};\n\tenv: {\n\t\tAWS_PROFILE?: string;\n\t\tAWS_ACCESS_KEY_ID?: string;\n\t\tAWS_SECRET_ACCESS_KEY?: string;\n\t\tAWS_REGION?: string;\n\t\tAWS_DEFAULT_REGION?: string;\n\t\tAWS_ASSUME_ROLE_ARN?: string | undefined;\n\t\tAWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n\t\tTZ?: string;\n\t};\n}) => {\n\tconst sharedConfigFiles = await loadSharedConfigFiles();\n\tlet credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n\tlet profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n\tlet regionAndOrigin: RegionAndOrigin | undefined = undefined;\n\tif (argv.profile) {\n\t\tprofileAndOrigin = {\n\t\t\tvalue: argv.profile,\n\t\t\torigin: `command line option: ${emphasis(argv.profile)}`,\n\t\t};\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromIni({\n\t\t\t\tprofile: argv.profile,\n\t\t\t})(),\n\t\t\torigin: `${emphasis(`[${argv.profile}]`)} in credentials file`,\n\t\t};\n\t} else if (env.AWS_PROFILE) {\n\t\tprofileAndOrigin = {\n\t\t\tvalue: env.AWS_PROFILE,\n\t\t\torigin: `env variable ${emphasis(\"AWS_PROFILE\")}: ${strong(\n\t\t\t\tenv.AWS_PROFILE,\n\t\t\t)}`,\n\t\t};\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromIni({\n\t\t\t\tprofile: env.AWS_PROFILE,\n\t\t\t})(),\n\t\t\torigin: `env variable ${emphasis(\"AWS_PROFILE\")}: ${strong(\n\t\t\t\tenv.AWS_PROFILE,\n\t\t\t)}`,\n\t\t};\n\t} else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromEnv()(),\n\t\t\torigin: `env variables ${emphasis(\"AWS_ACCESS_KEY_ID\")} and ${emphasis(\n\t\t\t\t\"AWS_SECRET_ACCESS_KEY\",\n\t\t\t)}`,\n\t\t};\n\t} else if (sharedConfigFiles.credentialsFile?.default) {\n\t\tprofileAndOrigin = {\n\t\t\tvalue: \"default\",\n\t\t\torigin: `${emphasis(\"[default]\")} in credentials file`,\n\t\t};\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromIni({\n\t\t\t\tprofile: \"default\",\n\t\t\t})(),\n\t\t\torigin: `profile ${emphasis(\"[default]\")}`,\n\t\t};\n\t}\n\n\tif (argv.region) {\n\t\tregionAndOrigin = {\n\t\t\tvalue: argv.region,\n\t\t\torigin: `command line option: ${emphasis(argv.region)}`,\n\t\t};\n\t} else if (env.AWS_REGION) {\n\t\tregionAndOrigin = {\n\t\t\tvalue: env.AWS_REGION,\n\t\t\torigin: `env variable ${emphasis(\"AWS_REGION\")}: ${strong(\n\t\t\t\tenv.AWS_REGION,\n\t\t\t)}`,\n\t\t};\n\t} else if (env.AWS_DEFAULT_REGION) {\n\t\tregionAndOrigin = {\n\t\t\tvalue: env.AWS_DEFAULT_REGION,\n\t\t\torigin: `env variable ${emphasis(\"AWS_DEFAULT_REGION\")}: ${strong(\n\t\t\t\tenv.AWS_DEFAULT_REGION,\n\t\t\t)}`,\n\t\t};\n\t} else if (profileAndOrigin) {\n\t\tconst foundRegion =\n\t\t\tsharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n\t\tif (foundRegion) {\n\t\t\tregionAndOrigin = {\n\t\t\t\tvalue: foundRegion,\n\t\t\t\torigin: `${emphasis(\n\t\t\t\t\t`[profile ${profileAndOrigin.value}]`,\n\t\t\t\t)} in config file`,\n\t\t\t};\n\t\t}\n\t}\n\n\tconst assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;\n\tif (assumedRole) {\n\t\tconst origin = argv.assumeRoleArn ? \"command line option\" : \"env variable\";\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromTemporaryCredentials({\n\t\t\t\tmasterCredentials: credentialsAndOrigin?.value,\n\n\t\t\t\tparams: {\n\t\t\t\t\tDurationSeconds:\n\t\t\t\t\t\targv.assumeRoleSessionDuration ||\n\t\t\t\t\t\tNumber(env.AWS_ASSUME_ROLE_SESSION_DURATION) ||\n\t\t\t\t\t\t3600,\n\t\t\t\t\tRoleArn: assumedRole,\n\t\t\t\t},\n\n\t\t\t\tclientConfig: {\n\t\t\t\t\tregion: regionAndOrigin?.value,\n\t\t\t\t},\n\t\t\t})(),\n\t\t\torigin: `${origin} ${emphasis(`[${assumedRole}]`)}`,\n\t\t};\n\t}\n\n\treturn { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n\tcredentialsAndOrigin,\n\tregionAndOrigin,\n\tprofileAndOrigin,\n}: {\n\tcredentialsAndOrigin?: CredentialsAndOrigin;\n\tregionAndOrigin?: RegionAndOrigin;\n\tprofileAndOrigin?: ProfileAndOrigin;\n}): string => {\n\tconst out: string[] = [];\n\tif (profileAndOrigin) {\n\t\tout.push(`Got profile name from ${profileAndOrigin.origin}`);\n\t}\n\tif (credentialsAndOrigin) {\n\t\tout.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n\t}\n\tif (regionAndOrigin) {\n\t\tout.push(`Resolved region from ${regionAndOrigin.origin}`);\n\t}\n\treturn out.join(\"\\n\");\n};\n", "import chalk from \"chalk\";\nlet _logger: Pick<Console, \"info\" | \"error\" | \"table\">;\nexport const getLogger = () => {\n\tif (!_logger) {\n\t\t_logger = console;\n\t}\n\n\treturn _logger;\n};\nexport const writeLine = (str: string) => {\n\tprocess.stdout.write(str);\n};\nexport const emphasis = (str: string): string => chalk.yellowBright(str);\nexport const strong = (str: string): string => chalk.yellow.bold(str);\n\nexport const clientLogger = {\n\tdebug(content: object) {\n\t\tconsole.log(content);\n\t},\n\tinfo(content: object) {\n\t\tconsole.log(content);\n\t},\n\twarn(content: object) {\n\t\tconsole.log(content);\n\t},\n\terror(content: object) {\n\t\tconsole.error(content);\n\t},\n};\n", "import {\n\tgetCredentialsProfileRegion,\n\tprintVerboseCredentialsProfileRegion,\n} from \"./getCredentialsProfileRegion\";\n\nexport const handleCredentialsAndRegion = async ({\n\targv,\n\tenv,\n}: {\n\targv: {\n\t\tawsRegion?: string;\n\t\tawsProfile?: string;\n\t\tverbose?: boolean;\n\t\tawsAssumeRoleArn?: string;\n\t\tawsAssumeRoleSessionDuration?: number;\n\t};\n\tenv: {\n\t\tAWS_PROFILE?: string | undefined;\n\t\tAWS_ACCESS_KEY_ID?: string | undefined;\n\t\tAWS_SECRET_ACCESS_KEY?: string | undefined;\n\t\tAWS_REGION?: string | undefined;\n\t\tAWS_DEFAULT_REGION?: string | undefined;\n\t\tAWS_ASSUME_ROLE_ARN?: string | undefined;\n\t\tAWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n\t\tTZ?: string;\n\t};\n}) => {\n\tconst { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n\t\tawait getCredentialsProfileRegion({\n\t\t\targv: {\n\t\t\t\tregion: argv.awsRegion,\n\t\t\t\tprofile: argv.awsProfile,\n\t\t\t\tassumeRoleArn: argv.awsAssumeRoleArn,\n\t\t\t\tassumeRoleSessionDuration: argv.awsAssumeRoleSessionDuration,\n\t\t\t},\n\t\t\tenv: {\n\t\t\t\t...env,\n\t\t\t},\n\t\t});\n\n\tif (argv.verbose === true) {\n\t\tconsole.log(\n\t\t\tprintVerboseCredentialsProfileRegion({\n\t\t\t\tcredentialsAndOrigin,\n\t\t\t\tregionAndOrigin,\n\t\t\t\tprofileAndOrigin,\n\t\t\t}),\n\t\t);\n\t}\n\n\tif (!(credentialsAndOrigin && regionAndOrigin)) {\n\t\tif (!credentialsAndOrigin) {\n\t\t\tconsole.error(\"Could not find credentials\");\n\t\t\tthrow new Error(\"Could not find credentials\");\n\t\t}\n\t\tif (!regionAndOrigin) {\n\t\t\tconsole.error(\"Could not find region\");\n\t\t\tthrow new Error(\"Could not find region\");\n\t\t}\n\t}\n\n\treturn { credentialsAndOrigin, regionAndOrigin };\n};\n", "import fs, { stat } from \"node:fs/promises\";\nimport prompts from \"prompts\";\nimport path from \"node:path\";\n\nexport const readContentsFromFile = async (\n\tfilePath: string,\n): Promise<string> => {\n\treturn await fs.readFile(filePath, \"utf-8\");\n};\n\nexport const writeContentsToFile = async (\n\tfilePath: string,\n\tcontents: string,\n): Promise<void> => {\n\treturn await fs.writeFile(filePath, contents, \"utf-8\");\n};\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n\ttry {\n\t\tawait stat(source);\n\t\treturn true;\n\t} catch {\n\t\treturn false;\n\t}\n};\n\nexport const promptOverwriteIfFileExists = async ({\n\tfilePath,\n\tskip,\n}: {\n\tfilePath: string;\n\tskip?: boolean;\n}) => {\n\tlet overwriteResponse: prompts.Answers<\"overwrite\"> | undefined;\n\n\tif ((await fileExists(filePath)) && skip !== true) {\n\t\toverwriteResponse = await prompts({\n\t\t\ttype: \"confirm\",\n\t\t\tname: \"overwrite\",\n\t\t\tmessage: () => {\n\t\t\t\treturn `Overwrite './${path.relative(process.cwd(), filePath)}' ?`;\n\t\t\t},\n\t\t});\n\t} else {\n\t\toverwriteResponse = undefined;\n\t}\n\treturn overwriteResponse;\n};\n", "import { Command } from \"commander\";\nimport { awsEncryptionEngineFactory } from \"../../lib/aws/AwsKmsEncryptionEngine\";\nimport {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { EncryptionEngine, Init2CommandOptions } from \"../../types\";\n\nimport path from \"node:path\";\nimport { patchConfigFile } from \"../../lib/transformer\";\nimport { setProgramOptions } from \"../options\";\nimport { strong } from \"../../utils/logger\";\nimport {\n\tdefaultConfig,\n\tDOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n} from \"../../constants\";\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n};\n\nconst addInitProgram = async (program: Command) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"init\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\tconst {\n\t\t\t\tverbose,\n\t\t\t\tconfigFile,\n\t\t\t\tenv: dotenvFilename,\n\t\t\t\tsec: dotsecFilename,\n\t\t\t\tawskeyAlias,\n\t\t\t\tawsRegion,\n\t\t\t\tyes,\n\t\t\t} = command.optsWithGlobals<Init2CommandOptions>();\n\t\t\t// get dotsec config\n\n\t\t\ttry {\n\t\t\t\tlet encryptionEngine: EncryptionEngine;\n\n\t\t\t\tencryptionEngine = await awsEncryptionEngineFactory({\n\t\t\t\t\tverbose,\n\t\t\t\t\tregion:\n\t\t\t\t\t\tawsRegion ||\n\t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t\t\tdefaultConfig.config?.aws?.region,\n\t\t\t\t\tkms: {\n\t\t\t\t\t\tkeyAlias: awskeyAlias || defaultConfig?.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t},\n\t\t\t\t});\n\n\t\t\t\t// get current dot env file\n\t\t\t\tconst dotenvString = await readContentsFromFile(dotenvFilename);\n\n\t\t\t\t// encrypt\n\t\t\t\tconst cipherText = await encryptionEngine.encrypt(dotenvString);\n\n\t\t\t\tconst dotsecOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotsecFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotsecOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotsecFilename, cipherText);\n\t\t\t\t\t// todo: fix type\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote encrypted contents of ${strong(\n\t\t\t\t\t\t\tdotenvFilename,\n\t\t\t\t\t\t)} contents file to ${strong(dotsecFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst patchedConfigTemplate = patchConfigFile({\n\t\t\t\t\tconfigFile: path.resolve(\n\t\t\t\t\t\t__dirname,\n\t\t\t\t\t\t\"../../src/templates/dotsec.config.ts\",\n\t\t\t\t\t),\n\t\t\t\t\tconfig: {\n\t\t\t\t\t\taws: {\n\t\t\t\t\t\t\tkms: {\n\t\t\t\t\t\t\t\tkeyAlias: awskeyAlias || DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tregion: awsRegion || process.env.AWS_REGION,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tconst dotsecConfigOverwriteResponse = await promptOverwriteIfFileExists(\n\t\t\t\t\t{\n\t\t\t\t\t\tfilePath: configFile,\n\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tif (\n\t\t\t\t\tdotsecConfigOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecConfigOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(configFile, patchedConfigTemplate);\n\t\t\t\t\tconsole.log(`Wrote config file to ${strong(configFile)}`);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tcommand.error(e);\n\t\t\t}\n\t\t});\n\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addInitProgram;\n", "import * as ts from \"typescript\";\nimport fs from \"node:fs\";\n\nexport const patchConfigFile = (options: {\n\tconfigFile: string;\n\tconfig?: {\n\t\taws?: {\n\t\t\tregion?: string;\n\t\t\tkms?: {\n\t\t\t\tkeyAlias?: string;\n\t\t\t};\n\t\t};\n\t};\n}) => {\n\tconst printer: ts.Printer = ts.createPrinter();\n\tconst source = fs.readFileSync(options.configFile, \"utf8\");\n\n\tconst transformer =\n\t\t<T extends ts.Node>(context: ts.TransformationContext) =>\n\t\t(rootNode: T) => {\n\t\t\tfunction visit(node: ts.Node): ts.Node {\n\t\t\t\tnode = ts.visitEachChild(node, visit, context);\n\t\t\t\tif (node.kind === ts.SyntaxKind.StringLiteral) {\n\t\t\t\t\tconst kmsNode = node?.parent?.parent?.parent;\n\t\t\t\t\tif (options.config?.aws?.kms?.keyAlias) {\n\t\t\t\t\t\tif (kmsNode?.getChildAt(0)?.getText() === \"kms\") {\n\t\t\t\t\t\t\tconst awsNode = kmsNode?.parent?.parent;\n\t\t\t\t\t\t\tif (awsNode?.getChildAt(0).getText() === \"aws\") {\n\t\t\t\t\t\t\t\t// console.log(\n\t\t\t\t\t\t\t\t// \t\"parent is aws\",\n\t\t\t\t\t\t\t\t// \tnode.parent?.getChildAt(2).getText(),\n\t\t\t\t\t\t\t\t// );\n\t\t\t\t\t\t\t\treturn ts.createStringLiteral(\n\t\t\t\t\t\t\t\t\toptions.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif (options.config?.aws?.region) {\n\t\t\t\t\t\tif (node?.parent?.getChildAt(0)?.getText() === \"region\") {\n\t\t\t\t\t\t\tconst awsNode = node?.parent?.parent?.parent;\n\n\t\t\t\t\t\t\t// const awsNode = kmsNode?.parent?.parent;\n\t\t\t\t\t\t\tif (awsNode?.getChildAt(0).getText() === \"aws\") {\n\t\t\t\t\t\t\t\treturn ts.createStringLiteral(options.config?.aws?.region);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treturn node;\n\t\t\t}\n\t\t\treturn ts.visitNode(rootNode, visit);\n\t\t};\n\n\tconst sourceFile: ts.SourceFile = ts.createSourceFile(\n\t\t\"test.ts\",\n\t\tsource,\n\t\tts.ScriptTarget.ES2015,\n\t\ttrue,\n\t\tts.ScriptKind.TS,\n\t);\n\n\t// Options may be passed to transform\n\tconst result: ts.TransformationResult<ts.SourceFile> =\n\t\tts.transform<ts.SourceFile>(sourceFile, [transformer]);\n\n\tconst transformedSourceFile: ts.SourceFile = result.transformed[0];\n\n\tconst transformedSource = printer.printFile(transformedSourceFile);\n\tresult.dispose();\n\n\treturn transformedSource;\n};\n", "import { DotsecConfig } from \"./types\";\n\nexport const DOTSEC_DEFAULT_CONFIG_FILE = \"dotsec.config.ts\";\nexport const DOTSEC_CONFIG_FILES = [DOTSEC_DEFAULT_CONFIG_FILE];\nexport const DOTSEC_DEFAULT_DOTSEC_FILENAME = \".sec\";\nexport const DOTSEC_DEFAULT_DOTENV_FILENAME = \".env\";\nexport const DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS = \"alias/dotsec\";\nexport const DOTSEC_DEFAULT_AWS_SSM_PARAMETER_TYPE = \"SecureString\";\n\nexport const defaultConfig: DotsecConfig = {\n\tconfig: {\n\t\taws: {\n\t\t\tkms: {\n\t\t\t\tkeyAlias: DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n\t\t\t},\n\t\t\tssm: {\n\t\t\t\tparameterType: DOTSEC_DEFAULT_AWS_SSM_PARAMETER_TYPE,\n\t\t\t},\n\t\t},\n\t},\n};\n", "import { Command } from \"commander\";\nimport {\n\tDOTSEC_DEFAULT_CONFIG_FILE,\n\tDOTSEC_DEFAULT_DOTENV_FILENAME,\n\tDOTSEC_DEFAULT_DOTSEC_FILENAME,\n} from \"../constants\";\n\ntype Options = {\n\t[optionName: string]:\n\t\t| [string, string]\n\t\t| [string, string, string | boolean | string[]];\n};\n\ntype CommandOptions = {\n\t[commandName: string]: {\n\t\tinheritsFrom?: string[];\n\t\toptions?: Options;\n\t\trequiredOptions?: Options;\n\t};\n};\nexport const commandOptions: CommandOptions = {\n\tdotsec: {\n\t\toptions: {\n\t\t\tverbose: [\"--verbose\", \"Verbose output\", false],\n\t\t\tconfigFile: [\n\t\t\t\t\"-c, --config-file, --configFile <configFile>\",\n\t\t\t\t\"Config file\",\n\t\t\t\tDOTSEC_DEFAULT_CONFIG_FILE,\n\t\t\t],\n\t\t},\n\t},\n\tinit: {\n\t\toptions: {\n\t\t\tverbose: [\"--verbose\", \"Verbose output\", false],\n\t\t\tconfigFile: [\n\t\t\t\t\"-c, --config-file, --configFile <configFile>\",\n\t\t\t\t\"Config file\",\n\t\t\t\tDOTSEC_DEFAULT_CONFIG_FILE,\n\t\t\t],\n\n\t\t\tenv: [\"--env\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t\tawsKeyAlias: [\n\t\t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t\t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t\t\t\t\"alias/dotsec\",\n\t\t\t],\n\t\t\tawsRegion: [\n\t\t\t\t\"--aws-region <awsRegion>\",\n\t\t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t\t\t],\n\t\t},\n\t},\n\t// decrypt: {\n\t// \tinheritsFrom: [\"dotsec\"],\n\t// \toptions: {\n\t// \t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t// \t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t// \t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t// \t\tawsKeyAlias: [\n\t// \t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t// \t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t// \t\t\t\"alias/dotsec\",\n\t// \t\t],\n\t// \t\tawsRegion: [\n\t// \t\t\t\"--aws-region <awsRegion>\",\n\t// \t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t// \t\t],\n\t// \t},\n\t// },\n\t// encrypt: {\n\t// \tinheritsFrom: [\"dotsec\"],\n\t// \toptions: {\n\t// \t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t// \t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t// \t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t// \t\tawsKeyAlias: [\n\t// \t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t// \t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t// \t\t\t\"alias/dotsec\",\n\t// \t\t],\n\t// \t\tawsRegion: [\n\t// \t\t\t\"--aws-region <awsRegion>\",\n\t// \t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t// \t\t],\n\t// \t},\n\t// },\n\tencrypt: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t},\n\t},\n\tdecrypt: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t},\n\t},\n\n\t// run: {\n\t// \tinheritsFrom: [\"dotsec\"],\n\t// \toptions: {\n\t// \t\tenv: [\"--env <env>\", \"Path to .env file\"],\n\t// \t\tsec: [\"--sec [sec]\", \"Path to .sec file\"],\n\t// \t\tawsKeyAlias: [\n\t// \t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t// \t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t// \t\t\t\"alias/dotsec\",\n\t// \t\t],\n\t// \t\tawsRegion: [\n\t// \t\t\t\"--aws-region <awsRegion>\",\n\t// \t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t// \t\t],\n\t// \t},\n\t// },\n\trun: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\"],\n\t\t},\n\t},\n\tpush: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\ttoAwsSsm: [\"--to-aws-ssm, --toAwsSsm\", \"Push to AWS SSM\"],\n\t\t\ttoAwsSecretsManager: [\n\t\t\t\t\"--to-aws-secrets-manager, --toAwsSecretsManager\",\n\t\t\t\t\"Push to AWS Secrets Manager\",\n\t\t\t],\n\t\t\ttoGitHubActionsSecrets: [\n\t\t\t\t\"--to-github-actions-secrets, --toGitHubActionsSecrets\",\n\t\t\t\t\"Push to GitHub actions secrets\",\n\t\t\t],\n\n\t\t\tenv: [\"--env [env]\", \"Path to .env file\"],\n\t\t\tsec: [\"--sec [sec]\", \"Path to .sec file\"],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t\tawsKeyAlias: [\n\t\t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t\t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t\t\t\t\"alias/dotsec\",\n\t\t\t],\n\t\t\tawsRegion: [\n\t\t\t\t\"--aws-region <awsRegion>\",\n\t\t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t\t\t],\n\t\t},\n\t},\n};\n\nconst getInheritedOptions = (\n\tcopts: CommandOptions,\n\tcommandName: string,\n\tresult: { options?: Options; requiredOptions?: Options } = {},\n): { options?: Options; requiredOptions?: Options } | undefined => {\n\tconst command = copts[commandName];\n\tif (command) {\n\t\tif (command.inheritsFrom) {\n\t\t\treturn command?.inheritsFrom.reduce(\n\t\t\t\t(acc, inheritedCommandName) => {\n\t\t\t\t\tconst r = getInheritedOptions(copts, inheritedCommandName, acc);\n\t\t\t\t\treturn { ...r };\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\toptions: { ...result.options, ...command.options },\n\t\t\t\t\trequiredOptions: {\n\t\t\t\t\t\t...result.requiredOptions,\n\t\t\t\t\t\t...command.requiredOptions,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t} else {\n\t\t\treturn {\n\t\t\t\toptions: { ...result.options, ...command.options },\n\t\t\t\trequiredOptions: {\n\t\t\t\t\t...result.requiredOptions,\n\t\t\t\t\t...command.requiredOptions,\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n};\n\nexport const setProgramOptions = (program: Command, commandName?: string) => {\n\tconst programOptions = getInheritedOptions(\n\t\tcommandOptions,\n\t\tcommandName || program.name(),\n\t);\n\n\tif (programOptions?.options) {\n\t\tObject.values(programOptions.options).forEach(\n\t\t\t([option, description, defaultValue]) => {\n\t\t\t\tprogram.option(option, description, defaultValue);\n\t\t\t},\n\t\t);\n\t}\n\tif (programOptions?.requiredOptions) {\n\t\tObject.values(programOptions.requiredOptions).forEach(\n\t\t\t([option, description, defaultValue]) => {\n\t\t\t\tprogram.requiredOption(option, description, defaultValue);\n\t\t\t},\n\t\t);\n\t}\n};\n", "import fs from \"node:fs\";\n\nimport { Command } from \"commander\";\nimport { parse } from \"dotenv\";\n\nimport { DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS } from \"../../constants\";\nimport { awsEncryptionEngineFactory } from \"../../lib/aws/AwsKmsEncryptionEngine\";\nimport { RunCommandOptions } from \"../../types\";\nimport { setProgramOptions } from \"../options\";\nimport { getConfig } from \"../../lib/config\";\nimport { spawnSync } from \"node:child_process\";\nimport { CliPluginRunHandler } from \"../../lib/plugin\";\nconst addRunProgam = (\n\tprogram: Command,\n\toptions?: {\n\t\trun?: CliPluginRunHandler[];\n\t},\n) => {\n\tconst subProgram = program\n\t\t.command(\"run2 <command...>\")\n\t\t.allowUnknownOption()\n\t\t.description(\n\t\t\t\"Run a command in a separate process and populate env with decrypted .env or encrypted .sec values\",\n\t\t)\n\t\t.action(\n\t\t\tasync (\n\t\t\t\tcommands: string[],\n\t\t\t\t_options: Record<string, string>,\n\t\t\t\tcommand: Command,\n\t\t\t) => {\n\t\t\t\tconst {\n\t\t\t\t\tconfigFile,\n\t\t\t\t\tenv: dotenv,\n\t\t\t\t\tsec: dotsec,\n\t\t\t\t\tkeyAlias,\n\t\t\t\t\tregion,\n\t\t\t\t} = command.optsWithGlobals<RunCommandOptions>();\n\n\t\t\t\tconst {\n\t\t\t\t\tcontents: { config } = {},\n\t\t\t\t} = await getConfig(configFile);\n\n\t\t\t\tconst encryptionPlugin = await awsEncryptionEngineFactory({\n\t\t\t\t\tverbose: true,\n\t\t\t\t\tkms: {\n\t\t\t\t\t\tkeyAlias:\n\t\t\t\t\t\t\tkeyAlias ||\n\t\t\t\t\t\t\tconfig?.aws?.kms?.keyAlias ||\n\t\t\t\t\t\t\tDOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n\t\t\t\t\t},\n\t\t\t\t\tregion: region || config?.aws?.region,\n\t\t\t\t});\n\n\t\t\t\tlet envContents: string | undefined;\n\n\t\t\t\tif (dotenv) {\n\t\t\t\t\tenvContents = fs.readFileSync(dotenv, \"utf8\");\n\t\t\t\t} else if (dotsec) {\n\t\t\t\t\tconst dotSecContents = fs.readFileSync(dotsec, \"utf8\");\n\t\t\t\t\tenvContents = await encryptionPlugin.decrypt(dotSecContents);\n\t\t\t\t} else {\n\t\t\t\t\tthrow new Error('Must provide either \"--env\" or \"--sec\"');\n\t\t\t\t}\n\t\t\t\tif (envContents) {\n\t\t\t\t\tconst dotenvVars = parse(envContents);\n\t\t\t\t\tconst [userCommand, ...userCommandArgs] = commands;\n\t\t\t\t\tspawnSync(userCommand, [...userCommandArgs], {\n\t\t\t\t\t\tstdio: \"inherit\",\n\t\t\t\t\t\tshell: false,\n\t\t\t\t\t\tenv: {\n\t\t\t\t\t\t\t...process.env,\n\t\t\t\t\t\t\t...dotenvVars,\n\t\t\t\t\t\t\t__DOTSEC_ENV__: JSON.stringify(Object.keys(dotenvVars)),\n\t\t\t\t\t\t},\n\t\t\t\t\t});\n\n\t\t\t\t\tcommand.help();\n\t\t\t\t} else {\n\t\t\t\t\tthrow new Error(\"No .env or .sec file provided\");\n\t\t\t\t}\n\t\t\t},\n\t\t);\n\n\tsetProgramOptions(subProgram, \"run\");\n\toptions?.run?.map((run) => {\n\t\tconst { options, requiredOptions } = run;\n\t\tif (options) {\n\t\t\tObject.values(options).map((option) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...option);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.values(requiredOptions).map((requiredOption) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...requiredOption);\n\t\t\t});\n\t\t}\n\t});\n\n\treturn subProgram;\n};\n\nexport default addRunProgam;\n", "import path from \"node:path\";\n\nimport { bundleRequire } from \"bundle-require\";\nimport JoyCon from \"joycon\";\n\nimport { loadJson } from \"../json\";\nimport { DotsecConfig, DotsecConfigAndSource } from \"../../types\";\nimport { defaultConfig, DOTSEC_CONFIG_FILES } from \"../../constants\";\n\nexport const getConfig = async (\n\tfilename?: string,\n): Promise<DotsecConfigAndSource> => {\n\tconst cwd = process.cwd();\n\tconst configJoycon = new JoyCon();\n\tconst configPath = await configJoycon.resolve({\n\t\tfiles: filename ? [filename] : [...DOTSEC_CONFIG_FILES, \"package.json\"],\n\t\tcwd,\n\t\tstopDir: path.parse(cwd).root,\n\t\tpackageKey: \"dotsec\",\n\t});\n\tif (filename && configPath === null) {\n\t\tthrow new Error(`Could not find config file ${filename}`);\n\t}\n\tif (configPath) {\n\t\tif (configPath.endsWith(\".json\")) {\n\t\t\tconst rawData = (await loadJson(configPath)) as Partial<DotsecConfig>;\n\n\t\t\tlet data: Partial<DotsecConfig>;\n\n\t\t\tif (\n\t\t\t\tconfigPath.endsWith(\"package.json\") &&\n\t\t\t\t(rawData as { dotsec: Partial<DotsecConfig> }).dotsec !== undefined\n\t\t\t) {\n\t\t\t\tdata = (rawData as { dotsec: Partial<DotsecConfig> }).dotsec;\n\t\t\t} else {\n\t\t\t\tdata = rawData as Partial<DotsecConfig>;\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tsource: \"json\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tconfig: {\n\t\t\t\t\t\t...data?.config,\n\t\t\t\t\t\t...defaultConfig.config,\n\t\t\t\t\t\tgithub: {\n\t\t\t\t\t\t\t...data?.config?.github,\n\t\t\t\t\t\t\t...defaultConfig?.config?.github,\n\t\t\t\t\t\t},\n\t\t\t\t\t\taws: {\n\t\t\t\t\t\t\t...data?.config?.aws,\n\t\t\t\t\t\t\t...defaultConfig?.config?.aws,\n\t\t\t\t\t\t\tkms: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.kms,\n\t\t\t\t\t\t\t\t...data.config?.aws?.kms,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tssm: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.ssm,\n\t\t\t\t\t\t\t\t...data.config?.aws?.ssm,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tsecretsManager: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t\t...data.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t} else if (configPath.endsWith(\".ts\")) {\n\t\t\tconst bundleRequireResult = await bundleRequire({\n\t\t\t\tfilepath: configPath,\n\t\t\t});\n\t\t\tconst data = (bundleRequireResult.mod.dotsec ||\n\t\t\t\tbundleRequireResult.mod.default ||\n\t\t\t\tbundleRequireResult.mod) as Partial<DotsecConfig>;\n\n\t\t\treturn {\n\t\t\t\tsource: \"ts\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tconfig: {\n\t\t\t\t\t\t...data?.config,\n\t\t\t\t\t\t...defaultConfig.config,\n\t\t\t\t\t\tgithub: {\n\t\t\t\t\t\t\t...data?.config?.github,\n\t\t\t\t\t\t\t...defaultConfig?.config?.github,\n\t\t\t\t\t\t},\n\t\t\t\t\t\taws: {\n\t\t\t\t\t\t\t...data?.config?.aws,\n\t\t\t\t\t\t\t...defaultConfig?.config?.aws,\n\t\t\t\t\t\t\tkms: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.kms,\n\t\t\t\t\t\t\t\t...data.config?.aws?.kms,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tssm: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.ssm,\n\t\t\t\t\t\t\t\t...data.config?.aws?.ssm,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tsecretsManager: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t\t...data.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n\n\treturn { source: \"defaultConfig\", contents: defaultConfig };\n};\n", "import fs from \"fs\";\nimport path from \"node:path\";\n\nexport function jsoncParse(data: string) {\n\ttry {\n\t\treturn new Function(`return ${data.trim()}`)();\n\t} catch {\n\t\t// Silently ignore any error\n\t\t// That's what tsc/jsonc-parser did after all\n\t\treturn {};\n\t}\n}\n\nexport const loadJson = async (filepath: string) => {\n\ttry {\n\t\treturn jsoncParse(await fs.promises.readFile(filepath, \"utf8\"));\n\t} catch (error) {\n\t\tif (error instanceof Error) {\n\t\t\tthrow new Error(\n\t\t\t\t`Failed to parse ${path.relative(process.cwd(), filepath)}: ${\n\t\t\t\t\terror.message\n\t\t\t\t}`,\n\t\t\t);\n\t\t} else {\n\t\t\tthrow error;\n\t\t}\n\t}\n};\n", "import { PutParameterRequest } from \"@aws-sdk/client-ssm\";\nimport { Command } from \"commander\";\n\n// type Replace<\n// \tSource,\n// \tNeedle extends String,\n// \tReplacement,\n// > = Source extends Record<string, unknown>\n// \t? {\n// \t\t\t[key in keyof Source]: key extends Needle\n// \t\t\t\t? Replacement\n// \t\t\t\t: Replace<Source[key], Needle, Replacement>;\n// \t }\n// \t: Source;\n\n// utility types\nexport type DeepPartial<T> = T extends object\n\t? {\n\t\t\t[P in keyof T]?: DeepPartial<T[P]>;\n\t }\n\t: T;\n\nexport type EncryptionEngineFactoryProps = { verbose?: boolean };\nexport type EncryptionEngine<T = {}> = {\n\tencrypt(plaintext: string): Promise<string>;\n\tdecrypt(ciphertext: string): Promise<string>;\n} & T;\n\nexport type EncryptionEngineFactory<\n\tT = {},\n\tV extends Record<string, unknown> = {},\n> = {\n\t(options: EncryptionEngineFactoryProps & T): Promise<EncryptionEngine<V>>;\n};\n\nexport abstract class EncryptionPlugin {\n\tprotected verbose: boolean | undefined;\n\tconstructor(options: EncryptionEngineFactoryProps) {\n\t\tthis.verbose = options?.verbose;\n\t}\n\tabstract encrypt(plaintext: string): Promise<string>;\n\tabstract decrypt(ciphertext: string): Promise<string>;\n}\n\ntype DotsecPlugin = {\n\t[key: string]: {\n\t\tplugin?: {\n\t\t\tmodule?: string;\n\t\t};\n\t\tconfig: {\n\t\t\t[key: string]: unknown;\n\t\t};\n\t\tpush: Record<string, unknown>;\n\t};\n};\n\ntype DotsecVariables = Record<string, DotsecVariable | boolean>;\nexport type DotsecConfigOptions = {\n\tplugins?: DotsecPlugin;\n\tvariables?: DotsecVariables;\n};\ntype DotSecVariableWithPlugin<\n\tVariable extends DotsecVariable,\n\tPlugins extends DotsecPlugin,\n> = {\n\tpush?: {\n\t\t[key in keyof DotsecAwsPlugin]?: DotsecAwsPlugin[key][\"push\"];\n\t} & {\n\t\t[key in keyof DotsecGitHubPlugin]?: DotsecGitHubPlugin[key][\"push\"];\n\t} & Variable[\"push\"] & {\n\t\t\t[key in keyof Plugins]?: Plugins[key][\"push\"];\n\t\t};\n};\n\nexport type DotsecVariable = {\n\tpush?: {};\n};\n\nexport type DotsecAwsPlugin = {\n\taws: {\n\t\tconfig: {\n\t\t\tregion?: string;\n\t\t\tkms?: {\n\t\t\t\tkeyAlias?: string;\n\t\t\t\tencryptionAlgorithm?:\n\t\t\t\t\t| \"RSAES_OAEP_SHA_1\"\n\t\t\t\t\t| \"RSAES_OAEP_SHA_256\"\n\t\t\t\t\t| \"SYMMETRIC_DEFAULT\";\n\t\t\t};\n\t\t\tssm?: {\n\t\t\t\tpathPrefix?: string;\n\t\t\t\tparameterType?: \"String\" | \"SecureString\";\n\t\t\t};\n\t\t\tsecretsManager?: {\n\t\t\t\tpathPrefix?: string;\n\t\t\t};\n\t\t};\n\t\tpush: {\n\t\t\tssm?:\n\t\t\t\t| boolean\n\t\t\t\t| (Omit<PutParameterRequest, \"Name\" | \"Value\"> & {\n\t\t\t\t\t\tName?: string;\n\t\t\t\t });\n\t\t\tsecretsManager?: boolean;\n\t\t};\n\t};\n};\nexport type DotsecGitHubPlugin = {\n\tgithub: {\n\t\tconfig: {\n\t\t\tpersonalAccessToken?: string | { fromEnv: string };\n\t\t};\n\t\tpush: {\n\t\t\tactionsSecrets: {\n\t\t\t\torganisations?: [{ secretName?: string; organisation: string }];\n\t\t\t};\n\t\t};\n\t};\n};\n\nexport type DotsecConfig<T extends DotsecConfigOptions = DotsecConfigOptions> =\n\t{\n\t\tconfig?: // (\n\n\t\t{\n\t\t\t[key in keyof DotsecPlugin]?: DotsecPlugin[key][\"config\"];\n\t\t} & {\n\t\t\t[key in keyof DotsecAwsPlugin]?: DotsecAwsPlugin[key][\"config\"];\n\t\t} & {\n\t\t\t[key in keyof DotsecGitHubPlugin]?: DotsecGitHubPlugin[key][\"config\"];\n\t\t} & {\n\t\t\t// aws?: {\n\t\t\t// \tregion?: string;\n\t\t\t// \tkms?: {\n\t\t\t// \t\tkeyAlias?: string;\n\t\t\t// \t\tencryptionAlgorithm?:\n\t\t\t// \t\t\t| \"RSAES_OAEP_SHA_1\"\n\t\t\t// \t\t\t| \"RSAES_OAEP_SHA_256\"\n\t\t\t// \t\t\t| \"SYMMETRIC_DEFAULT\";\n\t\t\t// \t};\n\t\t\t// \tssm?: {\n\t\t\t// \t\tpathPrefix?: string;\n\t\t\t// \t\tparameterType?: \"String\" | \"SecureString\";\n\t\t\t// \t};\n\t\t\t// \tsecretsManager?: {\n\t\t\t// \t\tpathPrefix?: string;\n\t\t\t// \t};\n\t\t\t// };\n\t\t\t// github?: {\n\t\t\t// \tpersonalAccessToken:\n\t\t\t// \t\t| {\n\t\t\t// \t\t\t\tvalue: string;\n\t\t\t// \t\t\t\tfromEnv?: never;\n\t\t\t// \t\t }\n\t\t\t// \t\t| {\n\t\t\t// \t\t\t\tvalue?: never;\n\t\t\t// \t\t\t\tfromEnv: keyof T[\"variables\"];\n\t\t\t// \t\t };\n\t\t\t// };\n\t\t};\n\t\tvariables?: {\n\t\t\t[key in keyof T[\"variables\"]]: T[\"variables\"][key] extends DotsecVariable\n\t\t\t\t? DotSecVariableWithPlugin<\n\t\t\t\t\t\tT[\"variables\"][key],\n\t\t\t\t\t\tT[\"plugins\"] extends DotsecPlugin ? T[\"plugins\"] : never\n\t\t\t\t >\n\t\t\t\t: DotSecVariableWithPlugin<\n\t\t\t\t\t\tDotsecVariable,\n\t\t\t\t\t\tT[\"plugins\"] extends DotsecPlugin ? T[\"plugins\"] : never\n\t\t\t\t >;\n\t\t};\n\t};\n\n// Dotsec config file\nexport type DotsecConfigAndSource = {\n\tsource: \"json\" | \"ts\" | \"defaultConfig\";\n\tcontents: DotsecConfig;\n};\n\n// CLI types\nexport type GlobalCommandOptions = {\n\tconfigFile: string;\n\tverbose: false;\n};\n\nexport type Init2CommandOptions = {\n\tconfigFile: string;\n\tverbose: false;\n\tenv: string;\n\tsec: string;\n\tyes: boolean;\n\tawskeyAlias: string;\n\tawsRegion?: string;\n\t// performInit: (encryptionEngine: EncryptionEngine) => Promise<void>;\n};\nexport type Encrypt2CommandOptions = {\n\tverbose: false;\n\tenv: string;\n\tsec: string;\n\tyes: boolean;\n\t// performInit: (encryptionEngine: EncryptionEngine) => Promise<void>;\n};\nexport type Decrypt2CommandOptions = {\n\tverbose: false;\n\tenv: string;\n\tsec: string;\n\tyes: boolean;\n\t// performInit: (encryptionEngine: EncryptionEngine) => Promise<void>;\n};\n\nexport type RunCommandOptions = GlobalCommandOptions & {\n\tenv?: string;\n\tsec?: string;\n\tkeyAlias?: string;\n\tregion?: string;\n};\n\nexport type PushCommandOptions = {\n\tconfigFile: string;\n\tverbose: false;\n\tenv: string | boolean;\n\tsec: string | boolean;\n\tyes: boolean;\n\tawskeyAlias: string;\n\tawsRegion?: string;\n\ttoAwsSsm?: boolean;\n\ttoAwsSecretsManager?: boolean;\n\ttoGitHubActionsSecrets?: boolean;\n};\n\nexport const isString = (value: unknown): value is string => {\n\treturn typeof value === \"string\";\n};\n\nexport const isNumber = (value: unknown): value is number => {\n\treturn typeof value === \"number\";\n};\nexport const isBoolean = (value: unknown): value is boolean => {\n\treturn typeof value === \"boolean\";\n};\n\nexport type DotsecPluginModule<\n\tT extends Record<string, unknown> = Record<string, unknown>,\n> = {\n\tname: string;\n\tinit: (dotsecConfig: DotsecConfig) => Promise<T>;\n\taddCliCommand?: (options: {\n\t\tdotsecConfig: DotsecConfig;\n\t\tprogram: Command;\n\t}) => void;\n};\n", "import { Command } from \"commander\";\nimport { awsEncryptionEngineFactory } from \"../../lib/aws/AwsKmsEncryptionEngine\";\nimport { EncryptionEngine, isBoolean, PushCommandOptions } from \"../../types\";\nimport fs from \"node:fs\";\n\nimport { getConfig } from \"../../lib/config\";\nimport { setProgramOptions } from \"../options\";\nimport {\n\tDOTSEC_DEFAULT_DOTENV_FILENAME,\n\tDOTSEC_DEFAULT_DOTSEC_FILENAME,\n} from \"../../constants\";\nimport { parse } from \"dotenv\";\nimport { PutParameterRequest } from \"@aws-sdk/client-ssm\";\nimport { strong } from \"../../utils/logger\";\nimport { promptConfirm } from \"../../utils/prompts\";\nimport { AwsSsm } from \"../../lib/aws/AwsSsm\";\nimport { AwsSecretsManager } from \"../../lib/aws/AwsSecretsManager\";\nimport { CreateSecretRequest } from \"@aws-sdk/client-secrets-manager\";\n\nconst addPushProgram = async (program: Command) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"push\")\n\t\t.action(async (_options, command: Command) => {\n\t\t\tconst {\n\t\t\t\tconfigFile,\n\t\t\t\tverbose,\n\t\t\t\tenv,\n\t\t\t\tsec,\n\t\t\t\tawskeyAlias,\n\t\t\t\tawsRegion,\n\t\t\t\tyes,\n\t\t\t\ttoAwsSsm,\n\t\t\t\ttoAwsSecretsManager,\n\t\t\t\ttoGitHubActionsSecrets,\n\t\t\t} = command.optsWithGlobals<PushCommandOptions>();\n\t\t\tif (!(toAwsSsm || toAwsSecretsManager || toGitHubActionsSecrets)) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t\"You must specify at least one of --to-aws-ssm, --to-aws-secrets-manager or --to-github-actions-secrets\",\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst { contents: dotsecConfig } = await getConfig(configFile);\n\n\t\t\tlet envContents: string | undefined;\n\n\t\t\tif (env) {\n\t\t\t\tconst dotenvFilename = isBoolean(env)\n\t\t\t\t\t? DOTSEC_DEFAULT_DOTENV_FILENAME\n\t\t\t\t\t: env;\n\t\t\t\tenvContents = fs.readFileSync(dotenvFilename, \"utf8\");\n\t\t\t} else if (sec) {\n\t\t\t\tconst dotsecFilename = isBoolean(sec)\n\t\t\t\t\t? DOTSEC_DEFAULT_DOTSEC_FILENAME\n\t\t\t\t\t: sec;\n\t\t\t\tconst dotSecContents = fs.readFileSync(dotsecFilename, \"utf8\");\n\t\t\t\tconst encryptionEngine = await awsEncryptionEngineFactory({\n\t\t\t\t\tverbose,\n\t\t\t\t\tregion:\n\t\t\t\t\t\tawsRegion ||\n\t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t\t\tdotsecConfig.config?.aws?.region,\n\t\t\t\t\tkms: {\n\t\t\t\t\t\tkeyAlias: awskeyAlias || dotsecConfig?.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t},\n\t\t\t\t});\n\n\t\t\t\tenvContents = await encryptionEngine.decrypt(dotSecContents);\n\t\t\t} else {\n\t\t\t\tthrow new Error('Must provide either \"--env\" or \"--sec\"');\n\t\t\t}\n\n\t\t\tconst envObject = parse(envContents);\n\n\t\t\t// get dotsec config\n\t\t\ttry {\n\t\t\t\tif (toAwsSsm) {\n\t\t\t\t\tconst ssmDefaults = dotsecConfig?.config?.aws?.ssm;\n\t\t\t\t\tconst ssmType = ssmDefaults?.parameterType || \"SecureString\";\n\n\t\t\t\t\tconst pathPrefix = ssmDefaults?.pathPrefix || \"\";\n\t\t\t\t\tconst putParameterRequests = Object.entries(envObject).reduce<\n\t\t\t\t\t\tPutParameterRequest[]\n\t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t\t\t\tif (entry) {\n\t\t\t\t\t\t\t\tconst keyName = `${pathPrefix}${key}`;\n\t\t\t\t\t\t\t\tif (entry.push?.aws?.ssm) {\n\t\t\t\t\t\t\t\t\tconst putParameterRequest: PutParameterRequest = isBoolean(\n\t\t\t\t\t\t\t\t\t\tentry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\tValue: value,\n\t\t\t\t\t\t\t\t\t\t\t\tType: ssmType,\n\t\t\t\t\t\t\t\t\t\t }\n\t\t\t\t\t\t\t\t\t\t: {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\tType: ssmType,\n\t\t\t\t\t\t\t\t\t\t\t\t...entry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t\t\t\tValue: value,\n\t\t\t\t\t\t\t\t\t\t };\n\n\t\t\t\t\t\t\t\t\tacc.push(putParameterRequest);\n\t\t\t\t\t\t\t\t\t// return putParameterRequest;\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\treturn acc;\n\t\t\t\t\t}, []);\n\n\t\t\t\t\tconst { confirm } = await promptConfirm({\n\t\t\t\t\t\tmessage: `Are you sure you want to push the following variables to AWS SSM Parameter Store?\n${putParameterRequests\n\t.map(({ Name }) => `- ${strong(Name || \"[no name]\")}`)\n\t.join(\"\\n\")}`,\n\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t});\n\n\t\t\t\t\tif (confirm === true) {\n\t\t\t\t\t\tconsole.log(\"pushing to AWS SSM Parameter Store\");\n\t\t\t\t\t\tconst meh = await AwsSsm({\n\t\t\t\t\t\t\tregion: awsRegion || dotsecConfig?.config?.aws?.region,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tawait meh.put(putParameterRequests);\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// secrets manager\n\t\t\t\tif (toAwsSecretsManager) {\n\t\t\t\t\t// create secretss\n\t\t\t\t\tconst secretsManagerDefaults =\n\t\t\t\t\t\tdotsecConfig?.config?.aws?.secretsManager;\n\t\t\t\t\tconst pathPrefix = secretsManagerDefaults?.pathPrefix || \"\";\n\t\t\t\t\tconst awsSecretsMananger = await AwsSecretsManager({\n\t\t\t\t\t\tregion:\n\t\t\t\t\t\t\tawsRegion ||\n\t\t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t\t\t\tdotsecConfig.config?.aws?.region,\n\t\t\t\t\t});\n\n\t\t\t\t\tconst createSecretRequests = Object.entries(envObject).reduce<\n\t\t\t\t\t\tCreateSecretRequest[]\n\t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t\t\t\tif (entry) {\n\t\t\t\t\t\t\t\tconst keyName = `${pathPrefix}${key}`;\n\t\t\t\t\t\t\t\tif (entry.push?.aws?.ssm) {\n\t\t\t\t\t\t\t\t\tconst createSecretRequest: CreateSecretRequest = isBoolean(\n\t\t\t\t\t\t\t\t\t\tentry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\tSecretString: value,\n\t\t\t\t\t\t\t\t\t\t }\n\t\t\t\t\t\t\t\t\t\t: {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\t...entry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t\t\t\tSecretString: value,\n\t\t\t\t\t\t\t\t\t\t };\n\n\t\t\t\t\t\t\t\t\tacc.push(createSecretRequest);\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\treturn acc;\n\t\t\t\t\t}, []);\n\t\t\t\t\tconst { push, updateSecretCommands, createSecretCommands } =\n\t\t\t\t\t\tawait awsSecretsMananger.push(createSecretRequests);\n\t\t\t\t\tconst confirmations: boolean[] = [];\n\t\t\t\t\tif (updateSecretCommands.length > 0) {\n\t\t\t\t\t\tconst { confirm: confirmUpdate } = await promptConfirm({\n\t\t\t\t\t\t\tmessage: `Are you sure you want to update the following variables to AWS SSM Secrets Manager?\n${updateSecretCommands\n\t.map(({ input: { SecretId } }) => `- ${strong(SecretId || \"[no name]\")}`)\n\t.join(\"\\n\")}`,\n\t\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tconfirmations.push(confirmUpdate);\n\t\t\t\t\t}\n\t\t\t\t\tif (createSecretCommands.length > 0) {\n\t\t\t\t\t\tconst { confirm: confirmCreate } = await promptConfirm({\n\t\t\t\t\t\t\tmessage: `Are you sure you want to create the following variables to AWS SSM Secrets Manager?\n${createSecretCommands\n\t.map(({ input: { Name } }) => `- ${strong(Name || \"[no name]\")}`)\n\t.join(\"\\n\")}`,\n\t\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tconfirmations.push(confirmCreate);\n\t\t\t\t\t}\n\t\t\t\t\tif (confirmations.find((c) => c === false) === undefined) {\n\t\t\t\t\t\tconsole.log(\"xpushing to AWS Secrets Manager\");\n\n\t\t\t\t\t\tawait push();\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif (toGitHubActionsSecrets) {\n\t\t\t\t\t// which env vars should we push to github actions secrets?\n\t\t\t\t\tconst githubActionsSecrets = Object.entries(envObject).reduce<\n\t\t\t\t\t\t{ name: string; value: string }[]\n\t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t\t\t\tif (entry) {\n\t\t\t\t\t\t\t\tif (entry.push?.github?.actionsSecrets) {\n\t\t\t\t\t\t\t\t\tacc.push({\n\t\t\t\t\t\t\t\t\t\tname: key,\n\t\t\t\t\t\t\t\t\t\tvalue,\n\t\t\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\treturn acc;\n\t\t\t\t\t}, []);\n\n\t\t\t\t\tconsole.log(\"githubActionsSecrets\", githubActionsSecrets);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tcommand.error(e);\n\t\t\t}\n\t\t});\n\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addPushProgram;\n", "import prompts from \"prompts\";\nexport const promptConfirm = async ({\n\tpredicate,\n\tskip,\n\tmessage,\n}: {\n\tpredicate?: (...args: unknown[]) => Promise<boolean> | boolean;\n\tskip?: boolean;\n\tmessage: string;\n}): Promise<{ confirm: boolean }> => {\n\tif (skip === true) {\n\t\treturn { confirm: true };\n\t} else {\n\t\tconst result = predicate ? await predicate() : true;\n\t\tif (result) {\n\t\t\treturn await prompts({\n\t\t\t\ttype: \"confirm\",\n\t\t\t\tname: \"confirm\",\n\t\t\t\tmessage: () => {\n\t\t\t\t\treturn message;\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t}\n\treturn { confirm: true };\n};\n", "import {\n\tPutParameterCommand,\n\tPutParameterRequest,\n\tSSMClient,\n} from \"@aws-sdk/client-ssm\";\nimport { handleCredentialsAndRegion } from \"./handleCredentialsAndRegion\";\n\nexport const AwsSsm = async (options?: {\n\tregion?: string;\n}) => {\n\tconst { region } = options || {};\n\n\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\tawait handleCredentialsAndRegion({\n\t\t\targv: {},\n\t\t\tenv: { ...process.env },\n\t\t});\n\n\tconst ssmClient = new SSMClient({\n\t\tcredentials: credentialsAndOrigin.value,\n\t\tregion: region || regionAndOrigin.value,\n\t});\n\n\treturn {\n\t\tasync put(putParameterRequests: PutParameterRequest[]): Promise<void> {\n\t\t\tfor (const putParameterRequest of putParameterRequests) {\n\t\t\t\tconst command = new PutParameterCommand({\n\t\t\t\t\t...putParameterRequest,\n\t\t\t\t\tOverwrite: true,\n\t\t\t\t});\n\t\t\t\tawait ssmClient.send(command);\n\t\t\t}\n\t\t},\n\t};\n};\n", "import {\n\tCreateSecretCommand,\n\tDescribeSecretCommand,\n\tUpdateSecretCommand,\n\tCreateSecretRequest,\n\tSecretsManagerClient,\n\tResourceNotFoundException,\n} from \"@aws-sdk/client-secrets-manager\";\nimport { handleCredentialsAndRegion } from \"./handleCredentialsAndRegion\";\n\nexport const AwsSecretsManager = async (options?: {\n\tregion?: string;\n}) => {\n\tconst { region } = options || {};\n\n\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\tawait handleCredentialsAndRegion({\n\t\t\targv: {},\n\t\t\tenv: { ...process.env },\n\t\t});\n\n\tconst secretsManagerClient = new SecretsManagerClient({\n\t\tcredentials: credentialsAndOrigin.value,\n\t\tregion: region || regionAndOrigin.value,\n\t});\n\n\treturn {\n\t\tasync push(createSecretRequests: CreateSecretRequest[]) {\n\t\t\tconst createSecretCommands: CreateSecretCommand[] = [];\n\t\t\tconsole.log(\"createSecretReddquests\", createSecretRequests);\n\t\t\tconst updateSecretCommands: UpdateSecretCommand[] = [];\n\t\t\tfor (const createSecretRequest of createSecretRequests) {\n\t\t\t\t// create secret\n\t\t\t\t// check if secret exists\n\t\t\t\tconst describeSecretCommand = new DescribeSecretCommand({\n\t\t\t\t\tSecretId: createSecretRequest.Name,\n\t\t\t\t});\n\t\t\t\ttry {\n\t\t\t\t\tconst result = await secretsManagerClient.send(describeSecretCommand);\n\t\t\t\t\tconsole.log(\"got one\");\n\t\t\t\t\t// update secret\n\t\t\t\t\tupdateSecretCommands.push(\n\t\t\t\t\t\tnew UpdateSecretCommand({\n\t\t\t\t\t\t\tSecretId: result.ARN,\n\t\t\t\t\t\t\tSecretString: createSecretRequest.SecretString,\n\t\t\t\t\t\t}),\n\t\t\t\t\t);\n\t\t\t\t} catch (e) {\n\t\t\t\t\tif (e instanceof ResourceNotFoundException) {\n\t\t\t\t\t\t// create secret\n\t\t\t\t\t\tconsole.log(\"got one\");\n\n\t\t\t\t\t\tcreateSecretCommands.push(\n\t\t\t\t\t\t\tnew CreateSecretCommand({\n\t\t\t\t\t\t\t\tName: createSecretRequest.Name,\n\t\t\t\t\t\t\t\tSecretString: createSecretRequest.SecretString,\n\t\t\t\t\t\t\t}),\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tcreateSecretCommands,\n\t\t\t\tupdateSecretCommands,\n\t\t\t\tpush: async () => {\n\t\t\t\t\tfor (const createSecretCommand of createSecretCommands) {\n\t\t\t\t\t\tawait secretsManagerClient.send(createSecretCommand);\n\t\t\t\t\t}\n\n\t\t\t\t\tfor (const updateSecretCommand of updateSecretCommands) {\n\t\t\t\t\t\tawait secretsManagerClient.send(updateSecretCommand);\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t};\n\t\t},\n\t};\n};\n", "import { Command } from \"commander\";\nimport {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { CliPluginEncryptHandler } from \"../../lib/plugin\";\nimport { Encrypt2CommandOptions } from \"../../types\";\nimport { strong } from \"../../utils/logger\";\nimport { setProgramOptions } from \"../options\";\n\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n} & Record<string, unknown>;\n\nconst addEncryptProgram = async (\n\tprogram: Command,\n\toptions: {\n\t\tencryption: CliPluginEncryptHandler[];\n\t},\n) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"encrypt\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\ttry {\n\t\t\t\tconst {\n\t\t\t\t\t// verbose,\n\t\t\t\t\tenv: dotenvFilename,\n\t\t\t\t\tsec: dotsecFilename,\n\t\t\t\t\tyes,\n\t\t\t\t} = command.optsWithGlobals<Encrypt2CommandOptions>();\n\t\t\t\tconst pluginCliEncrypt = Object.keys(_options).reduce<\n\t\t\t\t\tCliPluginEncryptHandler | undefined\n\t\t\t\t>((acc, key) => {\n\t\t\t\t\tif (!acc) {\n\t\t\t\t\t\treturn options.encryption.find((encryption) => {\n\t\t\t\t\t\t\treturn encryption.triggerOption === key;\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\treturn acc;\n\t\t\t\t}, undefined);\n\n\t\t\t\tif (!pluginCliEncrypt) {\n\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t`No encryption plugin found, available encryption engine(s): ${options.encryption\n\t\t\t\t\t\t\t.map((e) => `--${e.triggerOption}`)\n\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t...Object.keys(pluginCliEncrypt.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliEncrypt.requiredOptions || {}),\n\t\t\t\t];\n\n\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t}),\n\t\t\t\t);\n\n\t\t\t\tconst dotenvString = await readContentsFromFile(dotenvFilename);\n\n\t\t\t\tconst cipherText = await pluginCliEncrypt.handler({\n\t\t\t\t\tplaintext: dotenvString,\n\t\t\t\t\t...allOptionsValues,\n\t\t\t\t});\n\n\t\t\t\tconst dotsecOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotsecFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotsecOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotsecFilename, cipherText);\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote encrypted contents of ${strong(\n\t\t\t\t\t\t\tdotenvFilename,\n\t\t\t\t\t\t)} file to ${strong(dotsecFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tconsole.error(strong(e.message));\n\t\t\t\tcommand.help();\n\t\t\t}\n\t\t});\n\n\toptions.encryption.map((encryption) => {\n\t\tconst { options, requiredOptions } = encryption;\n\t\tif (options) {\n\t\t\tObject.values(options).map((option) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...option);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.values(requiredOptions).map((requiredOption) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...requiredOption);\n\t\t\t});\n\t\t}\n\t});\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addEncryptProgram;\n", "import { Command } from \"commander\";\nimport {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { CliPluginDecryptHandler } from \"../../lib/plugin\";\nimport { Decrypt2CommandOptions } from \"../../types\";\nimport { strong } from \"../../utils/logger\";\nimport { setProgramOptions } from \"../options\";\n\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n} & Record<string, unknown>;\n\nconst addEncryptProgram = async (\n\tprogram: Command,\n\toptions: {\n\t\tdecryption: CliPluginDecryptHandler[];\n\t},\n) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"decrypt\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\ttry {\n\t\t\t\tconst {\n\t\t\t\t\t// verbose,\n\t\t\t\t\tenv: dotenvFilename,\n\t\t\t\t\tsec: dotsecFilename,\n\t\t\t\t\tyes,\n\t\t\t\t} = command.optsWithGlobals<Decrypt2CommandOptions>();\n\n\t\t\t\tconst pluginCliDecrypt = Object.keys(_options).reduce<\n\t\t\t\t\tCliPluginDecryptHandler | undefined\n\t\t\t\t>((acc, key) => {\n\t\t\t\t\tif (!acc) {\n\t\t\t\t\t\treturn options.decryption.find((encryption) => {\n\t\t\t\t\t\t\treturn encryption.triggerOption === key;\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\treturn acc;\n\t\t\t\t}, undefined);\n\n\t\t\t\tif (!pluginCliDecrypt) {\n\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t`No decryption plugin found, available decryption engine(s): ${options.decryption\n\t\t\t\t\t\t\t.map((e) => `--${e.triggerOption}`)\n\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t...Object.keys(pluginCliDecrypt.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliDecrypt.requiredOptions || {}),\n\t\t\t\t];\n\n\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t}),\n\t\t\t\t);\n\t\t\t\tconsole.log(\"dotsecFilename\", dotsecFilename);\n\t\t\t\t// get current dot env file\n\t\t\t\tconst dotsecString = await readContentsFromFile(dotsecFilename);\n\n\t\t\t\tconst plaintext = await pluginCliDecrypt.handler({\n\t\t\t\t\tciphertext: dotsecString,\n\t\t\t\t\t...allOptionsValues,\n\t\t\t\t});\n\n\t\t\t\tconst dotenvOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotenvFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotenvOverwriteResponse === undefined ||\n\t\t\t\t\tdotenvOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotenvFilename, plaintext);\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote plaintext contents of ${strong(\n\t\t\t\t\t\t\tdotsecFilename,\n\t\t\t\t\t\t)} file to ${strong(dotenvFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconsole.log(\"plaintext\", plaintext);\n\t\t\t} catch (e) {\n\t\t\t\tconsole.error(strong(e.message));\n\t\t\t\tcommand.help();\n\t\t\t}\n\t\t});\n\n\toptions.decryption.map((decryption) => {\n\t\tconst { options, requiredOptions } = decryption;\n\t\tif (options) {\n\t\t\tObject.values(options).map((option) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...option);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.values(requiredOptions).map((requiredOption) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...requiredOption);\n\t\t\t});\n\t\t}\n\t});\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addEncryptProgram;\n", "import JoyCon from \"joycon\";\nimport path from \"path\";\nimport { DotsecPluginModule } from \"../types\";\nimport { loadJson } from \"./json\";\nimport { bundleRequire } from \"bundle-require\";\nimport { Command } from \"commander\";\nimport Ajv from \"ajv\";\n\nexport type DotsecAwsPlugin = DotsecPluginModule<{\n\tvalidateKms: () => Promise<boolean>;\n}>;\n\nexport type DotseGithubPlugin = DotsecPluginModule<{\n\tstoreOrganisationSecret: () => boolean;\n\tstoreRepositorySecret: () => void;\n}>;\nexport const DOTSEC_DEFAULT_CONFIG_FILE = \"dotsec.config.ts\";\nexport const DOTSEC_CONFIG_FILES = [DOTSEC_DEFAULT_CONFIG_FILE];\nexport const DOTSEC_DEFAULT_DOTSEC_FILENAME = \".sec\";\nexport const DOTSEC_DEFAULT_DOTENV_FILENAME = \".env\";\nexport const DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS = \"alias/dotsec\";\nexport const DOTSEC_DEFAULT_AWS_SSM_PARAMETER_TYPE = \"SecureString\";\nexport const defaultConfig: MagicalDotsecConfig = {};\n\nexport type DotsecCliOption =\n\t| [\n\t\t\tflags: string,\n\t\t\tdescription?: string,\n\t\t\tdefaultValue?: string | boolean | string[],\n\t ]\n\t| [\n\t\t\tflags: string,\n\t\t\tdescription: string,\n\t\t\tfn: (value: string, previous: unknown) => unknown,\n\t\t\tdefaultValue?: unknown,\n\t ]\n\t| [\n\t\t\tflags: string,\n\t\t\tdescription: string,\n\t\t\tregexp: RegExp,\n\t\t\tdefaultValue?: string | boolean | string[],\n\t ];\n\nexport type CliPluginHandler<\n\tHandlerArgs extends Record<string, unknown>,\n\tHandlerResult,\n\tT extends Record<string, unknown> = Record<string, unknown>,\n> = {\n\ttriggerOption: string;\n\toptions?: {\n\t\t[key in keyof T]: DotsecCliOption;\n\t};\n\trequiredOptions?: {\n\t\t[key in keyof T]: DotsecCliOption;\n\t};\n\thandler: (options: HandlerArgs & T) => Promise<HandlerResult>;\n};\n\nexport type CliPluginEncryptHandler<\n\tHandlerPluginArgs extends Record<string, unknown> = Record<string, unknown>,\n> = CliPluginHandler<{ plaintext: string }, string, HandlerPluginArgs>;\n\nexport type CliPluginDecryptHandler<\n\tHandlerPluginArgs extends Record<string, unknown> = Record<string, unknown>,\n> = CliPluginHandler<{ ciphertext: string }, string, HandlerPluginArgs>;\n\nexport type CliPluginRunHandler<\n\tHandlerPluginArgs extends Record<string, unknown> = Record<string, unknown>,\n> = CliPluginHandler<{ ciphertext: string }, string, HandlerPluginArgs>;\n\n// export type PluginCliEncryptHandler<\n// \tT extends Record<string, unknown> = Record<string, unknown>,\n// > = {\n// \ttriggerOption: string;\n// \toptions?: {\n// \t\t[key in keyof T]: DotsecCliOption;\n// \t};\n// \trequiredOptions?: {\n// \t\t[key in keyof T]: DotsecCliOption;\n// \t};\n// \thandler: (\n// \t\toptions: {\n// \t\t\tplaintext: string;\n// \t\t} & T,\n// \t) => Promise<string>;\n// };\n// export type PluginCliDecryptHandler<\n// \tT extends Record<string, unknown> = Record<string, unknown>,\n// > = {\n// \ttriggerOption: string;\n// \toptions?: {\n// \t\t[key in keyof T]: DotsecCliOption;\n// \t};\n// \trequiredOptions?: {\n// \t\t[kkey in keyof T]: DotsecCliOption;\n// \t};\n// \thandler: (\n// \t\toptions: {\n// \t\t\tciphertext: string;\n// \t\t} & T,\n// \t) => Promise<string>;\n// };\nexport type MagicalDotsecPluginModule<\n\tT extends {\n\t\tplugin: MagicalDotsecPlugin;\n\t\tapi?: Record<string, unknown>;\n\t\tcliHandlers?: {\n\t\t\tencrypt?: Record<string, unknown>;\n\t\t\tdecrypt?: Record<string, unknown>;\n\t\t\trun?: Record<string, unknown>;\n\t\t};\n\t} = {\n\t\tplugin: MagicalDotsecPlugin;\n\t\tapi?: Record<string, unknown>;\n\t\tcliHandlers?: {\n\t\t\tencrypt?: Record<string, unknown>;\n\t\t\tdecrypt?: Record<string, unknown>;\n\t\t\trun?: Record<string, unknown>;\n\t\t};\n\t},\n> = (options: { dotsecConfig: MagicalDotsecConfig; ajv: Ajv }) => Promise<{\n\tname: keyof T[\"plugin\"];\n\tapi: T[\"api\"] extends Record<string, unknown> ? T[\"api\"] : never;\n\taddCliCommand?: (options: {\n\t\tprogram: Command;\n\t}) => Promise<void>;\n\tcliHandlers?: {\n\t\tencrypt?: CliPluginEncryptHandler<\n\t\t\tT[\"cliHandlers\"] extends { encrypt: Record<string, unknown> }\n\t\t\t\t? T[\"cliHandlers\"][\"encrypt\"]\n\t\t\t\t: Record<string, unknown>\n\t\t>;\n\t\tdecrypt?: CliPluginDecryptHandler<\n\t\t\tT[\"cliHandlers\"] extends { decrypt: Record<string, unknown> }\n\t\t\t\t? T[\"cliHandlers\"][\"decrypt\"]\n\t\t\t\t: Record<string, unknown>\n\t\t>;\n\t\trun?: CliPluginRunHandler<\n\t\t\tT[\"cliHandlers\"] extends { run: Record<string, unknown> }\n\t\t\t\t? T[\"cliHandlers\"][\"run\"]\n\t\t\t\t: Record<string, unknown>\n\t\t>;\n\t\tpush?: {\n\t\t\toptions: [string, string];\n\t\t\thandler: () => Promise<void>;\n\t\t}[];\n\t};\n}>;\n\nexport const loadDotsecPlugin = async (options: {\n\tname: string;\n}): Promise<MagicalDotsecPluginModule> => {\n\treturn import(options.name).then((imported) => {\n\t\treturn imported.default;\n\t});\n};\n// Dotsec config file\nexport type MagicalDotsecConfigAndSource = {\n\tsource: \"json\" | \"ts\" | \"defaultConfig\";\n\tcontents: MagicalDotsecConfig;\n};\n\nexport const getMagicalConfig = async (\n\tfilename?: string,\n): Promise<MagicalDotsecConfigAndSource> => {\n\tconst cwd = process.cwd();\n\tconst configJoycon = new JoyCon();\n\tconst configPath = await configJoycon.resolve({\n\t\tfiles: filename ? [filename] : [...DOTSEC_CONFIG_FILES, \"package.json\"],\n\t\tcwd,\n\t\tstopDir: path.parse(cwd).root,\n\t\tpackageKey: \"dotsec\",\n\t});\n\tif (filename && configPath === null) {\n\t\tthrow new Error(`Could not find config file ${filename}`);\n\t}\n\tif (configPath) {\n\t\tif (configPath.endsWith(\".json\")) {\n\t\t\tconst rawData = (await loadJson(\n\t\t\t\tconfigPath,\n\t\t\t)) as Partial<MagicalDotsecConfig>;\n\n\t\t\tlet data: Partial<MagicalDotsecConfig>;\n\n\t\t\tif (\n\t\t\t\tconfigPath.endsWith(\"package.json\") &&\n\t\t\t\t(rawData as { dotsec: Partial<MagicalDotsecConfig> }).dotsec !==\n\t\t\t\t\tundefined\n\t\t\t) {\n\t\t\t\tdata = (rawData as { dotsec: Partial<MagicalDotsecConfig> }).dotsec;\n\t\t\t} else {\n\t\t\t\tdata = rawData as Partial<MagicalDotsecConfig>;\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tsource: \"json\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tplugins: {\n\t\t\t\t\t\t...data?.plugins,\n\t\t\t\t\t\t...defaultConfig.plugins,\n\t\t\t\t\t},\n\t\t\t\t\tvariables: {\n\t\t\t\t\t\t...data?.variables,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t} else if (configPath.endsWith(\".ts\")) {\n\t\t\tconst bundleRequireResult = await bundleRequire({\n\t\t\t\tfilepath: configPath,\n\t\t\t});\n\t\t\tconst data = (bundleRequireResult.mod.dotsec ||\n\t\t\t\tbundleRequireResult.mod.default ||\n\t\t\t\tbundleRequireResult.mod) as Partial<MagicalDotsecConfig>;\n\n\t\t\treturn {\n\t\t\t\tsource: \"ts\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tplugins: {\n\t\t\t\t\t\t...data?.plugins,\n\t\t\t\t\t\t...defaultConfig.plugins,\n\t\t\t\t\t},\n\t\t\t\t\tvariables: {\n\t\t\t\t\t\t...data?.variables,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n\n\treturn { source: \"defaultConfig\", contents: defaultConfig };\n};\n\nexport type MagicalDotsecPluginConfig = {\n\tmodule?: string;\n\tconfig?: { [key: string]: unknown };\n\tpush?: { [key: string]: unknown };\n};\n\nexport type MagicalDotsecPlugin<\n\tT extends {\n\t\t[key: string]: MagicalDotsecPluginConfig;\n\t} = {\n\t\t[key: string]: MagicalDotsecPluginConfig;\n\t},\n> = T;\nexport type MagicalDotsecPlugins = {\n\tplugins: MagicalDotsecPlugin;\n};\n\nexport type MagicalDotsecConfig<\n\tT extends MagicalDotsecPlugins = { plugins: {} },\n> = {\n\tplugins?: {\n\t\t[PluginKey in keyof T[\"plugins\"]]?: {\n\t\t\tmodule?: T[\"plugins\"][PluginKey][\"module\"];\n\t\t} & T[\"plugins\"][PluginKey][\"config\"];\n\t};\n\tpush?: {\n\t\tvariables?: string[];\n\t\tto: {\n\t\t\t[PluginKey in keyof T[\"plugins\"]]?: T[\"plugins\"][PluginKey][\"push\"];\n\t\t};\n\t};\n\tvariables?: {\n\t\t[key: string]: {\n\t\t\tpush?: {\n\t\t\t\t[PluginKey in keyof T[\"plugins\"]]?: T[\"plugins\"][PluginKey][\"push\"];\n\t\t\t\t// [PluginKey in keyof T[\"plugins\"]]?: T[\"plugins\"][PluginKey][\"push\"];\n\t\t\t};\n\t\t};\n\t};\n};\n\n// type F = MagicalDotsecConfig<{\n// \tplugins: {\n// \t\taws: {\n// \t\t\tmodule: string;\n// \t\t\tconfig: { region: string };\n// \t\t\tpush: { ssm?: boolean };\n// \t\t};\n// \t};\n// }>;\n\n// const f: F = {\n// \tplugins: {\n// \t\taws: {\n// \t\t\tmodule: \"@dotsec/plugin-aws\",\n// \t\t\tconfig: {\n// \t\t\t\tregion: \"eu-west-1\",\n// \t\t\t},\n// \t\t},\n// \t},\n// \tvariables: {\n// \t\tOMG: {\n// \t\t\tpush: {\n// \t\t\t\taws: {\n// \t\t\t\t\tssm: true,\n// \t\t\t\t},\n// \t\t\t},\n// \t\t},\n// \t},\n// };\n"],
|
|
5
|
-
"mappings": "0qCAAA,qCCAA,oHCAA,sGAKA,yECLA,sBAYO,GAAM,GAAW,AAAC,GAAwB,GAAM,aAAa,GACvD,EAAS,AAAC,GAAwB,GAAM,OAAO,KAAK,GDC1D,GAAM,IAA8B,MAAO,CACjD,OACA,SAkBK,CAlCN,UAmCC,GAAM,GAAoB,KAAM,MAC5B,EACA,EACA,EA+CJ,GA9CA,AAAI,EAAK,QACR,GAAmB,CAClB,MAAO,EAAK,QACZ,OAAQ,wBAAwB,EAAS,EAAK,YAE/C,EAAuB,CACtB,MAAO,KAAM,IAAQ,CACpB,QAAS,EAAK,YAEf,OAAQ,GAAG,EAAS,IAAI,EAAK,oCAExB,AAAI,EAAI,YACd,GAAmB,CAClB,MAAO,EAAI,YACX,OAAQ,gBAAgB,EAAS,mBAAmB,EACnD,EAAI,gBAGN,EAAuB,CACtB,MAAO,KAAM,IAAQ,CACpB,QAAS,EAAI,gBAEd,OAAQ,gBAAgB,EAAS,mBAAmB,EACnD,EAAI,iBAGA,AAAI,EAAI,mBAAqB,EAAI,sBACvC,EAAuB,CACtB,MAAO,KAAM,QACb,OAAQ,iBAAiB,EAAS,4BAA4B,EAC7D,4BAGQ,MAAkB,kBAAlB,cAAmC,UAC7C,GAAmB,CAClB,MAAO,UACP,OAAQ,GAAG,EAAS,oCAErB,EAAuB,CACtB,MAAO,KAAM,IAAQ,CACpB,QAAS,cAEV,OAAQ,WAAW,EAAS,iBAI1B,EAAK,OACR,EAAkB,CACjB,MAAO,EAAK,OACZ,OAAQ,wBAAwB,EAAS,EAAK,mBAErC,EAAI,WACd,EAAkB,CACjB,MAAO,EAAI,WACX,OAAQ,gBAAgB,EAAS,kBAAkB,EAClD,EAAI,uBAGI,EAAI,mBACd,EAAkB,CACjB,MAAO,EAAI,mBACX,OAAQ,gBAAgB,EAAS,0BAA0B,EAC1D,EAAI,+BAGI,EAAkB,CAC5B,GAAM,GACL,uBAAmB,aAAnB,cAAgC,EAAiB,SAAjD,cAAyD,OAE1D,AAAI,GACH,GAAkB,CACjB,MAAO,EACP,OAAQ,GAAG,EACV,YAAY,EAAiB,6BAMjC,GAAM,GAAc,EAAK,eAAiB,EAAI,oBAC9C,GAAI,EAAa,CAChB,GAAM,GAAS,EAAK,cAAgB,sBAAwB,eAC5D,EAAuB,CACtB,MAAO,KAAM,IAAyB,CACrC,kBAAmB,iBAAsB,MAEzC,OAAQ,CACP,gBACC,EAAK,2BACL,OAAO,EAAI,mCACX,KACD,QAAS,GAGV,aAAc,CACb,OAAQ,iBAAiB,WAG3B,OAAQ,GAAG,KAAU,EAAS,IAAI,SAIpC,MAAO,CAAE,uBAAsB,kBAAiB,qBAGpC,GAAuC,CAAC,CACpD,uBACA,kBACA,sBAKa,CACb,GAAM,GAAgB,GACtB,MAAI,IACH,EAAI,KAAK,yBAAyB,EAAiB,UAEhD,GACH,EAAI,KAAK,6BAA6B,EAAqB,UAExD,GACH,EAAI,KAAK,wBAAwB,EAAgB,UAE3C,EAAI,KAAK;IE9JV,GAAM,IAA6B,MAAO,CAChD,OACA,SAmBK,CACL,GAAM,CAAE,uBAAsB,kBAAiB,oBAC9C,KAAM,IAA4B,CACjC,KAAM,CACL,OAAQ,EAAK,UACb,QAAS,EAAK,WACd,cAAe,EAAK,iBACpB,0BAA2B,EAAK,8BAEjC,IAAK,KACD,KAcN,GAVI,EAAK,UAAY,IACpB,QAAQ,IACP,GAAqC,CACpC,uBACA,kBACA,sBAKC,CAAE,IAAwB,GAAkB,CAC/C,GAAI,CAAC,EACJ,cAAQ,MAAM,8BACR,GAAI,OAAM,8BAEjB,GAAI,CAAC,EACJ,cAAQ,MAAM,yBACR,GAAI,OAAM,yBAIlB,MAAO,CAAE,uBAAsB,oBH/CzB,GAAM,IAAyD,KACrE,IACI,CAhBL,QAiBC,GAAM,CACL,IAAK,CAAE,YAAa,GACpB,UACG,EACE,CAAE,uBAAsB,mBAC7B,KAAM,IAA2B,CAChC,KAAM,GACN,IAAK,KAAK,QAAQ,OAGd,EAAY,GAAI,IAAU,CAC/B,YAAa,EAAqB,MAClC,OAAQ,GAAU,EAAgB,QAG7B,EAAqB,GAAI,IAAmB,CACjD,MAAO,IAIF,EACL,MAFyB,MAAM,GAAU,KAAK,IAE5B,cAAlB,cAA+B,uBAA/B,cAAsD,GAEvD,GAAI,IAAwB,OAC3B,KAAM,IAAI,OAAM,4CAGjB,MAAO,MACA,SAAQ,EAAoC,CACjD,GAAM,GAAiB,GAAI,IAAe,CACzC,MAAO,EACP,UAAW,OAAO,KAAK,GACvB,oBAAqB,IAEhB,EAAmB,KAAM,GAAU,KAAK,GAE9C,GAAI,CAAC,EAAiB,eACrB,KAAM,IAAI,OACT,2BAA2B,KAAK,UAAU,CACzC,sBASH,MAJmB,QAAO,KAAK,EAAiB,gBAAgB,SAC/D,gBAKI,SAAQ,EAAqC,CAClD,GAAM,GAAiB,GAAI,IAAe,CACzC,MAAO,EACP,eAAgB,OAAO,KAAK,EAAY,UACxC,oBAAqB,IAGhB,EAAmB,KAAM,GAAU,KAAK,GAE9C,GAAI,CAAC,EAAiB,UACrB,KAAM,IAAI,OACT,2BAA2B,KAAK,UAAU,CACzC,WAAY,EACZ,eAAgB,OAKnB,GAAM,GAAiB,OAAO,KAAK,EAAiB,WAAW,WAE/D,MAAI,MAAK,SACR,QAAQ,KAAK,mBAAmB,MAG1B,GAER,MAAO,IAAM,KI7Ff,6CACA,wBACA,0BAEO,GAAM,IAAuB,KACnC,IAEO,KAAM,IAAG,SAAS,EAAU,SAGvB,GAAsB,MAClC,EACA,IAEO,KAAM,IAAG,UAAU,EAAU,EAAU,SAGlC,GAAa,KAAO,IAAqC,CACrE,GAAI,CACH,YAAM,IAAK,GACJ,QACN,CACD,MAAO,KAII,GAA8B,MAAO,CACjD,WACA,UAIK,CACL,GAAI,GAEJ,MAAK,MAAM,IAAW,IAAc,IAAS,GAC5C,EAAoB,KAAM,IAAQ,CACjC,KAAM,UACN,KAAM,YACN,QAAS,IACD,gBAAgB,GAAK,SAAS,QAAQ,MAAO,UAItD,EAAoB,OAEd,GCrCR,0BCTA,uMACA,wBAEO,GAAM,IAAkB,AAAC,GAU1B,CACL,GAAM,GAAsB,AAAG,KACzB,EAAS,GAAG,aAAa,EAAQ,WAAY,QAE7C,EACL,AAAoB,GACpB,AAAC,GAAgB,CAChB,WAAe,EAAwB,CApB1C,wCAsBI,GADA,EAAO,AAAG,GAAe,EAAM,EAAO,GAClC,EAAK,OAAS,AAAG,GAAW,cAAe,CAC9C,GAAM,GAAU,uBAAM,SAAN,cAAc,SAAd,cAAsB,OACtC,GAAI,YAAQ,SAAR,cAAgB,MAAhB,cAAqB,MAArB,cAA0B,WACzB,qBAAS,WAAW,KAApB,cAAwB,aAAc,MAAO,CAChD,GAAM,GAAU,oBAAS,SAAT,cAAiB,OACjC,GAAI,kBAAS,WAAW,GAAG,aAAc,MAKxC,MAAO,AAAG,IACT,WAAQ,SAAR,cAAgB,MAAhB,cAAqB,MAArB,cAA0B,UAK9B,GAAI,SAAQ,SAAR,cAAgB,MAAhB,cAAqB,SACpB,wBAAM,SAAN,cAAc,WAAW,KAAzB,cAA6B,aAAc,SAAU,CACxD,GAAM,GAAU,uBAAM,SAAN,cAAc,SAAd,cAAsB,OAGtC,GAAI,kBAAS,WAAW,GAAG,aAAc,MACxC,MAAO,AAAG,IAAoB,QAAQ,SAAR,cAAgB,MAAhB,cAAqB,SAMvD,MAAO,GAER,MAAO,AAAG,IAAU,EAAU,IAG1B,EAA4B,AAAG,GACpC,UACA,EACA,AAAG,GAAa,OAChB,GACA,AAAG,GAAW,IAIT,EACL,AAAG,GAAyB,EAAY,CAAC,IAEpC,EAAuC,EAAO,YAAY,GAE1D,EAAoB,EAAQ,UAAU,GAC5C,SAAO,UAEA,GCtED,GAAM,IAA6B,mBAC7B,GAAsB,CAAC,IACvB,GAAiC,OACjC,GAAiC,OACjC,GAAmC,eACnC,GAAwC,eAExC,EAA8B,CAC1C,OAAQ,CACP,IAAK,CACJ,IAAK,CACJ,SAAU,IAEX,IAAK,CACJ,cAAe,OCIZ,GAAM,IAAiC,CAC7C,OAAQ,CACP,QAAS,CACR,QAAS,CAAC,YAAa,iBAAkB,IACzC,WAAY,CACX,+CACA,cACA,MAIH,KAAM,CACL,QAAS,CACR,QAAS,CAAC,YAAa,iBAAkB,IACzC,WAAY,CACX,+CACA,cACA,IAGD,IAAK,CAAC,QAAS,oBAAqB,IACpC,IAAK,CAAC,QAAS,oBAAqB,IACpC,IAAK,CAAC,QAAS,4BAA6B,IAC5C,YAAa,CACZ,gCACA,6FACA,gBAED,UAAW,CACV,2BACA,kGAsCH,QAAS,CACR,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,QAAS,4BAA6B,MAG9C,QAAS,CACR,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,QAAS,4BAA6B,MAoB9C,IAAK,CACJ,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,uBAGvB,KAAM,CACL,aAAc,CAAC,UACf,QAAS,CACR,SAAU,CAAC,2BAA4B,mBACvC,oBAAqB,CACpB,kDACA,+BAED,uBAAwB,CACvB,wDACA,kCAGD,IAAK,CAAC,cAAe,qBACrB,IAAK,CAAC,cAAe,qBACrB,IAAK,CAAC,QAAS,4BAA6B,IAC5C,YAAa,CACZ,gCACA,6FACA,gBAED,UAAW,CACV,2BACA,mGAME,GAAsB,CAC3B,EACA,EACA,EAA2D,KACO,CAClE,GAAM,GAAU,EAAM,GACtB,GAAI,EACH,MAAI,GAAQ,aACJ,iBAAS,aAAa,OAC5B,CAAC,EAAK,IAAyB,CAC9B,GAAM,GAAI,GAAoB,EAAO,EAAsB,GAC3D,MAAO,MAAK,IAEb,CACC,QAAS,OAAK,EAAO,SAAY,EAAQ,SACzC,gBAAiB,OACb,EAAO,iBACP,EAAQ,mBAKP,CACN,QAAS,OAAK,EAAO,SAAY,EAAQ,SACzC,gBAAiB,OACb,EAAO,iBACP,EAAQ,mBAOH,EAAoB,CAAC,EAAkB,IAAyB,CAC5E,GAAM,GAAiB,GACtB,GACA,GAAe,EAAQ,QAGxB,AAAI,kBAAgB,UACnB,OAAO,OAAO,EAAe,SAAS,QACrC,CAAC,CAAC,EAAQ,EAAa,KAAkB,CACxC,EAAQ,OAAO,EAAQ,EAAa,KAInC,kBAAgB,kBACnB,OAAO,OAAO,EAAe,iBAAiB,QAC7C,CAAC,CAAC,EAAQ,EAAa,KAAkB,CACxC,EAAQ,eAAe,EAAQ,EAAa,MHvLhD,GAAM,IAAiB,KAAO,IAAqB,CAClD,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,QACR,OAAO,MAAO,EAAmB,IAAqB,CA3BzD,gBA4BG,GAAM,CACL,UACA,aACA,IAAK,EACL,IAAK,EACL,cACA,YACA,OACG,EAAQ,kBAGZ,GAAI,CACH,GAAI,GAEJ,EAAmB,KAAM,IAA2B,CACnD,UACA,OACC,GACA,QAAQ,IAAI,YACZ,SAAc,SAAd,cAAsB,MAAtB,cAA2B,QAC5B,IAAK,CACJ,SAAU,GAAe,+BAAe,SAAf,cAAuB,MAAvB,cAA4B,MAA5B,cAAiC,aAK5D,GAAM,GAAe,KAAM,IAAqB,GAG1C,EAAa,KAAM,GAAiB,QAAQ,GAE5C,EAA0B,KAAM,IAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,IAAoB,EAAgB,GAE1C,QAAQ,IACP,+BAA+B,EAC9B,uBACqB,EAAO,OAI/B,GAAM,GAAwB,GAAgB,CAC7C,WAAY,GAAK,QAChB,UACA,wCAED,OAAQ,CACP,IAAK,CACJ,IAAK,CACJ,SAAU,GAAe,IAE1B,OAAQ,GAAa,QAAQ,IAAI,eAI9B,EAAgC,KAAM,IAC3C,CACC,SAAU,EACV,KAAM,IAGR,AACC,KAAkC,QAClC,EAA8B,YAAc,KAE5C,MAAM,IAAoB,EAAY,GACtC,QAAQ,IAAI,wBAAwB,EAAO,aAEpC,EAAP,CACD,EAAQ,MAAM,MAIjB,SAAkB,GAEX,GAGD,GAAQ,GIjHf,wBAGA,gCCHA,0BAEA,gDACA,uBCHA,mBACA,0BAEO,YAAoB,EAAc,CACxC,GAAI,CACH,MAAO,IAAI,UAAS,UAAU,EAAK,iBAClC,CAGD,MAAO,IAIF,GAAM,IAAW,KAAO,IAAqB,CACnD,GAAI,CACH,MAAO,IAAW,KAAM,IAAG,SAAS,SAAS,EAAU,eAC/C,EAAP,CACD,KAAI,aAAiB,OACd,GAAI,OACT,mBAAmB,GAAK,SAAS,QAAQ,MAAO,OAC/C,EAAM,WAIF,IDfF,GAAM,IAAY,KACxB,IACoC,CAXrC,yFAYC,GAAM,GAAM,QAAQ,MAEd,EAAa,KAAM,AADJ,IAAI,MACa,QAAQ,CAC7C,MAAO,EAAW,CAAC,GAAY,CAAC,GAAG,GAAqB,gBACxD,MACA,QAAS,GAAK,MAAM,GAAK,KACzB,WAAY,WAEb,GAAI,GAAY,IAAe,KAC9B,KAAM,IAAI,OAAM,8BAA8B,KAE/C,GAAI,GACH,GAAI,EAAW,SAAS,SAAU,CACjC,GAAM,GAAW,KAAM,IAAS,GAE5B,EAEJ,MACC,GAAW,SAAS,iBACnB,EAA8C,SAAW,OAE1D,EAAQ,EAA8C,OAEtD,EAAO,EAGD,CACN,OAAQ,OACR,SAAU,SACN,GACA,GAFM,CAGT,OAAQ,SACJ,iBAAM,QACN,EAAc,QAFV,CAGP,OAAQ,OACJ,oBAAM,SAAN,cAAc,QACd,wBAAe,SAAf,cAAuB,QAE3B,IAAK,SACD,oBAAM,SAAN,cAAc,KACd,wBAAe,SAAf,cAAuB,KAFtB,CAGJ,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,eAAgB,OACZ,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,gBAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,+BAMhB,EAAW,SAAS,OAAQ,CACtC,GAAM,GAAsB,KAAM,IAAc,CAC/C,SAAU,IAEL,EAAQ,EAAoB,IAAI,QACrC,EAAoB,IAAI,SACxB,EAAoB,IAErB,MAAO,CACN,OAAQ,KACR,SAAU,SACN,GACA,GAFM,CAGT,OAAQ,SACJ,iBAAM,QACN,EAAc,QAFV,CAGP,OAAQ,OACJ,oBAAM,SAAN,cAAc,QACd,wBAAe,SAAf,cAAuB,QAE3B,IAAK,SACD,oBAAM,SAAN,cAAc,KACd,wBAAe,SAAf,cAAuB,KAFtB,CAGJ,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,eAAgB,OACZ,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,gBAC5B,SAAK,SAAL,cAAa,MAAb,eAAkB,wBAS5B,MAAO,CAAE,OAAQ,gBAAiB,SAAU,IDrG7C,gDAEA,GAAM,IAAe,CACpB,EACA,IAGI,CAjBL,MAkBC,GAAM,GAAa,EACjB,QAAQ,qBACR,qBACA,YACA,qGAEA,OACA,MACC,EACA,EACA,IACI,CA7BR,UA8BI,GAAM,CACL,aACA,IAAK,EACL,IAAK,EACL,WACA,UACG,EAAQ,kBAEN,CACL,SAAU,CAAE,UAAW,IACpB,KAAM,IAAU,GAEd,EAAmB,KAAM,IAA2B,CACzD,QAAS,GACT,IAAK,CACJ,SACC,GACA,wBAAQ,MAAR,cAAa,MAAb,cAAkB,WAClB,IAEF,OAAQ,GAAU,qBAAQ,MAAR,cAAa,UAG5B,EAEJ,GAAI,EACH,EAAc,GAAG,aAAa,EAAQ,gBAC5B,EAAQ,CAClB,GAAM,GAAiB,GAAG,aAAa,EAAQ,QAC/C,EAAc,KAAM,GAAiB,QAAQ,OAE7C,MAAM,IAAI,OAAM,0CAEjB,GAAI,EAAa,CAChB,GAAM,GAAa,GAAM,GACnB,CAAC,KAAgB,GAAmB,EAC1C,GAAU,EAAa,CAAC,GAAG,GAAkB,CAC5C,MAAO,UACP,MAAO,GACP,IAAK,SACD,QAAQ,KACR,GAFC,CAGJ,eAAgB,KAAK,UAAU,OAAO,KAAK,QAI7C,EAAQ,WAER,MAAM,IAAI,OAAM,mCAKpB,SAAkB,EAAY,OAC9B,oBAAS,MAAT,QAAc,IAAI,AAAC,GAAQ,CAC1B,GAAM,CAAE,UAAS,mBAAoB,EACrC,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CAEtC,EAAW,OAAO,GAAG,KAGnB,GACH,OAAO,OAAO,GAAiB,IAAI,AAAC,GAAmB,CAEtD,EAAW,OAAO,GAAG,OAKjB,GAGD,GAAQ,GGsIR,GAAM,IAAY,AAAC,GAClB,MAAO,IAAU,UC3OzB,wBAQA,gCCXA,wBACO,GAAM,IAAgB,MAAO,CACnC,YACA,OACA,aAMI,IAAS,GACL,CAAE,QAAS,IAEH,GAAY,KAAM,KAAc,IAEvC,KAAM,IAAQ,CACpB,KAAM,UACN,KAAM,UACN,QAAS,IACD,IAKJ,CAAE,QAAS,ICxBnB,2EAOO,GAAM,IAAS,KAAO,IAEvB,CACL,GAAM,CAAE,UAAW,GAAW,GAExB,CAAE,uBAAsB,mBAC7B,KAAM,IAA2B,CAChC,KAAM,GACN,IAAK,KAAK,QAAQ,OAGd,EAAY,GAAI,IAAU,CAC/B,YAAa,EAAqB,MAClC,OAAQ,GAAU,EAAgB,QAGnC,MAAO,MACA,KAAI,EAA4D,CACrE,OAAW,KAAuB,GAAsB,CACvD,GAAM,GAAU,GAAI,IAAoB,OACpC,GADoC,CAEvC,UAAW,MAEZ,KAAM,GAAU,KAAK,OC9BzB,wLAUO,GAAM,IAAoB,KAAO,IAElC,CACL,GAAM,CAAE,UAAW,GAAW,GAExB,CAAE,uBAAsB,mBAC7B,KAAM,IAA2B,CAChC,KAAM,GACN,IAAK,KAAK,QAAQ,OAGd,EAAuB,GAAI,IAAqB,CACrD,YAAa,EAAqB,MAClC,OAAQ,GAAU,EAAgB,QAGnC,MAAO,MACA,MAAK,EAA6C,CACvD,GAAM,GAA8C,GACpD,QAAQ,IAAI,yBAA0B,GACtC,GAAM,GAA8C,GACpD,OAAW,KAAuB,GAAsB,CAGvD,GAAM,GAAwB,GAAI,IAAsB,CACvD,SAAU,EAAoB,OAE/B,GAAI,CACH,GAAM,GAAS,KAAM,GAAqB,KAAK,GAC/C,QAAQ,IAAI,WAEZ,EAAqB,KACpB,GAAI,IAAoB,CACvB,SAAU,EAAO,IACjB,aAAc,EAAoB,sBAG5B,EAAP,CACD,AAAI,YAAa,KAEhB,SAAQ,IAAI,WAEZ,EAAqB,KACpB,GAAI,IAAoB,CACvB,KAAM,EAAoB,KAC1B,aAAc,EAAoB,kBAOvC,MAAO,CACN,uBACA,uBACA,KAAM,SAAY,CACjB,OAAW,KAAuB,GACjC,KAAM,GAAqB,KAAK,GAGjC,OAAW,KAAuB,GACjC,KAAM,GAAqB,KAAK,QHpDtC,GAAM,IAAiB,KAAO,IAAqB,CAClD,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,QACR,OAAO,MAAO,EAAU,IAAqB,CAxBhD,8BAyBG,GAAM,CACL,aACA,UACA,MACA,MACA,cACA,YACA,MACA,WACA,sBACA,0BACG,EAAQ,kBACZ,GAAI,CAAE,IAAY,GAAuB,GACxC,KAAM,IAAI,OACT,0GAGF,GAAM,CAAE,SAAU,GAAiB,KAAM,IAAU,GAE/C,EAEJ,GAAI,EAAK,CACR,GAAM,GAAiB,GAAU,GAC9B,GACA,EACH,EAAc,GAAG,aAAa,EAAgB,gBACpC,EAAK,CACf,GAAM,GAAiB,GAAU,GAC9B,GACA,EACG,EAAiB,GAAG,aAAa,EAAgB,QAYvD,EAAc,KAAM,AAXK,MAAM,IAA2B,CACzD,UACA,OACC,GACA,QAAQ,IAAI,YACZ,SAAa,SAAb,cAAqB,MAArB,cAA0B,QAC3B,IAAK,CACJ,SAAU,GAAe,2BAAc,SAAd,cAAsB,MAAtB,cAA2B,MAA3B,cAAgC,cAItB,QAAQ,OAE7C,MAAM,IAAI,OAAM,0CAGjB,GAAM,GAAY,GAAM,GAGxB,GAAI,CACH,GAAI,EAAU,CACb,GAAM,GAAc,uBAAc,SAAd,cAAsB,MAAtB,cAA2B,IACzC,EAAU,kBAAa,gBAAiB,eAExC,EAAa,kBAAa,aAAc,GACxC,EAAuB,OAAO,QAAQ,GAAW,OAErD,CAAC,EAAK,CAAC,EAAK,KAAW,CAnF9B,YAoFM,GAAI,KAAa,YAAb,cAAyB,GAAM,CAClC,GAAM,GAAQ,KAAa,YAAb,cAAyB,GACvC,GAAI,EAAO,CACV,GAAM,GAAU,GAAG,IAAa,IAChC,GAAI,QAAM,OAAN,cAAY,MAAZ,cAAiB,IAAK,CACzB,GAAM,GAA2C,GAChD,EAAM,KAAK,IAAI,KAEb,CACA,KAAM,EACN,MAAO,EACP,KAAM,GAEN,KACA,KAAM,EACN,KAAM,GACH,EAAM,KAAK,IAAI,KAHlB,CAIA,MAAO,IAGV,EAAI,KAAK,KAMZ,MAAO,IACL,IAEG,CAAE,WAAY,KAAM,IAAc,CACvC,QAAS;AAAA,EACb,EACA,IAAI,CAAC,CAAE,UAAW,KAAK,EAAO,GAAQ,gBACtC,KAAK;AAAA,KACD,KAAM,IAGP,AAAI,IAAY,IACf,SAAQ,IAAI,sCAKZ,KAAM,AAJM,MAAM,IAAO,CACxB,OAAQ,GAAa,wBAAc,SAAd,cAAsB,MAAtB,cAA2B,WAGvC,IAAI,IAKhB,GAAI,EAAqB,CAExB,GAAM,GACL,uBAAc,SAAd,cAAsB,MAAtB,cAA2B,eACtB,EAAa,kBAAwB,aAAc,GACnD,EAAqB,KAAM,IAAkB,CAClD,OACC,GACA,QAAQ,IAAI,YACZ,SAAa,SAAb,cAAqB,MAArB,cAA0B,UAGtB,EAAuB,OAAO,QAAQ,GAAW,OAErD,CAAC,EAAK,CAAC,EAAK,KAAW,CAlJ9B,YAmJM,GAAI,KAAa,YAAb,cAAyB,GAAM,CAClC,GAAM,IAAQ,KAAa,YAAb,cAAyB,GACvC,GAAI,GAAO,CACV,GAAM,GAAU,GAAG,IAAa,IAChC,GAAI,SAAM,OAAN,cAAY,MAAZ,cAAiB,IAAK,CACzB,GAAM,GAA2C,GAChD,GAAM,KAAK,IAAI,KAEb,CACA,KAAM,EACN,aAAc,GAEd,KACA,KAAM,GACH,GAAM,KAAK,IAAI,KAFlB,CAGA,aAAc,IAGjB,EAAI,KAAK,KAKZ,MAAO,IACL,IACG,CAAE,OAAM,uBAAsB,wBACnC,KAAM,GAAmB,KAAK,GACzB,EAA2B,GACjC,GAAI,EAAqB,OAAS,EAAG,CACpC,GAAM,CAAE,QAAS,GAAkB,KAAM,IAAc,CACtD,QAAS;AAAA,EACd,EACA,IAAI,CAAC,CAAE,MAAO,CAAE,eAAiB,KAAK,EAAO,GAAY,gBACzD,KAAK;AAAA,KACA,KAAM,IAGP,EAAc,KAAK,GAEpB,GAAI,EAAqB,OAAS,EAAG,CACpC,GAAM,CAAE,QAAS,GAAkB,KAAM,IAAc,CACtD,QAAS;AAAA,EACd,EACA,IAAI,CAAC,CAAE,MAAO,CAAE,WAAa,KAAK,EAAO,GAAQ,gBACjD,KAAK;AAAA,KACA,KAAM,IAGP,EAAc,KAAK,GAEpB,AAAI,EAAc,KAAK,AAAC,GAAM,IAAM,MAAW,QAC9C,SAAQ,IAAI,mCAEZ,KAAM,MAIR,GAAI,EAAwB,CAE3B,GAAM,GAAuB,OAAO,QAAQ,GAAW,OAErD,CAAC,EAAK,CAAC,EAAK,KAAW,CAhN9B,YAiNM,GAAI,KAAa,YAAb,cAAyB,GAAM,CAClC,GAAM,GAAQ,KAAa,YAAb,cAAyB,GACvC,AAAI,GACC,SAAM,OAAN,cAAY,SAAZ,cAAoB,iBACvB,EAAI,KAAK,CACR,KAAM,EACN,UAMJ,MAAO,IACL,IAEH,QAAQ,IAAI,uBAAwB,UAE7B,EAAP,CACD,EAAQ,MAAM,MAIjB,SAAkB,GAEX,GAGD,GAAQ,GI5Nf,GAAM,IAAoB,MACzB,EACA,IAGI,CACJ,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,WACR,OAAO,MAAO,EAAmB,IAAqB,CACtD,GAAI,CACH,GAAM,CAEL,IAAK,EACL,IAAK,EACL,OACG,EAAQ,kBACN,EAAmB,OAAO,KAAK,GAAU,OAE7C,CAAC,EAAK,IACF,GACG,EAAQ,WAAW,KAAK,AAAC,GACxB,EAAW,gBAAkB,GAIpC,QAEH,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DAA+D,EAAQ,WACrE,IAAI,AAAC,GAAM,KAAK,EAAE,iBAClB,KAAK,SAIT,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,EAAiB,SAAW,IAC3C,GAAG,OAAO,KAAK,EAAiB,iBAAmB,KAG9C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAIlB,EAAe,KAAM,IAAqB,GAE1C,EAAa,KAAM,GAAiB,QAAQ,GACjD,UAAW,GACR,IAGE,EAA0B,KAAM,IAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,IAAoB,EAAgB,GAC1C,QAAQ,IACP,+BAA+B,EAC9B,cACY,EAAO,aAGd,EAAP,CACD,QAAQ,MAAM,EAAO,EAAE,UACvB,EAAQ,UAIX,SAAQ,WAAW,IAAI,AAAC,GAAe,CACtC,GAAM,CAAE,UAAS,mBAAoB,EACrC,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CAEtC,EAAW,OAAO,GAAG,KAGnB,GACH,OAAO,OAAO,GAAiB,IAAI,AAAC,GAAmB,CAEtD,EAAW,OAAO,GAAG,OAIxB,EAAkB,GAEX,GAGD,GAAQ,GChGf,GAAM,IAAoB,MACzB,EACA,IAGI,CACJ,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,WACR,OAAO,MAAO,EAAmB,IAAqB,CACtD,GAAI,CACH,GAAM,CAEL,IAAK,EACL,IAAK,EACL,OACG,EAAQ,kBAEN,EAAmB,OAAO,KAAK,GAAU,OAE7C,CAAC,EAAK,IACF,GACG,EAAQ,WAAW,KAAK,AAAC,GACxB,EAAW,gBAAkB,GAIpC,QAEH,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DAA+D,EAAQ,WACrE,IAAI,AAAC,GAAM,KAAK,EAAE,iBAClB,KAAK,SAIT,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,EAAiB,SAAW,IAC3C,GAAG,OAAO,KAAK,EAAiB,iBAAmB,KAG9C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAGxB,QAAQ,IAAI,iBAAkB,GAE9B,GAAM,GAAe,KAAM,IAAqB,GAE1C,EAAY,KAAM,GAAiB,QAAQ,GAChD,WAAY,GACT,IAGE,EAA0B,KAAM,IAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,IAAoB,EAAgB,GAC1C,QAAQ,IACP,+BAA+B,EAC9B,cACY,EAAO,OAItB,QAAQ,IAAI,YAAa,SACjB,EAAP,CACD,QAAQ,MAAM,EAAO,EAAE,UACvB,EAAQ,UAIX,SAAQ,WAAW,IAAI,AAAC,GAAe,CACtC,GAAM,CAAE,UAAS,mBAAoB,EACrC,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CAEtC,EAAW,OAAO,GAAG,KAGnB,GACH,OAAO,OAAO,GAAiB,IAAI,AAAC,GAAmB,CAEtD,EAAW,OAAO,GAAG,OAIxB,EAAkB,GAEX,GAGD,GAAQ,GCpHf,uBACA,qBAGA,gDAYO,GAAM,IAA6B,mBAC7B,GAAsB,CAAC,IAK7B,GAAM,IAAqC,GA+HrC,GAAmB,KAAO,IAG/B,2BAAO,GAAP,GAAO,EAAQ,QAAM,KAAK,AAAC,GAC1B,EAAS,SASL,GAAmB,KAC/B,IAC2C,CAC3C,GAAM,GAAM,QAAQ,MAEd,EAAa,KAAM,AADJ,IAAI,MACa,QAAQ,CAC7C,MAAO,EAAW,CAAC,GAAY,CAAC,GAAG,GAAqB,gBACxD,MACA,QAAS,GAAK,MAAM,GAAK,KACzB,WAAY,WAEb,GAAI,GAAY,IAAe,KAC9B,KAAM,IAAI,OAAM,8BAA8B,KAE/C,GAAI,GACH,GAAI,EAAW,SAAS,SAAU,CACjC,GAAM,GAAW,KAAM,IACtB,GAGG,EAEJ,MACC,GAAW,SAAS,iBACnB,EAAqD,SACrD,OAED,EAAQ,EAAqD,OAE7D,EAAO,EAGD,CACN,OAAQ,OACR,SAAU,SACN,IACA,GAFM,CAGT,QAAS,OACL,iBAAM,SACN,GAAc,SAElB,UAAW,KACP,iBAAM,sBAIF,EAAW,SAAS,OAAQ,CACtC,GAAM,GAAsB,KAAM,IAAc,CAC/C,SAAU,IAEL,EAAQ,EAAoB,IAAI,QACrC,EAAoB,IAAI,SACxB,EAAoB,IAErB,MAAO,CACN,OAAQ,KACR,SAAU,SACN,IACA,GAFM,CAGT,QAAS,OACL,iBAAM,SACN,GAAc,SAElB,UAAW,KACP,iBAAM,eAOd,MAAO,CAAE,OAAQ,gBAAiB,SAAU,KpBzN7C,oBAEA,GAAM,IAA+B,CACpC,QAAS,YACT,KAAM,SACN,WAAY,CACX,KAAM,SACN,YAAa,mBAEd,UAAW,GACX,MAAO,GACP,OAAQ,GACR,QAAS,AAAC,GAAW,CAAC,EAAM,IAAQ,CACnC,GAAI,EAAK,CACR,GAAM,CAAE,aAAY,sBAAuB,EAC3C,SAAW,GAAsB,IAAS,GAAK,GAAK,EAAK,MAAM,GACxD,OAEP,OAAO,KAKJ,EAAU,GAAI,IAEpB,AAAC,UAAY,CAEZ,GAAM,GAAY,QAAQ,KAAK,KAAK,AAAC,GAAQ,EAAI,WAAW,OAEtD,EAAa,EAChB,EAAU,SAAS,KAClB,EAAU,MAAM,KAAK,GACrB,QAAQ,KAAK,QAAQ,KAAK,QAAQ,GAAa,GAChD,OACG,CAAE,SAAU,EAAS,IAAO,KAAM,IAAiB,GACnD,CAAE,UAAS,aAAc,EAE/B,EACE,KAAK,UACL,YAAY,oBACZ,QAAQ,SACR,0BACA,OAAO,CAAC,EAAU,IAAmB,CACrC,EAAM,SAGR,EAAkB,GAElB,GAAM,GAA2C,GACjD,AAAI,GACH,OAAO,QAAQ,GAAS,QACvB,CAAC,CAAC,EAAY,KAAuD,CACpE,AAAI,kBAAc,SACjB,GAAc,GAAc,iBAAc,UAM9C,OAAO,OAAO,GAAa,IAAI,QAAQ,AAAC,GAAa,CACpD,AAAI,kBAAU,OACb,OAAO,KAAK,EAAS,MAAM,QAAQ,AAAC,GAAe,CAClD,AAAK,EAAc,IAClB,GAAc,GAAc,kBAAkB,SAMlD,QAAQ,IAAI,gBAAiB,GAE7B,GAAM,GAAM,GAAI,IAAI,CACnB,UAAW,GACX,iBAAkB,GAClB,YAAa,GACb,YAAa,GACb,gBAAiB,GACjB,cAAe,GACf,SAAU,CAAC,MAIN,EAAsD,GACtD,EAAsD,GACtD,EAA8C,GAEpD,OAAW,KAAc,QAAO,KAAK,GAAgB,CACpD,GAAM,GAAe,EAAc,GAC7B,EAAmB,KAAM,IAAiB,CAAE,KAAM,IAClD,CAAE,gBAAe,YAAa,GAAQ,KAAM,GAAiB,CAClE,MACA,aAAc,IAGf,AAAI,kBAAK,UACR,EAAyB,KAAK,EAAI,SAE/B,kBAAK,UACR,EAAyB,KAAK,EAAI,SAE/B,kBAAK,MACR,EAAqB,KAAK,EAAI,KAE3B,GACH,EAAc,CAAE,YAGlB,AAAI,EAAyB,QAC5B,KAAM,IAAkB,EAAS,CAChC,WAAY,IAGV,EAAyB,QAC5B,KAAM,IAAkB,EAAS,CAChC,WAAY,IAKd,KAAM,IAAe,GACrB,KAAM,IAAc,EAAS,CAAE,IAAK,IAGpC,KAAM,IAAe,GACrB,KAAM,GAAQ",
|
|
4
|
+
"sourcesContent": ["import { Command } from \"commander\";\n\nimport addInitCommand from \"./commands/init\";\nimport addRunCommand from \"./commands/run2\";\nimport addPushProgram from \"./commands/push\";\nimport addEncryptProgram from \"./commands/encrypt\";\nimport addDecryptProgram from \"./commands/decrypt\";\nimport { setProgramOptions } from \"./options\";\nimport {\n\tgetMagicalConfig,\n\tloadDotsecPlugin,\n\tMagicalDotsecPluginConfig,\n\tCliPluginDecryptHandler,\n\tCliPluginEncryptHandler,\n\tCliPluginRunHandler,\n} from \"../lib/plugin\";\nimport Ajv, { KeywordDefinition } from \"ajv\";\n\nconst separator: KeywordDefinition = {\n\tkeyword: \"separator\",\n\ttype: \"string\",\n\tmetaSchema: {\n\t\ttype: \"string\",\n\t\tdescription: \"value separator\",\n\t},\n\tmodifying: true,\n\tvalid: true,\n\terrors: false,\n\tcompile: (schema) => (data, ctx) => {\n\t\tif (ctx) {\n\t\t\tconst { parentData, parentDataProperty } = ctx;\n\t\t\tparentData[parentDataProperty] = data === \"\" ? [] : data.split(schema);\n\t\t\treturn true;\n\t\t} else {\n\t\t\treturn false;\n\t\t}\n\t},\n};\n\nconst program = new Command();\n\n(async () => {\n\t// find -c value in argv\n\tconst configArg = process.argv.find((arg) => arg.startsWith(\"-c\"));\n\t// if -c contains a =, split it and get the value. otherwise, take the next value\n\tconst configFile = configArg\n\t\t? configArg.includes(\"=\")\n\t\t\t? configArg.split(\"=\")[1]\n\t\t\t: process.argv[process.argv.indexOf(configArg) + 1]\n\t\t: undefined;\n\tconst { contents: config = {} } = await getMagicalConfig(configFile);\n\tconst { plugins, variables } = config;\n\n\tprogram\n\t\t.name(\"dotsec\")\n\t\t.description(\".env, but secure\")\n\t\t.version(\"1.0.0\")\n\t\t.enablePositionalOptions()\n\t\t.action((_options, other: Command) => {\n\t\t\tother.help();\n\t\t});\n\n\tsetProgramOptions(program);\n\n\tconst pluginModules: { [key: string]: string } = {};\n\tif (plugins) {\n\t\tObject.entries(plugins).forEach(\n\t\t\t([pluginName, pluginModule]: [string, MagicalDotsecPluginConfig]) => {\n\t\t\t\tif (pluginModule?.module) {\n\t\t\t\t\tpluginModules[pluginName] = pluginModule?.module;\n\t\t\t\t} else {\n\t\t\t\t\tpluginModules[pluginName] = `@dotsec/plugin-${pluginName}`;\n\t\t\t\t}\n\t\t\t},\n\t\t);\n\t}\n\n\tObject.values(variables || {}).forEach((variable) => {\n\t\tif (variable?.push) {\n\t\t\tObject.keys(variable.push).forEach((pluginName) => {\n\t\t\t\tif (!pluginModules[pluginName]) {\n\t\t\t\t\tpluginModules[pluginName] = `@dotsec/plugin-${pluginName}`;\n\t\t\t\t}\n\t\t\t});\n\t\t}\n\t});\n\n\tconst ajv = new Ajv({\n\t\tallErrors: true,\n\t\tremoveAdditional: true,\n\t\tuseDefaults: true,\n\t\tcoerceTypes: true,\n\t\tallowUnionTypes: true,\n\t\taddUsedSchema: false,\n\t\tkeywords: [separator],\n\t});\n\n\t// configure encryption command\n\tconst cliPluginEncryptHandlers: CliPluginEncryptHandler[] = [];\n\tconst cliPluginDecryptHandlers: CliPluginDecryptHandler[] = [];\n\tconst cliPluginRunHandlers: CliPluginRunHandler[] = [];\n\n\tfor (const pluginName of Object.keys(pluginModules)) {\n\t\tconst pluginModule = pluginModules[pluginName];\n\t\tconst initDotsecPlugin = await loadDotsecPlugin({ name: pluginModule });\n\t\tconst { addCliCommand, cliHandlers: cli } = await initDotsecPlugin({\n\t\t\tajv,\n\t\t\tdotsecConfig: config,\n\t\t});\n\n\t\tif (cli?.encrypt) {\n\t\t\tcliPluginEncryptHandlers.push(cli.encrypt);\n\t\t}\n\t\tif (cli?.decrypt) {\n\t\t\tcliPluginDecryptHandlers.push(cli.decrypt);\n\t\t}\n\t\tif (cli?.run) {\n\t\t\tcliPluginRunHandlers.push(cli.run);\n\t\t}\n\t\tif (addCliCommand) {\n\t\t\taddCliCommand({ program });\n\t\t}\n\t}\n\tif (cliPluginEncryptHandlers.length) {\n\t\tawait addEncryptProgram(program, {\n\t\t\tencryption: cliPluginEncryptHandlers,\n\t\t});\n\t}\n\tif (cliPluginDecryptHandlers.length) {\n\t\tawait addDecryptProgram(program, {\n\t\t\tdecryption: cliPluginDecryptHandlers,\n\t\t});\n\t}\n\n\t// add other commands\n\tawait addInitCommand(program);\n\tawait addRunCommand(program, { run: cliPluginRunHandlers });\n\t// await addDecryptCommand(program);\n\t// await addEncryptCommand(program);\n\tawait addPushProgram(program);\n\tawait program.parse();\n})();\n", "import {\n\tDecryptCommand,\n\tDescribeKeyCommand,\n\tEncryptCommand,\n\tKMSClient,\n} from \"@aws-sdk/client-kms\";\nimport { EncryptionEngineFactory } from \"../../types\";\nimport { handleCredentialsAndRegion } from \"./handleCredentialsAndRegion\";\n\nexport type AwsEncryptionEngineFactory = EncryptionEngineFactory<\n\t{ region?: string; kms?: { keyAlias?: string } },\n\t{ other: () => void }\n>;\n\nexport const awsEncryptionEngineFactory: AwsEncryptionEngineFactory = async (\n\toptions,\n) => {\n\tconst {\n\t\tkms: { keyAlias } = {},\n\t\tregion,\n\t} = options;\n\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\tawait handleCredentialsAndRegion({\n\t\t\targv: {},\n\t\t\tenv: { ...process.env },\n\t\t});\n\n\tconst kmsClient = new KMSClient({\n\t\tcredentials: credentialsAndOrigin.value,\n\t\tregion: region || regionAndOrigin.value,\n\t});\n\n\tconst describeKeyCommand = new DescribeKeyCommand({\n\t\tKeyId: keyAlias,\n\t});\n\n\tconst describeKeyResult = await kmsClient.send(describeKeyCommand);\n\tconst encryptionAlgorithm =\n\t\tdescribeKeyResult.KeyMetadata?.EncryptionAlgorithms?.[0];\n\n\tif (encryptionAlgorithm === undefined) {\n\t\tthrow new Error(\"Could not determine encryption algorithm\");\n\t}\n\n\treturn {\n\t\tasync encrypt(plaintext: string): Promise<string> {\n\t\t\tconst encryptCommand = new EncryptCommand({\n\t\t\t\tKeyId: keyAlias,\n\t\t\t\tPlaintext: Buffer.from(plaintext),\n\t\t\t\tEncryptionAlgorithm: encryptionAlgorithm,\n\t\t\t});\n\t\t\tconst encryptionResult = await kmsClient.send(encryptCommand);\n\n\t\t\tif (!encryptionResult.CiphertextBlob) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Something bad happened: ${JSON.stringify({\n\t\t\t\t\t\tencryptCommand,\n\t\t\t\t\t})}`,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst cipherText = Buffer.from(encryptionResult.CiphertextBlob).toString(\n\t\t\t\t\"base64\",\n\t\t\t);\n\n\t\t\treturn cipherText;\n\t\t},\n\t\tasync decrypt(cipherText: string): Promise<string> {\n\t\t\tconst decryptCommand = new DecryptCommand({\n\t\t\t\tKeyId: keyAlias,\n\t\t\t\tCiphertextBlob: Buffer.from(cipherText, \"base64\"),\n\t\t\t\tEncryptionAlgorithm: encryptionAlgorithm,\n\t\t\t});\n\n\t\t\tconst decryptionResult = await kmsClient.send(decryptCommand);\n\n\t\t\tif (!decryptionResult.Plaintext) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Something bad happened: ${JSON.stringify({\n\t\t\t\t\t\tcipherText: cipherText,\n\t\t\t\t\t\tdecryptCommand: decryptCommand,\n\t\t\t\t\t})}`,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst decryptedValue = Buffer.from(decryptionResult.Plaintext).toString();\n\n\t\t\tif (this.verbose) {\n\t\t\t\tconsole.info(`Decrypting key '${cipherText}'`);\n\t\t\t}\n\n\t\t\treturn decryptedValue;\n\t\t},\n\t\tother: () => {},\n\t};\n};\n", "import {\n\tfromEnv,\n\tfromIni,\n\tfromTemporaryCredentials,\n} from \"@aws-sdk/credential-providers\";\nimport { loadSharedConfigFiles } from \"@aws-sdk/shared-ini-file-loader\";\nimport { emphasis, strong } from \"../../utils/logger\";\n\nimport {\n\tCredentialsAndOrigin,\n\tProfileAndOrigin,\n\tRegionAndOrigin,\n} from \"./types\";\n\nexport const getCredentialsProfileRegion = async ({\n\targv,\n\tenv,\n}: {\n\targv: {\n\t\tprofile?: string;\n\t\tregion?: string;\n\t\tassumeRoleArn?: string;\n\t\tassumeRoleSessionDuration?: number;\n\t};\n\tenv: {\n\t\tAWS_PROFILE?: string;\n\t\tAWS_ACCESS_KEY_ID?: string;\n\t\tAWS_SECRET_ACCESS_KEY?: string;\n\t\tAWS_REGION?: string;\n\t\tAWS_DEFAULT_REGION?: string;\n\t\tAWS_ASSUME_ROLE_ARN?: string | undefined;\n\t\tAWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n\t\tTZ?: string;\n\t};\n}) => {\n\tconst sharedConfigFiles = await loadSharedConfigFiles();\n\tlet credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n\tlet profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n\tlet regionAndOrigin: RegionAndOrigin | undefined = undefined;\n\tif (argv.profile) {\n\t\tprofileAndOrigin = {\n\t\t\tvalue: argv.profile,\n\t\t\torigin: `command line option: ${emphasis(argv.profile)}`,\n\t\t};\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromIni({\n\t\t\t\tprofile: argv.profile,\n\t\t\t})(),\n\t\t\torigin: `${emphasis(`[${argv.profile}]`)} in credentials file`,\n\t\t};\n\t} else if (env.AWS_PROFILE) {\n\t\tprofileAndOrigin = {\n\t\t\tvalue: env.AWS_PROFILE,\n\t\t\torigin: `env variable ${emphasis(\"AWS_PROFILE\")}: ${strong(\n\t\t\t\tenv.AWS_PROFILE,\n\t\t\t)}`,\n\t\t};\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromIni({\n\t\t\t\tprofile: env.AWS_PROFILE,\n\t\t\t})(),\n\t\t\torigin: `env variable ${emphasis(\"AWS_PROFILE\")}: ${strong(\n\t\t\t\tenv.AWS_PROFILE,\n\t\t\t)}`,\n\t\t};\n\t} else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromEnv()(),\n\t\t\torigin: `env variables ${emphasis(\"AWS_ACCESS_KEY_ID\")} and ${emphasis(\n\t\t\t\t\"AWS_SECRET_ACCESS_KEY\",\n\t\t\t)}`,\n\t\t};\n\t} else if (sharedConfigFiles.credentialsFile?.default) {\n\t\tprofileAndOrigin = {\n\t\t\tvalue: \"default\",\n\t\t\torigin: `${emphasis(\"[default]\")} in credentials file`,\n\t\t};\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromIni({\n\t\t\t\tprofile: \"default\",\n\t\t\t})(),\n\t\t\torigin: `profile ${emphasis(\"[default]\")}`,\n\t\t};\n\t}\n\n\tif (argv.region) {\n\t\tregionAndOrigin = {\n\t\t\tvalue: argv.region,\n\t\t\torigin: `command line option: ${emphasis(argv.region)}`,\n\t\t};\n\t} else if (env.AWS_REGION) {\n\t\tregionAndOrigin = {\n\t\t\tvalue: env.AWS_REGION,\n\t\t\torigin: `env variable ${emphasis(\"AWS_REGION\")}: ${strong(\n\t\t\t\tenv.AWS_REGION,\n\t\t\t)}`,\n\t\t};\n\t} else if (env.AWS_DEFAULT_REGION) {\n\t\tregionAndOrigin = {\n\t\t\tvalue: env.AWS_DEFAULT_REGION,\n\t\t\torigin: `env variable ${emphasis(\"AWS_DEFAULT_REGION\")}: ${strong(\n\t\t\t\tenv.AWS_DEFAULT_REGION,\n\t\t\t)}`,\n\t\t};\n\t} else if (profileAndOrigin) {\n\t\tconst foundRegion =\n\t\t\tsharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n\t\tif (foundRegion) {\n\t\t\tregionAndOrigin = {\n\t\t\t\tvalue: foundRegion,\n\t\t\t\torigin: `${emphasis(\n\t\t\t\t\t`[profile ${profileAndOrigin.value}]`,\n\t\t\t\t)} in config file`,\n\t\t\t};\n\t\t}\n\t}\n\n\tconst assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;\n\tif (assumedRole) {\n\t\tconst origin = argv.assumeRoleArn ? \"command line option\" : \"env variable\";\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromTemporaryCredentials({\n\t\t\t\tmasterCredentials: credentialsAndOrigin?.value,\n\n\t\t\t\tparams: {\n\t\t\t\t\tDurationSeconds:\n\t\t\t\t\t\targv.assumeRoleSessionDuration ||\n\t\t\t\t\t\tNumber(env.AWS_ASSUME_ROLE_SESSION_DURATION) ||\n\t\t\t\t\t\t3600,\n\t\t\t\t\tRoleArn: assumedRole,\n\t\t\t\t},\n\n\t\t\t\tclientConfig: {\n\t\t\t\t\tregion: regionAndOrigin?.value,\n\t\t\t\t},\n\t\t\t})(),\n\t\t\torigin: `${origin} ${emphasis(`[${assumedRole}]`)}`,\n\t\t};\n\t}\n\n\treturn { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n\tcredentialsAndOrigin,\n\tregionAndOrigin,\n\tprofileAndOrigin,\n}: {\n\tcredentialsAndOrigin?: CredentialsAndOrigin;\n\tregionAndOrigin?: RegionAndOrigin;\n\tprofileAndOrigin?: ProfileAndOrigin;\n}): string => {\n\tconst out: string[] = [];\n\tif (profileAndOrigin) {\n\t\tout.push(`Got profile name from ${profileAndOrigin.origin}`);\n\t}\n\tif (credentialsAndOrigin) {\n\t\tout.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n\t}\n\tif (regionAndOrigin) {\n\t\tout.push(`Resolved region from ${regionAndOrigin.origin}`);\n\t}\n\treturn out.join(\"\\n\");\n};\n", "import chalk from \"chalk\";\nlet _logger: Pick<Console, \"info\" | \"error\" | \"table\">;\nexport const getLogger = () => {\n\tif (!_logger) {\n\t\t_logger = console;\n\t}\n\n\treturn _logger;\n};\nexport const writeLine = (str: string) => {\n\tprocess.stdout.write(str);\n};\nexport const emphasis = (str: string): string => chalk.yellowBright(str);\nexport const strong = (str: string): string => chalk.yellow.bold(str);\n\nexport const clientLogger = {\n\tdebug(content: object) {\n\t\tconsole.log(content);\n\t},\n\tinfo(content: object) {\n\t\tconsole.log(content);\n\t},\n\twarn(content: object) {\n\t\tconsole.log(content);\n\t},\n\terror(content: object) {\n\t\tconsole.error(content);\n\t},\n};\n", "import {\n\tgetCredentialsProfileRegion,\n\tprintVerboseCredentialsProfileRegion,\n} from \"./getCredentialsProfileRegion\";\n\nexport const handleCredentialsAndRegion = async ({\n\targv,\n\tenv,\n}: {\n\targv: {\n\t\tawsRegion?: string;\n\t\tawsProfile?: string;\n\t\tverbose?: boolean;\n\t\tawsAssumeRoleArn?: string;\n\t\tawsAssumeRoleSessionDuration?: number;\n\t};\n\tenv: {\n\t\tAWS_PROFILE?: string | undefined;\n\t\tAWS_ACCESS_KEY_ID?: string | undefined;\n\t\tAWS_SECRET_ACCESS_KEY?: string | undefined;\n\t\tAWS_REGION?: string | undefined;\n\t\tAWS_DEFAULT_REGION?: string | undefined;\n\t\tAWS_ASSUME_ROLE_ARN?: string | undefined;\n\t\tAWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n\t\tTZ?: string;\n\t};\n}) => {\n\tconst { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n\t\tawait getCredentialsProfileRegion({\n\t\t\targv: {\n\t\t\t\tregion: argv.awsRegion,\n\t\t\t\tprofile: argv.awsProfile,\n\t\t\t\tassumeRoleArn: argv.awsAssumeRoleArn,\n\t\t\t\tassumeRoleSessionDuration: argv.awsAssumeRoleSessionDuration,\n\t\t\t},\n\t\t\tenv: {\n\t\t\t\t...env,\n\t\t\t},\n\t\t});\n\n\tif (argv.verbose === true) {\n\t\tconsole.log(\n\t\t\tprintVerboseCredentialsProfileRegion({\n\t\t\t\tcredentialsAndOrigin,\n\t\t\t\tregionAndOrigin,\n\t\t\t\tprofileAndOrigin,\n\t\t\t}),\n\t\t);\n\t}\n\n\tif (!(credentialsAndOrigin && regionAndOrigin)) {\n\t\tif (!credentialsAndOrigin) {\n\t\t\tconsole.error(\"Could not find credentials\");\n\t\t\tthrow new Error(\"Could not find credentials\");\n\t\t}\n\t\tif (!regionAndOrigin) {\n\t\t\tconsole.error(\"Could not find region\");\n\t\t\tthrow new Error(\"Could not find region\");\n\t\t}\n\t}\n\n\treturn { credentialsAndOrigin, regionAndOrigin };\n};\n", "import fs, { stat } from \"node:fs/promises\";\nimport prompts from \"prompts\";\nimport path from \"node:path\";\n\nexport const readContentsFromFile = async (\n\tfilePath: string,\n): Promise<string> => {\n\treturn await fs.readFile(filePath, \"utf-8\");\n};\n\nexport const writeContentsToFile = async (\n\tfilePath: string,\n\tcontents: string,\n): Promise<void> => {\n\treturn await fs.writeFile(filePath, contents, \"utf-8\");\n};\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n\ttry {\n\t\tawait stat(source);\n\t\treturn true;\n\t} catch {\n\t\treturn false;\n\t}\n};\n\nexport const promptOverwriteIfFileExists = async ({\n\tfilePath,\n\tskip,\n}: {\n\tfilePath: string;\n\tskip?: boolean;\n}) => {\n\tlet overwriteResponse: prompts.Answers<\"overwrite\"> | undefined;\n\n\tif ((await fileExists(filePath)) && skip !== true) {\n\t\toverwriteResponse = await prompts({\n\t\t\ttype: \"confirm\",\n\t\t\tname: \"overwrite\",\n\t\t\tmessage: () => {\n\t\t\t\treturn `Overwrite './${path.relative(process.cwd(), filePath)}' ?`;\n\t\t\t},\n\t\t});\n\t} else {\n\t\toverwriteResponse = undefined;\n\t}\n\treturn overwriteResponse;\n};\n", "import { Command } from \"commander\";\nimport { awsEncryptionEngineFactory } from \"../../lib/aws/AwsKmsEncryptionEngine\";\nimport {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { EncryptionEngine, Init2CommandOptions } from \"../../types\";\n\nimport path from \"node:path\";\nimport { patchConfigFile } from \"../../lib/transformer\";\nimport { setProgramOptions } from \"../options\";\nimport { strong } from \"../../utils/logger\";\nimport {\n\tdefaultConfig,\n\tDOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n} from \"../../constants\";\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n};\n\nconst addInitProgram = async (program: Command) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"init\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\tconst {\n\t\t\t\tverbose,\n\t\t\t\tconfigFile,\n\t\t\t\tenv: dotenvFilename,\n\t\t\t\tsec: dotsecFilename,\n\t\t\t\tawskeyAlias,\n\t\t\t\tawsRegion,\n\t\t\t\tyes,\n\t\t\t} = command.optsWithGlobals<Init2CommandOptions>();\n\t\t\t// get dotsec config\n\n\t\t\ttry {\n\t\t\t\tlet encryptionEngine: EncryptionEngine;\n\n\t\t\t\tencryptionEngine = await awsEncryptionEngineFactory({\n\t\t\t\t\tverbose,\n\t\t\t\t\tregion:\n\t\t\t\t\t\tawsRegion ||\n\t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t\t\tdefaultConfig.config?.aws?.region,\n\t\t\t\t\tkms: {\n\t\t\t\t\t\tkeyAlias: awskeyAlias || defaultConfig?.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t},\n\t\t\t\t});\n\n\t\t\t\t// get current dot env file\n\t\t\t\tconst dotenvString = await readContentsFromFile(dotenvFilename);\n\n\t\t\t\t// encrypt\n\t\t\t\tconst cipherText = await encryptionEngine.encrypt(dotenvString);\n\n\t\t\t\tconst dotsecOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotsecFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotsecOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotsecFilename, cipherText);\n\t\t\t\t\t// todo: fix type\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote encrypted contents of ${strong(\n\t\t\t\t\t\t\tdotenvFilename,\n\t\t\t\t\t\t)} contents file to ${strong(dotsecFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst patchedConfigTemplate = patchConfigFile({\n\t\t\t\t\tconfigFile: path.resolve(\n\t\t\t\t\t\t__dirname,\n\t\t\t\t\t\t\"../../src/templates/dotsec.config.ts\",\n\t\t\t\t\t),\n\t\t\t\t\tconfig: {\n\t\t\t\t\t\taws: {\n\t\t\t\t\t\t\tkms: {\n\t\t\t\t\t\t\t\tkeyAlias: awskeyAlias || DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tregion: awsRegion || process.env.AWS_REGION,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tconst dotsecConfigOverwriteResponse = await promptOverwriteIfFileExists(\n\t\t\t\t\t{\n\t\t\t\t\t\tfilePath: configFile,\n\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tif (\n\t\t\t\t\tdotsecConfigOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecConfigOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(configFile, patchedConfigTemplate);\n\t\t\t\t\tconsole.log(`Wrote config file to ${strong(configFile)}`);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tcommand.error(e);\n\t\t\t}\n\t\t});\n\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addInitProgram;\n", "import * as ts from \"typescript\";\nimport fs from \"node:fs\";\n\nexport const patchConfigFile = (options: {\n\tconfigFile: string;\n\tconfig?: {\n\t\taws?: {\n\t\t\tregion?: string;\n\t\t\tkms?: {\n\t\t\t\tkeyAlias?: string;\n\t\t\t};\n\t\t};\n\t};\n}) => {\n\tconst printer: ts.Printer = ts.createPrinter();\n\tconst source = fs.readFileSync(options.configFile, \"utf8\");\n\n\tconst transformer =\n\t\t<T extends ts.Node>(context: ts.TransformationContext) =>\n\t\t(rootNode: T) => {\n\t\t\tfunction visit(node: ts.Node): ts.Node {\n\t\t\t\tnode = ts.visitEachChild(node, visit, context);\n\t\t\t\tif (node.kind === ts.SyntaxKind.StringLiteral) {\n\t\t\t\t\tconst kmsNode = node?.parent?.parent?.parent;\n\t\t\t\t\tif (options.config?.aws?.kms?.keyAlias) {\n\t\t\t\t\t\tif (kmsNode?.getChildAt(0)?.getText() === \"kms\") {\n\t\t\t\t\t\t\tconst awsNode = kmsNode?.parent?.parent;\n\t\t\t\t\t\t\tif (awsNode?.getChildAt(0).getText() === \"aws\") {\n\t\t\t\t\t\t\t\t// console.log(\n\t\t\t\t\t\t\t\t// \t\"parent is aws\",\n\t\t\t\t\t\t\t\t// \tnode.parent?.getChildAt(2).getText(),\n\t\t\t\t\t\t\t\t// );\n\t\t\t\t\t\t\t\treturn ts.createStringLiteral(\n\t\t\t\t\t\t\t\t\toptions.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif (options.config?.aws?.region) {\n\t\t\t\t\t\tif (node?.parent?.getChildAt(0)?.getText() === \"region\") {\n\t\t\t\t\t\t\tconst awsNode = node?.parent?.parent?.parent;\n\n\t\t\t\t\t\t\t// const awsNode = kmsNode?.parent?.parent;\n\t\t\t\t\t\t\tif (awsNode?.getChildAt(0).getText() === \"aws\") {\n\t\t\t\t\t\t\t\treturn ts.createStringLiteral(options.config?.aws?.region);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treturn node;\n\t\t\t}\n\t\t\treturn ts.visitNode(rootNode, visit);\n\t\t};\n\n\tconst sourceFile: ts.SourceFile = ts.createSourceFile(\n\t\t\"test.ts\",\n\t\tsource,\n\t\tts.ScriptTarget.ES2015,\n\t\ttrue,\n\t\tts.ScriptKind.TS,\n\t);\n\n\t// Options may be passed to transform\n\tconst result: ts.TransformationResult<ts.SourceFile> =\n\t\tts.transform<ts.SourceFile>(sourceFile, [transformer]);\n\n\tconst transformedSourceFile: ts.SourceFile = result.transformed[0];\n\n\tconst transformedSource = printer.printFile(transformedSourceFile);\n\tresult.dispose();\n\n\treturn transformedSource;\n};\n", "import { DotsecConfig } from \"./types\";\n\nexport const DOTSEC_DEFAULT_CONFIG_FILE = \"dotsec.config.ts\";\nexport const DOTSEC_CONFIG_FILES = [DOTSEC_DEFAULT_CONFIG_FILE];\nexport const DOTSEC_DEFAULT_DOTSEC_FILENAME = \".sec\";\nexport const DOTSEC_DEFAULT_DOTENV_FILENAME = \".env\";\nexport const DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS = \"alias/dotsec\";\nexport const DOTSEC_DEFAULT_AWS_SSM_PARAMETER_TYPE = \"SecureString\";\n\nexport const defaultConfig: DotsecConfig = {\n\tconfig: {\n\t\taws: {\n\t\t\tkms: {\n\t\t\t\tkeyAlias: DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n\t\t\t},\n\t\t\tssm: {\n\t\t\t\tparameterType: DOTSEC_DEFAULT_AWS_SSM_PARAMETER_TYPE,\n\t\t\t},\n\t\t},\n\t},\n};\n", "import { Command } from \"commander\";\nimport {\n\tDOTSEC_DEFAULT_CONFIG_FILE,\n\tDOTSEC_DEFAULT_DOTENV_FILENAME,\n\tDOTSEC_DEFAULT_DOTSEC_FILENAME,\n} from \"../constants\";\n\ntype Options = {\n\t[optionName: string]:\n\t\t| [string, string]\n\t\t| [string, string, string | boolean | string[]];\n};\n\ntype CommandOptions = {\n\t[commandName: string]: {\n\t\tinheritsFrom?: string[];\n\t\toptions?: Options;\n\t\trequiredOptions?: Options;\n\t};\n};\nexport const commandOptions: CommandOptions = {\n\tdotsec: {\n\t\toptions: {\n\t\t\tverbose: [\"--verbose\", \"Verbose output\", false],\n\t\t\tconfigFile: [\n\t\t\t\t\"-c, --config-file, --configFile <configFile>\",\n\t\t\t\t\"Config file\",\n\t\t\t\tDOTSEC_DEFAULT_CONFIG_FILE,\n\t\t\t],\n\t\t},\n\t},\n\tinit: {\n\t\toptions: {\n\t\t\tverbose: [\"--verbose\", \"Verbose output\", false],\n\t\t\tconfigFile: [\n\t\t\t\t\"-c, --config-file, --configFile <configFile>\",\n\t\t\t\t\"Config file\",\n\t\t\t\tDOTSEC_DEFAULT_CONFIG_FILE,\n\t\t\t],\n\n\t\t\tenv: [\"--env\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t\tawsKeyAlias: [\n\t\t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t\t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t\t\t\t\"alias/dotsec\",\n\t\t\t],\n\t\t\tawsRegion: [\n\t\t\t\t\"--aws-region <awsRegion>\",\n\t\t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t\t\t],\n\t\t},\n\t},\n\t// decrypt: {\n\t// \tinheritsFrom: [\"dotsec\"],\n\t// \toptions: {\n\t// \t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t// \t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t// \t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t// \t\tawsKeyAlias: [\n\t// \t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t// \t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t// \t\t\t\"alias/dotsec\",\n\t// \t\t],\n\t// \t\tawsRegion: [\n\t// \t\t\t\"--aws-region <awsRegion>\",\n\t// \t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t// \t\t],\n\t// \t},\n\t// },\n\t// encrypt: {\n\t// \tinheritsFrom: [\"dotsec\"],\n\t// \toptions: {\n\t// \t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t// \t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t// \t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t// \t\tawsKeyAlias: [\n\t// \t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t// \t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t// \t\t\t\"alias/dotsec\",\n\t// \t\t],\n\t// \t\tawsRegion: [\n\t// \t\t\t\"--aws-region <awsRegion>\",\n\t// \t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t// \t\t],\n\t// \t},\n\t// },\n\tencrypt: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t},\n\t},\n\tdecrypt: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t},\n\t},\n\n\t// run: {\n\t// \tinheritsFrom: [\"dotsec\"],\n\t// \toptions: {\n\t// \t\tenv: [\"--env <env>\", \"Path to .env file\"],\n\t// \t\tsec: [\"--sec [sec]\", \"Path to .sec file\"],\n\t// \t\tawsKeyAlias: [\n\t// \t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t// \t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t// \t\t\t\"alias/dotsec\",\n\t// \t\t],\n\t// \t\tawsRegion: [\n\t// \t\t\t\"--aws-region <awsRegion>\",\n\t// \t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t// \t\t],\n\t// \t},\n\t// },\n\trun: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\"],\n\t\t},\n\t},\n\tpush: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\ttoAwsSsm: [\"--to-aws-ssm, --toAwsSsm\", \"Push to AWS SSM\"],\n\t\t\ttoAwsSecretsManager: [\n\t\t\t\t\"--to-aws-secrets-manager, --toAwsSecretsManager\",\n\t\t\t\t\"Push to AWS Secrets Manager\",\n\t\t\t],\n\t\t\ttoGitHubActionsSecrets: [\n\t\t\t\t\"--to-github-actions-secrets, --toGitHubActionsSecrets\",\n\t\t\t\t\"Push to GitHub actions secrets\",\n\t\t\t],\n\n\t\t\tenv: [\"--env [env]\", \"Path to .env file\"],\n\t\t\tsec: [\"--sec [sec]\", \"Path to .sec file\"],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t\tawsKeyAlias: [\n\t\t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t\t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t\t\t\t\"alias/dotsec\",\n\t\t\t],\n\t\t\tawsRegion: [\n\t\t\t\t\"--aws-region <awsRegion>\",\n\t\t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t\t\t],\n\t\t},\n\t},\n};\n\nconst getInheritedOptions = (\n\tcopts: CommandOptions,\n\tcommandName: string,\n\tresult: { options?: Options; requiredOptions?: Options } = {},\n): { options?: Options; requiredOptions?: Options } | undefined => {\n\tconst command = copts[commandName];\n\tif (command) {\n\t\tif (command.inheritsFrom) {\n\t\t\treturn command?.inheritsFrom.reduce(\n\t\t\t\t(acc, inheritedCommandName) => {\n\t\t\t\t\tconst r = getInheritedOptions(copts, inheritedCommandName, acc);\n\t\t\t\t\treturn { ...r };\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\toptions: { ...result.options, ...command.options },\n\t\t\t\t\trequiredOptions: {\n\t\t\t\t\t\t...result.requiredOptions,\n\t\t\t\t\t\t...command.requiredOptions,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t} else {\n\t\t\treturn {\n\t\t\t\toptions: { ...result.options, ...command.options },\n\t\t\t\trequiredOptions: {\n\t\t\t\t\t...result.requiredOptions,\n\t\t\t\t\t...command.requiredOptions,\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n};\n\nexport const setProgramOptions = (program: Command, commandName?: string) => {\n\tconst programOptions = getInheritedOptions(\n\t\tcommandOptions,\n\t\tcommandName || program.name(),\n\t);\n\n\tif (programOptions?.options) {\n\t\tObject.values(programOptions.options).forEach(\n\t\t\t([option, description, defaultValue]) => {\n\t\t\t\tprogram.option(option, description, defaultValue);\n\t\t\t},\n\t\t);\n\t}\n\tif (programOptions?.requiredOptions) {\n\t\tObject.values(programOptions.requiredOptions).forEach(\n\t\t\t([option, description, defaultValue]) => {\n\t\t\t\tprogram.requiredOption(option, description, defaultValue);\n\t\t\t},\n\t\t);\n\t}\n};\n", "import fs from \"node:fs\";\n\nimport { Command } from \"commander\";\nimport { parse } from \"dotenv\";\n\nimport { DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS } from \"../../constants\";\nimport { awsEncryptionEngineFactory } from \"../../lib/aws/AwsKmsEncryptionEngine\";\nimport { RunCommandOptions } from \"../../types\";\nimport { setProgramOptions } from \"../options\";\nimport { getConfig } from \"../../lib/config\";\nimport { spawnSync } from \"node:child_process\";\nimport { CliPluginRunHandler } from \"../../lib/plugin\";\nconst addRunProgam = (\n\tprogram: Command,\n\toptions?: {\n\t\trun?: CliPluginRunHandler[];\n\t},\n) => {\n\tconst subProgram = program\n\t\t.command(\"run2 <command...>\")\n\t\t.allowUnknownOption()\n\t\t.description(\n\t\t\t\"Run a command in a separate process and populate env with decrypted .env or encrypted .sec values\",\n\t\t)\n\t\t.action(\n\t\t\tasync (\n\t\t\t\tcommands: string[],\n\t\t\t\t_options: Record<string, string>,\n\t\t\t\tcommand: Command,\n\t\t\t) => {\n\t\t\t\tconst {\n\t\t\t\t\tconfigFile,\n\t\t\t\t\tenv: dotenv,\n\t\t\t\t\tsec: dotsec,\n\t\t\t\t\tkeyAlias,\n\t\t\t\t\tregion,\n\t\t\t\t} = command.optsWithGlobals<RunCommandOptions>();\n\n\t\t\t\tconst {\n\t\t\t\t\tcontents: { config } = {},\n\t\t\t\t} = await getConfig(configFile);\n\n\t\t\t\tconst encryptionPlugin = await awsEncryptionEngineFactory({\n\t\t\t\t\tverbose: true,\n\t\t\t\t\tkms: {\n\t\t\t\t\t\tkeyAlias:\n\t\t\t\t\t\t\tkeyAlias ||\n\t\t\t\t\t\t\tconfig?.aws?.kms?.keyAlias ||\n\t\t\t\t\t\t\tDOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n\t\t\t\t\t},\n\t\t\t\t\tregion: region || config?.aws?.region,\n\t\t\t\t});\n\n\t\t\t\tlet envContents: string | undefined;\n\n\t\t\t\tif (dotenv) {\n\t\t\t\t\tenvContents = fs.readFileSync(dotenv, \"utf8\");\n\t\t\t\t} else if (dotsec) {\n\t\t\t\t\tconst dotSecContents = fs.readFileSync(dotsec, \"utf8\");\n\t\t\t\t\tenvContents = await encryptionPlugin.decrypt(dotSecContents);\n\t\t\t\t} else {\n\t\t\t\t\tthrow new Error('Must provide either \"--env\" or \"--sec\"');\n\t\t\t\t}\n\t\t\t\tif (envContents) {\n\t\t\t\t\tconst dotenvVars = parse(envContents);\n\t\t\t\t\tconst [userCommand, ...userCommandArgs] = commands;\n\t\t\t\t\tspawnSync(userCommand, [...userCommandArgs], {\n\t\t\t\t\t\tstdio: \"inherit\",\n\t\t\t\t\t\tshell: false,\n\t\t\t\t\t\tenv: {\n\t\t\t\t\t\t\t...process.env,\n\t\t\t\t\t\t\t...dotenvVars,\n\t\t\t\t\t\t\t__DOTSEC_ENV__: JSON.stringify(Object.keys(dotenvVars)),\n\t\t\t\t\t\t},\n\t\t\t\t\t});\n\n\t\t\t\t\tcommand.help();\n\t\t\t\t} else {\n\t\t\t\t\tthrow new Error(\"No .env or .sec file provided\");\n\t\t\t\t}\n\t\t\t},\n\t\t);\n\n\tsetProgramOptions(subProgram, \"run\");\n\toptions?.run?.map((run) => {\n\t\tconst { options, requiredOptions } = run;\n\t\tif (options) {\n\t\t\tObject.values(options).map((option) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...option);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.values(requiredOptions).map((requiredOption) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...requiredOption);\n\t\t\t});\n\t\t}\n\t});\n\n\treturn subProgram;\n};\n\nexport default addRunProgam;\n", "import path from \"node:path\";\n\nimport { bundleRequire } from \"bundle-require\";\nimport JoyCon from \"joycon\";\n\nimport { loadJson } from \"../json\";\nimport { DotsecConfig, DotsecConfigAndSource } from \"../../types\";\nimport { defaultConfig, DOTSEC_CONFIG_FILES } from \"../../constants\";\n\nexport const getConfig = async (\n\tfilename?: string,\n): Promise<DotsecConfigAndSource> => {\n\tconst cwd = process.cwd();\n\tconst configJoycon = new JoyCon();\n\tconst configPath = await configJoycon.resolve({\n\t\tfiles: filename ? [filename] : [...DOTSEC_CONFIG_FILES, \"package.json\"],\n\t\tcwd,\n\t\tstopDir: path.parse(cwd).root,\n\t\tpackageKey: \"dotsec\",\n\t});\n\tif (filename && configPath === null) {\n\t\tthrow new Error(`Could not find config file ${filename}`);\n\t}\n\tif (configPath) {\n\t\tif (configPath.endsWith(\".json\")) {\n\t\t\tconst rawData = (await loadJson(configPath)) as Partial<DotsecConfig>;\n\n\t\t\tlet data: Partial<DotsecConfig>;\n\n\t\t\tif (\n\t\t\t\tconfigPath.endsWith(\"package.json\") &&\n\t\t\t\t(rawData as { dotsec: Partial<DotsecConfig> }).dotsec !== undefined\n\t\t\t) {\n\t\t\t\tdata = (rawData as { dotsec: Partial<DotsecConfig> }).dotsec;\n\t\t\t} else {\n\t\t\t\tdata = rawData as Partial<DotsecConfig>;\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tsource: \"json\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tconfig: {\n\t\t\t\t\t\t...data?.config,\n\t\t\t\t\t\t...defaultConfig.config,\n\t\t\t\t\t\tgithub: {\n\t\t\t\t\t\t\t...data?.config?.github,\n\t\t\t\t\t\t\t...defaultConfig?.config?.github,\n\t\t\t\t\t\t},\n\t\t\t\t\t\taws: {\n\t\t\t\t\t\t\t...data?.config?.aws,\n\t\t\t\t\t\t\t...defaultConfig?.config?.aws,\n\t\t\t\t\t\t\tkms: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.kms,\n\t\t\t\t\t\t\t\t...data.config?.aws?.kms,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tssm: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.ssm,\n\t\t\t\t\t\t\t\t...data.config?.aws?.ssm,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tsecretsManager: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t\t...data.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t} else if (configPath.endsWith(\".ts\")) {\n\t\t\tconst bundleRequireResult = await bundleRequire({\n\t\t\t\tfilepath: configPath,\n\t\t\t});\n\t\t\tconst data = (bundleRequireResult.mod.dotsec ||\n\t\t\t\tbundleRequireResult.mod.default ||\n\t\t\t\tbundleRequireResult.mod) as Partial<DotsecConfig>;\n\n\t\t\treturn {\n\t\t\t\tsource: \"ts\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tconfig: {\n\t\t\t\t\t\t...data?.config,\n\t\t\t\t\t\t...defaultConfig.config,\n\t\t\t\t\t\tgithub: {\n\t\t\t\t\t\t\t...data?.config?.github,\n\t\t\t\t\t\t\t...defaultConfig?.config?.github,\n\t\t\t\t\t\t},\n\t\t\t\t\t\taws: {\n\t\t\t\t\t\t\t...data?.config?.aws,\n\t\t\t\t\t\t\t...defaultConfig?.config?.aws,\n\t\t\t\t\t\t\tkms: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.kms,\n\t\t\t\t\t\t\t\t...data.config?.aws?.kms,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tssm: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.ssm,\n\t\t\t\t\t\t\t\t...data.config?.aws?.ssm,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tsecretsManager: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t\t...data.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n\n\treturn { source: \"defaultConfig\", contents: defaultConfig };\n};\n", "import fs from \"fs\";\nimport path from \"node:path\";\n\nexport function jsoncParse(data: string) {\n\ttry {\n\t\treturn new Function(`return ${data.trim()}`)();\n\t} catch {\n\t\t// Silently ignore any error\n\t\t// That's what tsc/jsonc-parser did after all\n\t\treturn {};\n\t}\n}\n\nexport const loadJson = async (filepath: string) => {\n\ttry {\n\t\treturn jsoncParse(await fs.promises.readFile(filepath, \"utf8\"));\n\t} catch (error) {\n\t\tif (error instanceof Error) {\n\t\t\tthrow new Error(\n\t\t\t\t`Failed to parse ${path.relative(process.cwd(), filepath)}: ${\n\t\t\t\t\terror.message\n\t\t\t\t}`,\n\t\t\t);\n\t\t} else {\n\t\t\tthrow error;\n\t\t}\n\t}\n};\n", "import { PutParameterRequest } from \"@aws-sdk/client-ssm\";\nimport { Command } from \"commander\";\n\n// type Replace<\n// \tSource,\n// \tNeedle extends String,\n// \tReplacement,\n// > = Source extends Record<string, unknown>\n// \t? {\n// \t\t\t[key in keyof Source]: key extends Needle\n// \t\t\t\t? Replacement\n// \t\t\t\t: Replace<Source[key], Needle, Replacement>;\n// \t }\n// \t: Source;\n\n// utility types\nexport type DeepPartial<T> = T extends object\n\t? {\n\t\t\t[P in keyof T]?: DeepPartial<T[P]>;\n\t }\n\t: T;\n\nexport type EncryptionEngineFactoryProps = { verbose?: boolean };\nexport type EncryptionEngine<T = {}> = {\n\tencrypt(plaintext: string): Promise<string>;\n\tdecrypt(ciphertext: string): Promise<string>;\n} & T;\n\nexport type EncryptionEngineFactory<\n\tT = {},\n\tV extends Record<string, unknown> = {},\n> = {\n\t(options: EncryptionEngineFactoryProps & T): Promise<EncryptionEngine<V>>;\n};\n\nexport abstract class EncryptionPlugin {\n\tprotected verbose: boolean | undefined;\n\tconstructor(options: EncryptionEngineFactoryProps) {\n\t\tthis.verbose = options?.verbose;\n\t}\n\tabstract encrypt(plaintext: string): Promise<string>;\n\tabstract decrypt(ciphertext: string): Promise<string>;\n}\n\ntype DotsecPlugin = {\n\t[key: string]: {\n\t\tplugin?: {\n\t\t\tmodule?: string;\n\t\t};\n\t\tconfig: {\n\t\t\t[key: string]: unknown;\n\t\t};\n\t\tpush: Record<string, unknown>;\n\t};\n};\n\ntype DotsecVariables = Record<string, DotsecVariable | boolean>;\nexport type DotsecConfigOptions = {\n\tplugins?: DotsecPlugin;\n\tvariables?: DotsecVariables;\n};\ntype DotSecVariableWithPlugin<\n\tVariable extends DotsecVariable,\n\tPlugins extends DotsecPlugin,\n> = {\n\tpush?: {\n\t\t[key in keyof DotsecAwsPlugin]?: DotsecAwsPlugin[key][\"push\"];\n\t} & {\n\t\t[key in keyof DotsecGitHubPlugin]?: DotsecGitHubPlugin[key][\"push\"];\n\t} & Variable[\"push\"] & {\n\t\t\t[key in keyof Plugins]?: Plugins[key][\"push\"];\n\t\t};\n};\n\nexport type DotsecVariable = {\n\tpush?: {};\n};\n\nexport type DotsecAwsPlugin = {\n\taws: {\n\t\tconfig: {\n\t\t\tregion?: string;\n\t\t\tkms?: {\n\t\t\t\tkeyAlias?: string;\n\t\t\t\tencryptionAlgorithm?:\n\t\t\t\t\t| \"RSAES_OAEP_SHA_1\"\n\t\t\t\t\t| \"RSAES_OAEP_SHA_256\"\n\t\t\t\t\t| \"SYMMETRIC_DEFAULT\";\n\t\t\t};\n\t\t\tssm?: {\n\t\t\t\tpathPrefix?: string;\n\t\t\t\tparameterType?: \"String\" | \"SecureString\";\n\t\t\t};\n\t\t\tsecretsManager?: {\n\t\t\t\tpathPrefix?: string;\n\t\t\t};\n\t\t};\n\t\tpush: {\n\t\t\tssm?:\n\t\t\t\t| boolean\n\t\t\t\t| (Omit<PutParameterRequest, \"Name\" | \"Value\"> & {\n\t\t\t\t\t\tName?: string;\n\t\t\t\t });\n\t\t\tsecretsManager?: boolean;\n\t\t};\n\t};\n};\nexport type DotsecGitHubPlugin = {\n\tgithub: {\n\t\tconfig: {\n\t\t\tpersonalAccessToken?: string | { fromEnv: string };\n\t\t};\n\t\tpush: {\n\t\t\tactionsSecrets: {\n\t\t\t\torganisations?: [{ secretName?: string; organisation: string }];\n\t\t\t};\n\t\t};\n\t};\n};\n\nexport type DotsecConfig<T extends DotsecConfigOptions = DotsecConfigOptions> =\n\t{\n\t\tconfig?: // (\n\n\t\t{\n\t\t\t[key in keyof DotsecPlugin]?: DotsecPlugin[key][\"config\"];\n\t\t} & {\n\t\t\t[key in keyof DotsecAwsPlugin]?: DotsecAwsPlugin[key][\"config\"];\n\t\t} & {\n\t\t\t[key in keyof DotsecGitHubPlugin]?: DotsecGitHubPlugin[key][\"config\"];\n\t\t} & {\n\t\t\t// aws?: {\n\t\t\t// \tregion?: string;\n\t\t\t// \tkms?: {\n\t\t\t// \t\tkeyAlias?: string;\n\t\t\t// \t\tencryptionAlgorithm?:\n\t\t\t// \t\t\t| \"RSAES_OAEP_SHA_1\"\n\t\t\t// \t\t\t| \"RSAES_OAEP_SHA_256\"\n\t\t\t// \t\t\t| \"SYMMETRIC_DEFAULT\";\n\t\t\t// \t};\n\t\t\t// \tssm?: {\n\t\t\t// \t\tpathPrefix?: string;\n\t\t\t// \t\tparameterType?: \"String\" | \"SecureString\";\n\t\t\t// \t};\n\t\t\t// \tsecretsManager?: {\n\t\t\t// \t\tpathPrefix?: string;\n\t\t\t// \t};\n\t\t\t// };\n\t\t\t// github?: {\n\t\t\t// \tpersonalAccessToken:\n\t\t\t// \t\t| {\n\t\t\t// \t\t\t\tvalue: string;\n\t\t\t// \t\t\t\tfromEnv?: never;\n\t\t\t// \t\t }\n\t\t\t// \t\t| {\n\t\t\t// \t\t\t\tvalue?: never;\n\t\t\t// \t\t\t\tfromEnv: keyof T[\"variables\"];\n\t\t\t// \t\t };\n\t\t\t// };\n\t\t};\n\t\tvariables?: {\n\t\t\t[key in keyof T[\"variables\"]]: T[\"variables\"][key] extends DotsecVariable\n\t\t\t\t? DotSecVariableWithPlugin<\n\t\t\t\t\t\tT[\"variables\"][key],\n\t\t\t\t\t\tT[\"plugins\"] extends DotsecPlugin ? T[\"plugins\"] : never\n\t\t\t\t >\n\t\t\t\t: DotSecVariableWithPlugin<\n\t\t\t\t\t\tDotsecVariable,\n\t\t\t\t\t\tT[\"plugins\"] extends DotsecPlugin ? T[\"plugins\"] : never\n\t\t\t\t >;\n\t\t};\n\t};\n\n// Dotsec config file\nexport type DotsecConfigAndSource = {\n\tsource: \"json\" | \"ts\" | \"defaultConfig\";\n\tcontents: DotsecConfig;\n};\n\n// CLI types\nexport type GlobalCommandOptions = {\n\tconfigFile: string;\n\tverbose: false;\n};\n\nexport type Init2CommandOptions = {\n\tconfigFile: string;\n\tverbose: false;\n\tenv: string;\n\tsec: string;\n\tyes: boolean;\n\tawskeyAlias: string;\n\tawsRegion?: string;\n\t// performInit: (encryptionEngine: EncryptionEngine) => Promise<void>;\n};\nexport type Encrypt2CommandOptions = {\n\tverbose: false;\n\tenv: string;\n\tsec: string;\n\tyes: boolean;\n\t// performInit: (encryptionEngine: EncryptionEngine) => Promise<void>;\n};\nexport type Decrypt2CommandOptions = {\n\tverbose: false;\n\tenv: string;\n\tsec: string;\n\tyes: boolean;\n\t// performInit: (encryptionEngine: EncryptionEngine) => Promise<void>;\n};\n\nexport type RunCommandOptions = GlobalCommandOptions & {\n\tenv?: string;\n\tsec?: string;\n\tkeyAlias?: string;\n\tregion?: string;\n};\n\nexport type PushCommandOptions = {\n\tconfigFile: string;\n\tverbose: false;\n\tenv: string | boolean;\n\tsec: string | boolean;\n\tyes: boolean;\n\tawskeyAlias: string;\n\tawsRegion?: string;\n\ttoAwsSsm?: boolean;\n\ttoAwsSecretsManager?: boolean;\n\ttoGitHubActionsSecrets?: boolean;\n};\n\nexport const isString = (value: unknown): value is string => {\n\treturn typeof value === \"string\";\n};\n\nexport const isNumber = (value: unknown): value is number => {\n\treturn typeof value === \"number\";\n};\nexport const isBoolean = (value: unknown): value is boolean => {\n\treturn typeof value === \"boolean\";\n};\n\nexport type DotsecPluginModule<\n\tT extends Record<string, unknown> = Record<string, unknown>,\n> = {\n\tname: string;\n\tinit: (dotsecConfig: DotsecConfig) => Promise<T>;\n\taddCliCommand?: (options: {\n\t\tdotsecConfig: DotsecConfig;\n\t\tprogram: Command;\n\t}) => void;\n};\n", "import { Command } from \"commander\";\nimport { awsEncryptionEngineFactory } from \"../../lib/aws/AwsKmsEncryptionEngine\";\nimport { EncryptionEngine, isBoolean, PushCommandOptions } from \"../../types\";\nimport fs from \"node:fs\";\n\nimport { getConfig } from \"../../lib/config\";\nimport { setProgramOptions } from \"../options\";\nimport {\n\tDOTSEC_DEFAULT_DOTENV_FILENAME,\n\tDOTSEC_DEFAULT_DOTSEC_FILENAME,\n} from \"../../constants\";\nimport { parse } from \"dotenv\";\nimport { PutParameterRequest } from \"@aws-sdk/client-ssm\";\nimport { strong } from \"../../utils/logger\";\nimport { promptConfirm } from \"../../utils/prompts\";\nimport { AwsSsm } from \"../../lib/aws/AwsSsm\";\nimport { AwsSecretsManager } from \"../../lib/aws/AwsSecretsManager\";\nimport { CreateSecretRequest } from \"@aws-sdk/client-secrets-manager\";\n\nconst addPushProgram = async (program: Command) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"push\")\n\t\t.action(async (_options, command: Command) => {\n\t\t\tconst {\n\t\t\t\tconfigFile,\n\t\t\t\tverbose,\n\t\t\t\tenv,\n\t\t\t\tsec,\n\t\t\t\tawskeyAlias,\n\t\t\t\tawsRegion,\n\t\t\t\tyes,\n\t\t\t\ttoAwsSsm,\n\t\t\t\ttoAwsSecretsManager,\n\t\t\t\ttoGitHubActionsSecrets,\n\t\t\t} = command.optsWithGlobals<PushCommandOptions>();\n\t\t\tif (!(toAwsSsm || toAwsSecretsManager || toGitHubActionsSecrets)) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t\"You must specify at least one of --to-aws-ssm, --to-aws-secrets-manager or --to-github-actions-secrets\",\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst { contents: dotsecConfig } = await getConfig(configFile);\n\n\t\t\tlet envContents: string | undefined;\n\n\t\t\tif (env) {\n\t\t\t\tconst dotenvFilename = isBoolean(env)\n\t\t\t\t\t? DOTSEC_DEFAULT_DOTENV_FILENAME\n\t\t\t\t\t: env;\n\t\t\t\tenvContents = fs.readFileSync(dotenvFilename, \"utf8\");\n\t\t\t} else if (sec) {\n\t\t\t\tconst dotsecFilename = isBoolean(sec)\n\t\t\t\t\t? DOTSEC_DEFAULT_DOTSEC_FILENAME\n\t\t\t\t\t: sec;\n\t\t\t\tconst dotSecContents = fs.readFileSync(dotsecFilename, \"utf8\");\n\t\t\t\tconst encryptionEngine = await awsEncryptionEngineFactory({\n\t\t\t\t\tverbose,\n\t\t\t\t\tregion:\n\t\t\t\t\t\tawsRegion ||\n\t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t\t\tdotsecConfig.config?.aws?.region,\n\t\t\t\t\tkms: {\n\t\t\t\t\t\tkeyAlias: awskeyAlias || dotsecConfig?.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t},\n\t\t\t\t});\n\n\t\t\t\tenvContents = await encryptionEngine.decrypt(dotSecContents);\n\t\t\t} else {\n\t\t\t\tthrow new Error('Must provide either \"--env\" or \"--sec\"');\n\t\t\t}\n\n\t\t\tconst envObject = parse(envContents);\n\n\t\t\t// get dotsec config\n\t\t\ttry {\n\t\t\t\tif (toAwsSsm) {\n\t\t\t\t\tconst ssmDefaults = dotsecConfig?.config?.aws?.ssm;\n\t\t\t\t\tconst ssmType = ssmDefaults?.parameterType || \"SecureString\";\n\n\t\t\t\t\tconst pathPrefix = ssmDefaults?.pathPrefix || \"\";\n\t\t\t\t\tconst putParameterRequests = Object.entries(envObject).reduce<\n\t\t\t\t\t\tPutParameterRequest[]\n\t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t\t\t\tif (entry) {\n\t\t\t\t\t\t\t\tconst keyName = `${pathPrefix}${key}`;\n\t\t\t\t\t\t\t\tif (entry.push?.aws?.ssm) {\n\t\t\t\t\t\t\t\t\tconst putParameterRequest: PutParameterRequest = isBoolean(\n\t\t\t\t\t\t\t\t\t\tentry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\tValue: value,\n\t\t\t\t\t\t\t\t\t\t\t\tType: ssmType,\n\t\t\t\t\t\t\t\t\t\t }\n\t\t\t\t\t\t\t\t\t\t: {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\tType: ssmType,\n\t\t\t\t\t\t\t\t\t\t\t\t...entry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t\t\t\tValue: value,\n\t\t\t\t\t\t\t\t\t\t };\n\n\t\t\t\t\t\t\t\t\tacc.push(putParameterRequest);\n\t\t\t\t\t\t\t\t\t// return putParameterRequest;\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\treturn acc;\n\t\t\t\t\t}, []);\n\n\t\t\t\t\tconst { confirm } = await promptConfirm({\n\t\t\t\t\t\tmessage: `Are you sure you want to push the following variables to AWS SSM Parameter Store?\n${putParameterRequests\n\t.map(({ Name }) => `- ${strong(Name || \"[no name]\")}`)\n\t.join(\"\\n\")}`,\n\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t});\n\n\t\t\t\t\tif (confirm === true) {\n\t\t\t\t\t\tconsole.log(\"pushing to AWS SSM Parameter Store\");\n\t\t\t\t\t\tconst meh = await AwsSsm({\n\t\t\t\t\t\t\tregion: awsRegion || dotsecConfig?.config?.aws?.region,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tawait meh.put(putParameterRequests);\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// secrets manager\n\t\t\t\tif (toAwsSecretsManager) {\n\t\t\t\t\t// create secretss\n\t\t\t\t\tconst secretsManagerDefaults =\n\t\t\t\t\t\tdotsecConfig?.config?.aws?.secretsManager;\n\t\t\t\t\tconst pathPrefix = secretsManagerDefaults?.pathPrefix || \"\";\n\t\t\t\t\tconst awsSecretsMananger = await AwsSecretsManager({\n\t\t\t\t\t\tregion:\n\t\t\t\t\t\t\tawsRegion ||\n\t\t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t\t\t\tdotsecConfig.config?.aws?.region,\n\t\t\t\t\t});\n\n\t\t\t\t\tconst createSecretRequests = Object.entries(envObject).reduce<\n\t\t\t\t\t\tCreateSecretRequest[]\n\t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t\t\t\tif (entry) {\n\t\t\t\t\t\t\t\tconst keyName = `${pathPrefix}${key}`;\n\t\t\t\t\t\t\t\tif (entry.push?.aws?.ssm) {\n\t\t\t\t\t\t\t\t\tconst createSecretRequest: CreateSecretRequest = isBoolean(\n\t\t\t\t\t\t\t\t\t\tentry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\tSecretString: value,\n\t\t\t\t\t\t\t\t\t\t }\n\t\t\t\t\t\t\t\t\t\t: {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\t...entry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t\t\t\tSecretString: value,\n\t\t\t\t\t\t\t\t\t\t };\n\n\t\t\t\t\t\t\t\t\tacc.push(createSecretRequest);\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\treturn acc;\n\t\t\t\t\t}, []);\n\t\t\t\t\tconst { push, updateSecretCommands, createSecretCommands } =\n\t\t\t\t\t\tawait awsSecretsMananger.push(createSecretRequests);\n\t\t\t\t\tconst confirmations: boolean[] = [];\n\t\t\t\t\tif (updateSecretCommands.length > 0) {\n\t\t\t\t\t\tconst { confirm: confirmUpdate } = await promptConfirm({\n\t\t\t\t\t\t\tmessage: `Are you sure you want to update the following variables to AWS SSM Secrets Manager?\n${updateSecretCommands\n\t.map(({ input: { SecretId } }) => `- ${strong(SecretId || \"[no name]\")}`)\n\t.join(\"\\n\")}`,\n\t\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tconfirmations.push(confirmUpdate);\n\t\t\t\t\t}\n\t\t\t\t\tif (createSecretCommands.length > 0) {\n\t\t\t\t\t\tconst { confirm: confirmCreate } = await promptConfirm({\n\t\t\t\t\t\t\tmessage: `Are you sure you want to create the following variables to AWS SSM Secrets Manager?\n${createSecretCommands\n\t.map(({ input: { Name } }) => `- ${strong(Name || \"[no name]\")}`)\n\t.join(\"\\n\")}`,\n\t\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tconfirmations.push(confirmCreate);\n\t\t\t\t\t}\n\t\t\t\t\tif (confirmations.find((c) => c === false) === undefined) {\n\t\t\t\t\t\tconsole.log(\"xpushing to AWS Secrets Manager\");\n\n\t\t\t\t\t\tawait push();\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif (toGitHubActionsSecrets) {\n\t\t\t\t\t// which env vars should we push to github actions secrets?\n\t\t\t\t\tconst githubActionsSecrets = Object.entries(envObject).reduce<\n\t\t\t\t\t\t{ name: string; value: string }[]\n\t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t\t\t\tif (entry) {\n\t\t\t\t\t\t\t\tif (entry.push?.github?.actionsSecrets) {\n\t\t\t\t\t\t\t\t\tacc.push({\n\t\t\t\t\t\t\t\t\t\tname: key,\n\t\t\t\t\t\t\t\t\t\tvalue,\n\t\t\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\treturn acc;\n\t\t\t\t\t}, []);\n\n\t\t\t\t\tconsole.log(\"githubActionsSecrets\", githubActionsSecrets);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tcommand.error(e);\n\t\t\t}\n\t\t});\n\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addPushProgram;\n", "import prompts from \"prompts\";\nexport const promptConfirm = async ({\n\tpredicate,\n\tskip,\n\tmessage,\n}: {\n\tpredicate?: (...args: unknown[]) => Promise<boolean> | boolean;\n\tskip?: boolean;\n\tmessage: string;\n}): Promise<{ confirm: boolean }> => {\n\tif (skip === true) {\n\t\treturn { confirm: true };\n\t} else {\n\t\tconst result = predicate ? await predicate() : true;\n\t\tif (result) {\n\t\t\treturn await prompts({\n\t\t\t\ttype: \"confirm\",\n\t\t\t\tname: \"confirm\",\n\t\t\t\tmessage: () => {\n\t\t\t\t\treturn message;\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t}\n\treturn { confirm: true };\n};\n", "import {\n\tPutParameterCommand,\n\tPutParameterRequest,\n\tSSMClient,\n} from \"@aws-sdk/client-ssm\";\nimport { handleCredentialsAndRegion } from \"./handleCredentialsAndRegion\";\n\nexport const AwsSsm = async (options?: {\n\tregion?: string;\n}) => {\n\tconst { region } = options || {};\n\n\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\tawait handleCredentialsAndRegion({\n\t\t\targv: {},\n\t\t\tenv: { ...process.env },\n\t\t});\n\n\tconst ssmClient = new SSMClient({\n\t\tcredentials: credentialsAndOrigin.value,\n\t\tregion: region || regionAndOrigin.value,\n\t});\n\n\treturn {\n\t\tasync put(putParameterRequests: PutParameterRequest[]): Promise<void> {\n\t\t\tfor (const putParameterRequest of putParameterRequests) {\n\t\t\t\tconst command = new PutParameterCommand({\n\t\t\t\t\t...putParameterRequest,\n\t\t\t\t\tOverwrite: true,\n\t\t\t\t});\n\t\t\t\tawait ssmClient.send(command);\n\t\t\t}\n\t\t},\n\t};\n};\n", "import {\n\tCreateSecretCommand,\n\tDescribeSecretCommand,\n\tUpdateSecretCommand,\n\tCreateSecretRequest,\n\tSecretsManagerClient,\n\tResourceNotFoundException,\n} from \"@aws-sdk/client-secrets-manager\";\nimport { handleCredentialsAndRegion } from \"./handleCredentialsAndRegion\";\n\nexport const AwsSecretsManager = async (options?: {\n\tregion?: string;\n}) => {\n\tconst { region } = options || {};\n\n\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\tawait handleCredentialsAndRegion({\n\t\t\targv: {},\n\t\t\tenv: { ...process.env },\n\t\t});\n\n\tconst secretsManagerClient = new SecretsManagerClient({\n\t\tcredentials: credentialsAndOrigin.value,\n\t\tregion: region || regionAndOrigin.value,\n\t});\n\n\treturn {\n\t\tasync push(createSecretRequests: CreateSecretRequest[]) {\n\t\t\tconst createSecretCommands: CreateSecretCommand[] = [];\n\t\t\tconsole.log(\"createSecretReddquests\", createSecretRequests);\n\t\t\tconst updateSecretCommands: UpdateSecretCommand[] = [];\n\t\t\tfor (const createSecretRequest of createSecretRequests) {\n\t\t\t\t// create secret\n\t\t\t\t// check if secret exists\n\t\t\t\tconst describeSecretCommand = new DescribeSecretCommand({\n\t\t\t\t\tSecretId: createSecretRequest.Name,\n\t\t\t\t});\n\t\t\t\ttry {\n\t\t\t\t\tconst result = await secretsManagerClient.send(describeSecretCommand);\n\t\t\t\t\tconsole.log(\"got one\");\n\t\t\t\t\t// update secret\n\t\t\t\t\tupdateSecretCommands.push(\n\t\t\t\t\t\tnew UpdateSecretCommand({\n\t\t\t\t\t\t\tSecretId: result.ARN,\n\t\t\t\t\t\t\tSecretString: createSecretRequest.SecretString,\n\t\t\t\t\t\t}),\n\t\t\t\t\t);\n\t\t\t\t} catch (e) {\n\t\t\t\t\tif (e instanceof ResourceNotFoundException) {\n\t\t\t\t\t\t// create secret\n\t\t\t\t\t\tconsole.log(\"got one\");\n\n\t\t\t\t\t\tcreateSecretCommands.push(\n\t\t\t\t\t\t\tnew CreateSecretCommand({\n\t\t\t\t\t\t\t\tName: createSecretRequest.Name,\n\t\t\t\t\t\t\t\tSecretString: createSecretRequest.SecretString,\n\t\t\t\t\t\t\t}),\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tcreateSecretCommands,\n\t\t\t\tupdateSecretCommands,\n\t\t\t\tpush: async () => {\n\t\t\t\t\tfor (const createSecretCommand of createSecretCommands) {\n\t\t\t\t\t\tawait secretsManagerClient.send(createSecretCommand);\n\t\t\t\t\t}\n\n\t\t\t\t\tfor (const updateSecretCommand of updateSecretCommands) {\n\t\t\t\t\t\tawait secretsManagerClient.send(updateSecretCommand);\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t};\n\t\t},\n\t};\n};\n", "import { Command } from \"commander\";\nimport {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { CliPluginEncryptHandler } from \"../../lib/plugin\";\nimport { Encrypt2CommandOptions } from \"../../types\";\nimport { strong } from \"../../utils/logger\";\nimport { setProgramOptions } from \"../options\";\n\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n} & Record<string, unknown>;\n\nconst addEncryptProgram = async (\n\tprogram: Command,\n\toptions: {\n\t\tencryption: CliPluginEncryptHandler[];\n\t},\n) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"encrypt\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\ttry {\n\t\t\t\tconst {\n\t\t\t\t\t// verbose,\n\t\t\t\t\tenv: dotenvFilename,\n\t\t\t\t\tsec: dotsecFilename,\n\t\t\t\t\tyes,\n\t\t\t\t} = command.optsWithGlobals<Encrypt2CommandOptions>();\n\t\t\t\tconst pluginCliEncrypt = Object.keys(_options).reduce<\n\t\t\t\t\tCliPluginEncryptHandler | undefined\n\t\t\t\t>((acc, key) => {\n\t\t\t\t\tif (!acc) {\n\t\t\t\t\t\treturn options.encryption.find((encryption) => {\n\t\t\t\t\t\t\treturn encryption.triggerOption === key;\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\treturn acc;\n\t\t\t\t}, undefined);\n\n\t\t\t\tif (!pluginCliEncrypt) {\n\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t`No encryption plugin found, available encryption engine(s): ${options.encryption\n\t\t\t\t\t\t\t.map((e) => `--${e.triggerOption}`)\n\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t...Object.keys(pluginCliEncrypt.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliEncrypt.requiredOptions || {}),\n\t\t\t\t];\n\n\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t}),\n\t\t\t\t);\n\n\t\t\t\tconst dotenvString = await readContentsFromFile(dotenvFilename);\n\n\t\t\t\tconst cipherText = await pluginCliEncrypt.handler({\n\t\t\t\t\tplaintext: dotenvString,\n\t\t\t\t\t...allOptionsValues,\n\t\t\t\t});\n\n\t\t\t\tconst dotsecOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotsecFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotsecOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotsecFilename, cipherText);\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote encrypted contents of ${strong(\n\t\t\t\t\t\t\tdotenvFilename,\n\t\t\t\t\t\t)} file to ${strong(dotsecFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tconsole.error(strong(e.message));\n\t\t\t\tcommand.help();\n\t\t\t}\n\t\t});\n\n\toptions.encryption.map((encryption) => {\n\t\tconst { options, requiredOptions } = encryption;\n\t\tif (options) {\n\t\t\tObject.values(options).map((option) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...option);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.values(requiredOptions).map((requiredOption) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...requiredOption);\n\t\t\t});\n\t\t}\n\t});\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addEncryptProgram;\n", "import { Command } from \"commander\";\nimport {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { CliPluginDecryptHandler } from \"../../lib/plugin\";\nimport { Decrypt2CommandOptions } from \"../../types\";\nimport { strong } from \"../../utils/logger\";\nimport { setProgramOptions } from \"../options\";\n\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n} & Record<string, unknown>;\n\nconst addEncryptProgram = async (\n\tprogram: Command,\n\toptions: {\n\t\tdecryption: CliPluginDecryptHandler[];\n\t},\n) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"decrypt\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\ttry {\n\t\t\t\tconst {\n\t\t\t\t\t// verbose,\n\t\t\t\t\tenv: dotenvFilename,\n\t\t\t\t\tsec: dotsecFilename,\n\t\t\t\t\tyes,\n\t\t\t\t} = command.optsWithGlobals<Decrypt2CommandOptions>();\n\n\t\t\t\tconst pluginCliDecrypt = Object.keys(_options).reduce<\n\t\t\t\t\tCliPluginDecryptHandler | undefined\n\t\t\t\t>((acc, key) => {\n\t\t\t\t\tif (!acc) {\n\t\t\t\t\t\treturn options.decryption.find((encryption) => {\n\t\t\t\t\t\t\treturn encryption.triggerOption === key;\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\treturn acc;\n\t\t\t\t}, undefined);\n\n\t\t\t\tif (!pluginCliDecrypt) {\n\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t`No decryption plugin found, available decryption engine(s): ${options.decryption\n\t\t\t\t\t\t\t.map((e) => `--${e.triggerOption}`)\n\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t...Object.keys(pluginCliDecrypt.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliDecrypt.requiredOptions || {}),\n\t\t\t\t];\n\n\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t}),\n\t\t\t\t);\n\t\t\t\tconsole.log(\"dotsecFilename\", dotsecFilename);\n\t\t\t\t// get current dot env file\n\t\t\t\tconst dotsecString = await readContentsFromFile(dotsecFilename);\n\n\t\t\t\tconst plaintext = await pluginCliDecrypt.handler({\n\t\t\t\t\tciphertext: dotsecString,\n\t\t\t\t\t...allOptionsValues,\n\t\t\t\t});\n\n\t\t\t\tconst dotenvOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotenvFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotenvOverwriteResponse === undefined ||\n\t\t\t\t\tdotenvOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotenvFilename, plaintext);\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote plaintext contents of ${strong(\n\t\t\t\t\t\t\tdotsecFilename,\n\t\t\t\t\t\t)} file to ${strong(dotenvFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconsole.log(\"plaintext\", plaintext);\n\t\t\t} catch (e) {\n\t\t\t\tconsole.error(strong(e.message));\n\t\t\t\tcommand.help();\n\t\t\t}\n\t\t});\n\n\toptions.decryption.map((decryption) => {\n\t\tconst { options, requiredOptions } = decryption;\n\t\tif (options) {\n\t\t\tObject.values(options).map((option) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...option);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.values(requiredOptions).map((requiredOption) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...requiredOption);\n\t\t\t});\n\t\t}\n\t});\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addEncryptProgram;\n", "import JoyCon from \"joycon\";\nimport path from \"path\";\nimport { DotsecPluginModule } from \"../types\";\nimport { loadJson } from \"./json\";\nimport { bundleRequire } from \"bundle-require\";\nimport { Command } from \"commander\";\nimport Ajv from \"ajv\";\n\nexport type DotsecAwsPlugin = DotsecPluginModule<{\n\tvalidateKms: () => Promise<boolean>;\n}>;\n\nexport type DotseGithubPlugin = DotsecPluginModule<{\n\tstoreOrganisationSecret: () => boolean;\n\tstoreRepositorySecret: () => void;\n}>;\nexport const DOTSEC_DEFAULT_CONFIG_FILE = \"dotsec.config.ts\";\nexport const DOTSEC_CONFIG_FILES = [DOTSEC_DEFAULT_CONFIG_FILE];\nexport const DOTSEC_DEFAULT_DOTSEC_FILENAME = \".sec\";\nexport const DOTSEC_DEFAULT_DOTENV_FILENAME = \".env\";\nexport const DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS = \"alias/dotsec\";\nexport const DOTSEC_DEFAULT_AWS_SSM_PARAMETER_TYPE = \"SecureString\";\nexport const defaultConfig: MagicalDotsecConfig = {};\n\nexport type DotsecCliOption =\n\t| [\n\t\t\tflags: string,\n\t\t\tdescription?: string,\n\t\t\tdefaultValue?: string | boolean | string[],\n\t ]\n\t| [\n\t\t\tflags: string,\n\t\t\tdescription: string,\n\t\t\tfn: (value: string, previous: unknown) => unknown,\n\t\t\tdefaultValue?: unknown,\n\t ]\n\t| [\n\t\t\tflags: string,\n\t\t\tdescription: string,\n\t\t\tregexp: RegExp,\n\t\t\tdefaultValue?: string | boolean | string[],\n\t ];\n\nexport type CliPluginHandler<\n\tHandlerArgs extends Record<string, unknown>,\n\tHandlerResult,\n\tT extends Record<string, unknown> = Record<string, unknown>,\n> = {\n\ttriggerOption: string;\n\toptions?: {\n\t\t[key in keyof T]: DotsecCliOption;\n\t};\n\trequiredOptions?: {\n\t\t[key in keyof T]: DotsecCliOption;\n\t};\n\thandler: (options: HandlerArgs & T) => Promise<HandlerResult>;\n};\n\nexport type CliPluginEncryptHandler<\n\tHandlerPluginArgs extends Record<string, unknown> = Record<string, unknown>,\n> = CliPluginHandler<{ plaintext: string }, string, HandlerPluginArgs>;\n\nexport type CliPluginDecryptHandler<\n\tHandlerPluginArgs extends Record<string, unknown> = Record<string, unknown>,\n> = CliPluginHandler<{ ciphertext: string }, string, HandlerPluginArgs>;\n\nexport type CliPluginRunHandler<\n\tHandlerPluginArgs extends Record<string, unknown> = Record<string, unknown>,\n> = CliPluginHandler<{ ciphertext: string }, string, HandlerPluginArgs>;\n\n// export type PluginCliEncryptHandler<\n// \tT extends Record<string, unknown> = Record<string, unknown>,\n// > = {\n// \ttriggerOption: string;\n// \toptions?: {\n// \t\t[key in keyof T]: DotsecCliOption;\n// \t};\n// \trequiredOptions?: {\n// \t\t[key in keyof T]: DotsecCliOption;\n// \t};\n// \thandler: (\n// \t\toptions: {\n// \t\t\tplaintext: string;\n// \t\t} & T,\n// \t) => Promise<string>;\n// };\n// export type PluginCliDecryptHandler<\n// \tT extends Record<string, unknown> = Record<string, unknown>,\n// > = {\n// \ttriggerOption: string;\n// \toptions?: {\n// \t\t[key in keyof T]: DotsecCliOption;\n// \t};\n// \trequiredOptions?: {\n// \t\t[kkey in keyof T]: DotsecCliOption;\n// \t};\n// \thandler: (\n// \t\toptions: {\n// \t\t\tciphertext: string;\n// \t\t} & T,\n// \t) => Promise<string>;\n// };\nexport type MagicalDotsecPluginModule<\n\tT extends {\n\t\tplugin: MagicalDotsecPlugin;\n\t\tapi?: Record<string, unknown>;\n\t\tcliHandlers?: {\n\t\t\tencrypt?: Record<string, unknown>;\n\t\t\tdecrypt?: Record<string, unknown>;\n\t\t\trun?: Record<string, unknown>;\n\t\t};\n\t} = {\n\t\tplugin: MagicalDotsecPlugin;\n\t\tapi?: Record<string, unknown>;\n\t\tcliHandlers?: {\n\t\t\tencrypt?: Record<string, unknown>;\n\t\t\tdecrypt?: Record<string, unknown>;\n\t\t\trun?: Record<string, unknown>;\n\t\t};\n\t},\n> = (options: { dotsecConfig: MagicalDotsecConfig; ajv: Ajv }) => Promise<{\n\tname: keyof T[\"plugin\"];\n\tapi: T[\"api\"] extends Record<string, unknown> ? T[\"api\"] : never;\n\taddCliCommand?: (options: {\n\t\tprogram: Command;\n\t}) => Promise<void>;\n\tcliHandlers?: {\n\t\tencrypt?: CliPluginEncryptHandler<\n\t\t\tT[\"cliHandlers\"] extends { encrypt: Record<string, unknown> }\n\t\t\t\t? T[\"cliHandlers\"][\"encrypt\"]\n\t\t\t\t: Record<string, unknown>\n\t\t>;\n\t\tdecrypt?: CliPluginDecryptHandler<\n\t\t\tT[\"cliHandlers\"] extends { decrypt: Record<string, unknown> }\n\t\t\t\t? T[\"cliHandlers\"][\"decrypt\"]\n\t\t\t\t: Record<string, unknown>\n\t\t>;\n\t\trun?: CliPluginRunHandler<\n\t\t\tT[\"cliHandlers\"] extends { run: Record<string, unknown> }\n\t\t\t\t? T[\"cliHandlers\"][\"run\"]\n\t\t\t\t: Record<string, unknown>\n\t\t>;\n\t\tpush?: {\n\t\t\toptions: [string, string];\n\t\t\thandler: () => Promise<void>;\n\t\t}[];\n\t};\n}>;\n\nexport const loadDotsecPlugin = async (options: {\n\tname: string;\n}): Promise<MagicalDotsecPluginModule> => {\n\treturn import(options.name).then((imported) => {\n\t\treturn imported.default;\n\t});\n};\n// Dotsec config file\nexport type MagicalDotsecConfigAndSource = {\n\tsource: \"json\" | \"ts\" | \"defaultConfig\";\n\tcontents: MagicalDotsecConfig;\n};\n\nexport const getMagicalConfig = async (\n\tfilename?: string,\n): Promise<MagicalDotsecConfigAndSource> => {\n\tconst cwd = process.cwd();\n\tconst configJoycon = new JoyCon();\n\tconst configPath = await configJoycon.resolve({\n\t\tfiles: filename ? [filename] : [...DOTSEC_CONFIG_FILES, \"package.json\"],\n\t\tcwd,\n\t\tstopDir: path.parse(cwd).root,\n\t\tpackageKey: \"dotsec\",\n\t});\n\tif (filename && configPath === null) {\n\t\tthrow new Error(`Could not find config file ${filename}`);\n\t}\n\tif (configPath) {\n\t\tif (configPath.endsWith(\".json\")) {\n\t\t\tconst rawData = (await loadJson(\n\t\t\t\tconfigPath,\n\t\t\t)) as Partial<MagicalDotsecConfig>;\n\n\t\t\tlet data: Partial<MagicalDotsecConfig>;\n\n\t\t\tif (\n\t\t\t\tconfigPath.endsWith(\"package.json\") &&\n\t\t\t\t(rawData as { dotsec: Partial<MagicalDotsecConfig> }).dotsec !==\n\t\t\t\t\tundefined\n\t\t\t) {\n\t\t\t\tdata = (rawData as { dotsec: Partial<MagicalDotsecConfig> }).dotsec;\n\t\t\t} else {\n\t\t\t\tdata = rawData as Partial<MagicalDotsecConfig>;\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tsource: \"json\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tplugins: {\n\t\t\t\t\t\t...data?.plugins,\n\t\t\t\t\t\t...defaultConfig.plugins,\n\t\t\t\t\t},\n\t\t\t\t\tvariables: {\n\t\t\t\t\t\t...data?.variables,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t} else if (configPath.endsWith(\".ts\")) {\n\t\t\tconst bundleRequireResult = await bundleRequire({\n\t\t\t\tfilepath: configPath,\n\t\t\t});\n\t\t\tconst data = (bundleRequireResult.mod.dotsec ||\n\t\t\t\tbundleRequireResult.mod.default ||\n\t\t\t\tbundleRequireResult.mod) as Partial<MagicalDotsecConfig>;\n\n\t\t\treturn {\n\t\t\t\tsource: \"ts\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tplugins: {\n\t\t\t\t\t\t...data?.plugins,\n\t\t\t\t\t\t...defaultConfig.plugins,\n\t\t\t\t\t},\n\t\t\t\t\tvariables: {\n\t\t\t\t\t\t...data?.variables,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n\n\treturn { source: \"defaultConfig\", contents: defaultConfig };\n};\n\nexport type MagicalDotsecPluginConfig = {\n\tmodule?: string;\n\tconfig?: { [key: string]: unknown };\n\tpush?: { [key: string]: unknown };\n};\n\nexport type MagicalDotsecPlugin<\n\tT extends {\n\t\t[key: string]: MagicalDotsecPluginConfig;\n\t} = {\n\t\t[key: string]: MagicalDotsecPluginConfig;\n\t},\n> = T;\nexport type MagicalDotsecPlugins = {\n\tplugins: MagicalDotsecPlugin;\n};\n\nexport type MagicalDotsecConfig<\n\tT extends MagicalDotsecPlugins = { plugins: {} },\n> = {\n\tplugins?: {\n\t\t[PluginKey in keyof T[\"plugins\"]]?: {\n\t\t\tmodule?: T[\"plugins\"][PluginKey][\"module\"];\n\t\t} & T[\"plugins\"][PluginKey][\"config\"];\n\t};\n\tpush?: {\n\t\tvariables?: string[];\n\t\tto: {\n\t\t\t[PluginKey in keyof T[\"plugins\"]]?: T[\"plugins\"][PluginKey][\"push\"];\n\t\t};\n\t};\n\tvariables?: {\n\t\t[key: string]: {\n\t\t\tpush?: {\n\t\t\t\t[PluginKey in keyof T[\"plugins\"]]?: T[\"plugins\"][PluginKey][\"push\"];\n\t\t\t\t// [PluginKey in keyof T[\"plugins\"]]?: T[\"plugins\"][PluginKey][\"push\"];\n\t\t\t};\n\t\t};\n\t};\n};\n\n// type F = MagicalDotsecConfig<{\n// \tplugins: {\n// \t\taws: {\n// \t\t\tmodule: string;\n// \t\t\tconfig: { region: string };\n// \t\t\tpush: { ssm?: boolean };\n// \t\t};\n// \t};\n// }>;\n\n// const f: F = {\n// \tplugins: {\n// \t\taws: {\n// \t\t\tmodule: \"@dotsec/plugin-aws\",\n// \t\t\tconfig: {\n// \t\t\t\tregion: \"eu-west-1\",\n// \t\t\t},\n// \t\t},\n// \t},\n// \tvariables: {\n// \t\tOMG: {\n// \t\t\tpush: {\n// \t\t\t\taws: {\n// \t\t\t\t\tssm: true,\n// \t\t\t\t},\n// \t\t\t},\n// \t\t},\n// \t},\n// };\n"],
|
|
5
|
+
"mappings": "0qCAAA,qCCAA,oHCAA,sGAKA,yECLA,sBAYO,GAAM,GAAW,AAAC,GAAwB,GAAM,aAAa,GACvD,EAAS,AAAC,GAAwB,GAAM,OAAO,KAAK,GDC1D,GAAM,IAA8B,MAAO,CACjD,OACA,SAkBK,CAlCN,UAmCC,GAAM,GAAoB,KAAM,MAC5B,EACA,EACA,EA+CJ,GA9CA,AAAI,EAAK,QACR,GAAmB,CAClB,MAAO,EAAK,QACZ,OAAQ,wBAAwB,EAAS,EAAK,YAE/C,EAAuB,CACtB,MAAO,KAAM,IAAQ,CACpB,QAAS,EAAK,YAEf,OAAQ,GAAG,EAAS,IAAI,EAAK,oCAExB,AAAI,EAAI,YACd,GAAmB,CAClB,MAAO,EAAI,YACX,OAAQ,gBAAgB,EAAS,mBAAmB,EACnD,EAAI,gBAGN,EAAuB,CACtB,MAAO,KAAM,IAAQ,CACpB,QAAS,EAAI,gBAEd,OAAQ,gBAAgB,EAAS,mBAAmB,EACnD,EAAI,iBAGA,AAAI,EAAI,mBAAqB,EAAI,sBACvC,EAAuB,CACtB,MAAO,KAAM,QACb,OAAQ,iBAAiB,EAAS,4BAA4B,EAC7D,4BAGQ,MAAkB,kBAAlB,cAAmC,UAC7C,GAAmB,CAClB,MAAO,UACP,OAAQ,GAAG,EAAS,oCAErB,EAAuB,CACtB,MAAO,KAAM,IAAQ,CACpB,QAAS,cAEV,OAAQ,WAAW,EAAS,iBAI1B,EAAK,OACR,EAAkB,CACjB,MAAO,EAAK,OACZ,OAAQ,wBAAwB,EAAS,EAAK,mBAErC,EAAI,WACd,EAAkB,CACjB,MAAO,EAAI,WACX,OAAQ,gBAAgB,EAAS,kBAAkB,EAClD,EAAI,uBAGI,EAAI,mBACd,EAAkB,CACjB,MAAO,EAAI,mBACX,OAAQ,gBAAgB,EAAS,0BAA0B,EAC1D,EAAI,+BAGI,EAAkB,CAC5B,GAAM,GACL,uBAAmB,aAAnB,cAAgC,EAAiB,SAAjD,cAAyD,OAE1D,AAAI,GACH,GAAkB,CACjB,MAAO,EACP,OAAQ,GAAG,EACV,YAAY,EAAiB,6BAMjC,GAAM,GAAc,EAAK,eAAiB,EAAI,oBAC9C,GAAI,EAAa,CAChB,GAAM,GAAS,EAAK,cAAgB,sBAAwB,eAC5D,EAAuB,CACtB,MAAO,KAAM,IAAyB,CACrC,kBAAmB,iBAAsB,MAEzC,OAAQ,CACP,gBACC,EAAK,2BACL,OAAO,EAAI,mCACX,KACD,QAAS,GAGV,aAAc,CACb,OAAQ,iBAAiB,WAG3B,OAAQ,GAAG,KAAU,EAAS,IAAI,SAIpC,MAAO,CAAE,uBAAsB,kBAAiB,qBAGpC,GAAuC,CAAC,CACpD,uBACA,kBACA,sBAKa,CACb,GAAM,GAAgB,GACtB,MAAI,IACH,EAAI,KAAK,yBAAyB,EAAiB,UAEhD,GACH,EAAI,KAAK,6BAA6B,EAAqB,UAExD,GACH,EAAI,KAAK,wBAAwB,EAAgB,UAE3C,EAAI,KAAK;IE9JV,GAAM,IAA6B,MAAO,CAChD,OACA,SAmBK,CACL,GAAM,CAAE,uBAAsB,kBAAiB,oBAC9C,KAAM,IAA4B,CACjC,KAAM,CACL,OAAQ,EAAK,UACb,QAAS,EAAK,WACd,cAAe,EAAK,iBACpB,0BAA2B,EAAK,8BAEjC,IAAK,KACD,KAcN,GAVI,EAAK,UAAY,IACpB,QAAQ,IACP,GAAqC,CACpC,uBACA,kBACA,sBAKC,CAAE,IAAwB,GAAkB,CAC/C,GAAI,CAAC,EACJ,cAAQ,MAAM,8BACR,GAAI,OAAM,8BAEjB,GAAI,CAAC,EACJ,cAAQ,MAAM,yBACR,GAAI,OAAM,yBAIlB,MAAO,CAAE,uBAAsB,oBH/CzB,GAAM,IAAyD,KACrE,IACI,CAhBL,QAiBC,GAAM,CACL,IAAK,CAAE,YAAa,GACpB,UACG,EACE,CAAE,uBAAsB,mBAC7B,KAAM,IAA2B,CAChC,KAAM,GACN,IAAK,KAAK,QAAQ,OAGd,EAAY,GAAI,IAAU,CAC/B,YAAa,EAAqB,MAClC,OAAQ,GAAU,EAAgB,QAG7B,EAAqB,GAAI,IAAmB,CACjD,MAAO,IAIF,EACL,MAFyB,MAAM,GAAU,KAAK,IAE5B,cAAlB,cAA+B,uBAA/B,cAAsD,GAEvD,GAAI,IAAwB,OAC3B,KAAM,IAAI,OAAM,4CAGjB,MAAO,MACA,SAAQ,EAAoC,CACjD,GAAM,GAAiB,GAAI,IAAe,CACzC,MAAO,EACP,UAAW,OAAO,KAAK,GACvB,oBAAqB,IAEhB,EAAmB,KAAM,GAAU,KAAK,GAE9C,GAAI,CAAC,EAAiB,eACrB,KAAM,IAAI,OACT,2BAA2B,KAAK,UAAU,CACzC,sBASH,MAJmB,QAAO,KAAK,EAAiB,gBAAgB,SAC/D,gBAKI,SAAQ,EAAqC,CAClD,GAAM,GAAiB,GAAI,IAAe,CACzC,MAAO,EACP,eAAgB,OAAO,KAAK,EAAY,UACxC,oBAAqB,IAGhB,EAAmB,KAAM,GAAU,KAAK,GAE9C,GAAI,CAAC,EAAiB,UACrB,KAAM,IAAI,OACT,2BAA2B,KAAK,UAAU,CACzC,WAAY,EACZ,eAAgB,OAKnB,GAAM,GAAiB,OAAO,KAAK,EAAiB,WAAW,WAE/D,MAAI,MAAK,SACR,QAAQ,KAAK,mBAAmB,MAG1B,GAER,MAAO,IAAM,KI7Ff,6CACA,wBACA,0BAEO,GAAM,IAAuB,KACnC,IAEO,KAAM,IAAG,SAAS,EAAU,SAGvB,GAAsB,MAClC,EACA,IAEO,KAAM,IAAG,UAAU,EAAU,EAAU,SAGlC,GAAa,KAAO,IAAqC,CACrE,GAAI,CACH,YAAM,IAAK,GACJ,QACN,CACD,MAAO,KAII,GAA8B,MAAO,CACjD,WACA,UAIK,CACL,GAAI,GAEJ,MAAK,MAAM,IAAW,IAAc,IAAS,GAC5C,EAAoB,KAAM,IAAQ,CACjC,KAAM,UACN,KAAM,YACN,QAAS,IACD,gBAAgB,GAAK,SAAS,QAAQ,MAAO,UAItD,EAAoB,OAEd,GCrCR,0BCTA,uMACA,wBAEO,GAAM,IAAkB,AAAC,GAU1B,CACL,GAAM,GAAsB,AAAG,KACzB,EAAS,GAAG,aAAa,EAAQ,WAAY,QAE7C,EACL,AAAoB,GACpB,AAAC,GAAgB,CAChB,WAAe,EAAwB,CApB1C,wCAsBI,GADA,EAAO,AAAG,GAAe,EAAM,EAAO,GAClC,EAAK,OAAS,AAAG,GAAW,cAAe,CAC9C,GAAM,GAAU,uBAAM,SAAN,cAAc,SAAd,cAAsB,OACtC,GAAI,YAAQ,SAAR,cAAgB,MAAhB,cAAqB,MAArB,cAA0B,WACzB,qBAAS,WAAW,KAApB,cAAwB,aAAc,MAAO,CAChD,GAAM,GAAU,oBAAS,SAAT,cAAiB,OACjC,GAAI,kBAAS,WAAW,GAAG,aAAc,MAKxC,MAAO,AAAG,IACT,WAAQ,SAAR,cAAgB,MAAhB,cAAqB,MAArB,cAA0B,UAK9B,GAAI,SAAQ,SAAR,cAAgB,MAAhB,cAAqB,SACpB,wBAAM,SAAN,cAAc,WAAW,KAAzB,cAA6B,aAAc,SAAU,CACxD,GAAM,GAAU,uBAAM,SAAN,cAAc,SAAd,cAAsB,OAGtC,GAAI,kBAAS,WAAW,GAAG,aAAc,MACxC,MAAO,AAAG,IAAoB,QAAQ,SAAR,cAAgB,MAAhB,cAAqB,SAMvD,MAAO,GAER,MAAO,AAAG,IAAU,EAAU,IAG1B,EAA4B,AAAG,GACpC,UACA,EACA,AAAG,GAAa,OAChB,GACA,AAAG,GAAW,IAIT,EACL,AAAG,GAAyB,EAAY,CAAC,IAEpC,EAAuC,EAAO,YAAY,GAE1D,EAAoB,EAAQ,UAAU,GAC5C,SAAO,UAEA,GCtED,GAAM,IAA6B,mBAC7B,GAAsB,CAAC,IACvB,GAAiC,OACjC,GAAiC,OACjC,GAAmC,eACnC,GAAwC,eAExC,EAA8B,CAC1C,OAAQ,CACP,IAAK,CACJ,IAAK,CACJ,SAAU,IAEX,IAAK,CACJ,cAAe,OCIZ,GAAM,IAAiC,CAC7C,OAAQ,CACP,QAAS,CACR,QAAS,CAAC,YAAa,iBAAkB,IACzC,WAAY,CACX,+CACA,cACA,MAIH,KAAM,CACL,QAAS,CACR,QAAS,CAAC,YAAa,iBAAkB,IACzC,WAAY,CACX,+CACA,cACA,IAGD,IAAK,CAAC,QAAS,oBAAqB,IACpC,IAAK,CAAC,QAAS,oBAAqB,IACpC,IAAK,CAAC,QAAS,4BAA6B,IAC5C,YAAa,CACZ,gCACA,6FACA,gBAED,UAAW,CACV,2BACA,kGAsCH,QAAS,CACR,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,QAAS,4BAA6B,MAG9C,QAAS,CACR,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,QAAS,4BAA6B,MAoB9C,IAAK,CACJ,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,uBAGvB,KAAM,CACL,aAAc,CAAC,UACf,QAAS,CACR,SAAU,CAAC,2BAA4B,mBACvC,oBAAqB,CACpB,kDACA,+BAED,uBAAwB,CACvB,wDACA,kCAGD,IAAK,CAAC,cAAe,qBACrB,IAAK,CAAC,cAAe,qBACrB,IAAK,CAAC,QAAS,4BAA6B,IAC5C,YAAa,CACZ,gCACA,6FACA,gBAED,UAAW,CACV,2BACA,mGAME,GAAsB,CAC3B,EACA,EACA,EAA2D,KACO,CAClE,GAAM,GAAU,EAAM,GACtB,GAAI,EACH,MAAI,GAAQ,aACJ,iBAAS,aAAa,OAC5B,CAAC,EAAK,IAAyB,CAC9B,GAAM,GAAI,GAAoB,EAAO,EAAsB,GAC3D,MAAO,MAAK,IAEb,CACC,QAAS,OAAK,EAAO,SAAY,EAAQ,SACzC,gBAAiB,OACb,EAAO,iBACP,EAAQ,mBAKP,CACN,QAAS,OAAK,EAAO,SAAY,EAAQ,SACzC,gBAAiB,OACb,EAAO,iBACP,EAAQ,mBAOH,EAAoB,CAAC,EAAkB,IAAyB,CAC5E,GAAM,GAAiB,GACtB,GACA,GAAe,EAAQ,QAGxB,AAAI,kBAAgB,UACnB,OAAO,OAAO,EAAe,SAAS,QACrC,CAAC,CAAC,EAAQ,EAAa,KAAkB,CACxC,EAAQ,OAAO,EAAQ,EAAa,KAInC,kBAAgB,kBACnB,OAAO,OAAO,EAAe,iBAAiB,QAC7C,CAAC,CAAC,EAAQ,EAAa,KAAkB,CACxC,EAAQ,eAAe,EAAQ,EAAa,MHvLhD,GAAM,IAAiB,KAAO,IAAqB,CAClD,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,QACR,OAAO,MAAO,EAAmB,IAAqB,CA3BzD,gBA4BG,GAAM,CACL,UACA,aACA,IAAK,EACL,IAAK,EACL,cACA,YACA,OACG,EAAQ,kBAGZ,GAAI,CACH,GAAI,GAEJ,EAAmB,KAAM,IAA2B,CACnD,UACA,OACC,GACA,QAAQ,IAAI,YACZ,SAAc,SAAd,cAAsB,MAAtB,cAA2B,QAC5B,IAAK,CACJ,SAAU,GAAe,+BAAe,SAAf,cAAuB,MAAvB,cAA4B,MAA5B,cAAiC,aAK5D,GAAM,GAAe,KAAM,IAAqB,GAG1C,EAAa,KAAM,GAAiB,QAAQ,GAE5C,EAA0B,KAAM,IAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,IAAoB,EAAgB,GAE1C,QAAQ,IACP,+BAA+B,EAC9B,uBACqB,EAAO,OAI/B,GAAM,GAAwB,GAAgB,CAC7C,WAAY,GAAK,QAChB,UACA,wCAED,OAAQ,CACP,IAAK,CACJ,IAAK,CACJ,SAAU,GAAe,IAE1B,OAAQ,GAAa,QAAQ,IAAI,eAI9B,EAAgC,KAAM,IAC3C,CACC,SAAU,EACV,KAAM,IAGR,AACC,KAAkC,QAClC,EAA8B,YAAc,KAE5C,MAAM,IAAoB,EAAY,GACtC,QAAQ,IAAI,wBAAwB,EAAO,aAEpC,EAAP,CACD,EAAQ,MAAM,MAIjB,SAAkB,GAEX,GAGD,GAAQ,GIjHf,wBAGA,gCCHA,0BAEA,gDACA,uBCHA,mBACA,0BAEO,YAAoB,EAAc,CACxC,GAAI,CACH,MAAO,IAAI,UAAS,UAAU,EAAK,iBAClC,CAGD,MAAO,IAIF,GAAM,IAAW,KAAO,IAAqB,CACnD,GAAI,CACH,MAAO,IAAW,KAAM,IAAG,SAAS,SAAS,EAAU,eAC/C,EAAP,CACD,KAAI,aAAiB,OACd,GAAI,OACT,mBAAmB,GAAK,SAAS,QAAQ,MAAO,OAC/C,EAAM,WAIF,IDfF,GAAM,IAAY,KACxB,IACoC,CAXrC,yFAYC,GAAM,GAAM,QAAQ,MAEd,EAAa,KAAM,AADJ,IAAI,MACa,QAAQ,CAC7C,MAAO,EAAW,CAAC,GAAY,CAAC,GAAG,GAAqB,gBACxD,MACA,QAAS,GAAK,MAAM,GAAK,KACzB,WAAY,WAEb,GAAI,GAAY,IAAe,KAC9B,KAAM,IAAI,OAAM,8BAA8B,KAE/C,GAAI,GACH,GAAI,EAAW,SAAS,SAAU,CACjC,GAAM,GAAW,KAAM,IAAS,GAE5B,EAEJ,MACC,GAAW,SAAS,iBACnB,EAA8C,SAAW,OAE1D,EAAQ,EAA8C,OAEtD,EAAO,EAGD,CACN,OAAQ,OACR,SAAU,SACN,GACA,GAFM,CAGT,OAAQ,SACJ,iBAAM,QACN,EAAc,QAFV,CAGP,OAAQ,OACJ,oBAAM,SAAN,cAAc,QACd,wBAAe,SAAf,cAAuB,QAE3B,IAAK,SACD,oBAAM,SAAN,cAAc,KACd,wBAAe,SAAf,cAAuB,KAFtB,CAGJ,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,eAAgB,OACZ,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,gBAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,+BAMhB,EAAW,SAAS,OAAQ,CACtC,GAAM,GAAsB,KAAM,IAAc,CAC/C,SAAU,IAEL,EAAQ,EAAoB,IAAI,QACrC,EAAoB,IAAI,SACxB,EAAoB,IAErB,MAAO,CACN,OAAQ,KACR,SAAU,SACN,GACA,GAFM,CAGT,OAAQ,SACJ,iBAAM,QACN,EAAc,QAFV,CAGP,OAAQ,OACJ,oBAAM,SAAN,cAAc,QACd,wBAAe,SAAf,cAAuB,QAE3B,IAAK,SACD,oBAAM,SAAN,cAAc,KACd,wBAAe,SAAf,cAAuB,KAFtB,CAGJ,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,eAAgB,OACZ,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,gBAC5B,SAAK,SAAL,cAAa,MAAb,eAAkB,wBAS5B,MAAO,CAAE,OAAQ,gBAAiB,SAAU,IDrG7C,gDAEA,GAAM,IAAe,CACpB,EACA,IAGI,CAjBL,MAkBC,GAAM,GAAa,EACjB,QAAQ,qBACR,qBACA,YACA,qGAEA,OACA,MACC,EACA,EACA,IACI,CA7BR,UA8BI,GAAM,CACL,aACA,IAAK,EACL,IAAK,EACL,WACA,UACG,EAAQ,kBAEN,CACL,SAAU,CAAE,UAAW,IACpB,KAAM,IAAU,GAEd,EAAmB,KAAM,IAA2B,CACzD,QAAS,GACT,IAAK,CACJ,SACC,GACA,wBAAQ,MAAR,cAAa,MAAb,cAAkB,WAClB,IAEF,OAAQ,GAAU,qBAAQ,MAAR,cAAa,UAG5B,EAEJ,GAAI,EACH,EAAc,GAAG,aAAa,EAAQ,gBAC5B,EAAQ,CAClB,GAAM,GAAiB,GAAG,aAAa,EAAQ,QAC/C,EAAc,KAAM,GAAiB,QAAQ,OAE7C,MAAM,IAAI,OAAM,0CAEjB,GAAI,EAAa,CAChB,GAAM,GAAa,GAAM,GACnB,CAAC,KAAgB,GAAmB,EAC1C,GAAU,EAAa,CAAC,GAAG,GAAkB,CAC5C,MAAO,UACP,MAAO,GACP,IAAK,SACD,QAAQ,KACR,GAFC,CAGJ,eAAgB,KAAK,UAAU,OAAO,KAAK,QAI7C,EAAQ,WAER,MAAM,IAAI,OAAM,mCAKpB,SAAkB,EAAY,OAC9B,oBAAS,MAAT,QAAc,IAAI,AAAC,GAAQ,CAC1B,GAAM,CAAE,UAAS,mBAAoB,EACrC,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CAEtC,EAAW,OAAO,GAAG,KAGnB,GACH,OAAO,OAAO,GAAiB,IAAI,AAAC,GAAmB,CAEtD,EAAW,OAAO,GAAG,OAKjB,GAGD,GAAQ,GGsIR,GAAM,IAAY,AAAC,GAClB,MAAO,IAAU,UC3OzB,wBAQA,gCCXA,wBACO,GAAM,IAAgB,MAAO,CACnC,YACA,OACA,aAMI,IAAS,GACL,CAAE,QAAS,IAEH,GAAY,KAAM,KAAc,IAEvC,KAAM,IAAQ,CACpB,KAAM,UACN,KAAM,UACN,QAAS,IACD,IAKJ,CAAE,QAAS,ICxBnB,2EAOO,GAAM,IAAS,KAAO,IAEvB,CACL,GAAM,CAAE,UAAW,GAAW,GAExB,CAAE,uBAAsB,mBAC7B,KAAM,IAA2B,CAChC,KAAM,GACN,IAAK,KAAK,QAAQ,OAGd,EAAY,GAAI,IAAU,CAC/B,YAAa,EAAqB,MAClC,OAAQ,GAAU,EAAgB,QAGnC,MAAO,MACA,KAAI,EAA4D,CACrE,OAAW,KAAuB,GAAsB,CACvD,GAAM,GAAU,GAAI,IAAoB,OACpC,GADoC,CAEvC,UAAW,MAEZ,KAAM,GAAU,KAAK,OC9BzB,wLAUO,GAAM,IAAoB,KAAO,IAElC,CACL,GAAM,CAAE,UAAW,GAAW,GAExB,CAAE,uBAAsB,mBAC7B,KAAM,IAA2B,CAChC,KAAM,GACN,IAAK,KAAK,QAAQ,OAGd,EAAuB,GAAI,IAAqB,CACrD,YAAa,EAAqB,MAClC,OAAQ,GAAU,EAAgB,QAGnC,MAAO,MACA,MAAK,EAA6C,CACvD,GAAM,GAA8C,GACpD,QAAQ,IAAI,yBAA0B,GACtC,GAAM,GAA8C,GACpD,OAAW,KAAuB,GAAsB,CAGvD,GAAM,GAAwB,GAAI,IAAsB,CACvD,SAAU,EAAoB,OAE/B,GAAI,CACH,GAAM,GAAS,KAAM,GAAqB,KAAK,GAC/C,QAAQ,IAAI,WAEZ,EAAqB,KACpB,GAAI,IAAoB,CACvB,SAAU,EAAO,IACjB,aAAc,EAAoB,sBAG5B,EAAP,CACD,AAAI,YAAa,KAEhB,SAAQ,IAAI,WAEZ,EAAqB,KACpB,GAAI,IAAoB,CACvB,KAAM,EAAoB,KAC1B,aAAc,EAAoB,kBAOvC,MAAO,CACN,uBACA,uBACA,KAAM,SAAY,CACjB,OAAW,KAAuB,GACjC,KAAM,GAAqB,KAAK,GAGjC,OAAW,KAAuB,GACjC,KAAM,GAAqB,KAAK,QHpDtC,GAAM,IAAiB,KAAO,IAAqB,CAClD,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,QACR,OAAO,MAAO,EAAU,IAAqB,CAxBhD,8BAyBG,GAAM,CACL,aACA,UACA,MACA,MACA,cACA,YACA,MACA,WACA,sBACA,0BACG,EAAQ,kBACZ,GAAI,CAAE,IAAY,GAAuB,GACxC,KAAM,IAAI,OACT,0GAGF,GAAM,CAAE,SAAU,GAAiB,KAAM,IAAU,GAE/C,EAEJ,GAAI,EAAK,CACR,GAAM,GAAiB,GAAU,GAC9B,GACA,EACH,EAAc,GAAG,aAAa,EAAgB,gBACpC,EAAK,CACf,GAAM,GAAiB,GAAU,GAC9B,GACA,EACG,EAAiB,GAAG,aAAa,EAAgB,QAYvD,EAAc,KAAM,AAXK,MAAM,IAA2B,CACzD,UACA,OACC,GACA,QAAQ,IAAI,YACZ,SAAa,SAAb,cAAqB,MAArB,cAA0B,QAC3B,IAAK,CACJ,SAAU,GAAe,2BAAc,SAAd,cAAsB,MAAtB,cAA2B,MAA3B,cAAgC,cAItB,QAAQ,OAE7C,MAAM,IAAI,OAAM,0CAGjB,GAAM,GAAY,GAAM,GAGxB,GAAI,CACH,GAAI,EAAU,CACb,GAAM,GAAc,uBAAc,SAAd,cAAsB,MAAtB,cAA2B,IACzC,EAAU,kBAAa,gBAAiB,eAExC,EAAa,kBAAa,aAAc,GACxC,EAAuB,OAAO,QAAQ,GAAW,OAErD,CAAC,EAAK,CAAC,EAAK,KAAW,CAnF9B,YAoFM,GAAI,KAAa,YAAb,cAAyB,GAAM,CAClC,GAAM,GAAQ,KAAa,YAAb,cAAyB,GACvC,GAAI,EAAO,CACV,GAAM,GAAU,GAAG,IAAa,IAChC,GAAI,QAAM,OAAN,cAAY,MAAZ,cAAiB,IAAK,CACzB,GAAM,GAA2C,GAChD,EAAM,KAAK,IAAI,KAEb,CACA,KAAM,EACN,MAAO,EACP,KAAM,GAEN,KACA,KAAM,EACN,KAAM,GACH,EAAM,KAAK,IAAI,KAHlB,CAIA,MAAO,IAGV,EAAI,KAAK,KAMZ,MAAO,IACL,IAEG,CAAE,WAAY,KAAM,IAAc,CACvC,QAAS;AAAA,EACb,EACA,IAAI,CAAC,CAAE,UAAW,KAAK,EAAO,GAAQ,gBACtC,KAAK;AAAA,KACD,KAAM,IAGP,AAAI,IAAY,IACf,SAAQ,IAAI,sCAKZ,KAAM,AAJM,MAAM,IAAO,CACxB,OAAQ,GAAa,wBAAc,SAAd,cAAsB,MAAtB,cAA2B,WAGvC,IAAI,IAKhB,GAAI,EAAqB,CAExB,GAAM,GACL,uBAAc,SAAd,cAAsB,MAAtB,cAA2B,eACtB,EAAa,kBAAwB,aAAc,GACnD,EAAqB,KAAM,IAAkB,CAClD,OACC,GACA,QAAQ,IAAI,YACZ,SAAa,SAAb,cAAqB,MAArB,cAA0B,UAGtB,EAAuB,OAAO,QAAQ,GAAW,OAErD,CAAC,EAAK,CAAC,EAAK,KAAW,CAlJ9B,YAmJM,GAAI,KAAa,YAAb,cAAyB,GAAM,CAClC,GAAM,IAAQ,KAAa,YAAb,cAAyB,GACvC,GAAI,GAAO,CACV,GAAM,GAAU,GAAG,IAAa,IAChC,GAAI,SAAM,OAAN,cAAY,MAAZ,cAAiB,IAAK,CACzB,GAAM,GAA2C,GAChD,GAAM,KAAK,IAAI,KAEb,CACA,KAAM,EACN,aAAc,GAEd,KACA,KAAM,GACH,GAAM,KAAK,IAAI,KAFlB,CAGA,aAAc,IAGjB,EAAI,KAAK,KAKZ,MAAO,IACL,IACG,CAAE,OAAM,uBAAsB,wBACnC,KAAM,GAAmB,KAAK,GACzB,EAA2B,GACjC,GAAI,EAAqB,OAAS,EAAG,CACpC,GAAM,CAAE,QAAS,GAAkB,KAAM,IAAc,CACtD,QAAS;AAAA,EACd,EACA,IAAI,CAAC,CAAE,MAAO,CAAE,eAAiB,KAAK,EAAO,GAAY,gBACzD,KAAK;AAAA,KACA,KAAM,IAGP,EAAc,KAAK,GAEpB,GAAI,EAAqB,OAAS,EAAG,CACpC,GAAM,CAAE,QAAS,GAAkB,KAAM,IAAc,CACtD,QAAS;AAAA,EACd,EACA,IAAI,CAAC,CAAE,MAAO,CAAE,WAAa,KAAK,EAAO,GAAQ,gBACjD,KAAK;AAAA,KACA,KAAM,IAGP,EAAc,KAAK,GAEpB,AAAI,EAAc,KAAK,AAAC,GAAM,IAAM,MAAW,QAC9C,SAAQ,IAAI,mCAEZ,KAAM,MAIR,GAAI,EAAwB,CAE3B,GAAM,GAAuB,OAAO,QAAQ,GAAW,OAErD,CAAC,EAAK,CAAC,EAAK,KAAW,CAhN9B,YAiNM,GAAI,KAAa,YAAb,cAAyB,GAAM,CAClC,GAAM,GAAQ,KAAa,YAAb,cAAyB,GACvC,AAAI,GACC,SAAM,OAAN,cAAY,SAAZ,cAAoB,iBACvB,EAAI,KAAK,CACR,KAAM,EACN,UAMJ,MAAO,IACL,IAEH,QAAQ,IAAI,uBAAwB,UAE7B,EAAP,CACD,EAAQ,MAAM,MAIjB,SAAkB,GAEX,GAGD,GAAQ,GI5Nf,GAAM,IAAoB,MACzB,EACA,IAGI,CACJ,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,WACR,OAAO,MAAO,EAAmB,IAAqB,CACtD,GAAI,CACH,GAAM,CAEL,IAAK,EACL,IAAK,EACL,OACG,EAAQ,kBACN,EAAmB,OAAO,KAAK,GAAU,OAE7C,CAAC,EAAK,IACF,GACG,EAAQ,WAAW,KAAK,AAAC,GACxB,EAAW,gBAAkB,GAIpC,QAEH,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DAA+D,EAAQ,WACrE,IAAI,AAAC,GAAM,KAAK,EAAE,iBAClB,KAAK,SAIT,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,EAAiB,SAAW,IAC3C,GAAG,OAAO,KAAK,EAAiB,iBAAmB,KAG9C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAIlB,EAAe,KAAM,IAAqB,GAE1C,EAAa,KAAM,GAAiB,QAAQ,GACjD,UAAW,GACR,IAGE,EAA0B,KAAM,IAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,IAAoB,EAAgB,GAC1C,QAAQ,IACP,+BAA+B,EAC9B,cACY,EAAO,aAGd,EAAP,CACD,QAAQ,MAAM,EAAO,EAAE,UACvB,EAAQ,UAIX,SAAQ,WAAW,IAAI,AAAC,GAAe,CACtC,GAAM,CAAE,UAAS,mBAAoB,EACrC,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CAEtC,EAAW,OAAO,GAAG,KAGnB,GACH,OAAO,OAAO,GAAiB,IAAI,AAAC,GAAmB,CAEtD,EAAW,OAAO,GAAG,OAIxB,EAAkB,GAEX,GAGD,GAAQ,GChGf,GAAM,IAAoB,MACzB,EACA,IAGI,CACJ,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,WACR,OAAO,MAAO,EAAmB,IAAqB,CACtD,GAAI,CACH,GAAM,CAEL,IAAK,EACL,IAAK,EACL,OACG,EAAQ,kBAEN,EAAmB,OAAO,KAAK,GAAU,OAE7C,CAAC,EAAK,IACF,GACG,EAAQ,WAAW,KAAK,AAAC,GACxB,EAAW,gBAAkB,GAIpC,QAEH,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DAA+D,EAAQ,WACrE,IAAI,AAAC,GAAM,KAAK,EAAE,iBAClB,KAAK,SAIT,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,EAAiB,SAAW,IAC3C,GAAG,OAAO,KAAK,EAAiB,iBAAmB,KAG9C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAGxB,QAAQ,IAAI,iBAAkB,GAE9B,GAAM,GAAe,KAAM,IAAqB,GAE1C,EAAY,KAAM,GAAiB,QAAQ,GAChD,WAAY,GACT,IAGE,EAA0B,KAAM,IAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,IAAoB,EAAgB,GAC1C,QAAQ,IACP,+BAA+B,EAC9B,cACY,EAAO,OAItB,QAAQ,IAAI,YAAa,SACjB,EAAP,CACD,QAAQ,MAAM,EAAO,EAAE,UACvB,EAAQ,UAIX,SAAQ,WAAW,IAAI,AAAC,GAAe,CACtC,GAAM,CAAE,UAAS,mBAAoB,EACrC,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CAEtC,EAAW,OAAO,GAAG,KAGnB,GACH,OAAO,OAAO,GAAiB,IAAI,AAAC,GAAmB,CAEtD,EAAW,OAAO,GAAG,OAIxB,EAAkB,GAEX,GAGD,GAAQ,GCpHf,uBACA,qBAGA,gDAYO,GAAM,IAA6B,mBAC7B,GAAsB,CAAC,IAK7B,GAAM,IAAqC,GA+HrC,GAAmB,KAAO,IAG/B,2BAAO,GAAP,GAAO,EAAQ,QAAM,KAAK,AAAC,GAC1B,EAAS,SASL,GAAmB,KAC/B,IAC2C,CAC3C,GAAM,GAAM,QAAQ,MAEd,EAAa,KAAM,AADJ,IAAI,MACa,QAAQ,CAC7C,MAAO,EAAW,CAAC,GAAY,CAAC,GAAG,GAAqB,gBACxD,MACA,QAAS,GAAK,MAAM,GAAK,KACzB,WAAY,WAEb,GAAI,GAAY,IAAe,KAC9B,KAAM,IAAI,OAAM,8BAA8B,KAE/C,GAAI,GACH,GAAI,EAAW,SAAS,SAAU,CACjC,GAAM,GAAW,KAAM,IACtB,GAGG,EAEJ,MACC,GAAW,SAAS,iBACnB,EAAqD,SACrD,OAED,EAAQ,EAAqD,OAE7D,EAAO,EAGD,CACN,OAAQ,OACR,SAAU,SACN,IACA,GAFM,CAGT,QAAS,OACL,iBAAM,SACN,GAAc,SAElB,UAAW,KACP,iBAAM,sBAIF,EAAW,SAAS,OAAQ,CACtC,GAAM,GAAsB,KAAM,IAAc,CAC/C,SAAU,IAEL,EAAQ,EAAoB,IAAI,QACrC,EAAoB,IAAI,SACxB,EAAoB,IAErB,MAAO,CACN,OAAQ,KACR,SAAU,SACN,IACA,GAFM,CAGT,QAAS,OACL,iBAAM,SACN,GAAc,SAElB,UAAW,KACP,iBAAM,eAOd,MAAO,CAAE,OAAQ,gBAAiB,SAAU,KpBzN7C,oBAEA,GAAM,IAA+B,CACpC,QAAS,YACT,KAAM,SACN,WAAY,CACX,KAAM,SACN,YAAa,mBAEd,UAAW,GACX,MAAO,GACP,OAAQ,GACR,QAAS,AAAC,GAAW,CAAC,EAAM,IAAQ,CACnC,GAAI,EAAK,CACR,GAAM,CAAE,aAAY,sBAAuB,EAC3C,SAAW,GAAsB,IAAS,GAAK,GAAK,EAAK,MAAM,GACxD,OAEP,OAAO,KAKJ,EAAU,GAAI,IAEpB,AAAC,UAAY,CAEZ,GAAM,GAAY,QAAQ,KAAK,KAAK,AAAC,GAAQ,EAAI,WAAW,OAEtD,EAAa,EAChB,EAAU,SAAS,KAClB,EAAU,MAAM,KAAK,GACrB,QAAQ,KAAK,QAAQ,KAAK,QAAQ,GAAa,GAChD,OACG,CAAE,SAAU,EAAS,IAAO,KAAM,IAAiB,GACnD,CAAE,UAAS,aAAc,EAE/B,EACE,KAAK,UACL,YAAY,oBACZ,QAAQ,SACR,0BACA,OAAO,CAAC,EAAU,IAAmB,CACrC,EAAM,SAGR,EAAkB,GAElB,GAAM,GAA2C,GACjD,AAAI,GACH,OAAO,QAAQ,GAAS,QACvB,CAAC,CAAC,EAAY,KAAuD,CACpE,AAAI,kBAAc,QACjB,EAAc,GAAc,iBAAc,OAE1C,EAAc,GAAc,kBAAkB,MAMlD,OAAO,OAAO,GAAa,IAAI,QAAQ,AAAC,GAAa,CACpD,AAAI,kBAAU,OACb,OAAO,KAAK,EAAS,MAAM,QAAQ,AAAC,GAAe,CAClD,AAAK,EAAc,IAClB,GAAc,GAAc,kBAAkB,SAMlD,GAAM,GAAM,GAAI,IAAI,CACnB,UAAW,GACX,iBAAkB,GAClB,YAAa,GACb,YAAa,GACb,gBAAiB,GACjB,cAAe,GACf,SAAU,CAAC,MAIN,EAAsD,GACtD,EAAsD,GACtD,EAA8C,GAEpD,OAAW,KAAc,QAAO,KAAK,GAAgB,CACpD,GAAM,GAAe,EAAc,GAC7B,EAAmB,KAAM,IAAiB,CAAE,KAAM,IAClD,CAAE,gBAAe,YAAa,GAAQ,KAAM,GAAiB,CAClE,MACA,aAAc,IAGf,AAAI,kBAAK,UACR,EAAyB,KAAK,EAAI,SAE/B,kBAAK,UACR,EAAyB,KAAK,EAAI,SAE/B,kBAAK,MACR,EAAqB,KAAK,EAAI,KAE3B,GACH,EAAc,CAAE,YAGlB,AAAI,EAAyB,QAC5B,KAAM,IAAkB,EAAS,CAChC,WAAY,IAGV,EAAyB,QAC5B,KAAM,IAAkB,EAAS,CAChC,WAAY,IAKd,KAAM,IAAe,GACrB,KAAM,IAAc,EAAS,CAAE,IAAK,IAGpC,KAAM,IAAe,GACrB,KAAM,GAAQ",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "dotsec",
|
|
3
|
-
"version": "1.0.0-alpha.
|
|
3
|
+
"version": "1.0.0-alpha.14",
|
|
4
4
|
"description": "",
|
|
5
5
|
"main": "./dist/index.js",
|
|
6
6
|
"types": "./dist/index.d.ts",
|
|
@@ -69,5 +69,5 @@
|
|
|
69
69
|
"tweetsodium": "^0.0.6",
|
|
70
70
|
"typescript": "~4.9.3"
|
|
71
71
|
},
|
|
72
|
-
"gitHead": "
|
|
72
|
+
"gitHead": "5be3d90465bf9de250da89fe73ce02e0c475cfd4"
|
|
73
73
|
}
|