dotsec 1.0.0-alpha.13 → 1.0.0-alpha.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/dist/cli/index.js +25 -8
  2. package/dist/cli/index.js.map +3 -3
  3. package/dist/cli/index.mjs +25 -8
  4. package/dist/cli/index.mjs.map +3 -3
  5. package/dist/index.d.ts +93 -192
  6. package/dist/index.js +1 -2
  7. package/dist/index.js.map +3 -3
  8. package/dist/index.mjs +1 -2
  9. package/dist/index.mjs.map +3 -3
  10. package/package.json +7 -12
package/dist/cli/index.js CHANGED
@@ -1,9 +1,26 @@
1
- var ln=Object.create;var we=Object.defineProperty,gn=Object.defineProperties,pn=Object.getOwnPropertyDescriptor,mn=Object.getOwnPropertyDescriptors,un=Object.getOwnPropertyNames,ve=Object.getOwnPropertySymbols,dn=Object.getPrototypeOf,Re=Object.prototype.hasOwnProperty,fn=Object.prototype.propertyIsEnumerable;var De=(e,n,i)=>n in e?we(e,n,{enumerable:!0,configurable:!0,writable:!0,value:i}):e[n]=i,r=(e,n)=>{for(var i in n||(n={}))Re.call(n,i)&&De(e,i,n[i]);if(ve)for(var i of ve(n))fn.call(n,i)&&De(e,i,n[i]);return e},v=(e,n)=>gn(e,mn(n)),yn=e=>we(e,"__esModule",{value:!0});var wn=(e,n,i)=>{if(n&&typeof n=="object"||typeof n=="function")for(let t of un(n))!Re.call(e,t)&&t!=="default"&&we(e,t,{get:()=>n[t],enumerable:!(i=pn(n,t))||i.enumerable});return e},f=e=>wn(yn(we(e!=null?ln(dn(e)):{},"default",e&&e.__esModule&&"default"in e?{get:()=>e.default,enumerable:!0}:{value:e,enumerable:!0})),e);var an=f(require("commander"));var oe=f(require("@aws-sdk/client-kms"));var te=f(require("@aws-sdk/credential-providers")),ke=f(require("@aws-sdk/shared-ini-file-loader"));var Pe=f(require("chalk"));var _=e=>Pe.default.yellowBright(e),C=e=>Pe.default.yellow.bold(e);var _e=async({argv:e,env:n})=>{var m,g,y;let i=await(0,ke.loadSharedConfigFiles)(),t,a,o;if(e.profile?(a={value:e.profile,origin:`command line option: ${_(e.profile)}`},t={value:await(0,te.fromIni)({profile:e.profile})(),origin:`${_(`[${e.profile}]`)} in credentials file`}):n.AWS_PROFILE?(a={value:n.AWS_PROFILE,origin:`env variable ${_("AWS_PROFILE")}: ${C(n.AWS_PROFILE)}`},t={value:await(0,te.fromIni)({profile:n.AWS_PROFILE})(),origin:`env variable ${_("AWS_PROFILE")}: ${C(n.AWS_PROFILE)}`}):n.AWS_ACCESS_KEY_ID&&n.AWS_SECRET_ACCESS_KEY?t={value:await(0,te.fromEnv)()(),origin:`env variables ${_("AWS_ACCESS_KEY_ID")} and ${_("AWS_SECRET_ACCESS_KEY")}`}:((m=i.credentialsFile)==null?void 0:m.default)&&(a={value:"default",origin:`${_("[default]")} in credentials file`},t={value:await(0,te.fromIni)({profile:"default"})(),origin:`profile ${_("[default]")}`}),e.region)o={value:e.region,origin:`command line option: ${_(e.region)}`};else if(n.AWS_REGION)o={value:n.AWS_REGION,origin:`env variable ${_("AWS_REGION")}: ${C(n.AWS_REGION)}`};else if(n.AWS_DEFAULT_REGION)o={value:n.AWS_DEFAULT_REGION,origin:`env variable ${_("AWS_DEFAULT_REGION")}: ${C(n.AWS_DEFAULT_REGION)}`};else if(a){let p=(y=(g=i==null?void 0:i.configFile)==null?void 0:g[a.value])==null?void 0:y.region;p&&(o={value:p,origin:`${_(`[profile ${a.value}]`)} in config file`})}let c=e.assumeRoleArn||n.AWS_ASSUME_ROLE_ARN;if(c){let p=e.assumeRoleArn?"command line option":"env variable";t={value:await(0,te.fromTemporaryCredentials)({masterCredentials:t==null?void 0:t.value,params:{DurationSeconds:e.assumeRoleSessionDuration||Number(n.AWS_ASSUME_ROLE_SESSION_DURATION)||3600,RoleArn:c},clientConfig:{region:o==null?void 0:o.value}})(),origin:`${p} ${_(`[${c}]`)}`}}return{credentialsAndOrigin:t,regionAndOrigin:o,profileAndOrigin:a}},xe=({credentialsAndOrigin:e,regionAndOrigin:n,profileAndOrigin:i})=>{let t=[];return i&&t.push(`Got profile name from ${i.origin}`),e&&t.push(`Resolved credentials from ${e.origin}`),n&&t.push(`Resolved region from ${n.origin}`),t.join(`
2
- `)};var ce=async({argv:e,env:n})=>{let{credentialsAndOrigin:i,regionAndOrigin:t,profileAndOrigin:a}=await _e({argv:{region:e.awsRegion,profile:e.awsProfile,assumeRoleArn:e.awsAssumeRoleArn,assumeRoleSessionDuration:e.awsAssumeRoleSessionDuration},env:r({},n)});if(e.verbose===!0&&console.log(xe({credentialsAndOrigin:i,regionAndOrigin:t,profileAndOrigin:a})),!(i&&t)){if(!i)throw console.error("Could not find credentials"),new Error("Could not find credentials");if(!t)throw console.error("Could not find region"),new Error("Could not find region")}return{credentialsAndOrigin:i,regionAndOrigin:t}};var le=async e=>{var y,p;let{kms:{keyAlias:n}={},region:i}=e,{credentialsAndOrigin:t,regionAndOrigin:a}=await ce({argv:{},env:r({},process.env)}),o=new oe.KMSClient({credentials:t.value,region:i||a.value}),c=new oe.DescribeKeyCommand({KeyId:n}),g=(p=(y=(await o.send(c)).KeyMetadata)==null?void 0:y.EncryptionAlgorithms)==null?void 0:p[0];if(g===void 0)throw new Error("Could not determine encryption algorithm");return{async encrypt(l){let u=new oe.EncryptCommand({KeyId:n,Plaintext:Buffer.from(l),EncryptionAlgorithm:g}),w=await o.send(u);if(!w.CiphertextBlob)throw new Error(`Something bad happened: ${JSON.stringify({encryptCommand:u})}`);return Buffer.from(w.CiphertextBlob).toString("base64")},async decrypt(l){let u=new oe.DecryptCommand({KeyId:n,CiphertextBlob:Buffer.from(l,"base64"),EncryptionAlgorithm:g}),w=await o.send(u);if(!w.Plaintext)throw new Error(`Something bad happened: ${JSON.stringify({cipherText:l,decryptCommand:u})}`);let s=Buffer.from(w.Plaintext).toString();return this.verbose&&console.info(`Decrypting key '${l}'`),s},other:()=>{}}};var ue=f(require("node:fs/promises")),Fe=f(require("prompts")),Te=f(require("node:path")),ge=async e=>await ue.default.readFile(e,"utf-8"),se=async(e,n)=>await ue.default.writeFile(e,n,"utf-8"),Sn=async e=>{try{return await(0,ue.stat)(e),!0}catch{return!1}},ae=async({filePath:e,skip:n})=>{let i;return await Sn(e)&&n!==!0?i=await(0,Fe.default)({type:"confirm",name:"overwrite",message:()=>`Overwrite './${Te.default.relative(process.cwd(),e)}' ?`}):i=void 0,i};var Le=f(require("node:path"));var P=f(require("typescript")),Me=f(require("node:fs")),Ie=e=>{let n=P.createPrinter(),i=Me.default.readFileSync(e.configFile,"utf8"),t=g=>y=>{function p(l){var u,w,s,E,h,R,D,T,x,H,N,V,Y,J,B,Z,z,Q;if(l=P.visitEachChild(l,p,g),l.kind===P.SyntaxKind.StringLiteral){let S=(w=(u=l==null?void 0:l.parent)==null?void 0:u.parent)==null?void 0:w.parent;if(((h=(E=(s=e.config)==null?void 0:s.aws)==null?void 0:E.kms)==null?void 0:h.keyAlias)&&((R=S==null?void 0:S.getChildAt(0))==null?void 0:R.getText())==="kms"){let A=(D=S==null?void 0:S.parent)==null?void 0:D.parent;if((A==null?void 0:A.getChildAt(0).getText())==="aws")return P.createStringLiteral((H=(x=(T=e.config)==null?void 0:T.aws)==null?void 0:x.kms)==null?void 0:H.keyAlias)}if(((V=(N=e.config)==null?void 0:N.aws)==null?void 0:V.region)&&((J=(Y=l==null?void 0:l.parent)==null?void 0:Y.getChildAt(0))==null?void 0:J.getText())==="region"){let A=(Z=(B=l==null?void 0:l.parent)==null?void 0:B.parent)==null?void 0:Z.parent;if((A==null?void 0:A.getChildAt(0).getText())==="aws")return P.createStringLiteral((Q=(z=e.config)==null?void 0:z.aws)==null?void 0:Q.region)}}return l}return P.visitNode(y,p)},a=P.createSourceFile("test.ts",i,P.ScriptTarget.ES2015,!0,P.ScriptKind.TS),o=P.transform(a,[t]),c=o.transformed[0],m=n.printFile(c);return o.dispose(),m};var Se="dotsec.config.ts",We=[Se],pe=".sec",me=".env",de="alias/dotsec",Cn="SecureString",O={config:{aws:{kms:{keyAlias:de},ssm:{parameterType:Cn}}}};var An={dotsec:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",Se]}},init:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",Se],env:["--env","Path to .env file",me],sec:["--sec","Path to .sec file",pe],yes:["--yes","Skip confirmation prompts",!1],awsKeyAlias:["--aws-key-alias <awsKeyAlias>","AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)","alias/dotsec"],awsRegion:["--aws-region <awsRegion>","AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION"]}},encrypt:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file",me],sec:["--sec <sec>","Path to .sec file",pe],yes:["--yes","Skip confirmation prompts",!1]}},decrypt:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file",me],sec:["--sec <sec>","Path to .sec file",pe],yes:["--yes","Skip confirmation prompts",!1]}},run:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file"]}},push:{inheritsFrom:["dotsec"],options:{toAwsSsm:["--to-aws-ssm, --toAwsSsm","Push to AWS SSM"],toAwsSecretsManager:["--to-aws-secrets-manager, --toAwsSecretsManager","Push to AWS Secrets Manager"],toGitHubActionsSecrets:["--to-github-actions-secrets, --toGitHubActionsSecrets","Push to GitHub actions secrets"],env:["--env [env]","Path to .env file"],sec:["--sec [sec]","Path to .sec file"],yes:["--yes","Skip confirmation prompts",!1],awsKeyAlias:["--aws-key-alias <awsKeyAlias>","AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)","alias/dotsec"],awsRegion:["--aws-region <awsRegion>","AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION"]}}},Ne=(e,n,i={})=>{let t=e[n];if(t)return t.inheritsFrom?t==null?void 0:t.inheritsFrom.reduce((a,o)=>{let c=Ne(e,o,a);return r({},c)},{options:r(r({},i.options),t.options),requiredOptions:r(r({},i.requiredOptions),t.requiredOptions)}):{options:r(r({},i.options),t.options),requiredOptions:r(r({},i.requiredOptions),t.requiredOptions)}},W=(e,n)=>{let i=Ne(An,n||e.name());(i==null?void 0:i.options)&&Object.values(i.options).forEach(([t,a,o])=>{e.option(t,a,o)}),(i==null?void 0:i.requiredOptions)&&Object.values(i.requiredOptions).forEach(([t,a,o])=>{e.requiredOption(t,a,o)})};var En=async e=>{let n=e.enablePositionalOptions().passThroughOptions().command("init").action(async(i,t)=>{var l,u,w,s,E,h;let{verbose:a,configFile:o,env:c,sec:m,awskeyAlias:g,awsRegion:y,yes:p}=t.optsWithGlobals();try{let R;R=await le({verbose:a,region:y||process.env.AWS_REGION||((u=(l=O.config)==null?void 0:l.aws)==null?void 0:u.region),kms:{keyAlias:g||((h=(E=(s=(w=O)==null?void 0:w.config)==null?void 0:s.aws)==null?void 0:E.kms)==null?void 0:h.keyAlias)}});let D=await ge(c),T=await R.encrypt(D),x=await ae({filePath:m,skip:p});(x===void 0||x.overwrite===!0)&&(await se(m,T),console.log(`Wrote encrypted contents of ${C(c)} contents file to ${C(m)}`));let H=Ie({configFile:Le.default.resolve(__dirname,"../../src/templates/dotsec.config.ts"),config:{aws:{kms:{keyAlias:g||de},region:y||process.env.AWS_REGION}}}),N=await ae({filePath:o,skip:p});(N===void 0||N.overwrite===!0)&&(await se(o,H),console.log(`Wrote config file to ${C(o)}`))}catch(R){t.error(R)}});return W(n),n},He=En;var Oe=f(require("node:fs")),Ue=f(require("dotenv"));var Ke=f(require("node:path")),Ge=f(require("bundle-require")),qe=f(require("joycon"));var je=f(require("fs")),$e=f(require("node:path"));function hn(e){try{return new Function(`return ${e.trim()}`)()}catch{return{}}}var Ce=async e=>{try{return hn(await je.default.promises.readFile(e,"utf8"))}catch(n){throw n instanceof Error?new Error(`Failed to parse ${$e.default.relative(process.cwd(),e)}: ${n.message}`):n}};var Ae=async e=>{var a,o,c,m,g,y,p,l,u,w,s,E,h,R,D,T,x,H,N,V,Y,J,B,Z,z,Q,S,A,L,G,q,k,M,I,b,F,X,ee,j,ne,ie,re;let n=process.cwd(),t=await new qe.default().resolve({files:e?[e]:[...We,"package.json"],cwd:n,stopDir:Ke.default.parse(n).root,packageKey:"dotsec"});if(e&&t===null)throw new Error(`Could not find config file ${e}`);if(t){if(t.endsWith(".json")){let $=await Ce(t),d;return t.endsWith("package.json")&&$.dotsec!==void 0?d=$.dotsec:d=$,{source:"json",contents:v(r(r({},O),d),{config:v(r(r({},d==null?void 0:d.config),O.config),{github:r(r({},(a=d==null?void 0:d.config)==null?void 0:a.github),(c=(o=O)==null?void 0:o.config)==null?void 0:c.github),aws:v(r(r({},(m=d==null?void 0:d.config)==null?void 0:m.aws),(y=(g=O)==null?void 0:g.config)==null?void 0:y.aws),{kms:r(r({},(u=(l=(p=O)==null?void 0:p.config)==null?void 0:l.aws)==null?void 0:u.kms),(s=(w=d.config)==null?void 0:w.aws)==null?void 0:s.kms),ssm:r(r({},(R=(h=(E=O)==null?void 0:E.config)==null?void 0:h.aws)==null?void 0:R.ssm),(T=(D=d.config)==null?void 0:D.aws)==null?void 0:T.ssm),secretsManager:r(r({},(N=(H=(x=O)==null?void 0:x.config)==null?void 0:H.aws)==null?void 0:N.secretsManager),(Y=(V=d.config)==null?void 0:V.aws)==null?void 0:Y.secretsManager)})})})}}else if(t.endsWith(".ts")){let $=await(0,Ge.bundleRequire)({filepath:t}),d=$.mod.dotsec||$.mod.default||$.mod;return{source:"ts",contents:v(r(r({},O),d),{config:v(r(r({},d==null?void 0:d.config),O.config),{github:r(r({},(J=d==null?void 0:d.config)==null?void 0:J.github),(Z=(B=O)==null?void 0:B.config)==null?void 0:Z.github),aws:v(r(r({},(z=d==null?void 0:d.config)==null?void 0:z.aws),(S=(Q=O)==null?void 0:Q.config)==null?void 0:S.aws),{kms:r(r({},(G=(L=(A=O)==null?void 0:A.config)==null?void 0:L.aws)==null?void 0:G.kms),(k=(q=d.config)==null?void 0:q.aws)==null?void 0:k.kms),ssm:r(r({},(b=(I=(M=O)==null?void 0:M.config)==null?void 0:I.aws)==null?void 0:b.ssm),(X=(F=d.config)==null?void 0:F.aws)==null?void 0:X.ssm),secretsManager:r(r({},(ne=(j=(ee=O)==null?void 0:ee.config)==null?void 0:j.aws)==null?void 0:ne.secretsManager),(re=(ie=d.config)==null?void 0:ie.aws)==null?void 0:re.secretsManager)})})})}}}return{source:"defaultConfig",contents:O}};var Ve=f(require("node:child_process")),Pn=(e,n)=>{var t;let i=e.command("run2 <command...>").allowUnknownOption().description("Run a command in a separate process and populate env with decrypted .env or encrypted .sec values").action(async(a,o,c)=>{var E,h,R;let{configFile:m,env:g,sec:y,keyAlias:p,region:l}=c.optsWithGlobals(),{contents:{config:u}={}}=await Ae(m),w=await le({verbose:!0,kms:{keyAlias:p||((h=(E=u==null?void 0:u.aws)==null?void 0:E.kms)==null?void 0:h.keyAlias)||de},region:l||((R=u==null?void 0:u.aws)==null?void 0:R.region)}),s;if(g)s=Oe.default.readFileSync(g,"utf8");else if(y){let D=Oe.default.readFileSync(y,"utf8");s=await w.decrypt(D)}else throw new Error('Must provide either "--env" or "--sec"');if(s){let D=(0,Ue.parse)(s),[T,...x]=a;(0,Ve.spawnSync)(T,[...x],{stdio:"inherit",shell:!1,env:v(r(r({},process.env),D),{__DOTSEC_ENV__:JSON.stringify(Object.keys(D))})}),c.help()}else throw new Error("No .env or .sec file provided")});return W(i,"run"),(t=n==null?void 0:n.run)==null||t.map(a=>{let{options:o,requiredOptions:c}=a;o&&Object.values(o).map(m=>{i.option(...m)}),c&&Object.values(c).map(m=>{i.option(...m)})}),i},Ye=Pn;var fe=e=>typeof e=="boolean";var be=f(require("node:fs"));var ze=f(require("dotenv"));var Je=f(require("prompts")),Ee=async({predicate:e,skip:n,message:i})=>n===!0?{confirm:!0}:(e?await e():!0)?await(0,Je.default)({type:"confirm",name:"confirm",message:()=>i}):{confirm:!0};var he=f(require("@aws-sdk/client-ssm"));var Be=async e=>{let{region:n}=e||{},{credentialsAndOrigin:i,regionAndOrigin:t}=await ce({argv:{},env:r({},process.env)}),a=new he.SSMClient({credentials:i.value,region:n||t.value});return{async put(o){for(let c of o){let m=new he.PutParameterCommand(v(r({},c),{Overwrite:!0}));await a.send(m)}}}};var K=f(require("@aws-sdk/client-secrets-manager"));var Ze=async e=>{let{region:n}=e||{},{credentialsAndOrigin:i,regionAndOrigin:t}=await ce({argv:{},env:r({},process.env)}),a=new K.SecretsManagerClient({credentials:i.value,region:n||t.value});return{async push(o){let c=[];console.log("createSecretReddquests",o);let m=[];for(let g of o){let y=new K.DescribeSecretCommand({SecretId:g.Name});try{let p=await a.send(y);console.log("got one"),m.push(new K.UpdateSecretCommand({SecretId:p.ARN,SecretString:g.SecretString}))}catch(p){p instanceof K.ResourceNotFoundException&&(console.log("got one"),c.push(new K.CreateSecretCommand({Name:g.Name,SecretString:g.SecretString})))}}return{createSecretCommands:c,updateSecretCommands:m,push:async()=>{for(let g of c)await a.send(g);for(let g of m)await a.send(g)}}}}};var On=async e=>{let n=e.enablePositionalOptions().passThroughOptions().command("push").action(async(i,t)=>{var R,D,T,x,H,N,V,Y,J,B,Z,z,Q;let{configFile:a,verbose:o,env:c,sec:m,awskeyAlias:g,awsRegion:y,yes:p,toAwsSsm:l,toAwsSecretsManager:u,toGitHubActionsSecrets:w}=t.optsWithGlobals();if(!(l||u||w))throw new Error("You must specify at least one of --to-aws-ssm, --to-aws-secrets-manager or --to-github-actions-secrets");let{contents:s}=await Ae(a),E;if(c){let S=fe(c)?me:c;E=be.default.readFileSync(S,"utf8")}else if(m){let S=fe(m)?pe:m,A=be.default.readFileSync(S,"utf8");E=await(await le({verbose:o,region:y||process.env.AWS_REGION||((D=(R=s.config)==null?void 0:R.aws)==null?void 0:D.region),kms:{keyAlias:g||((H=(x=(T=s==null?void 0:s.config)==null?void 0:T.aws)==null?void 0:x.kms)==null?void 0:H.keyAlias)}})).decrypt(A)}else throw new Error('Must provide either "--env" or "--sec"');let h=(0,ze.parse)(E);try{if(l){let S=(V=(N=s==null?void 0:s.config)==null?void 0:N.aws)==null?void 0:V.ssm,A=(S==null?void 0:S.parameterType)||"SecureString",L=(S==null?void 0:S.pathPrefix)||"",G=Object.entries(h).reduce((k,[M,I])=>{var b,F,X,ee;if((b=s.variables)==null?void 0:b[M]){let j=(F=s.variables)==null?void 0:F[M];if(j){let ne=`${L}${M}`;if((ee=(X=j.push)==null?void 0:X.aws)==null?void 0:ee.ssm){let ie=fe(j.push.aws.ssm)?{Name:ne,Value:I,Type:A}:v(r({Name:ne,Type:A},j.push.aws.ssm),{Value:I});k.push(ie)}}}return k},[]),{confirm:q}=await Ee({message:`Are you sure you want to push the following variables to AWS SSM Parameter Store?
3
- ${G.map(({Name:k})=>`- ${C(k||"[no name]")}`).join(`
4
- `)}`,skip:p});q===!0&&(console.log("pushing to AWS SSM Parameter Store"),await(await Be({region:y||((J=(Y=s==null?void 0:s.config)==null?void 0:Y.aws)==null?void 0:J.region)})).put(G))}if(u){let S=(Z=(B=s==null?void 0:s.config)==null?void 0:B.aws)==null?void 0:Z.secretsManager,A=(S==null?void 0:S.pathPrefix)||"",L=await Ze({region:y||process.env.AWS_REGION||((Q=(z=s.config)==null?void 0:z.aws)==null?void 0:Q.region)}),G=Object.entries(h).reduce((b,[F,X])=>{var ee,j,ne,ie;if((ee=s.variables)==null?void 0:ee[F]){let re=(j=s.variables)==null?void 0:j[F];if(re){let $=`${A}${F}`;if((ie=(ne=re.push)==null?void 0:ne.aws)==null?void 0:ie.ssm){let d=fe(re.push.aws.ssm)?{Name:$,SecretString:X}:v(r({Name:$},re.push.aws.ssm),{SecretString:X});b.push(d)}}}return b},[]),{push:q,updateSecretCommands:k,createSecretCommands:M}=await L.push(G),I=[];if(k.length>0){let{confirm:b}=await Ee({message:`Are you sure you want to update the following variables to AWS SSM Secrets Manager?
5
- ${k.map(({input:{SecretId:F}})=>`- ${C(F||"[no name]")}`).join(`
6
- `)}`,skip:p});I.push(b)}if(M.length>0){let{confirm:b}=await Ee({message:`Are you sure you want to create the following variables to AWS SSM Secrets Manager?
7
- ${M.map(({input:{Name:F}})=>`- ${C(F||"[no name]")}`).join(`
8
- `)}`,skip:p});I.push(b)}I.find(b=>b===!1)===void 0&&(console.log("xpushing to AWS Secrets Manager"),await q())}if(w){let S=Object.entries(h).reduce((A,[L,G])=>{var q,k,M,I;if((q=s.variables)==null?void 0:q[L]){let b=(k=s.variables)==null?void 0:k[L];b&&((I=(M=b.push)==null?void 0:M.github)==null?void 0:I.actionsSecrets)&&A.push({name:L,value:G})}return A},[]);console.log("githubActionsSecrets",S)}}catch(S){t.error(S)}});return W(n),n},Qe=On;var bn=async(e,n)=>{let i=e.enablePositionalOptions().passThroughOptions().command("encrypt").action(async(t,a)=>{try{let{env:o,sec:c,yes:m}=a.optsWithGlobals(),g=Object.keys(t).reduce((s,E)=>s||n.encryption.find(h=>h.triggerOption===E),void 0);if(!g)throw new Error(`No encryption plugin found, available encryption engine(s): ${n.encryption.map(s=>`--${s.triggerOption}`).join(", ")}`);let y=[...Object.keys(g.options||{}),...Object.keys(g.requiredOptions||{})],p=Object.fromEntries(y.map(s=>[s,t[s]])),l=await ge(o),u=await g.handler(r({plaintext:l},p)),w=await ae({filePath:c,skip:m});(w===void 0||w.overwrite===!0)&&(await se(c,u),console.log(`Wrote encrypted contents of ${C(o)} file to ${C(c)}`))}catch(o){console.error(C(o.message)),a.help()}});return n.encryption.map(t=>{let{options:a,requiredOptions:o}=t;a&&Object.values(a).map(c=>{i.option(...c)}),o&&Object.values(o).map(c=>{i.option(...c)})}),W(i),i},Xe=bn;var vn=async(e,n)=>{let i=e.enablePositionalOptions().passThroughOptions().command("decrypt").action(async(t,a)=>{try{let{env:o,sec:c,yes:m}=a.optsWithGlobals(),g=Object.keys(t).reduce((s,E)=>s||n.decryption.find(h=>h.triggerOption===E),void 0);if(!g)throw new Error(`No decryption plugin found, available decryption engine(s): ${n.decryption.map(s=>`--${s.triggerOption}`).join(", ")}`);let y=[...Object.keys(g.options||{}),...Object.keys(g.requiredOptions||{})],p=Object.fromEntries(y.map(s=>[s,t[s]]));console.log("dotsecFilename",c);let l=await ge(c),u=await g.handler(r({ciphertext:l},p)),w=await ae({filePath:o,skip:m});(w===void 0||w.overwrite===!0)&&(await se(o,u),console.log(`Wrote plaintext contents of ${C(c)} file to ${C(o)}`)),console.log("plaintext",u)}catch(o){console.error(C(o.message)),a.help()}});return n.decryption.map(t=>{let{options:a,requiredOptions:o}=t;a&&Object.values(a).map(c=>{i.option(...c)}),o&&Object.values(o).map(c=>{i.option(...c)})}),W(i),i},en=vn;var nn=f(require("joycon")),tn=f(require("path"));var on=f(require("bundle-require")),Rn="dotsec.config.ts",Dn=[Rn];var ye={},rn=async e=>Promise.resolve().then(()=>f(require(e.name))).then(n=>n.default),sn=async e=>{let n=process.cwd(),t=await new nn.default().resolve({files:e?[e]:[...Dn,"package.json"],cwd:n,stopDir:tn.default.parse(n).root,packageKey:"dotsec"});if(e&&t===null)throw new Error(`Could not find config file ${e}`);if(t){if(t.endsWith(".json")){let a=await Ce(t),o;return t.endsWith("package.json")&&a.dotsec!==void 0?o=a.dotsec:o=a,{source:"json",contents:v(r(r({},ye),o),{plugins:r(r({},o==null?void 0:o.plugins),ye.plugins),variables:r({},o==null?void 0:o.variables)})}}else if(t.endsWith(".ts")){let a=await(0,on.bundleRequire)({filepath:t}),o=a.mod.dotsec||a.mod.default||a.mod;return{source:"ts",contents:v(r(r({},ye),o),{plugins:r(r({},o==null?void 0:o.plugins),ye.plugins),variables:r({},o==null?void 0:o.variables)})}}}return{source:"defaultConfig",contents:ye}};var cn=f(require("ajv")),kn={keyword:"separator",type:"string",metaSchema:{type:"string",description:"value separator"},modifying:!0,valid:!0,errors:!1,compile:e=>(n,i)=>{if(i){let{parentData:t,parentDataProperty:a}=i;return t[a]=n===""?[]:n.split(e),!0}else return!1}},U=new an.Command;(async()=>{let e=process.argv.find(p=>p.startsWith("-c")),n=e?e.includes("=")?e.split("=")[1]:process.argv[process.argv.indexOf(e)+1]:void 0,{contents:i={}}=await sn(n),{plugins:t,variables:a}=i;U.name("dotsec").description(".env, but secure").version("1.0.0").enablePositionalOptions().action((p,l)=>{l.help()}),W(U);let o={};t&&Object.entries(t).forEach(([p,l])=>{(l==null?void 0:l.module)&&(o[p]=l==null?void 0:l.module)}),Object.values(a||{}).forEach(p=>{(p==null?void 0:p.push)&&Object.keys(p.push).forEach(l=>{o[l]||(o[l]=`@dotsec/plugin-${l}`)})}),console.log("pluginModules",o);let c=new cn.default({allErrors:!0,removeAdditional:!0,useDefaults:!0,coerceTypes:!0,allowUnionTypes:!0,addUsedSchema:!1,keywords:[kn]}),m=[],g=[],y=[];for(let p of Object.keys(o)){let l=o[p],u=await rn({name:l}),{addCliCommand:w,cliHandlers:s}=await u({ajv:c,dotsecConfig:i});(s==null?void 0:s.encrypt)&&m.push(s.encrypt),(s==null?void 0:s.decrypt)&&g.push(s.decrypt),(s==null?void 0:s.run)&&y.push(s.run),w&&w({program:U})}m.length&&await Xe(U,{encryption:m}),g.length&&await en(U,{decryption:g}),await He(U),await Ye(U,{run:y}),await Qe(U),await U.parse()})();
1
+ var Fe=Object.create;var V=Object.defineProperty,Se=Object.defineProperties,je=Object.getOwnPropertyDescriptor,xe=Object.getOwnPropertyDescriptors,Te=Object.getOwnPropertyNames,X=Object.getOwnPropertySymbols,$e=Object.getPrototypeOf,Y=Object.prototype.hasOwnProperty,ke=Object.prototype.propertyIsEnumerable;var Z=(e,t,i)=>t in e?V(e,t,{enumerable:!0,configurable:!0,writable:!0,value:i}):e[t]=i,s=(e,t)=>{for(var i in t||(t={}))Y.call(t,i)&&Z(e,i,t[i]);if(X)for(var i of X(t))ke.call(t,i)&&Z(e,i,t[i]);return e},j=(e,t)=>Se(e,xe(t)),Ae=e=>V(e,"__esModule",{value:!0});var He=(e,t,i)=>{if(t&&typeof t=="object"||typeof t=="function")for(let n of Te(t))!Y.call(e,n)&&n!=="default"&&V(e,n,{get:()=>t[n],enumerable:!(i=je(t,n))||i.enumerable});return e},w=e=>He(Ae(V(e!=null?Fe($e(e)):{},"default",e&&e.__esModule&&"default"in e?{get:()=>e.default,enumerable:!0}:{value:e,enumerable:!0})),e);var Pe=w(require("commander"));var L="dotsec.config.ts",ee=[L],$=".sec",k=".env",A={};var te=w(require("fs")),ne=w(require("node:path"));function _e(e){try{return new Function(`return ${e.trim()}`)()}catch{return{}}}var oe=async e=>{try{return _e(await te.default.promises.readFile(e,"utf8"))}catch(t){throw t instanceof Error?new Error(`Failed to parse ${ne.default.relative(process.cwd(),e)}: ${t.message}`):t}};var ie=w(require("bundle-require")),re=w(require("joycon")),se=w(require("path")),ce=async e=>{var o,c,d,a;let t=process.cwd(),n=await new re.default().resolve({files:e?[e]:[...ee,"package.json"],cwd:t,stopDir:se.default.parse(t).root,packageKey:"dotsec"});if(e&&n===null)throw new Error(`Could not find config file ${e}`);if(n){if(n.endsWith(".json")){let p=await oe(n),r;return n.endsWith("package.json")&&p.dotsec!==void 0?r=p.dotsec:r=p,{source:"json",contents:j(s(s({},A),r),{defaults:j(s(s({},r==null?void 0:r.defaults),A.defaults),{plugins:s(s({},(o=r==null?void 0:r.defaults)==null?void 0:o.plugins),(c=A.defaults)==null?void 0:c.plugins)}),variables:s({},r==null?void 0:r.variables)})}}else if(n.endsWith(".ts")){let p=await(0,ie.bundleRequire)({filepath:n}),r=p.mod.dotsec||p.mod.default||p.mod;return{source:"ts",contents:j(s(s({},A),r),{defaults:j(s(s({},r==null?void 0:r.defaults),A.defaults),{plugins:s(s({},(d=r==null?void 0:r.defaults)==null?void 0:d.plugins),(a=A.defaults)==null?void 0:a.plugins)}),variables:s({},r==null?void 0:r.variables)})}}}return{source:"defaultConfig",contents:A}};var W=async e=>Promise.resolve().then(()=>w(require(e.name))).then(t=>t.default);var I=w(require("node:fs/promises")),ae=w(require("node:path")),pe=w(require("prompts")),K=async e=>await I.default.readFile(e,"utf-8"),R=async(e,t)=>await I.default.writeFile(e,t,"utf-8"),Re=async e=>{try{return await(0,I.stat)(e),!0}catch{return!1}},q=async({filePath:e,skip:t})=>{let i;return await Re(e)&&t!==!0?i=await(0,pe.default)({type:"confirm",name:"overwrite",message:()=>`Overwrite './${ae.default.relative(process.cwd(),e)}' ?`}):i=void 0,i};var le=w(require("chalk")),Ye=require("cli-table");var F=e=>le.default.yellow.bold(e);var qe={dotsec:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",L],plugin:["-p, --plugin <plugin>","Comma-separated list of plugins to use"]}},init:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",L],env:["--env","Path to .env file",k],sec:["--sec","Path to .sec file",$],yes:["--yes","Skip confirmation prompts",!1]}},encrypt:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file",k],sec:["--sec <sec>","Path to .sec file",$],yes:["--yes","Skip confirmation prompts",!1]}},decrypt:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file",k],sec:["--sec <sec>","Path to .sec file",$],yes:["--yes","Skip confirmation prompts",!1]}},run:{inheritsFrom:["dotsec"],options:{withEnv:["--with-env, --withEnv",`Run command with ${k} file`],withSec:["--with-sec, --withSec",`Run command with ${$} file`],env:["--env <env>","Path to .env file",k],sec:["--sec <sec>","Path to .sec file",$],yes:["--yes","Skip confirmation prompts",!1]}},push:{inheritsFrom:["dotsec"],options:{withEnv:["--with-env, --withEnv",`Run command with ${k} file`],withSec:["--with-sec, --withSec",`Run command with ${$} file`],env:["--env <env>","Path to .env file",k],sec:["--sec <sec>","Path to .sec file",$],yes:["--yes","Skip confirmation prompts",!1]}}},me=(e,t,i={})=>{let n=e[t];if(n)return n.inheritsFrom?n==null?void 0:n.inheritsFrom.reduce((o,c)=>me(e,c,o),{options:s(s({},i.options),n.options),requiredOptions:s(s({},i.requiredOptions),n.requiredOptions)}):{options:s(s({},i.options),n.options),requiredOptions:s(s({},i.requiredOptions),n.requiredOptions)}},S=(e,t)=>{let i=me(qe,t||e.name());(i==null?void 0:i.options)&&Object.values(i.options).forEach(([n,o,c])=>{e.option(n,o,c)}),(i==null?void 0:i.requiredOptions)&&Object.values(i.requiredOptions).forEach(([n,o,c])=>{e.requiredOption(n,o,c)})};var Ne=async(e,t)=>{let{dotsecConfig:i,decryptHandlers:n}=t,o=e.enablePositionalOptions().passThroughOptions().command("decrypt").action(async(d,a)=>{var p;try{let{env:r,sec:g,engine:f,yes:E}=a.optsWithGlobals(),P=f||((p=i==null?void 0:i.defaults)==null?void 0:p.encryptionEngine),C=(n||[]).find(h=>h.triggerOptionValue===P);if(!C)throw new Error(`No decryption plugin found, available decryption engine(s): ${t.decryptHandlers.map(h=>`--${h.triggerOptionValue}`).join(", ")}`);let m=[...Object.keys(C.options||{}),...Object.keys(C.requiredOptions||{})],l=Object.fromEntries(m.map(h=>[h,d[h]])),u=await K(g),O=await C.handler(s({ciphertext:u},l)),y=await q({filePath:r,skip:E});(y===void 0||y.overwrite===!0)&&(await R(r,O),console.log(`Wrote plaintext contents of ${F(g)} file to ${F(r)}`))}catch(r){console.error(F(r.message)),a.help()}});t.decryptHandlers.map(d=>{let{options:a,requiredOptions:p}=d;a&&Object.values(a).map(r=>{o.option(...r)}),p&&Object.values(p).map(r=>{o.option(...r)})});let c=t.decryptHandlers.map(d=>d.triggerOptionValue);return o.option("--engine <engine>",`Encryption engine${c.length>0?"s":""} to use: ${c.join(", "),c.length===1?c[0]:void 0}`,c.length===1?c[0]:void 0),S(o),o},fe=Ne;var Ie=async(e,t)=>{let{encryptHandlers:i,dotsecConfig:n}=t,o=e.enablePositionalOptions().passThroughOptions().command("encrypt").action(async(a,p)=>{var r;try{let{env:g,sec:f,engine:E,yes:P}=p.optsWithGlobals(),C=E||((r=n==null?void 0:n.defaults)==null?void 0:r.encryptionEngine),m=(i||[]).find(D=>D.triggerOptionValue===C);if(!m)throw new Error(`No encryption plugin found, available encryption engine(s): ${t.encryptHandlers.map(D=>D.triggerOptionValue).join(", ")}`);let l=[...Object.keys(m.options||{}),...Object.keys(m.requiredOptions||{})],u=Object.fromEntries(l.map(D=>[D,a[D]])),O=await K(g),y=await m.handler(s({plaintext:O},u)),h=await q({filePath:f,skip:P});(h===void 0||h.overwrite===!0)&&(await R(f,y),console.log(`Wrote encrypted contents of ${F(g)} file to ${F(f)}`))}catch(g){console.error(F(g.message)),p.help()}});t.encryptHandlers.map(a=>{let{options:p,requiredOptions:r}=a;p&&Object.values(p).map(g=>{o.option(...g)}),r&&Object.values(r).map(g=>{o.option(...g)})});let c=t.encryptHandlers.map(a=>a.triggerOptionValue),d=t.encryptHandlers.map(a=>a.encryptionEngineName);return o.option("--engine <engine>",`Encryption engine${c.length>0?"s":""}: ${c.join(", "),c.length===1?c[0]:void 0}`),S(o),o.description(`Encrypt .env file using ${d.join(", ")}`),o},de=Ie;var ge=w(require("node:fs")),v=w(require("typescript")),ue=e=>{let t=v.createPrinter(),i=ge.default.readFileSync(e.configFile,"utf8"),n=p=>r=>{function g(f){var E,P,C,m,l,u,O,y,h,D,b,x,N,J,M,B,z,Q;if(f=v.visitEachChild(f,g,p),f.kind===v.SyntaxKind.StringLiteral){let _=(P=(E=f==null?void 0:f.parent)==null?void 0:E.parent)==null?void 0:P.parent;if(((l=(m=(C=e.config)==null?void 0:C.aws)==null?void 0:m.kms)==null?void 0:l.keyAlias)&&((u=_==null?void 0:_.getChildAt(0))==null?void 0:u.getText())==="kms"){let H=(O=_==null?void 0:_.parent)==null?void 0:O.parent;if((H==null?void 0:H.getChildAt(0).getText())==="aws")return v.createStringLiteral((D=(h=(y=e.config)==null?void 0:y.aws)==null?void 0:h.kms)==null?void 0:D.keyAlias)}if(((x=(b=e.config)==null?void 0:b.aws)==null?void 0:x.region)&&((J=(N=f==null?void 0:f.parent)==null?void 0:N.getChildAt(0))==null?void 0:J.getText())==="region"){let H=(B=(M=f==null?void 0:f.parent)==null?void 0:M.parent)==null?void 0:B.parent;if((H==null?void 0:H.getChildAt(0).getText())==="aws")return v.createStringLiteral((Q=(z=e.config)==null?void 0:z.aws)==null?void 0:Q.region)}}return f}return v.visitNode(r,g)},o=v.createSourceFile("test.ts",i,v.ScriptTarget.ES2015,!0,v.ScriptKind.TS),c=v.transform(o,[n]),d=c.transformed[0],a=t.printFile(d);return c.dispose(),a};var ye=w(require("node:path")),Ve=async e=>{let t=e.enablePositionalOptions().passThroughOptions().command("init").action(async(i,n)=>{let{configFile:o,yes:c}=n.optsWithGlobals();try{let d=ue({configFile:ye.default.resolve(__dirname,"../../src/templates/dotsec.config.ts")}),a=await q({filePath:o,skip:c});(a===void 0||a.overwrite===!0)&&(await R(o,d),console.log(`Wrote config file to ${F(o)}`))}catch(d){n.error(d)}});return S(t),t},he=Ve;var we=w(require("dotenv")),G=w(require("node:fs")),Le=async(e,t)=>{let{dotsecConfig:i,handlers:n}=t,o=e.enablePositionalOptions().passThroughOptions().command("push").action(async(c,d)=>{var a,p,r;try{let{env:g,sec:f,withEnv:E,withSec:P,engine:C,yes:m}=d.optsWithGlobals(),l=C||((a=i==null?void 0:i.defaults)==null?void 0:a.encryptionEngine),u=(p=(n||[]).find(b=>{var x;return((x=b.decrypt)==null?void 0:x.triggerOptionValue)===l}))==null?void 0:p.decrypt,O=(r=(n||[]).find(b=>{var x;return((x=b.push)==null?void 0:x.triggerOptionValue)===l}))==null?void 0:r.push;if(!O)throw new Error("No push plugin found!");let y=[...Object.keys((u==null?void 0:u.options)||{}),...Object.keys((u==null?void 0:u.requiredOptions)||{}),...Object.keys((O==null?void 0:O.options)||{}),...Object.keys((O==null?void 0:O.requiredOptions)||{})],h=Object.fromEntries(y.map(b=>[b,c[b]]));if(E&&P)throw new Error("Cannot use both --with-env and --with-sec");let D;if(E||!(E||P)){if(!g)throw new Error("No dotenv file specified in --env option");D=G.default.readFileSync(g,"utf8")}else if(P){if(!f)throw new Error("No dotsec file specified in --sec option");if(!u)throw new Error(`No decryption plugin found, available decryption engine(s): ${n.map(x=>{var N;return`--${(N=x.decrypt)==null?void 0:N.triggerOptionValue}`}).join(", ")}`);let b=G.default.readFileSync(f,"utf8");D=await u.handler(s({ciphertext:b},h))}if(D){let b=(0,we.parse)(D);await O.handler(s({variables:b,yes:m},h))}else throw new Error("No .env or .sec file provided")}catch(g){console.error(g),process.exit(1)}});return S(o),o},Oe=Le;var U=w(require("node:fs")),Ce=w(require("dotenv"));var ve=w(require("node:child_process")),Ke=(e,t)=>{let{dotsecConfig:i,decryptHandlers:n}=t||{},o=e.command("run <command...>").usage("[--with-env --env .env] [--with-sec --sec .sec] [commandArgs...]").allowUnknownOption().showHelpAfterError(!0).description(`Run a command in a separate process and populate env with decrypted .env or encrypted .sec values.
2
+ The --withEnv option will take precedence over the --withSec option. If neither are specified, the --withEnv option will be used by default.
3
+
4
+ Examples:
5
+
6
+ Run a command with a .env file
7
+
8
+ $ dotsec run echo "hello world"
9
+
10
+
11
+ Run a command with a specific .env file
12
+
13
+ $ dotsec run --with-env --env .env.dev echo "hello world"
14
+
15
+
16
+ Run a command with a .sec file
17
+
18
+ $ dotsec run --with-sec echo "hello world"
19
+
20
+
21
+ Run a command with a specific .sec file
22
+
23
+ $ dotsec run --with-sec --sec .sec.dev echo "hello world"
24
+
25
+ `).action(async(c,d,a)=>{var p;try{let{env:r,sec:g,withEnv:f,withSec:E,engine:P}=a.optsWithGlobals();if(f&&E)throw new Error("Cannot use both --with-env and --with-sec");let C;if(f||!(f||E)){if(!r)throw new Error("No dotenv file specified in --env option");C=U.default.readFileSync(r,"utf8")}else if(E){if(!g)throw new Error("No dotsec file specified in --sec option");let m=P||((p=i==null?void 0:i.defaults)==null?void 0:p.encryptionEngine),l=(n||[]).find(h=>h.triggerOptionValue===m);if(!l)throw new Error(`No decryption plugin found, available decryption engine(s): ${(n||[]).map(h=>`--${h.triggerOptionValue}`).join(", ")}`);let u=[...Object.keys(l.options||{}),...Object.keys(l.requiredOptions||{})],O=Object.fromEntries(u.map(h=>[h,d[h]])),y=U.default.readFileSync(g,"utf8");C=await l.handler(s({ciphertext:y},O))}if(C){let m=(0,Ce.parse)(C),[l,...u]=c;(0,ve.spawnSync)(l,[...u],{stdio:"inherit",shell:!1,env:j(s(s({},process.env),m),{__DOTSEC_ENV__:JSON.stringify(Object.keys(m))})})}else throw new Error("No .env or .sec file provided")}catch(r){console.error(F(r.message)),a.help()}});if(S(o,"run"),n==null||n.map(c=>{let{options:d,requiredOptions:a}=c;d&&Object.values(d).map(p=>{o.option(...p)}),a&&Object.values(a).map(p=>{o.option(...p)})}),n){let c=n==null?void 0:n.map(d=>d.triggerOptionValue);o.option("--engine <engine>",`Encryption engine${c.length>0?"s":""}: ${c.join(", "),c.length===1?c[0]:void 0}`)}return o},Ee=Ke;var De=w(require("ajv")),be=w(require("yargs-parser")),We={keyword:"separator",type:"string",metaSchema:{type:"string",description:"value separator"},modifying:!0,valid:!0,errors:!1,compile:e=>(t,i)=>{if(i){let{parentData:n,parentDataProperty:o}=i;return n[o]=t===""?[]:t.split(e),!0}else return!1}},T=new Pe.Command;(async()=>{var f,E,P,C;let e=(0,be.default)(process.argv),t=[];e.plugin&&(Array.isArray(e.plugin)?t.push(...e.plugin):t.push(e.plugin)),e.p&&(Array.isArray(e.p)?t.push(...e.p):t.push(e.p));let i=[...Array.isArray(e.config)?e.config:[e.config],...Array.isArray(e.c)?e.c:[e.c]][0],{contents:n={}}=await ce(i),{defaults:o,variables:c}=n;T.name("dotsec").description(".env, but secure").version("1.0.0").enablePositionalOptions().action((m,l)=>{l.help()}),S(T);let d=new De.default({allErrors:!0,removeAdditional:!0,useDefaults:!0,coerceTypes:!0,allowUnionTypes:!0,addUsedSchema:!1,keywords:[We]}),a={};if(t.length>0)for(let m of t){let u=await(await W({name:m}))({dotsecConfig:n,ajv:d});a[u.name]=m,t.length===1&&(n.defaults=j(s({},n.defaults),{encryptionEngine:String(u.name),plugins:j(s({},(f=n.defaults)==null?void 0:f.plugins),{[u.name]:s({},(P=(E=n.defaults)==null?void 0:E.plugins)==null?void 0:P[u.name])})}))}(o==null?void 0:o.encryptionEngine)&&(((C=o==null?void 0:o.plugins)==null?void 0:C[o.encryptionEngine])||(o.plugins=j(s({},o.plugins),{[o.encryptionEngine]:{}}))),(o==null?void 0:o.plugins)&&Object.entries(o==null?void 0:o.plugins).forEach(([m,l])=>{(l==null?void 0:l.module)?a[m]=l==null?void 0:l.module:a[m]=`@dotsec/plugin-${m}`}),Object.values(c||{}).forEach(m=>{(m==null?void 0:m.push)&&Object.keys(m.push).forEach(l=>{a[l]||(a[l]=`@dotsec/plugin-${l}`)})});let p=[],r=[],g=[];for(let m of Object.keys(a)){let l=a[m],u=await W({name:l}),{addCliCommand:O,cliHandlers:y}=await u({ajv:d,dotsecConfig:n});(y==null?void 0:y.encrypt)&&p.push(y.encrypt),(y==null?void 0:y.decrypt)&&(r.push(y.decrypt),(y==null?void 0:y.push)&&g.push({push:y.push,decrypt:y.decrypt})),O&&O({program:T})}p.length&&await de(T,{dotsecConfig:n,encryptHandlers:p}),r.length&&await fe(T,{dotsecConfig:n,decryptHandlers:r}),g.length&&await Oe(T,{dotsecConfig:n,handlers:g}),await he(T),await Ee(T,{dotsecConfig:n,decryptHandlers:r}),await T.parse()})();
9
26
  //# sourceMappingURL=index.js.map
package/dist/cli/index.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
- "sources": ["../../src/cli/index.ts", "../../src/lib/aws/AwsKmsEncryptionEngine.ts", "../../src/lib/aws/getCredentialsProfileRegion.ts", "../../src/utils/logger.ts", "../../src/lib/aws/handleCredentialsAndRegion.ts", "../../src/lib/io.ts", "../../src/cli/commands/init.ts", "../../src/lib/transformer.ts", "../../src/constants.ts", "../../src/cli/options.ts", "../../src/cli/commands/run2.ts", "../../src/lib/config/index.ts", "../../src/lib/json.ts", "../../src/types.ts", "../../src/cli/commands/push.ts", "../../src/utils/prompts.ts", "../../src/lib/aws/AwsSsm.ts", "../../src/lib/aws/AwsSecretsManager.ts", "../../src/cli/commands/encrypt.ts", "../../src/cli/commands/decrypt.ts", "../../src/lib/plugin.ts"],
4
- "sourcesContent": ["import { Command } from \"commander\";\n\nimport addInitCommand from \"./commands/init\";\nimport addRunCommand from \"./commands/run2\";\nimport addPushProgram from \"./commands/push\";\nimport addEncryptProgram from \"./commands/encrypt\";\nimport addDecryptProgram from \"./commands/decrypt\";\nimport { setProgramOptions } from \"./options\";\nimport {\n\tgetMagicalConfig,\n\tloadDotsecPlugin,\n\tMagicalDotsecPluginConfig,\n\tCliPluginDecryptHandler,\n\tCliPluginEncryptHandler,\n\tCliPluginRunHandler,\n} from \"../lib/plugin\";\nimport Ajv, { KeywordDefinition } from \"ajv\";\n\nconst separator: KeywordDefinition = {\n\tkeyword: \"separator\",\n\ttype: \"string\",\n\tmetaSchema: {\n\t\ttype: \"string\",\n\t\tdescription: \"value separator\",\n\t},\n\tmodifying: true,\n\tvalid: true,\n\terrors: false,\n\tcompile: (schema) => (data, ctx) => {\n\t\tif (ctx) {\n\t\t\tconst { parentData, parentDataProperty } = ctx;\n\t\t\tparentData[parentDataProperty] = data === \"\" ? [] : data.split(schema);\n\t\t\treturn true;\n\t\t} else {\n\t\t\treturn false;\n\t\t}\n\t},\n};\n\nconst program = new Command();\n\n(async () => {\n\t// find -c value in argv\n\tconst configArg = process.argv.find((arg) => arg.startsWith(\"-c\"));\n\t// if -c contains a =, split it and get the value. otherwise, take the next value\n\tconst configFile = configArg\n\t\t? configArg.includes(\"=\")\n\t\t\t? configArg.split(\"=\")[1]\n\t\t\t: process.argv[process.argv.indexOf(configArg) + 1]\n\t\t: undefined;\n\tconst { contents: config = {} } = await getMagicalConfig(configFile);\n\tconst { plugins, variables } = config;\n\n\tprogram\n\t\t.name(\"dotsec\")\n\t\t.description(\".env, but secure\")\n\t\t.version(\"1.0.0\")\n\t\t.enablePositionalOptions()\n\t\t.action((_options, other: Command) => {\n\t\t\tother.help();\n\t\t});\n\n\tsetProgramOptions(program);\n\n\tconst pluginModules: { [key: string]: string } = {};\n\tif (plugins) {\n\t\tObject.entries(plugins).forEach(\n\t\t\t([pluginName, pluginModule]: [string, MagicalDotsecPluginConfig]) => {\n\t\t\t\tif (pluginModule?.module) {\n\t\t\t\t\tpluginModules[pluginName] = pluginModule?.module;\n\t\t\t\t}\n\t\t\t},\n\t\t);\n\t}\n\n\tObject.values(variables || {}).forEach((variable) => {\n\t\tif (variable?.push) {\n\t\t\tObject.keys(variable.push).forEach((pluginName) => {\n\t\t\t\tif (!pluginModules[pluginName]) {\n\t\t\t\t\tpluginModules[pluginName] = `@dotsec/plugin-${pluginName}`;\n\t\t\t\t}\n\t\t\t});\n\t\t}\n\t});\n\n\tconsole.log(\"pluginModules\", pluginModules);\n\n\tconst ajv = new Ajv({\n\t\tallErrors: true,\n\t\tremoveAdditional: true,\n\t\tuseDefaults: true,\n\t\tcoerceTypes: true,\n\t\tallowUnionTypes: true,\n\t\taddUsedSchema: false,\n\t\tkeywords: [separator],\n\t});\n\n\t// configure encryption command\n\tconst cliPluginEncryptHandlers: CliPluginEncryptHandler[] = [];\n\tconst cliPluginDecryptHandlers: CliPluginDecryptHandler[] = [];\n\tconst cliPluginRunHandlers: CliPluginRunHandler[] = [];\n\n\tfor (const pluginName of Object.keys(pluginModules)) {\n\t\tconst pluginModule = pluginModules[pluginName];\n\t\tconst initDotsecPlugin = await loadDotsecPlugin({ name: pluginModule });\n\t\tconst { addCliCommand, cliHandlers: cli } = await initDotsecPlugin({\n\t\t\tajv,\n\t\t\tdotsecConfig: config,\n\t\t});\n\n\t\tif (cli?.encrypt) {\n\t\t\tcliPluginEncryptHandlers.push(cli.encrypt);\n\t\t}\n\t\tif (cli?.decrypt) {\n\t\t\tcliPluginDecryptHandlers.push(cli.decrypt);\n\t\t}\n\t\tif (cli?.run) {\n\t\t\tcliPluginRunHandlers.push(cli.run);\n\t\t}\n\t\tif (addCliCommand) {\n\t\t\taddCliCommand({ program });\n\t\t}\n\t}\n\tif (cliPluginEncryptHandlers.length) {\n\t\tawait addEncryptProgram(program, {\n\t\t\tencryption: cliPluginEncryptHandlers,\n\t\t});\n\t}\n\tif (cliPluginDecryptHandlers.length) {\n\t\tawait addDecryptProgram(program, {\n\t\t\tdecryption: cliPluginDecryptHandlers,\n\t\t});\n\t}\n\n\t// add other commands\n\tawait addInitCommand(program);\n\tawait addRunCommand(program, { run: cliPluginRunHandlers });\n\t// await addDecryptCommand(program);\n\t// await addEncryptCommand(program);\n\tawait addPushProgram(program);\n\tawait program.parse();\n})();\n", "import {\n\tDecryptCommand,\n\tDescribeKeyCommand,\n\tEncryptCommand,\n\tKMSClient,\n} from \"@aws-sdk/client-kms\";\nimport { EncryptionEngineFactory } from \"../../types\";\nimport { handleCredentialsAndRegion } from \"./handleCredentialsAndRegion\";\n\nexport type AwsEncryptionEngineFactory = EncryptionEngineFactory<\n\t{ region?: string; kms?: { keyAlias?: string } },\n\t{ other: () => void }\n>;\n\nexport const awsEncryptionEngineFactory: AwsEncryptionEngineFactory = async (\n\toptions,\n) => {\n\tconst {\n\t\tkms: { keyAlias } = {},\n\t\tregion,\n\t} = options;\n\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\tawait handleCredentialsAndRegion({\n\t\t\targv: {},\n\t\t\tenv: { ...process.env },\n\t\t});\n\n\tconst kmsClient = new KMSClient({\n\t\tcredentials: credentialsAndOrigin.value,\n\t\tregion: region || regionAndOrigin.value,\n\t});\n\n\tconst describeKeyCommand = new DescribeKeyCommand({\n\t\tKeyId: keyAlias,\n\t});\n\n\tconst describeKeyResult = await kmsClient.send(describeKeyCommand);\n\tconst encryptionAlgorithm =\n\t\tdescribeKeyResult.KeyMetadata?.EncryptionAlgorithms?.[0];\n\n\tif (encryptionAlgorithm === undefined) {\n\t\tthrow new Error(\"Could not determine encryption algorithm\");\n\t}\n\n\treturn {\n\t\tasync encrypt(plaintext: string): Promise<string> {\n\t\t\tconst encryptCommand = new EncryptCommand({\n\t\t\t\tKeyId: keyAlias,\n\t\t\t\tPlaintext: Buffer.from(plaintext),\n\t\t\t\tEncryptionAlgorithm: encryptionAlgorithm,\n\t\t\t});\n\t\t\tconst encryptionResult = await kmsClient.send(encryptCommand);\n\n\t\t\tif (!encryptionResult.CiphertextBlob) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Something bad happened: ${JSON.stringify({\n\t\t\t\t\t\tencryptCommand,\n\t\t\t\t\t})}`,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst cipherText = Buffer.from(encryptionResult.CiphertextBlob).toString(\n\t\t\t\t\"base64\",\n\t\t\t);\n\n\t\t\treturn cipherText;\n\t\t},\n\t\tasync decrypt(cipherText: string): Promise<string> {\n\t\t\tconst decryptCommand = new DecryptCommand({\n\t\t\t\tKeyId: keyAlias,\n\t\t\t\tCiphertextBlob: Buffer.from(cipherText, \"base64\"),\n\t\t\t\tEncryptionAlgorithm: encryptionAlgorithm,\n\t\t\t});\n\n\t\t\tconst decryptionResult = await kmsClient.send(decryptCommand);\n\n\t\t\tif (!decryptionResult.Plaintext) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t`Something bad happened: ${JSON.stringify({\n\t\t\t\t\t\tcipherText: cipherText,\n\t\t\t\t\t\tdecryptCommand: decryptCommand,\n\t\t\t\t\t})}`,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst decryptedValue = Buffer.from(decryptionResult.Plaintext).toString();\n\n\t\t\tif (this.verbose) {\n\t\t\t\tconsole.info(`Decrypting key '${cipherText}'`);\n\t\t\t}\n\n\t\t\treturn decryptedValue;\n\t\t},\n\t\tother: () => {},\n\t};\n};\n", "import {\n\tfromEnv,\n\tfromIni,\n\tfromTemporaryCredentials,\n} from \"@aws-sdk/credential-providers\";\nimport { loadSharedConfigFiles } from \"@aws-sdk/shared-ini-file-loader\";\nimport { emphasis, strong } from \"../../utils/logger\";\n\nimport {\n\tCredentialsAndOrigin,\n\tProfileAndOrigin,\n\tRegionAndOrigin,\n} from \"./types\";\n\nexport const getCredentialsProfileRegion = async ({\n\targv,\n\tenv,\n}: {\n\targv: {\n\t\tprofile?: string;\n\t\tregion?: string;\n\t\tassumeRoleArn?: string;\n\t\tassumeRoleSessionDuration?: number;\n\t};\n\tenv: {\n\t\tAWS_PROFILE?: string;\n\t\tAWS_ACCESS_KEY_ID?: string;\n\t\tAWS_SECRET_ACCESS_KEY?: string;\n\t\tAWS_REGION?: string;\n\t\tAWS_DEFAULT_REGION?: string;\n\t\tAWS_ASSUME_ROLE_ARN?: string | undefined;\n\t\tAWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n\t\tTZ?: string;\n\t};\n}) => {\n\tconst sharedConfigFiles = await loadSharedConfigFiles();\n\tlet credentialsAndOrigin: CredentialsAndOrigin | undefined = undefined;\n\tlet profileAndOrigin: ProfileAndOrigin | undefined = undefined;\n\tlet regionAndOrigin: RegionAndOrigin | undefined = undefined;\n\tif (argv.profile) {\n\t\tprofileAndOrigin = {\n\t\t\tvalue: argv.profile,\n\t\t\torigin: `command line option: ${emphasis(argv.profile)}`,\n\t\t};\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromIni({\n\t\t\t\tprofile: argv.profile,\n\t\t\t})(),\n\t\t\torigin: `${emphasis(`[${argv.profile}]`)} in credentials file`,\n\t\t};\n\t} else if (env.AWS_PROFILE) {\n\t\tprofileAndOrigin = {\n\t\t\tvalue: env.AWS_PROFILE,\n\t\t\torigin: `env variable ${emphasis(\"AWS_PROFILE\")}: ${strong(\n\t\t\t\tenv.AWS_PROFILE,\n\t\t\t)}`,\n\t\t};\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromIni({\n\t\t\t\tprofile: env.AWS_PROFILE,\n\t\t\t})(),\n\t\t\torigin: `env variable ${emphasis(\"AWS_PROFILE\")}: ${strong(\n\t\t\t\tenv.AWS_PROFILE,\n\t\t\t)}`,\n\t\t};\n\t} else if (env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY) {\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromEnv()(),\n\t\t\torigin: `env variables ${emphasis(\"AWS_ACCESS_KEY_ID\")} and ${emphasis(\n\t\t\t\t\"AWS_SECRET_ACCESS_KEY\",\n\t\t\t)}`,\n\t\t};\n\t} else if (sharedConfigFiles.credentialsFile?.default) {\n\t\tprofileAndOrigin = {\n\t\t\tvalue: \"default\",\n\t\t\torigin: `${emphasis(\"[default]\")} in credentials file`,\n\t\t};\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromIni({\n\t\t\t\tprofile: \"default\",\n\t\t\t})(),\n\t\t\torigin: `profile ${emphasis(\"[default]\")}`,\n\t\t};\n\t}\n\n\tif (argv.region) {\n\t\tregionAndOrigin = {\n\t\t\tvalue: argv.region,\n\t\t\torigin: `command line option: ${emphasis(argv.region)}`,\n\t\t};\n\t} else if (env.AWS_REGION) {\n\t\tregionAndOrigin = {\n\t\t\tvalue: env.AWS_REGION,\n\t\t\torigin: `env variable ${emphasis(\"AWS_REGION\")}: ${strong(\n\t\t\t\tenv.AWS_REGION,\n\t\t\t)}`,\n\t\t};\n\t} else if (env.AWS_DEFAULT_REGION) {\n\t\tregionAndOrigin = {\n\t\t\tvalue: env.AWS_DEFAULT_REGION,\n\t\t\torigin: `env variable ${emphasis(\"AWS_DEFAULT_REGION\")}: ${strong(\n\t\t\t\tenv.AWS_DEFAULT_REGION,\n\t\t\t)}`,\n\t\t};\n\t} else if (profileAndOrigin) {\n\t\tconst foundRegion =\n\t\t\tsharedConfigFiles?.configFile?.[profileAndOrigin.value]?.region;\n\n\t\tif (foundRegion) {\n\t\t\tregionAndOrigin = {\n\t\t\t\tvalue: foundRegion,\n\t\t\t\torigin: `${emphasis(\n\t\t\t\t\t`[profile ${profileAndOrigin.value}]`,\n\t\t\t\t)} in config file`,\n\t\t\t};\n\t\t}\n\t}\n\n\tconst assumedRole = argv.assumeRoleArn || env.AWS_ASSUME_ROLE_ARN;\n\tif (assumedRole) {\n\t\tconst origin = argv.assumeRoleArn ? \"command line option\" : \"env variable\";\n\t\tcredentialsAndOrigin = {\n\t\t\tvalue: await fromTemporaryCredentials({\n\t\t\t\tmasterCredentials: credentialsAndOrigin?.value,\n\n\t\t\t\tparams: {\n\t\t\t\t\tDurationSeconds:\n\t\t\t\t\t\targv.assumeRoleSessionDuration ||\n\t\t\t\t\t\tNumber(env.AWS_ASSUME_ROLE_SESSION_DURATION) ||\n\t\t\t\t\t\t3600,\n\t\t\t\t\tRoleArn: assumedRole,\n\t\t\t\t},\n\n\t\t\t\tclientConfig: {\n\t\t\t\t\tregion: regionAndOrigin?.value,\n\t\t\t\t},\n\t\t\t})(),\n\t\t\torigin: `${origin} ${emphasis(`[${assumedRole}]`)}`,\n\t\t};\n\t}\n\n\treturn { credentialsAndOrigin, regionAndOrigin, profileAndOrigin };\n};\n\nexport const printVerboseCredentialsProfileRegion = ({\n\tcredentialsAndOrigin,\n\tregionAndOrigin,\n\tprofileAndOrigin,\n}: {\n\tcredentialsAndOrigin?: CredentialsAndOrigin;\n\tregionAndOrigin?: RegionAndOrigin;\n\tprofileAndOrigin?: ProfileAndOrigin;\n}): string => {\n\tconst out: string[] = [];\n\tif (profileAndOrigin) {\n\t\tout.push(`Got profile name from ${profileAndOrigin.origin}`);\n\t}\n\tif (credentialsAndOrigin) {\n\t\tout.push(`Resolved credentials from ${credentialsAndOrigin.origin}`);\n\t}\n\tif (regionAndOrigin) {\n\t\tout.push(`Resolved region from ${regionAndOrigin.origin}`);\n\t}\n\treturn out.join(\"\\n\");\n};\n", "import chalk from \"chalk\";\nlet _logger: Pick<Console, \"info\" | \"error\" | \"table\">;\nexport const getLogger = () => {\n\tif (!_logger) {\n\t\t_logger = console;\n\t}\n\n\treturn _logger;\n};\nexport const writeLine = (str: string) => {\n\tprocess.stdout.write(str);\n};\nexport const emphasis = (str: string): string => chalk.yellowBright(str);\nexport const strong = (str: string): string => chalk.yellow.bold(str);\n\nexport const clientLogger = {\n\tdebug(content: object) {\n\t\tconsole.log(content);\n\t},\n\tinfo(content: object) {\n\t\tconsole.log(content);\n\t},\n\twarn(content: object) {\n\t\tconsole.log(content);\n\t},\n\terror(content: object) {\n\t\tconsole.error(content);\n\t},\n};\n", "import {\n\tgetCredentialsProfileRegion,\n\tprintVerboseCredentialsProfileRegion,\n} from \"./getCredentialsProfileRegion\";\n\nexport const handleCredentialsAndRegion = async ({\n\targv,\n\tenv,\n}: {\n\targv: {\n\t\tawsRegion?: string;\n\t\tawsProfile?: string;\n\t\tverbose?: boolean;\n\t\tawsAssumeRoleArn?: string;\n\t\tawsAssumeRoleSessionDuration?: number;\n\t};\n\tenv: {\n\t\tAWS_PROFILE?: string | undefined;\n\t\tAWS_ACCESS_KEY_ID?: string | undefined;\n\t\tAWS_SECRET_ACCESS_KEY?: string | undefined;\n\t\tAWS_REGION?: string | undefined;\n\t\tAWS_DEFAULT_REGION?: string | undefined;\n\t\tAWS_ASSUME_ROLE_ARN?: string | undefined;\n\t\tAWS_ASSUME_ROLE_SESSION_DURATION?: string | undefined;\n\t\tTZ?: string;\n\t};\n}) => {\n\tconst { credentialsAndOrigin, regionAndOrigin, profileAndOrigin } =\n\t\tawait getCredentialsProfileRegion({\n\t\t\targv: {\n\t\t\t\tregion: argv.awsRegion,\n\t\t\t\tprofile: argv.awsProfile,\n\t\t\t\tassumeRoleArn: argv.awsAssumeRoleArn,\n\t\t\t\tassumeRoleSessionDuration: argv.awsAssumeRoleSessionDuration,\n\t\t\t},\n\t\t\tenv: {\n\t\t\t\t...env,\n\t\t\t},\n\t\t});\n\n\tif (argv.verbose === true) {\n\t\tconsole.log(\n\t\t\tprintVerboseCredentialsProfileRegion({\n\t\t\t\tcredentialsAndOrigin,\n\t\t\t\tregionAndOrigin,\n\t\t\t\tprofileAndOrigin,\n\t\t\t}),\n\t\t);\n\t}\n\n\tif (!(credentialsAndOrigin && regionAndOrigin)) {\n\t\tif (!credentialsAndOrigin) {\n\t\t\tconsole.error(\"Could not find credentials\");\n\t\t\tthrow new Error(\"Could not find credentials\");\n\t\t}\n\t\tif (!regionAndOrigin) {\n\t\t\tconsole.error(\"Could not find region\");\n\t\t\tthrow new Error(\"Could not find region\");\n\t\t}\n\t}\n\n\treturn { credentialsAndOrigin, regionAndOrigin };\n};\n", "import fs, { stat } from \"node:fs/promises\";\nimport prompts from \"prompts\";\nimport path from \"node:path\";\n\nexport const readContentsFromFile = async (\n\tfilePath: string,\n): Promise<string> => {\n\treturn await fs.readFile(filePath, \"utf-8\");\n};\n\nexport const writeContentsToFile = async (\n\tfilePath: string,\n\tcontents: string,\n): Promise<void> => {\n\treturn await fs.writeFile(filePath, contents, \"utf-8\");\n};\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n\ttry {\n\t\tawait stat(source);\n\t\treturn true;\n\t} catch {\n\t\treturn false;\n\t}\n};\n\nexport const promptOverwriteIfFileExists = async ({\n\tfilePath,\n\tskip,\n}: {\n\tfilePath: string;\n\tskip?: boolean;\n}) => {\n\tlet overwriteResponse: prompts.Answers<\"overwrite\"> | undefined;\n\n\tif ((await fileExists(filePath)) && skip !== true) {\n\t\toverwriteResponse = await prompts({\n\t\t\ttype: \"confirm\",\n\t\t\tname: \"overwrite\",\n\t\t\tmessage: () => {\n\t\t\t\treturn `Overwrite './${path.relative(process.cwd(), filePath)}' ?`;\n\t\t\t},\n\t\t});\n\t} else {\n\t\toverwriteResponse = undefined;\n\t}\n\treturn overwriteResponse;\n};\n", "import { Command } from \"commander\";\nimport { awsEncryptionEngineFactory } from \"../../lib/aws/AwsKmsEncryptionEngine\";\nimport {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { EncryptionEngine, Init2CommandOptions } from \"../../types\";\n\nimport path from \"node:path\";\nimport { patchConfigFile } from \"../../lib/transformer\";\nimport { setProgramOptions } from \"../options\";\nimport { strong } from \"../../utils/logger\";\nimport {\n\tdefaultConfig,\n\tDOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n} from \"../../constants\";\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n};\n\nconst addInitProgram = async (program: Command) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"init\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\tconst {\n\t\t\t\tverbose,\n\t\t\t\tconfigFile,\n\t\t\t\tenv: dotenvFilename,\n\t\t\t\tsec: dotsecFilename,\n\t\t\t\tawskeyAlias,\n\t\t\t\tawsRegion,\n\t\t\t\tyes,\n\t\t\t} = command.optsWithGlobals<Init2CommandOptions>();\n\t\t\t// get dotsec config\n\n\t\t\ttry {\n\t\t\t\tlet encryptionEngine: EncryptionEngine;\n\n\t\t\t\tencryptionEngine = await awsEncryptionEngineFactory({\n\t\t\t\t\tverbose,\n\t\t\t\t\tregion:\n\t\t\t\t\t\tawsRegion ||\n\t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t\t\tdefaultConfig.config?.aws?.region,\n\t\t\t\t\tkms: {\n\t\t\t\t\t\tkeyAlias: awskeyAlias || defaultConfig?.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t},\n\t\t\t\t});\n\n\t\t\t\t// get current dot env file\n\t\t\t\tconst dotenvString = await readContentsFromFile(dotenvFilename);\n\n\t\t\t\t// encrypt\n\t\t\t\tconst cipherText = await encryptionEngine.encrypt(dotenvString);\n\n\t\t\t\tconst dotsecOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotsecFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotsecOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotsecFilename, cipherText);\n\t\t\t\t\t// todo: fix type\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote encrypted contents of ${strong(\n\t\t\t\t\t\t\tdotenvFilename,\n\t\t\t\t\t\t)} contents file to ${strong(dotsecFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst patchedConfigTemplate = patchConfigFile({\n\t\t\t\t\tconfigFile: path.resolve(\n\t\t\t\t\t\t__dirname,\n\t\t\t\t\t\t\"../../src/templates/dotsec.config.ts\",\n\t\t\t\t\t),\n\t\t\t\t\tconfig: {\n\t\t\t\t\t\taws: {\n\t\t\t\t\t\t\tkms: {\n\t\t\t\t\t\t\t\tkeyAlias: awskeyAlias || DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tregion: awsRegion || process.env.AWS_REGION,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tconst dotsecConfigOverwriteResponse = await promptOverwriteIfFileExists(\n\t\t\t\t\t{\n\t\t\t\t\t\tfilePath: configFile,\n\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tif (\n\t\t\t\t\tdotsecConfigOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecConfigOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(configFile, patchedConfigTemplate);\n\t\t\t\t\tconsole.log(`Wrote config file to ${strong(configFile)}`);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tcommand.error(e);\n\t\t\t}\n\t\t});\n\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addInitProgram;\n", "import * as ts from \"typescript\";\nimport fs from \"node:fs\";\n\nexport const patchConfigFile = (options: {\n\tconfigFile: string;\n\tconfig?: {\n\t\taws?: {\n\t\t\tregion?: string;\n\t\t\tkms?: {\n\t\t\t\tkeyAlias?: string;\n\t\t\t};\n\t\t};\n\t};\n}) => {\n\tconst printer: ts.Printer = ts.createPrinter();\n\tconst source = fs.readFileSync(options.configFile, \"utf8\");\n\n\tconst transformer =\n\t\t<T extends ts.Node>(context: ts.TransformationContext) =>\n\t\t(rootNode: T) => {\n\t\t\tfunction visit(node: ts.Node): ts.Node {\n\t\t\t\tnode = ts.visitEachChild(node, visit, context);\n\t\t\t\tif (node.kind === ts.SyntaxKind.StringLiteral) {\n\t\t\t\t\tconst kmsNode = node?.parent?.parent?.parent;\n\t\t\t\t\tif (options.config?.aws?.kms?.keyAlias) {\n\t\t\t\t\t\tif (kmsNode?.getChildAt(0)?.getText() === \"kms\") {\n\t\t\t\t\t\t\tconst awsNode = kmsNode?.parent?.parent;\n\t\t\t\t\t\t\tif (awsNode?.getChildAt(0).getText() === \"aws\") {\n\t\t\t\t\t\t\t\t// console.log(\n\t\t\t\t\t\t\t\t// \t\"parent is aws\",\n\t\t\t\t\t\t\t\t// \tnode.parent?.getChildAt(2).getText(),\n\t\t\t\t\t\t\t\t// );\n\t\t\t\t\t\t\t\treturn ts.createStringLiteral(\n\t\t\t\t\t\t\t\t\toptions.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif (options.config?.aws?.region) {\n\t\t\t\t\t\tif (node?.parent?.getChildAt(0)?.getText() === \"region\") {\n\t\t\t\t\t\t\tconst awsNode = node?.parent?.parent?.parent;\n\n\t\t\t\t\t\t\t// const awsNode = kmsNode?.parent?.parent;\n\t\t\t\t\t\t\tif (awsNode?.getChildAt(0).getText() === \"aws\") {\n\t\t\t\t\t\t\t\treturn ts.createStringLiteral(options.config?.aws?.region);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treturn node;\n\t\t\t}\n\t\t\treturn ts.visitNode(rootNode, visit);\n\t\t};\n\n\tconst sourceFile: ts.SourceFile = ts.createSourceFile(\n\t\t\"test.ts\",\n\t\tsource,\n\t\tts.ScriptTarget.ES2015,\n\t\ttrue,\n\t\tts.ScriptKind.TS,\n\t);\n\n\t// Options may be passed to transform\n\tconst result: ts.TransformationResult<ts.SourceFile> =\n\t\tts.transform<ts.SourceFile>(sourceFile, [transformer]);\n\n\tconst transformedSourceFile: ts.SourceFile = result.transformed[0];\n\n\tconst transformedSource = printer.printFile(transformedSourceFile);\n\tresult.dispose();\n\n\treturn transformedSource;\n};\n", "import { DotsecConfig } from \"./types\";\n\nexport const DOTSEC_DEFAULT_CONFIG_FILE = \"dotsec.config.ts\";\nexport const DOTSEC_CONFIG_FILES = [DOTSEC_DEFAULT_CONFIG_FILE];\nexport const DOTSEC_DEFAULT_DOTSEC_FILENAME = \".sec\";\nexport const DOTSEC_DEFAULT_DOTENV_FILENAME = \".env\";\nexport const DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS = \"alias/dotsec\";\nexport const DOTSEC_DEFAULT_AWS_SSM_PARAMETER_TYPE = \"SecureString\";\n\nexport const defaultConfig: DotsecConfig = {\n\tconfig: {\n\t\taws: {\n\t\t\tkms: {\n\t\t\t\tkeyAlias: DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n\t\t\t},\n\t\t\tssm: {\n\t\t\t\tparameterType: DOTSEC_DEFAULT_AWS_SSM_PARAMETER_TYPE,\n\t\t\t},\n\t\t},\n\t},\n};\n", "import { Command } from \"commander\";\nimport {\n\tDOTSEC_DEFAULT_CONFIG_FILE,\n\tDOTSEC_DEFAULT_DOTENV_FILENAME,\n\tDOTSEC_DEFAULT_DOTSEC_FILENAME,\n} from \"../constants\";\n\ntype Options = {\n\t[optionName: string]:\n\t\t| [string, string]\n\t\t| [string, string, string | boolean | string[]];\n};\n\ntype CommandOptions = {\n\t[commandName: string]: {\n\t\tinheritsFrom?: string[];\n\t\toptions?: Options;\n\t\trequiredOptions?: Options;\n\t};\n};\nexport const commandOptions: CommandOptions = {\n\tdotsec: {\n\t\toptions: {\n\t\t\tverbose: [\"--verbose\", \"Verbose output\", false],\n\t\t\tconfigFile: [\n\t\t\t\t\"-c, --config-file, --configFile <configFile>\",\n\t\t\t\t\"Config file\",\n\t\t\t\tDOTSEC_DEFAULT_CONFIG_FILE,\n\t\t\t],\n\t\t},\n\t},\n\tinit: {\n\t\toptions: {\n\t\t\tverbose: [\"--verbose\", \"Verbose output\", false],\n\t\t\tconfigFile: [\n\t\t\t\t\"-c, --config-file, --configFile <configFile>\",\n\t\t\t\t\"Config file\",\n\t\t\t\tDOTSEC_DEFAULT_CONFIG_FILE,\n\t\t\t],\n\n\t\t\tenv: [\"--env\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t\tawsKeyAlias: [\n\t\t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t\t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t\t\t\t\"alias/dotsec\",\n\t\t\t],\n\t\t\tawsRegion: [\n\t\t\t\t\"--aws-region <awsRegion>\",\n\t\t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t\t\t],\n\t\t},\n\t},\n\t// decrypt: {\n\t// \tinheritsFrom: [\"dotsec\"],\n\t// \toptions: {\n\t// \t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t// \t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t// \t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t// \t\tawsKeyAlias: [\n\t// \t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t// \t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t// \t\t\t\"alias/dotsec\",\n\t// \t\t],\n\t// \t\tawsRegion: [\n\t// \t\t\t\"--aws-region <awsRegion>\",\n\t// \t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t// \t\t],\n\t// \t},\n\t// },\n\t// encrypt: {\n\t// \tinheritsFrom: [\"dotsec\"],\n\t// \toptions: {\n\t// \t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t// \t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t// \t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t// \t\tawsKeyAlias: [\n\t// \t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t// \t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t// \t\t\t\"alias/dotsec\",\n\t// \t\t],\n\t// \t\tawsRegion: [\n\t// \t\t\t\"--aws-region <awsRegion>\",\n\t// \t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t// \t\t],\n\t// \t},\n\t// },\n\tencrypt: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t},\n\t},\n\tdecrypt: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t},\n\t},\n\n\t// run: {\n\t// \tinheritsFrom: [\"dotsec\"],\n\t// \toptions: {\n\t// \t\tenv: [\"--env <env>\", \"Path to .env file\"],\n\t// \t\tsec: [\"--sec [sec]\", \"Path to .sec file\"],\n\t// \t\tawsKeyAlias: [\n\t// \t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t// \t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t// \t\t\t\"alias/dotsec\",\n\t// \t\t],\n\t// \t\tawsRegion: [\n\t// \t\t\t\"--aws-region <awsRegion>\",\n\t// \t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t// \t\t],\n\t// \t},\n\t// },\n\trun: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\"],\n\t\t},\n\t},\n\tpush: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\ttoAwsSsm: [\"--to-aws-ssm, --toAwsSsm\", \"Push to AWS SSM\"],\n\t\t\ttoAwsSecretsManager: [\n\t\t\t\t\"--to-aws-secrets-manager, --toAwsSecretsManager\",\n\t\t\t\t\"Push to AWS Secrets Manager\",\n\t\t\t],\n\t\t\ttoGitHubActionsSecrets: [\n\t\t\t\t\"--to-github-actions-secrets, --toGitHubActionsSecrets\",\n\t\t\t\t\"Push to GitHub actions secrets\",\n\t\t\t],\n\n\t\t\tenv: [\"--env [env]\", \"Path to .env file\"],\n\t\t\tsec: [\"--sec [sec]\", \"Path to .sec file\"],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t\tawsKeyAlias: [\n\t\t\t\t\"--aws-key-alias <awsKeyAlias>\",\n\t\t\t\t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t\t\t\t\"alias/dotsec\",\n\t\t\t],\n\t\t\tawsRegion: [\n\t\t\t\t\"--aws-region <awsRegion>\",\n\t\t\t\t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t\t\t],\n\t\t},\n\t},\n};\n\nconst getInheritedOptions = (\n\tcopts: CommandOptions,\n\tcommandName: string,\n\tresult: { options?: Options; requiredOptions?: Options } = {},\n): { options?: Options; requiredOptions?: Options } | undefined => {\n\tconst command = copts[commandName];\n\tif (command) {\n\t\tif (command.inheritsFrom) {\n\t\t\treturn command?.inheritsFrom.reduce(\n\t\t\t\t(acc, inheritedCommandName) => {\n\t\t\t\t\tconst r = getInheritedOptions(copts, inheritedCommandName, acc);\n\t\t\t\t\treturn { ...r };\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\toptions: { ...result.options, ...command.options },\n\t\t\t\t\trequiredOptions: {\n\t\t\t\t\t\t...result.requiredOptions,\n\t\t\t\t\t\t...command.requiredOptions,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t} else {\n\t\t\treturn {\n\t\t\t\toptions: { ...result.options, ...command.options },\n\t\t\t\trequiredOptions: {\n\t\t\t\t\t...result.requiredOptions,\n\t\t\t\t\t...command.requiredOptions,\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n};\n\nexport const setProgramOptions = (program: Command, commandName?: string) => {\n\tconst programOptions = getInheritedOptions(\n\t\tcommandOptions,\n\t\tcommandName || program.name(),\n\t);\n\n\tif (programOptions?.options) {\n\t\tObject.values(programOptions.options).forEach(\n\t\t\t([option, description, defaultValue]) => {\n\t\t\t\tprogram.option(option, description, defaultValue);\n\t\t\t},\n\t\t);\n\t}\n\tif (programOptions?.requiredOptions) {\n\t\tObject.values(programOptions.requiredOptions).forEach(\n\t\t\t([option, description, defaultValue]) => {\n\t\t\t\tprogram.requiredOption(option, description, defaultValue);\n\t\t\t},\n\t\t);\n\t}\n};\n", "import fs from \"node:fs\";\n\nimport { Command } from \"commander\";\nimport { parse } from \"dotenv\";\n\nimport { DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS } from \"../../constants\";\nimport { awsEncryptionEngineFactory } from \"../../lib/aws/AwsKmsEncryptionEngine\";\nimport { RunCommandOptions } from \"../../types\";\nimport { setProgramOptions } from \"../options\";\nimport { getConfig } from \"../../lib/config\";\nimport { spawnSync } from \"node:child_process\";\nimport { CliPluginRunHandler } from \"../../lib/plugin\";\nconst addRunProgam = (\n\tprogram: Command,\n\toptions?: {\n\t\trun?: CliPluginRunHandler[];\n\t},\n) => {\n\tconst subProgram = program\n\t\t.command(\"run2 <command...>\")\n\t\t.allowUnknownOption()\n\t\t.description(\n\t\t\t\"Run a command in a separate process and populate env with decrypted .env or encrypted .sec values\",\n\t\t)\n\t\t.action(\n\t\t\tasync (\n\t\t\t\tcommands: string[],\n\t\t\t\t_options: Record<string, string>,\n\t\t\t\tcommand: Command,\n\t\t\t) => {\n\t\t\t\tconst {\n\t\t\t\t\tconfigFile,\n\t\t\t\t\tenv: dotenv,\n\t\t\t\t\tsec: dotsec,\n\t\t\t\t\tkeyAlias,\n\t\t\t\t\tregion,\n\t\t\t\t} = command.optsWithGlobals<RunCommandOptions>();\n\n\t\t\t\tconst {\n\t\t\t\t\tcontents: { config } = {},\n\t\t\t\t} = await getConfig(configFile);\n\n\t\t\t\tconst encryptionPlugin = await awsEncryptionEngineFactory({\n\t\t\t\t\tverbose: true,\n\t\t\t\t\tkms: {\n\t\t\t\t\t\tkeyAlias:\n\t\t\t\t\t\t\tkeyAlias ||\n\t\t\t\t\t\t\tconfig?.aws?.kms?.keyAlias ||\n\t\t\t\t\t\t\tDOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS,\n\t\t\t\t\t},\n\t\t\t\t\tregion: region || config?.aws?.region,\n\t\t\t\t});\n\n\t\t\t\tlet envContents: string | undefined;\n\n\t\t\t\tif (dotenv) {\n\t\t\t\t\tenvContents = fs.readFileSync(dotenv, \"utf8\");\n\t\t\t\t} else if (dotsec) {\n\t\t\t\t\tconst dotSecContents = fs.readFileSync(dotsec, \"utf8\");\n\t\t\t\t\tenvContents = await encryptionPlugin.decrypt(dotSecContents);\n\t\t\t\t} else {\n\t\t\t\t\tthrow new Error('Must provide either \"--env\" or \"--sec\"');\n\t\t\t\t}\n\t\t\t\tif (envContents) {\n\t\t\t\t\tconst dotenvVars = parse(envContents);\n\t\t\t\t\tconst [userCommand, ...userCommandArgs] = commands;\n\t\t\t\t\tspawnSync(userCommand, [...userCommandArgs], {\n\t\t\t\t\t\tstdio: \"inherit\",\n\t\t\t\t\t\tshell: false,\n\t\t\t\t\t\tenv: {\n\t\t\t\t\t\t\t...process.env,\n\t\t\t\t\t\t\t...dotenvVars,\n\t\t\t\t\t\t\t__DOTSEC_ENV__: JSON.stringify(Object.keys(dotenvVars)),\n\t\t\t\t\t\t},\n\t\t\t\t\t});\n\n\t\t\t\t\tcommand.help();\n\t\t\t\t} else {\n\t\t\t\t\tthrow new Error(\"No .env or .sec file provided\");\n\t\t\t\t}\n\t\t\t},\n\t\t);\n\n\tsetProgramOptions(subProgram, \"run\");\n\toptions?.run?.map((run) => {\n\t\tconst { options, requiredOptions } = run;\n\t\tif (options) {\n\t\t\tObject.values(options).map((option) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...option);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.values(requiredOptions).map((requiredOption) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...requiredOption);\n\t\t\t});\n\t\t}\n\t});\n\n\treturn subProgram;\n};\n\nexport default addRunProgam;\n", "import path from \"node:path\";\n\nimport { bundleRequire } from \"bundle-require\";\nimport JoyCon from \"joycon\";\n\nimport { loadJson } from \"../json\";\nimport { DotsecConfig, DotsecConfigAndSource } from \"../../types\";\nimport { defaultConfig, DOTSEC_CONFIG_FILES } from \"../../constants\";\n\nexport const getConfig = async (\n\tfilename?: string,\n): Promise<DotsecConfigAndSource> => {\n\tconst cwd = process.cwd();\n\tconst configJoycon = new JoyCon();\n\tconst configPath = await configJoycon.resolve({\n\t\tfiles: filename ? [filename] : [...DOTSEC_CONFIG_FILES, \"package.json\"],\n\t\tcwd,\n\t\tstopDir: path.parse(cwd).root,\n\t\tpackageKey: \"dotsec\",\n\t});\n\tif (filename && configPath === null) {\n\t\tthrow new Error(`Could not find config file ${filename}`);\n\t}\n\tif (configPath) {\n\t\tif (configPath.endsWith(\".json\")) {\n\t\t\tconst rawData = (await loadJson(configPath)) as Partial<DotsecConfig>;\n\n\t\t\tlet data: Partial<DotsecConfig>;\n\n\t\t\tif (\n\t\t\t\tconfigPath.endsWith(\"package.json\") &&\n\t\t\t\t(rawData as { dotsec: Partial<DotsecConfig> }).dotsec !== undefined\n\t\t\t) {\n\t\t\t\tdata = (rawData as { dotsec: Partial<DotsecConfig> }).dotsec;\n\t\t\t} else {\n\t\t\t\tdata = rawData as Partial<DotsecConfig>;\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tsource: \"json\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tconfig: {\n\t\t\t\t\t\t...data?.config,\n\t\t\t\t\t\t...defaultConfig.config,\n\t\t\t\t\t\tgithub: {\n\t\t\t\t\t\t\t...data?.config?.github,\n\t\t\t\t\t\t\t...defaultConfig?.config?.github,\n\t\t\t\t\t\t},\n\t\t\t\t\t\taws: {\n\t\t\t\t\t\t\t...data?.config?.aws,\n\t\t\t\t\t\t\t...defaultConfig?.config?.aws,\n\t\t\t\t\t\t\tkms: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.kms,\n\t\t\t\t\t\t\t\t...data.config?.aws?.kms,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tssm: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.ssm,\n\t\t\t\t\t\t\t\t...data.config?.aws?.ssm,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tsecretsManager: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t\t...data.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t} else if (configPath.endsWith(\".ts\")) {\n\t\t\tconst bundleRequireResult = await bundleRequire({\n\t\t\t\tfilepath: configPath,\n\t\t\t});\n\t\t\tconst data = (bundleRequireResult.mod.dotsec ||\n\t\t\t\tbundleRequireResult.mod.default ||\n\t\t\t\tbundleRequireResult.mod) as Partial<DotsecConfig>;\n\n\t\t\treturn {\n\t\t\t\tsource: \"ts\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tconfig: {\n\t\t\t\t\t\t...data?.config,\n\t\t\t\t\t\t...defaultConfig.config,\n\t\t\t\t\t\tgithub: {\n\t\t\t\t\t\t\t...data?.config?.github,\n\t\t\t\t\t\t\t...defaultConfig?.config?.github,\n\t\t\t\t\t\t},\n\t\t\t\t\t\taws: {\n\t\t\t\t\t\t\t...data?.config?.aws,\n\t\t\t\t\t\t\t...defaultConfig?.config?.aws,\n\t\t\t\t\t\t\tkms: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.kms,\n\t\t\t\t\t\t\t\t...data.config?.aws?.kms,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tssm: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.ssm,\n\t\t\t\t\t\t\t\t...data.config?.aws?.ssm,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tsecretsManager: {\n\t\t\t\t\t\t\t\t...defaultConfig?.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t\t...data.config?.aws?.secretsManager,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n\n\treturn { source: \"defaultConfig\", contents: defaultConfig };\n};\n", "import fs from \"fs\";\nimport path from \"node:path\";\n\nexport function jsoncParse(data: string) {\n\ttry {\n\t\treturn new Function(`return ${data.trim()}`)();\n\t} catch {\n\t\t// Silently ignore any error\n\t\t// That's what tsc/jsonc-parser did after all\n\t\treturn {};\n\t}\n}\n\nexport const loadJson = async (filepath: string) => {\n\ttry {\n\t\treturn jsoncParse(await fs.promises.readFile(filepath, \"utf8\"));\n\t} catch (error) {\n\t\tif (error instanceof Error) {\n\t\t\tthrow new Error(\n\t\t\t\t`Failed to parse ${path.relative(process.cwd(), filepath)}: ${\n\t\t\t\t\terror.message\n\t\t\t\t}`,\n\t\t\t);\n\t\t} else {\n\t\t\tthrow error;\n\t\t}\n\t}\n};\n", "import { PutParameterRequest } from \"@aws-sdk/client-ssm\";\nimport { Command } from \"commander\";\n\n// type Replace<\n// \tSource,\n// \tNeedle extends String,\n// \tReplacement,\n// > = Source extends Record<string, unknown>\n// \t? {\n// \t\t\t[key in keyof Source]: key extends Needle\n// \t\t\t\t? Replacement\n// \t\t\t\t: Replace<Source[key], Needle, Replacement>;\n// \t }\n// \t: Source;\n\n// utility types\nexport type DeepPartial<T> = T extends object\n\t? {\n\t\t\t[P in keyof T]?: DeepPartial<T[P]>;\n\t }\n\t: T;\n\nexport type EncryptionEngineFactoryProps = { verbose?: boolean };\nexport type EncryptionEngine<T = {}> = {\n\tencrypt(plaintext: string): Promise<string>;\n\tdecrypt(ciphertext: string): Promise<string>;\n} & T;\n\nexport type EncryptionEngineFactory<\n\tT = {},\n\tV extends Record<string, unknown> = {},\n> = {\n\t(options: EncryptionEngineFactoryProps & T): Promise<EncryptionEngine<V>>;\n};\n\nexport abstract class EncryptionPlugin {\n\tprotected verbose: boolean | undefined;\n\tconstructor(options: EncryptionEngineFactoryProps) {\n\t\tthis.verbose = options?.verbose;\n\t}\n\tabstract encrypt(plaintext: string): Promise<string>;\n\tabstract decrypt(ciphertext: string): Promise<string>;\n}\n\ntype DotsecPlugin = {\n\t[key: string]: {\n\t\tplugin?: {\n\t\t\tmodule?: string;\n\t\t};\n\t\tconfig: {\n\t\t\t[key: string]: unknown;\n\t\t};\n\t\tpush: Record<string, unknown>;\n\t};\n};\n\ntype DotsecVariables = Record<string, DotsecVariable | boolean>;\nexport type DotsecConfigOptions = {\n\tplugins?: DotsecPlugin;\n\tvariables?: DotsecVariables;\n};\ntype DotSecVariableWithPlugin<\n\tVariable extends DotsecVariable,\n\tPlugins extends DotsecPlugin,\n> = {\n\tpush?: {\n\t\t[key in keyof DotsecAwsPlugin]?: DotsecAwsPlugin[key][\"push\"];\n\t} & {\n\t\t[key in keyof DotsecGitHubPlugin]?: DotsecGitHubPlugin[key][\"push\"];\n\t} & Variable[\"push\"] & {\n\t\t\t[key in keyof Plugins]?: Plugins[key][\"push\"];\n\t\t};\n};\n\nexport type DotsecVariable = {\n\tpush?: {};\n};\n\nexport type DotsecAwsPlugin = {\n\taws: {\n\t\tconfig: {\n\t\t\tregion?: string;\n\t\t\tkms?: {\n\t\t\t\tkeyAlias?: string;\n\t\t\t\tencryptionAlgorithm?:\n\t\t\t\t\t| \"RSAES_OAEP_SHA_1\"\n\t\t\t\t\t| \"RSAES_OAEP_SHA_256\"\n\t\t\t\t\t| \"SYMMETRIC_DEFAULT\";\n\t\t\t};\n\t\t\tssm?: {\n\t\t\t\tpathPrefix?: string;\n\t\t\t\tparameterType?: \"String\" | \"SecureString\";\n\t\t\t};\n\t\t\tsecretsManager?: {\n\t\t\t\tpathPrefix?: string;\n\t\t\t};\n\t\t};\n\t\tpush: {\n\t\t\tssm?:\n\t\t\t\t| boolean\n\t\t\t\t| (Omit<PutParameterRequest, \"Name\" | \"Value\"> & {\n\t\t\t\t\t\tName?: string;\n\t\t\t\t });\n\t\t\tsecretsManager?: boolean;\n\t\t};\n\t};\n};\nexport type DotsecGitHubPlugin = {\n\tgithub: {\n\t\tconfig: {\n\t\t\tpersonalAccessToken?: string | { fromEnv: string };\n\t\t};\n\t\tpush: {\n\t\t\tactionsSecrets: {\n\t\t\t\torganisations?: [{ secretName?: string; organisation: string }];\n\t\t\t};\n\t\t};\n\t};\n};\n\nexport type DotsecConfig<T extends DotsecConfigOptions = DotsecConfigOptions> =\n\t{\n\t\tconfig?: // (\n\n\t\t{\n\t\t\t[key in keyof DotsecPlugin]?: DotsecPlugin[key][\"config\"];\n\t\t} & {\n\t\t\t[key in keyof DotsecAwsPlugin]?: DotsecAwsPlugin[key][\"config\"];\n\t\t} & {\n\t\t\t[key in keyof DotsecGitHubPlugin]?: DotsecGitHubPlugin[key][\"config\"];\n\t\t} & {\n\t\t\t// aws?: {\n\t\t\t// \tregion?: string;\n\t\t\t// \tkms?: {\n\t\t\t// \t\tkeyAlias?: string;\n\t\t\t// \t\tencryptionAlgorithm?:\n\t\t\t// \t\t\t| \"RSAES_OAEP_SHA_1\"\n\t\t\t// \t\t\t| \"RSAES_OAEP_SHA_256\"\n\t\t\t// \t\t\t| \"SYMMETRIC_DEFAULT\";\n\t\t\t// \t};\n\t\t\t// \tssm?: {\n\t\t\t// \t\tpathPrefix?: string;\n\t\t\t// \t\tparameterType?: \"String\" | \"SecureString\";\n\t\t\t// \t};\n\t\t\t// \tsecretsManager?: {\n\t\t\t// \t\tpathPrefix?: string;\n\t\t\t// \t};\n\t\t\t// };\n\t\t\t// github?: {\n\t\t\t// \tpersonalAccessToken:\n\t\t\t// \t\t| {\n\t\t\t// \t\t\t\tvalue: string;\n\t\t\t// \t\t\t\tfromEnv?: never;\n\t\t\t// \t\t }\n\t\t\t// \t\t| {\n\t\t\t// \t\t\t\tvalue?: never;\n\t\t\t// \t\t\t\tfromEnv: keyof T[\"variables\"];\n\t\t\t// \t\t };\n\t\t\t// };\n\t\t};\n\t\tvariables?: {\n\t\t\t[key in keyof T[\"variables\"]]: T[\"variables\"][key] extends DotsecVariable\n\t\t\t\t? DotSecVariableWithPlugin<\n\t\t\t\t\t\tT[\"variables\"][key],\n\t\t\t\t\t\tT[\"plugins\"] extends DotsecPlugin ? T[\"plugins\"] : never\n\t\t\t\t >\n\t\t\t\t: DotSecVariableWithPlugin<\n\t\t\t\t\t\tDotsecVariable,\n\t\t\t\t\t\tT[\"plugins\"] extends DotsecPlugin ? T[\"plugins\"] : never\n\t\t\t\t >;\n\t\t};\n\t};\n\n// Dotsec config file\nexport type DotsecConfigAndSource = {\n\tsource: \"json\" | \"ts\" | \"defaultConfig\";\n\tcontents: DotsecConfig;\n};\n\n// CLI types\nexport type GlobalCommandOptions = {\n\tconfigFile: string;\n\tverbose: false;\n};\n\nexport type Init2CommandOptions = {\n\tconfigFile: string;\n\tverbose: false;\n\tenv: string;\n\tsec: string;\n\tyes: boolean;\n\tawskeyAlias: string;\n\tawsRegion?: string;\n\t// performInit: (encryptionEngine: EncryptionEngine) => Promise<void>;\n};\nexport type Encrypt2CommandOptions = {\n\tverbose: false;\n\tenv: string;\n\tsec: string;\n\tyes: boolean;\n\t// performInit: (encryptionEngine: EncryptionEngine) => Promise<void>;\n};\nexport type Decrypt2CommandOptions = {\n\tverbose: false;\n\tenv: string;\n\tsec: string;\n\tyes: boolean;\n\t// performInit: (encryptionEngine: EncryptionEngine) => Promise<void>;\n};\n\nexport type RunCommandOptions = GlobalCommandOptions & {\n\tenv?: string;\n\tsec?: string;\n\tkeyAlias?: string;\n\tregion?: string;\n};\n\nexport type PushCommandOptions = {\n\tconfigFile: string;\n\tverbose: false;\n\tenv: string | boolean;\n\tsec: string | boolean;\n\tyes: boolean;\n\tawskeyAlias: string;\n\tawsRegion?: string;\n\ttoAwsSsm?: boolean;\n\ttoAwsSecretsManager?: boolean;\n\ttoGitHubActionsSecrets?: boolean;\n};\n\nexport const isString = (value: unknown): value is string => {\n\treturn typeof value === \"string\";\n};\n\nexport const isNumber = (value: unknown): value is number => {\n\treturn typeof value === \"number\";\n};\nexport const isBoolean = (value: unknown): value is boolean => {\n\treturn typeof value === \"boolean\";\n};\n\nexport type DotsecPluginModule<\n\tT extends Record<string, unknown> = Record<string, unknown>,\n> = {\n\tname: string;\n\tinit: (dotsecConfig: DotsecConfig) => Promise<T>;\n\taddCliCommand?: (options: {\n\t\tdotsecConfig: DotsecConfig;\n\t\tprogram: Command;\n\t}) => void;\n};\n", "import { Command } from \"commander\";\nimport { awsEncryptionEngineFactory } from \"../../lib/aws/AwsKmsEncryptionEngine\";\nimport { EncryptionEngine, isBoolean, PushCommandOptions } from \"../../types\";\nimport fs from \"node:fs\";\n\nimport { getConfig } from \"../../lib/config\";\nimport { setProgramOptions } from \"../options\";\nimport {\n\tDOTSEC_DEFAULT_DOTENV_FILENAME,\n\tDOTSEC_DEFAULT_DOTSEC_FILENAME,\n} from \"../../constants\";\nimport { parse } from \"dotenv\";\nimport { PutParameterRequest } from \"@aws-sdk/client-ssm\";\nimport { strong } from \"../../utils/logger\";\nimport { promptConfirm } from \"../../utils/prompts\";\nimport { AwsSsm } from \"../../lib/aws/AwsSsm\";\nimport { AwsSecretsManager } from \"../../lib/aws/AwsSecretsManager\";\nimport { CreateSecretRequest } from \"@aws-sdk/client-secrets-manager\";\n\nconst addPushProgram = async (program: Command) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"push\")\n\t\t.action(async (_options, command: Command) => {\n\t\t\tconst {\n\t\t\t\tconfigFile,\n\t\t\t\tverbose,\n\t\t\t\tenv,\n\t\t\t\tsec,\n\t\t\t\tawskeyAlias,\n\t\t\t\tawsRegion,\n\t\t\t\tyes,\n\t\t\t\ttoAwsSsm,\n\t\t\t\ttoAwsSecretsManager,\n\t\t\t\ttoGitHubActionsSecrets,\n\t\t\t} = command.optsWithGlobals<PushCommandOptions>();\n\t\t\tif (!(toAwsSsm || toAwsSecretsManager || toGitHubActionsSecrets)) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t\"You must specify at least one of --to-aws-ssm, --to-aws-secrets-manager or --to-github-actions-secrets\",\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst { contents: dotsecConfig } = await getConfig(configFile);\n\n\t\t\tlet envContents: string | undefined;\n\n\t\t\tif (env) {\n\t\t\t\tconst dotenvFilename = isBoolean(env)\n\t\t\t\t\t? DOTSEC_DEFAULT_DOTENV_FILENAME\n\t\t\t\t\t: env;\n\t\t\t\tenvContents = fs.readFileSync(dotenvFilename, \"utf8\");\n\t\t\t} else if (sec) {\n\t\t\t\tconst dotsecFilename = isBoolean(sec)\n\t\t\t\t\t? DOTSEC_DEFAULT_DOTSEC_FILENAME\n\t\t\t\t\t: sec;\n\t\t\t\tconst dotSecContents = fs.readFileSync(dotsecFilename, \"utf8\");\n\t\t\t\tconst encryptionEngine = await awsEncryptionEngineFactory({\n\t\t\t\t\tverbose,\n\t\t\t\t\tregion:\n\t\t\t\t\t\tawsRegion ||\n\t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t\t\tdotsecConfig.config?.aws?.region,\n\t\t\t\t\tkms: {\n\t\t\t\t\t\tkeyAlias: awskeyAlias || dotsecConfig?.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t},\n\t\t\t\t});\n\n\t\t\t\tenvContents = await encryptionEngine.decrypt(dotSecContents);\n\t\t\t} else {\n\t\t\t\tthrow new Error('Must provide either \"--env\" or \"--sec\"');\n\t\t\t}\n\n\t\t\tconst envObject = parse(envContents);\n\n\t\t\t// get dotsec config\n\t\t\ttry {\n\t\t\t\tif (toAwsSsm) {\n\t\t\t\t\tconst ssmDefaults = dotsecConfig?.config?.aws?.ssm;\n\t\t\t\t\tconst ssmType = ssmDefaults?.parameterType || \"SecureString\";\n\n\t\t\t\t\tconst pathPrefix = ssmDefaults?.pathPrefix || \"\";\n\t\t\t\t\tconst putParameterRequests = Object.entries(envObject).reduce<\n\t\t\t\t\t\tPutParameterRequest[]\n\t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t\t\t\tif (entry) {\n\t\t\t\t\t\t\t\tconst keyName = `${pathPrefix}${key}`;\n\t\t\t\t\t\t\t\tif (entry.push?.aws?.ssm) {\n\t\t\t\t\t\t\t\t\tconst putParameterRequest: PutParameterRequest = isBoolean(\n\t\t\t\t\t\t\t\t\t\tentry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\tValue: value,\n\t\t\t\t\t\t\t\t\t\t\t\tType: ssmType,\n\t\t\t\t\t\t\t\t\t\t }\n\t\t\t\t\t\t\t\t\t\t: {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\tType: ssmType,\n\t\t\t\t\t\t\t\t\t\t\t\t...entry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t\t\t\tValue: value,\n\t\t\t\t\t\t\t\t\t\t };\n\n\t\t\t\t\t\t\t\t\tacc.push(putParameterRequest);\n\t\t\t\t\t\t\t\t\t// return putParameterRequest;\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\treturn acc;\n\t\t\t\t\t}, []);\n\n\t\t\t\t\tconst { confirm } = await promptConfirm({\n\t\t\t\t\t\tmessage: `Are you sure you want to push the following variables to AWS SSM Parameter Store?\n${putParameterRequests\n\t.map(({ Name }) => `- ${strong(Name || \"[no name]\")}`)\n\t.join(\"\\n\")}`,\n\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t});\n\n\t\t\t\t\tif (confirm === true) {\n\t\t\t\t\t\tconsole.log(\"pushing to AWS SSM Parameter Store\");\n\t\t\t\t\t\tconst meh = await AwsSsm({\n\t\t\t\t\t\t\tregion: awsRegion || dotsecConfig?.config?.aws?.region,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tawait meh.put(putParameterRequests);\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// secrets manager\n\t\t\t\tif (toAwsSecretsManager) {\n\t\t\t\t\t// create secretss\n\t\t\t\t\tconst secretsManagerDefaults =\n\t\t\t\t\t\tdotsecConfig?.config?.aws?.secretsManager;\n\t\t\t\t\tconst pathPrefix = secretsManagerDefaults?.pathPrefix || \"\";\n\t\t\t\t\tconst awsSecretsMananger = await AwsSecretsManager({\n\t\t\t\t\t\tregion:\n\t\t\t\t\t\t\tawsRegion ||\n\t\t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t\t\t\tdotsecConfig.config?.aws?.region,\n\t\t\t\t\t});\n\n\t\t\t\t\tconst createSecretRequests = Object.entries(envObject).reduce<\n\t\t\t\t\t\tCreateSecretRequest[]\n\t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t\t\t\tif (entry) {\n\t\t\t\t\t\t\t\tconst keyName = `${pathPrefix}${key}`;\n\t\t\t\t\t\t\t\tif (entry.push?.aws?.ssm) {\n\t\t\t\t\t\t\t\t\tconst createSecretRequest: CreateSecretRequest = isBoolean(\n\t\t\t\t\t\t\t\t\t\tentry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\tSecretString: value,\n\t\t\t\t\t\t\t\t\t\t }\n\t\t\t\t\t\t\t\t\t\t: {\n\t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t\t\t\t\t\t\t\t\t...entry.push.aws.ssm,\n\t\t\t\t\t\t\t\t\t\t\t\tSecretString: value,\n\t\t\t\t\t\t\t\t\t\t };\n\n\t\t\t\t\t\t\t\t\tacc.push(createSecretRequest);\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\treturn acc;\n\t\t\t\t\t}, []);\n\t\t\t\t\tconst { push, updateSecretCommands, createSecretCommands } =\n\t\t\t\t\t\tawait awsSecretsMananger.push(createSecretRequests);\n\t\t\t\t\tconst confirmations: boolean[] = [];\n\t\t\t\t\tif (updateSecretCommands.length > 0) {\n\t\t\t\t\t\tconst { confirm: confirmUpdate } = await promptConfirm({\n\t\t\t\t\t\t\tmessage: `Are you sure you want to update the following variables to AWS SSM Secrets Manager?\n${updateSecretCommands\n\t.map(({ input: { SecretId } }) => `- ${strong(SecretId || \"[no name]\")}`)\n\t.join(\"\\n\")}`,\n\t\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tconfirmations.push(confirmUpdate);\n\t\t\t\t\t}\n\t\t\t\t\tif (createSecretCommands.length > 0) {\n\t\t\t\t\t\tconst { confirm: confirmCreate } = await promptConfirm({\n\t\t\t\t\t\t\tmessage: `Are you sure you want to create the following variables to AWS SSM Secrets Manager?\n${createSecretCommands\n\t.map(({ input: { Name } }) => `- ${strong(Name || \"[no name]\")}`)\n\t.join(\"\\n\")}`,\n\t\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tconfirmations.push(confirmCreate);\n\t\t\t\t\t}\n\t\t\t\t\tif (confirmations.find((c) => c === false) === undefined) {\n\t\t\t\t\t\tconsole.log(\"xpushing to AWS Secrets Manager\");\n\n\t\t\t\t\t\tawait push();\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif (toGitHubActionsSecrets) {\n\t\t\t\t\t// which env vars should we push to github actions secrets?\n\t\t\t\t\tconst githubActionsSecrets = Object.entries(envObject).reduce<\n\t\t\t\t\t\t{ name: string; value: string }[]\n\t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t\t\t\tif (entry) {\n\t\t\t\t\t\t\t\tif (entry.push?.github?.actionsSecrets) {\n\t\t\t\t\t\t\t\t\tacc.push({\n\t\t\t\t\t\t\t\t\t\tname: key,\n\t\t\t\t\t\t\t\t\t\tvalue,\n\t\t\t\t\t\t\t\t\t});\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\treturn acc;\n\t\t\t\t\t}, []);\n\n\t\t\t\t\tconsole.log(\"githubActionsSecrets\", githubActionsSecrets);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tcommand.error(e);\n\t\t\t}\n\t\t});\n\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addPushProgram;\n", "import prompts from \"prompts\";\nexport const promptConfirm = async ({\n\tpredicate,\n\tskip,\n\tmessage,\n}: {\n\tpredicate?: (...args: unknown[]) => Promise<boolean> | boolean;\n\tskip?: boolean;\n\tmessage: string;\n}): Promise<{ confirm: boolean }> => {\n\tif (skip === true) {\n\t\treturn { confirm: true };\n\t} else {\n\t\tconst result = predicate ? await predicate() : true;\n\t\tif (result) {\n\t\t\treturn await prompts({\n\t\t\t\ttype: \"confirm\",\n\t\t\t\tname: \"confirm\",\n\t\t\t\tmessage: () => {\n\t\t\t\t\treturn message;\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t}\n\treturn { confirm: true };\n};\n", "import {\n\tPutParameterCommand,\n\tPutParameterRequest,\n\tSSMClient,\n} from \"@aws-sdk/client-ssm\";\nimport { handleCredentialsAndRegion } from \"./handleCredentialsAndRegion\";\n\nexport const AwsSsm = async (options?: {\n\tregion?: string;\n}) => {\n\tconst { region } = options || {};\n\n\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\tawait handleCredentialsAndRegion({\n\t\t\targv: {},\n\t\t\tenv: { ...process.env },\n\t\t});\n\n\tconst ssmClient = new SSMClient({\n\t\tcredentials: credentialsAndOrigin.value,\n\t\tregion: region || regionAndOrigin.value,\n\t});\n\n\treturn {\n\t\tasync put(putParameterRequests: PutParameterRequest[]): Promise<void> {\n\t\t\tfor (const putParameterRequest of putParameterRequests) {\n\t\t\t\tconst command = new PutParameterCommand({\n\t\t\t\t\t...putParameterRequest,\n\t\t\t\t\tOverwrite: true,\n\t\t\t\t});\n\t\t\t\tawait ssmClient.send(command);\n\t\t\t}\n\t\t},\n\t};\n};\n", "import {\n\tCreateSecretCommand,\n\tDescribeSecretCommand,\n\tUpdateSecretCommand,\n\tCreateSecretRequest,\n\tSecretsManagerClient,\n\tResourceNotFoundException,\n} from \"@aws-sdk/client-secrets-manager\";\nimport { handleCredentialsAndRegion } from \"./handleCredentialsAndRegion\";\n\nexport const AwsSecretsManager = async (options?: {\n\tregion?: string;\n}) => {\n\tconst { region } = options || {};\n\n\tconst { credentialsAndOrigin, regionAndOrigin } =\n\t\tawait handleCredentialsAndRegion({\n\t\t\targv: {},\n\t\t\tenv: { ...process.env },\n\t\t});\n\n\tconst secretsManagerClient = new SecretsManagerClient({\n\t\tcredentials: credentialsAndOrigin.value,\n\t\tregion: region || regionAndOrigin.value,\n\t});\n\n\treturn {\n\t\tasync push(createSecretRequests: CreateSecretRequest[]) {\n\t\t\tconst createSecretCommands: CreateSecretCommand[] = [];\n\t\t\tconsole.log(\"createSecretReddquests\", createSecretRequests);\n\t\t\tconst updateSecretCommands: UpdateSecretCommand[] = [];\n\t\t\tfor (const createSecretRequest of createSecretRequests) {\n\t\t\t\t// create secret\n\t\t\t\t// check if secret exists\n\t\t\t\tconst describeSecretCommand = new DescribeSecretCommand({\n\t\t\t\t\tSecretId: createSecretRequest.Name,\n\t\t\t\t});\n\t\t\t\ttry {\n\t\t\t\t\tconst result = await secretsManagerClient.send(describeSecretCommand);\n\t\t\t\t\tconsole.log(\"got one\");\n\t\t\t\t\t// update secret\n\t\t\t\t\tupdateSecretCommands.push(\n\t\t\t\t\t\tnew UpdateSecretCommand({\n\t\t\t\t\t\t\tSecretId: result.ARN,\n\t\t\t\t\t\t\tSecretString: createSecretRequest.SecretString,\n\t\t\t\t\t\t}),\n\t\t\t\t\t);\n\t\t\t\t} catch (e) {\n\t\t\t\t\tif (e instanceof ResourceNotFoundException) {\n\t\t\t\t\t\t// create secret\n\t\t\t\t\t\tconsole.log(\"got one\");\n\n\t\t\t\t\t\tcreateSecretCommands.push(\n\t\t\t\t\t\t\tnew CreateSecretCommand({\n\t\t\t\t\t\t\t\tName: createSecretRequest.Name,\n\t\t\t\t\t\t\t\tSecretString: createSecretRequest.SecretString,\n\t\t\t\t\t\t\t}),\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tcreateSecretCommands,\n\t\t\t\tupdateSecretCommands,\n\t\t\t\tpush: async () => {\n\t\t\t\t\tfor (const createSecretCommand of createSecretCommands) {\n\t\t\t\t\t\tawait secretsManagerClient.send(createSecretCommand);\n\t\t\t\t\t}\n\n\t\t\t\t\tfor (const updateSecretCommand of updateSecretCommands) {\n\t\t\t\t\t\tawait secretsManagerClient.send(updateSecretCommand);\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t};\n\t\t},\n\t};\n};\n", "import { Command } from \"commander\";\nimport {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { CliPluginEncryptHandler } from \"../../lib/plugin\";\nimport { Encrypt2CommandOptions } from \"../../types\";\nimport { strong } from \"../../utils/logger\";\nimport { setProgramOptions } from \"../options\";\n\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n} & Record<string, unknown>;\n\nconst addEncryptProgram = async (\n\tprogram: Command,\n\toptions: {\n\t\tencryption: CliPluginEncryptHandler[];\n\t},\n) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"encrypt\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\ttry {\n\t\t\t\tconst {\n\t\t\t\t\t// verbose,\n\t\t\t\t\tenv: dotenvFilename,\n\t\t\t\t\tsec: dotsecFilename,\n\t\t\t\t\tyes,\n\t\t\t\t} = command.optsWithGlobals<Encrypt2CommandOptions>();\n\t\t\t\tconst pluginCliEncrypt = Object.keys(_options).reduce<\n\t\t\t\t\tCliPluginEncryptHandler | undefined\n\t\t\t\t>((acc, key) => {\n\t\t\t\t\tif (!acc) {\n\t\t\t\t\t\treturn options.encryption.find((encryption) => {\n\t\t\t\t\t\t\treturn encryption.triggerOption === key;\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\treturn acc;\n\t\t\t\t}, undefined);\n\n\t\t\t\tif (!pluginCliEncrypt) {\n\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t`No encryption plugin found, available encryption engine(s): ${options.encryption\n\t\t\t\t\t\t\t.map((e) => `--${e.triggerOption}`)\n\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t...Object.keys(pluginCliEncrypt.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliEncrypt.requiredOptions || {}),\n\t\t\t\t];\n\n\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t}),\n\t\t\t\t);\n\n\t\t\t\tconst dotenvString = await readContentsFromFile(dotenvFilename);\n\n\t\t\t\tconst cipherText = await pluginCliEncrypt.handler({\n\t\t\t\t\tplaintext: dotenvString,\n\t\t\t\t\t...allOptionsValues,\n\t\t\t\t});\n\n\t\t\t\tconst dotsecOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotsecFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotsecOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotsecFilename, cipherText);\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote encrypted contents of ${strong(\n\t\t\t\t\t\t\tdotenvFilename,\n\t\t\t\t\t\t)} file to ${strong(dotsecFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tconsole.error(strong(e.message));\n\t\t\t\tcommand.help();\n\t\t\t}\n\t\t});\n\n\toptions.encryption.map((encryption) => {\n\t\tconst { options, requiredOptions } = encryption;\n\t\tif (options) {\n\t\t\tObject.values(options).map((option) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...option);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.values(requiredOptions).map((requiredOption) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...requiredOption);\n\t\t\t});\n\t\t}\n\t});\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addEncryptProgram;\n", "import { Command } from \"commander\";\nimport {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { CliPluginDecryptHandler } from \"../../lib/plugin\";\nimport { Decrypt2CommandOptions } from \"../../types\";\nimport { strong } from \"../../utils/logger\";\nimport { setProgramOptions } from \"../options\";\n\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n} & Record<string, unknown>;\n\nconst addEncryptProgram = async (\n\tprogram: Command,\n\toptions: {\n\t\tdecryption: CliPluginDecryptHandler[];\n\t},\n) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"decrypt\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\ttry {\n\t\t\t\tconst {\n\t\t\t\t\t// verbose,\n\t\t\t\t\tenv: dotenvFilename,\n\t\t\t\t\tsec: dotsecFilename,\n\t\t\t\t\tyes,\n\t\t\t\t} = command.optsWithGlobals<Decrypt2CommandOptions>();\n\n\t\t\t\tconst pluginCliDecrypt = Object.keys(_options).reduce<\n\t\t\t\t\tCliPluginDecryptHandler | undefined\n\t\t\t\t>((acc, key) => {\n\t\t\t\t\tif (!acc) {\n\t\t\t\t\t\treturn options.decryption.find((encryption) => {\n\t\t\t\t\t\t\treturn encryption.triggerOption === key;\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\treturn acc;\n\t\t\t\t}, undefined);\n\n\t\t\t\tif (!pluginCliDecrypt) {\n\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t`No decryption plugin found, available decryption engine(s): ${options.decryption\n\t\t\t\t\t\t\t.map((e) => `--${e.triggerOption}`)\n\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t...Object.keys(pluginCliDecrypt.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliDecrypt.requiredOptions || {}),\n\t\t\t\t];\n\n\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t}),\n\t\t\t\t);\n\t\t\t\tconsole.log(\"dotsecFilename\", dotsecFilename);\n\t\t\t\t// get current dot env file\n\t\t\t\tconst dotsecString = await readContentsFromFile(dotsecFilename);\n\n\t\t\t\tconst plaintext = await pluginCliDecrypt.handler({\n\t\t\t\t\tciphertext: dotsecString,\n\t\t\t\t\t...allOptionsValues,\n\t\t\t\t});\n\n\t\t\t\tconst dotenvOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotenvFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotenvOverwriteResponse === undefined ||\n\t\t\t\t\tdotenvOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotenvFilename, plaintext);\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote plaintext contents of ${strong(\n\t\t\t\t\t\t\tdotsecFilename,\n\t\t\t\t\t\t)} file to ${strong(dotenvFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconsole.log(\"plaintext\", plaintext);\n\t\t\t} catch (e) {\n\t\t\t\tconsole.error(strong(e.message));\n\t\t\t\tcommand.help();\n\t\t\t}\n\t\t});\n\n\toptions.decryption.map((decryption) => {\n\t\tconst { options, requiredOptions } = decryption;\n\t\tif (options) {\n\t\t\tObject.values(options).map((option) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...option);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.values(requiredOptions).map((requiredOption) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...requiredOption);\n\t\t\t});\n\t\t}\n\t});\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addEncryptProgram;\n", "import JoyCon from \"joycon\";\nimport path from \"path\";\nimport { DotsecPluginModule } from \"../types\";\nimport { loadJson } from \"./json\";\nimport { bundleRequire } from \"bundle-require\";\nimport { Command } from \"commander\";\nimport Ajv from \"ajv\";\n\nexport type DotsecAwsPlugin = DotsecPluginModule<{\n\tvalidateKms: () => Promise<boolean>;\n}>;\n\nexport type DotseGithubPlugin = DotsecPluginModule<{\n\tstoreOrganisationSecret: () => boolean;\n\tstoreRepositorySecret: () => void;\n}>;\nexport const DOTSEC_DEFAULT_CONFIG_FILE = \"dotsec.config.ts\";\nexport const DOTSEC_CONFIG_FILES = [DOTSEC_DEFAULT_CONFIG_FILE];\nexport const DOTSEC_DEFAULT_DOTSEC_FILENAME = \".sec\";\nexport const DOTSEC_DEFAULT_DOTENV_FILENAME = \".env\";\nexport const DOTSEC_DEFAULT_AWS_KMS_KEY_ALIAS = \"alias/dotsec\";\nexport const DOTSEC_DEFAULT_AWS_SSM_PARAMETER_TYPE = \"SecureString\";\nexport const defaultConfig: MagicalDotsecConfig = {};\n\nexport type DotsecCliOption =\n\t| [\n\t\t\tflags: string,\n\t\t\tdescription?: string,\n\t\t\tdefaultValue?: string | boolean | string[],\n\t ]\n\t| [\n\t\t\tflags: string,\n\t\t\tdescription: string,\n\t\t\tfn: (value: string, previous: unknown) => unknown,\n\t\t\tdefaultValue?: unknown,\n\t ]\n\t| [\n\t\t\tflags: string,\n\t\t\tdescription: string,\n\t\t\tregexp: RegExp,\n\t\t\tdefaultValue?: string | boolean | string[],\n\t ];\n\nexport type CliPluginHandler<\n\tHandlerArgs extends Record<string, unknown>,\n\tHandlerResult,\n\tT extends Record<string, unknown> = Record<string, unknown>,\n> = {\n\ttriggerOption: string;\n\toptions?: {\n\t\t[key in keyof T]: DotsecCliOption;\n\t};\n\trequiredOptions?: {\n\t\t[key in keyof T]: DotsecCliOption;\n\t};\n\thandler: (options: HandlerArgs & T) => Promise<HandlerResult>;\n};\n\nexport type CliPluginEncryptHandler<\n\tHandlerPluginArgs extends Record<string, unknown> = Record<string, unknown>,\n> = CliPluginHandler<{ plaintext: string }, string, HandlerPluginArgs>;\n\nexport type CliPluginDecryptHandler<\n\tHandlerPluginArgs extends Record<string, unknown> = Record<string, unknown>,\n> = CliPluginHandler<{ ciphertext: string }, string, HandlerPluginArgs>;\n\nexport type CliPluginRunHandler<\n\tHandlerPluginArgs extends Record<string, unknown> = Record<string, unknown>,\n> = CliPluginHandler<{ ciphertext: string }, string, HandlerPluginArgs>;\n\n// export type PluginCliEncryptHandler<\n// \tT extends Record<string, unknown> = Record<string, unknown>,\n// > = {\n// \ttriggerOption: string;\n// \toptions?: {\n// \t\t[key in keyof T]: DotsecCliOption;\n// \t};\n// \trequiredOptions?: {\n// \t\t[key in keyof T]: DotsecCliOption;\n// \t};\n// \thandler: (\n// \t\toptions: {\n// \t\t\tplaintext: string;\n// \t\t} & T,\n// \t) => Promise<string>;\n// };\n// export type PluginCliDecryptHandler<\n// \tT extends Record<string, unknown> = Record<string, unknown>,\n// > = {\n// \ttriggerOption: string;\n// \toptions?: {\n// \t\t[key in keyof T]: DotsecCliOption;\n// \t};\n// \trequiredOptions?: {\n// \t\t[kkey in keyof T]: DotsecCliOption;\n// \t};\n// \thandler: (\n// \t\toptions: {\n// \t\t\tciphertext: string;\n// \t\t} & T,\n// \t) => Promise<string>;\n// };\nexport type MagicalDotsecPluginModule<\n\tT extends {\n\t\tplugin: MagicalDotsecPlugin;\n\t\tapi?: Record<string, unknown>;\n\t\tcliHandlers?: {\n\t\t\tencrypt?: Record<string, unknown>;\n\t\t\tdecrypt?: Record<string, unknown>;\n\t\t\trun?: Record<string, unknown>;\n\t\t};\n\t} = {\n\t\tplugin: MagicalDotsecPlugin;\n\t\tapi?: Record<string, unknown>;\n\t\tcliHandlers?: {\n\t\t\tencrypt?: Record<string, unknown>;\n\t\t\tdecrypt?: Record<string, unknown>;\n\t\t\trun?: Record<string, unknown>;\n\t\t};\n\t},\n> = (options: { dotsecConfig: MagicalDotsecConfig; ajv: Ajv }) => Promise<{\n\tname: keyof T[\"plugin\"];\n\tapi: T[\"api\"] extends Record<string, unknown> ? T[\"api\"] : never;\n\taddCliCommand?: (options: {\n\t\tprogram: Command;\n\t}) => Promise<void>;\n\tcliHandlers?: {\n\t\tencrypt?: CliPluginEncryptHandler<\n\t\t\tT[\"cliHandlers\"] extends { encrypt: Record<string, unknown> }\n\t\t\t\t? T[\"cliHandlers\"][\"encrypt\"]\n\t\t\t\t: Record<string, unknown>\n\t\t>;\n\t\tdecrypt?: CliPluginDecryptHandler<\n\t\t\tT[\"cliHandlers\"] extends { decrypt: Record<string, unknown> }\n\t\t\t\t? T[\"cliHandlers\"][\"decrypt\"]\n\t\t\t\t: Record<string, unknown>\n\t\t>;\n\t\trun?: CliPluginRunHandler<\n\t\t\tT[\"cliHandlers\"] extends { run: Record<string, unknown> }\n\t\t\t\t? T[\"cliHandlers\"][\"run\"]\n\t\t\t\t: Record<string, unknown>\n\t\t>;\n\t\tpush?: {\n\t\t\toptions: [string, string];\n\t\t\thandler: () => Promise<void>;\n\t\t}[];\n\t};\n}>;\n\nexport const loadDotsecPlugin = async (options: {\n\tname: string;\n}): Promise<MagicalDotsecPluginModule> => {\n\treturn import(options.name).then((imported) => {\n\t\treturn imported.default;\n\t});\n};\n// Dotsec config file\nexport type MagicalDotsecConfigAndSource = {\n\tsource: \"json\" | \"ts\" | \"defaultConfig\";\n\tcontents: MagicalDotsecConfig;\n};\n\nexport const getMagicalConfig = async (\n\tfilename?: string,\n): Promise<MagicalDotsecConfigAndSource> => {\n\tconst cwd = process.cwd();\n\tconst configJoycon = new JoyCon();\n\tconst configPath = await configJoycon.resolve({\n\t\tfiles: filename ? [filename] : [...DOTSEC_CONFIG_FILES, \"package.json\"],\n\t\tcwd,\n\t\tstopDir: path.parse(cwd).root,\n\t\tpackageKey: \"dotsec\",\n\t});\n\tif (filename && configPath === null) {\n\t\tthrow new Error(`Could not find config file ${filename}`);\n\t}\n\tif (configPath) {\n\t\tif (configPath.endsWith(\".json\")) {\n\t\t\tconst rawData = (await loadJson(\n\t\t\t\tconfigPath,\n\t\t\t)) as Partial<MagicalDotsecConfig>;\n\n\t\t\tlet data: Partial<MagicalDotsecConfig>;\n\n\t\t\tif (\n\t\t\t\tconfigPath.endsWith(\"package.json\") &&\n\t\t\t\t(rawData as { dotsec: Partial<MagicalDotsecConfig> }).dotsec !==\n\t\t\t\t\tundefined\n\t\t\t) {\n\t\t\t\tdata = (rawData as { dotsec: Partial<MagicalDotsecConfig> }).dotsec;\n\t\t\t} else {\n\t\t\t\tdata = rawData as Partial<MagicalDotsecConfig>;\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tsource: \"json\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tplugins: {\n\t\t\t\t\t\t...data?.plugins,\n\t\t\t\t\t\t...defaultConfig.plugins,\n\t\t\t\t\t},\n\t\t\t\t\tvariables: {\n\t\t\t\t\t\t...data?.variables,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t} else if (configPath.endsWith(\".ts\")) {\n\t\t\tconst bundleRequireResult = await bundleRequire({\n\t\t\t\tfilepath: configPath,\n\t\t\t});\n\t\t\tconst data = (bundleRequireResult.mod.dotsec ||\n\t\t\t\tbundleRequireResult.mod.default ||\n\t\t\t\tbundleRequireResult.mod) as Partial<MagicalDotsecConfig>;\n\n\t\t\treturn {\n\t\t\t\tsource: \"ts\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tplugins: {\n\t\t\t\t\t\t...data?.plugins,\n\t\t\t\t\t\t...defaultConfig.plugins,\n\t\t\t\t\t},\n\t\t\t\t\tvariables: {\n\t\t\t\t\t\t...data?.variables,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n\n\treturn { source: \"defaultConfig\", contents: defaultConfig };\n};\n\nexport type MagicalDotsecPluginConfig = {\n\tmodule?: string;\n\tconfig?: { [key: string]: unknown };\n\tpush?: { [key: string]: unknown };\n};\n\nexport type MagicalDotsecPlugin<\n\tT extends {\n\t\t[key: string]: MagicalDotsecPluginConfig;\n\t} = {\n\t\t[key: string]: MagicalDotsecPluginConfig;\n\t},\n> = T;\nexport type MagicalDotsecPlugins = {\n\tplugins: MagicalDotsecPlugin;\n};\n\nexport type MagicalDotsecConfig<\n\tT extends MagicalDotsecPlugins = { plugins: {} },\n> = {\n\tplugins?: {\n\t\t[PluginKey in keyof T[\"plugins\"]]?: {\n\t\t\tmodule?: T[\"plugins\"][PluginKey][\"module\"];\n\t\t} & T[\"plugins\"][PluginKey][\"config\"];\n\t};\n\tpush?: {\n\t\tvariables?: string[];\n\t\tto: {\n\t\t\t[PluginKey in keyof T[\"plugins\"]]?: T[\"plugins\"][PluginKey][\"push\"];\n\t\t};\n\t};\n\tvariables?: {\n\t\t[key: string]: {\n\t\t\tpush?: {\n\t\t\t\t[PluginKey in keyof T[\"plugins\"]]?: T[\"plugins\"][PluginKey][\"push\"];\n\t\t\t\t// [PluginKey in keyof T[\"plugins\"]]?: T[\"plugins\"][PluginKey][\"push\"];\n\t\t\t};\n\t\t};\n\t};\n};\n\n// type F = MagicalDotsecConfig<{\n// \tplugins: {\n// \t\taws: {\n// \t\t\tmodule: string;\n// \t\t\tconfig: { region: string };\n// \t\t\tpush: { ssm?: boolean };\n// \t\t};\n// \t};\n// }>;\n\n// const f: F = {\n// \tplugins: {\n// \t\taws: {\n// \t\t\tmodule: \"@dotsec/plugin-aws\",\n// \t\t\tconfig: {\n// \t\t\t\tregion: \"eu-west-1\",\n// \t\t\t},\n// \t\t},\n// \t},\n// \tvariables: {\n// \t\tOMG: {\n// \t\t\tpush: {\n// \t\t\t\taws: {\n// \t\t\t\t\tssm: true,\n// \t\t\t\t},\n// \t\t\t},\n// \t\t},\n// \t},\n// };\n"],
5
- "mappings": "u4BAAA,OAAwB,wBCAxB,OAKO,kCCLP,OAIO,4CACP,GAAsC,8CCLtC,OAAkB,oBAYX,GAAM,GAAW,AAAC,GAAwB,WAAM,aAAa,GACvD,EAAS,AAAC,GAAwB,WAAM,OAAO,KAAK,GDC1D,GAAM,IAA8B,MAAO,CACjD,OACA,SAkBK,CAlCN,UAmCC,GAAM,GAAoB,KAAM,+BAC5B,EACA,EACA,EA+CJ,GA9CA,AAAI,EAAK,QACR,GAAmB,CAClB,MAAO,EAAK,QACZ,OAAQ,wBAAwB,EAAS,EAAK,YAE/C,EAAuB,CACtB,MAAO,KAAM,eAAQ,CACpB,QAAS,EAAK,YAEf,OAAQ,GAAG,EAAS,IAAI,EAAK,oCAExB,AAAI,EAAI,YACd,GAAmB,CAClB,MAAO,EAAI,YACX,OAAQ,gBAAgB,EAAS,mBAAmB,EACnD,EAAI,gBAGN,EAAuB,CACtB,MAAO,KAAM,eAAQ,CACpB,QAAS,EAAI,gBAEd,OAAQ,gBAAgB,EAAS,mBAAmB,EACnD,EAAI,iBAGA,AAAI,EAAI,mBAAqB,EAAI,sBACvC,EAAuB,CACtB,MAAO,KAAM,mBACb,OAAQ,iBAAiB,EAAS,4BAA4B,EAC7D,4BAGQ,MAAkB,kBAAlB,cAAmC,UAC7C,GAAmB,CAClB,MAAO,UACP,OAAQ,GAAG,EAAS,oCAErB,EAAuB,CACtB,MAAO,KAAM,eAAQ,CACpB,QAAS,cAEV,OAAQ,WAAW,EAAS,iBAI1B,EAAK,OACR,EAAkB,CACjB,MAAO,EAAK,OACZ,OAAQ,wBAAwB,EAAS,EAAK,mBAErC,EAAI,WACd,EAAkB,CACjB,MAAO,EAAI,WACX,OAAQ,gBAAgB,EAAS,kBAAkB,EAClD,EAAI,uBAGI,EAAI,mBACd,EAAkB,CACjB,MAAO,EAAI,mBACX,OAAQ,gBAAgB,EAAS,0BAA0B,EAC1D,EAAI,+BAGI,EAAkB,CAC5B,GAAM,GACL,uBAAmB,aAAnB,cAAgC,EAAiB,SAAjD,cAAyD,OAE1D,AAAI,GACH,GAAkB,CACjB,MAAO,EACP,OAAQ,GAAG,EACV,YAAY,EAAiB,6BAMjC,GAAM,GAAc,EAAK,eAAiB,EAAI,oBAC9C,GAAI,EAAa,CAChB,GAAM,GAAS,EAAK,cAAgB,sBAAwB,eAC5D,EAAuB,CACtB,MAAO,KAAM,gCAAyB,CACrC,kBAAmB,iBAAsB,MAEzC,OAAQ,CACP,gBACC,EAAK,2BACL,OAAO,EAAI,mCACX,KACD,QAAS,GAGV,aAAc,CACb,OAAQ,iBAAiB,WAG3B,OAAQ,GAAG,KAAU,EAAS,IAAI,SAIpC,MAAO,CAAE,uBAAsB,kBAAiB,qBAGpC,GAAuC,CAAC,CACpD,uBACA,kBACA,sBAKa,CACb,GAAM,GAAgB,GACtB,MAAI,IACH,EAAI,KAAK,yBAAyB,EAAiB,UAEhD,GACH,EAAI,KAAK,6BAA6B,EAAqB,UAExD,GACH,EAAI,KAAK,wBAAwB,EAAgB,UAE3C,EAAI,KAAK;IE9JV,GAAM,IAA6B,MAAO,CAChD,OACA,SAmBK,CACL,GAAM,CAAE,uBAAsB,kBAAiB,oBAC9C,KAAM,IAA4B,CACjC,KAAM,CACL,OAAQ,EAAK,UACb,QAAS,EAAK,WACd,cAAe,EAAK,iBACpB,0BAA2B,EAAK,8BAEjC,IAAK,KACD,KAcN,GAVI,EAAK,UAAY,IACpB,QAAQ,IACP,GAAqC,CACpC,uBACA,kBACA,sBAKC,CAAE,IAAwB,GAAkB,CAC/C,GAAI,CAAC,EACJ,cAAQ,MAAM,8BACR,GAAI,OAAM,8BAEjB,GAAI,CAAC,EACJ,cAAQ,MAAM,yBACR,GAAI,OAAM,yBAIlB,MAAO,CAAE,uBAAsB,oBH/CzB,GAAM,IAAyD,KACrE,IACI,CAhBL,QAiBC,GAAM,CACL,IAAK,CAAE,YAAa,GACpB,UACG,EACE,CAAE,uBAAsB,mBAC7B,KAAM,IAA2B,CAChC,KAAM,GACN,IAAK,KAAK,QAAQ,OAGd,EAAY,GAAI,cAAU,CAC/B,YAAa,EAAqB,MAClC,OAAQ,GAAU,EAAgB,QAG7B,EAAqB,GAAI,uBAAmB,CACjD,MAAO,IAIF,EACL,MAFyB,MAAM,GAAU,KAAK,IAE5B,cAAlB,cAA+B,uBAA/B,cAAsD,GAEvD,GAAI,IAAwB,OAC3B,KAAM,IAAI,OAAM,4CAGjB,MAAO,MACA,SAAQ,EAAoC,CACjD,GAAM,GAAiB,GAAI,mBAAe,CACzC,MAAO,EACP,UAAW,OAAO,KAAK,GACvB,oBAAqB,IAEhB,EAAmB,KAAM,GAAU,KAAK,GAE9C,GAAI,CAAC,EAAiB,eACrB,KAAM,IAAI,OACT,2BAA2B,KAAK,UAAU,CACzC,sBASH,MAJmB,QAAO,KAAK,EAAiB,gBAAgB,SAC/D,gBAKI,SAAQ,EAAqC,CAClD,GAAM,GAAiB,GAAI,mBAAe,CACzC,MAAO,EACP,eAAgB,OAAO,KAAK,EAAY,UACxC,oBAAqB,IAGhB,EAAmB,KAAM,GAAU,KAAK,GAE9C,GAAI,CAAC,EAAiB,UACrB,KAAM,IAAI,OACT,2BAA2B,KAAK,UAAU,CACzC,WAAY,EACZ,eAAgB,OAKnB,GAAM,GAAiB,OAAO,KAAK,EAAiB,WAAW,WAE/D,MAAI,MAAK,SACR,QAAQ,KAAK,mBAAmB,MAG1B,GAER,MAAO,IAAM,KI7Ff,OAAyB,+BACzB,GAAoB,sBACpB,GAAiB,wBAEJ,GAAuB,KACnC,IAEO,KAAM,YAAG,SAAS,EAAU,SAGvB,GAAsB,MAClC,EACA,IAEO,KAAM,YAAG,UAAU,EAAU,EAAU,SAGlC,GAAa,KAAO,IAAqC,CACrE,GAAI,CACH,YAAM,YAAK,GACJ,QACN,CACD,MAAO,KAII,GAA8B,MAAO,CACjD,WACA,UAIK,CACL,GAAI,GAEJ,MAAK,MAAM,IAAW,IAAc,IAAS,GAC5C,EAAoB,KAAM,eAAQ,CACjC,KAAM,UACN,KAAM,YACN,QAAS,IACD,gBAAgB,WAAK,SAAS,QAAQ,MAAO,UAItD,EAAoB,OAEd,GCrCR,OAAiB,wBCTjB,MAAoB,yBACpB,GAAe,sBAEF,GAAkB,AAAC,GAU1B,CACL,GAAM,GAAsB,AAAG,kBACzB,EAAS,WAAG,aAAa,EAAQ,WAAY,QAE7C,EACL,AAAoB,GACpB,AAAC,GAAgB,CAChB,WAAe,EAAwB,CApB1C,wCAsBI,GADA,EAAO,AAAG,iBAAe,EAAM,EAAO,GAClC,EAAK,OAAS,AAAG,aAAW,cAAe,CAC9C,GAAM,GAAU,uBAAM,SAAN,cAAc,SAAd,cAAsB,OACtC,GAAI,YAAQ,SAAR,cAAgB,MAAhB,cAAqB,MAArB,cAA0B,WACzB,qBAAS,WAAW,KAApB,cAAwB,aAAc,MAAO,CAChD,GAAM,GAAU,oBAAS,SAAT,cAAiB,OACjC,GAAI,kBAAS,WAAW,GAAG,aAAc,MAKxC,MAAO,AAAG,uBACT,WAAQ,SAAR,cAAgB,MAAhB,cAAqB,MAArB,cAA0B,UAK9B,GAAI,SAAQ,SAAR,cAAgB,MAAhB,cAAqB,SACpB,wBAAM,SAAN,cAAc,WAAW,KAAzB,cAA6B,aAAc,SAAU,CACxD,GAAM,GAAU,uBAAM,SAAN,cAAc,SAAd,cAAsB,OAGtC,GAAI,kBAAS,WAAW,GAAG,aAAc,MACxC,MAAO,AAAG,uBAAoB,QAAQ,SAAR,cAAgB,MAAhB,cAAqB,SAMvD,MAAO,GAER,MAAO,AAAG,aAAU,EAAU,IAG1B,EAA4B,AAAG,mBACpC,UACA,EACA,AAAG,eAAa,OAChB,GACA,AAAG,aAAW,IAIT,EACL,AAAG,YAAyB,EAAY,CAAC,IAEpC,EAAuC,EAAO,YAAY,GAE1D,EAAoB,EAAQ,UAAU,GAC5C,SAAO,UAEA,GCtED,GAAM,IAA6B,mBAC7B,GAAsB,CAAC,IACvB,GAAiC,OACjC,GAAiC,OACjC,GAAmC,eACnC,GAAwC,eAExC,EAA8B,CAC1C,OAAQ,CACP,IAAK,CACJ,IAAK,CACJ,SAAU,IAEX,IAAK,CACJ,cAAe,OCIZ,GAAM,IAAiC,CAC7C,OAAQ,CACP,QAAS,CACR,QAAS,CAAC,YAAa,iBAAkB,IACzC,WAAY,CACX,+CACA,cACA,MAIH,KAAM,CACL,QAAS,CACR,QAAS,CAAC,YAAa,iBAAkB,IACzC,WAAY,CACX,+CACA,cACA,IAGD,IAAK,CAAC,QAAS,oBAAqB,IACpC,IAAK,CAAC,QAAS,oBAAqB,IACpC,IAAK,CAAC,QAAS,4BAA6B,IAC5C,YAAa,CACZ,gCACA,6FACA,gBAED,UAAW,CACV,2BACA,kGAsCH,QAAS,CACR,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,QAAS,4BAA6B,MAG9C,QAAS,CACR,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,cAAe,oBAAqB,IAC1C,IAAK,CAAC,QAAS,4BAA6B,MAoB9C,IAAK,CACJ,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,uBAGvB,KAAM,CACL,aAAc,CAAC,UACf,QAAS,CACR,SAAU,CAAC,2BAA4B,mBACvC,oBAAqB,CACpB,kDACA,+BAED,uBAAwB,CACvB,wDACA,kCAGD,IAAK,CAAC,cAAe,qBACrB,IAAK,CAAC,cAAe,qBACrB,IAAK,CAAC,QAAS,4BAA6B,IAC5C,YAAa,CACZ,gCACA,6FACA,gBAED,UAAW,CACV,2BACA,mGAME,GAAsB,CAC3B,EACA,EACA,EAA2D,KACO,CAClE,GAAM,GAAU,EAAM,GACtB,GAAI,EACH,MAAI,GAAQ,aACJ,iBAAS,aAAa,OAC5B,CAAC,EAAK,IAAyB,CAC9B,GAAM,GAAI,GAAoB,EAAO,EAAsB,GAC3D,MAAO,MAAK,IAEb,CACC,QAAS,OAAK,EAAO,SAAY,EAAQ,SACzC,gBAAiB,OACb,EAAO,iBACP,EAAQ,mBAKP,CACN,QAAS,OAAK,EAAO,SAAY,EAAQ,SACzC,gBAAiB,OACb,EAAO,iBACP,EAAQ,mBAOH,EAAoB,CAAC,EAAkB,IAAyB,CAC5E,GAAM,GAAiB,GACtB,GACA,GAAe,EAAQ,QAGxB,AAAI,kBAAgB,UACnB,OAAO,OAAO,EAAe,SAAS,QACrC,CAAC,CAAC,EAAQ,EAAa,KAAkB,CACxC,EAAQ,OAAO,EAAQ,EAAa,KAInC,kBAAgB,kBACnB,OAAO,OAAO,EAAe,iBAAiB,QAC7C,CAAC,CAAC,EAAQ,EAAa,KAAkB,CACxC,EAAQ,eAAe,EAAQ,EAAa,MHvLhD,GAAM,IAAiB,KAAO,IAAqB,CAClD,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,QACR,OAAO,MAAO,EAAmB,IAAqB,CA3BzD,gBA4BG,GAAM,CACL,UACA,aACA,IAAK,EACL,IAAK,EACL,cACA,YACA,OACG,EAAQ,kBAGZ,GAAI,CACH,GAAI,GAEJ,EAAmB,KAAM,IAA2B,CACnD,UACA,OACC,GACA,QAAQ,IAAI,YACZ,SAAc,SAAd,cAAsB,MAAtB,cAA2B,QAC5B,IAAK,CACJ,SAAU,GAAe,+BAAe,SAAf,cAAuB,MAAvB,cAA4B,MAA5B,cAAiC,aAK5D,GAAM,GAAe,KAAM,IAAqB,GAG1C,EAAa,KAAM,GAAiB,QAAQ,GAE5C,EAA0B,KAAM,IAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,IAAoB,EAAgB,GAE1C,QAAQ,IACP,+BAA+B,EAC9B,uBACqB,EAAO,OAI/B,GAAM,GAAwB,GAAgB,CAC7C,WAAY,WAAK,QAChB,UACA,wCAED,OAAQ,CACP,IAAK,CACJ,IAAK,CACJ,SAAU,GAAe,IAE1B,OAAQ,GAAa,QAAQ,IAAI,eAI9B,EAAgC,KAAM,IAC3C,CACC,SAAU,EACV,KAAM,IAGR,AACC,KAAkC,QAClC,EAA8B,YAAc,KAE5C,MAAM,IAAoB,EAAY,GACtC,QAAQ,IAAI,wBAAwB,EAAO,aAEpC,EAAP,CACD,EAAQ,MAAM,MAIjB,SAAkB,GAEX,GAGD,GAAQ,GIjHf,OAAe,sBAGf,GAAsB,qBCHtB,OAAiB,wBAEjB,GAA8B,6BAC9B,GAAmB,qBCHnB,OAAe,iBACf,GAAiB,wBAEV,YAAoB,EAAc,CACxC,GAAI,CACH,MAAO,IAAI,UAAS,UAAU,EAAK,iBAClC,CAGD,MAAO,IAIF,GAAM,IAAW,KAAO,IAAqB,CACnD,GAAI,CACH,MAAO,IAAW,KAAM,YAAG,SAAS,SAAS,EAAU,eAC/C,EAAP,CACD,KAAI,aAAiB,OACd,GAAI,OACT,mBAAmB,WAAK,SAAS,QAAQ,MAAO,OAC/C,EAAM,WAIF,IDfF,GAAM,IAAY,KACxB,IACoC,CAXrC,4FAYC,GAAM,GAAM,QAAQ,MAEd,EAAa,KAAM,AADJ,IAAI,cACa,QAAQ,CAC7C,MAAO,EAAW,CAAC,GAAY,CAAC,GAAG,GAAqB,gBACxD,MACA,QAAS,WAAK,MAAM,GAAK,KACzB,WAAY,WAEb,GAAI,GAAY,IAAe,KAC9B,KAAM,IAAI,OAAM,8BAA8B,KAE/C,GAAI,GACH,GAAI,EAAW,SAAS,SAAU,CACjC,GAAM,GAAW,KAAM,IAAS,GAE5B,EAEJ,MACC,GAAW,SAAS,iBACnB,EAA8C,SAAW,OAE1D,EAAQ,EAA8C,OAEtD,EAAO,EAGD,CACN,OAAQ,OACR,SAAU,SACN,GACA,GAFM,CAGT,OAAQ,SACJ,iBAAM,QACN,EAAc,QAFV,CAGP,OAAQ,OACJ,oBAAM,SAAN,cAAc,QACd,wBAAe,SAAf,cAAuB,QAE3B,IAAK,SACD,oBAAM,SAAN,cAAc,KACd,wBAAe,SAAf,cAAuB,KAFtB,CAGJ,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,eAAgB,OACZ,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,gBAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,+BAMhB,EAAW,SAAS,OAAQ,CACtC,GAAM,GAAsB,KAAM,qBAAc,CAC/C,SAAU,IAEL,EAAQ,EAAoB,IAAI,QACrC,EAAoB,IAAI,SACxB,EAAoB,IAErB,MAAO,CACN,OAAQ,KACR,SAAU,SACN,GACA,GAFM,CAGT,OAAQ,SACJ,iBAAM,QACN,EAAc,QAFV,CAGP,OAAQ,OACJ,oBAAM,SAAN,cAAc,QACd,wBAAe,SAAf,cAAuB,QAE3B,IAAK,SACD,oBAAM,SAAN,cAAc,KACd,wBAAe,SAAf,cAAuB,KAFtB,CAGJ,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,IAAK,OACD,2BAAe,SAAf,cAAuB,MAAvB,cAA4B,KAC5B,QAAK,SAAL,cAAa,MAAb,cAAkB,KAEtB,eAAgB,OACZ,8BAAe,SAAf,cAAuB,MAAvB,eAA4B,gBAC5B,UAAK,SAAL,eAAa,MAAb,eAAkB,wBAS5B,MAAO,CAAE,OAAQ,gBAAiB,SAAU,IDrG7C,OAA0B,iCAEpB,GAAe,CACpB,EACA,IAGI,CAjBL,MAkBC,GAAM,GAAa,EACjB,QAAQ,qBACR,qBACA,YACA,qGAEA,OACA,MACC,EACA,EACA,IACI,CA7BR,UA8BI,GAAM,CACL,aACA,IAAK,EACL,IAAK,EACL,WACA,UACG,EAAQ,kBAEN,CACL,SAAU,CAAE,UAAW,IACpB,KAAM,IAAU,GAEd,EAAmB,KAAM,IAA2B,CACzD,QAAS,GACT,IAAK,CACJ,SACC,GACA,wBAAQ,MAAR,cAAa,MAAb,cAAkB,WAClB,IAEF,OAAQ,GAAU,qBAAQ,MAAR,cAAa,UAG5B,EAEJ,GAAI,EACH,EAAc,WAAG,aAAa,EAAQ,gBAC5B,EAAQ,CAClB,GAAM,GAAiB,WAAG,aAAa,EAAQ,QAC/C,EAAc,KAAM,GAAiB,QAAQ,OAE7C,MAAM,IAAI,OAAM,0CAEjB,GAAI,EAAa,CAChB,GAAM,GAAa,aAAM,GACnB,CAAC,KAAgB,GAAmB,EAC1C,iBAAU,EAAa,CAAC,GAAG,GAAkB,CAC5C,MAAO,UACP,MAAO,GACP,IAAK,SACD,QAAQ,KACR,GAFC,CAGJ,eAAgB,KAAK,UAAU,OAAO,KAAK,QAI7C,EAAQ,WAER,MAAM,IAAI,OAAM,mCAKpB,SAAkB,EAAY,OAC9B,oBAAS,MAAT,QAAc,IAAI,AAAC,GAAQ,CAC1B,GAAM,CAAE,UAAS,mBAAoB,EACrC,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CAEtC,EAAW,OAAO,GAAG,KAGnB,GACH,OAAO,OAAO,GAAiB,IAAI,AAAC,GAAmB,CAEtD,EAAW,OAAO,GAAG,OAKjB,GAGD,GAAQ,GGsIR,GAAM,IAAY,AAAC,GAClB,MAAO,IAAU,UC3OzB,OAAe,sBAQf,OAAsB,qBCXtB,OAAoB,sBACP,GAAgB,MAAO,CACnC,YACA,OACA,aAMI,IAAS,GACL,CAAE,QAAS,IAEH,GAAY,KAAM,KAAc,IAEvC,KAAM,eAAQ,CACpB,KAAM,UACN,KAAM,UACN,QAAS,IACD,IAKJ,CAAE,QAAS,ICxBnB,OAIO,kCAGA,GAAM,IAAS,KAAO,IAEvB,CACL,GAAM,CAAE,UAAW,GAAW,GAExB,CAAE,uBAAsB,mBAC7B,KAAM,IAA2B,CAChC,KAAM,GACN,IAAK,KAAK,QAAQ,OAGd,EAAY,GAAI,cAAU,CAC/B,YAAa,EAAqB,MAClC,OAAQ,GAAU,EAAgB,QAGnC,MAAO,MACA,KAAI,EAA4D,CACrE,OAAW,KAAuB,GAAsB,CACvD,GAAM,GAAU,GAAI,wBAAoB,OACpC,GADoC,CAEvC,UAAW,MAEZ,KAAM,GAAU,KAAK,OC9BzB,MAOO,8CAGA,GAAM,IAAoB,KAAO,IAElC,CACL,GAAM,CAAE,UAAW,GAAW,GAExB,CAAE,uBAAsB,mBAC7B,KAAM,IAA2B,CAChC,KAAM,GACN,IAAK,KAAK,QAAQ,OAGd,EAAuB,GAAI,wBAAqB,CACrD,YAAa,EAAqB,MAClC,OAAQ,GAAU,EAAgB,QAGnC,MAAO,MACA,MAAK,EAA6C,CACvD,GAAM,GAA8C,GACpD,QAAQ,IAAI,yBAA0B,GACtC,GAAM,GAA8C,GACpD,OAAW,KAAuB,GAAsB,CAGvD,GAAM,GAAwB,GAAI,yBAAsB,CACvD,SAAU,EAAoB,OAE/B,GAAI,CACH,GAAM,GAAS,KAAM,GAAqB,KAAK,GAC/C,QAAQ,IAAI,WAEZ,EAAqB,KACpB,GAAI,uBAAoB,CACvB,SAAU,EAAO,IACjB,aAAc,EAAoB,sBAG5B,EAAP,CACD,AAAI,YAAa,8BAEhB,SAAQ,IAAI,WAEZ,EAAqB,KACpB,GAAI,uBAAoB,CACvB,KAAM,EAAoB,KAC1B,aAAc,EAAoB,kBAOvC,MAAO,CACN,uBACA,uBACA,KAAM,SAAY,CACjB,OAAW,KAAuB,GACjC,KAAM,GAAqB,KAAK,GAGjC,OAAW,KAAuB,GACjC,KAAM,GAAqB,KAAK,QHpDtC,GAAM,IAAiB,KAAO,IAAqB,CAClD,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,QACR,OAAO,MAAO,EAAU,IAAqB,CAxBhD,8BAyBG,GAAM,CACL,aACA,UACA,MACA,MACA,cACA,YACA,MACA,WACA,sBACA,0BACG,EAAQ,kBACZ,GAAI,CAAE,IAAY,GAAuB,GACxC,KAAM,IAAI,OACT,0GAGF,GAAM,CAAE,SAAU,GAAiB,KAAM,IAAU,GAE/C,EAEJ,GAAI,EAAK,CACR,GAAM,GAAiB,GAAU,GAC9B,GACA,EACH,EAAc,WAAG,aAAa,EAAgB,gBACpC,EAAK,CACf,GAAM,GAAiB,GAAU,GAC9B,GACA,EACG,EAAiB,WAAG,aAAa,EAAgB,QAYvD,EAAc,KAAM,AAXK,MAAM,IAA2B,CACzD,UACA,OACC,GACA,QAAQ,IAAI,YACZ,SAAa,SAAb,cAAqB,MAArB,cAA0B,QAC3B,IAAK,CACJ,SAAU,GAAe,2BAAc,SAAd,cAAsB,MAAtB,cAA2B,MAA3B,cAAgC,cAItB,QAAQ,OAE7C,MAAM,IAAI,OAAM,0CAGjB,GAAM,GAAY,aAAM,GAGxB,GAAI,CACH,GAAI,EAAU,CACb,GAAM,GAAc,uBAAc,SAAd,cAAsB,MAAtB,cAA2B,IACzC,EAAU,kBAAa,gBAAiB,eAExC,EAAa,kBAAa,aAAc,GACxC,EAAuB,OAAO,QAAQ,GAAW,OAErD,CAAC,EAAK,CAAC,EAAK,KAAW,CAnF9B,aAoFM,GAAI,KAAa,YAAb,cAAyB,GAAM,CAClC,GAAM,GAAQ,KAAa,YAAb,cAAyB,GACvC,GAAI,EAAO,CACV,GAAM,IAAU,GAAG,IAAa,IAChC,GAAI,SAAM,OAAN,cAAY,MAAZ,eAAiB,IAAK,CACzB,GAAM,IAA2C,GAChD,EAAM,KAAK,IAAI,KAEb,CACA,KAAM,GACN,MAAO,EACP,KAAM,GAEN,KACA,KAAM,GACN,KAAM,GACH,EAAM,KAAK,IAAI,KAHlB,CAIA,MAAO,IAGV,EAAI,KAAK,MAMZ,MAAO,IACL,IAEG,CAAE,WAAY,KAAM,IAAc,CACvC,QAAS;AAAA,EACb,EACA,IAAI,CAAC,CAAE,UAAW,KAAK,EAAO,GAAQ,gBACtC,KAAK;AAAA,KACD,KAAM,IAGP,AAAI,IAAY,IACf,SAAQ,IAAI,sCAKZ,KAAM,AAJM,MAAM,IAAO,CACxB,OAAQ,GAAa,wBAAc,SAAd,cAAsB,MAAtB,cAA2B,WAGvC,IAAI,IAKhB,GAAI,EAAqB,CAExB,GAAM,GACL,uBAAc,SAAd,cAAsB,MAAtB,cAA2B,eACtB,EAAa,kBAAwB,aAAc,GACnD,EAAqB,KAAM,IAAkB,CAClD,OACC,GACA,QAAQ,IAAI,YACZ,SAAa,SAAb,cAAqB,MAArB,cAA0B,UAGtB,EAAuB,OAAO,QAAQ,GAAW,OAErD,CAAC,EAAK,CAAC,EAAK,KAAW,CAlJ9B,eAmJM,GAAI,MAAa,YAAb,eAAyB,GAAM,CAClC,GAAM,IAAQ,KAAa,YAAb,cAAyB,GACvC,GAAI,GAAO,CACV,GAAM,GAAU,GAAG,IAAa,IAChC,GAAI,WAAM,OAAN,eAAY,MAAZ,eAAiB,IAAK,CACzB,GAAM,GAA2C,GAChD,GAAM,KAAK,IAAI,KAEb,CACA,KAAM,EACN,aAAc,GAEd,KACA,KAAM,GACH,GAAM,KAAK,IAAI,KAFlB,CAGA,aAAc,IAGjB,EAAI,KAAK,KAKZ,MAAO,IACL,IACG,CAAE,OAAM,uBAAsB,wBACnC,KAAM,GAAmB,KAAK,GACzB,EAA2B,GACjC,GAAI,EAAqB,OAAS,EAAG,CACpC,GAAM,CAAE,QAAS,GAAkB,KAAM,IAAc,CACtD,QAAS;AAAA,EACd,EACA,IAAI,CAAC,CAAE,MAAO,CAAE,eAAiB,KAAK,EAAO,GAAY,gBACzD,KAAK;AAAA,KACA,KAAM,IAGP,EAAc,KAAK,GAEpB,GAAI,EAAqB,OAAS,EAAG,CACpC,GAAM,CAAE,QAAS,GAAkB,KAAM,IAAc,CACtD,QAAS;AAAA,EACd,EACA,IAAI,CAAC,CAAE,MAAO,CAAE,WAAa,KAAK,EAAO,GAAQ,gBACjD,KAAK;AAAA,KACA,KAAM,IAGP,EAAc,KAAK,GAEpB,AAAI,EAAc,KAAK,AAAC,GAAM,IAAM,MAAW,QAC9C,SAAQ,IAAI,mCAEZ,KAAM,MAIR,GAAI,EAAwB,CAE3B,GAAM,GAAuB,OAAO,QAAQ,GAAW,OAErD,CAAC,EAAK,CAAC,EAAK,KAAW,CAhN9B,YAiNM,GAAI,KAAa,YAAb,cAAyB,GAAM,CAClC,GAAM,GAAQ,KAAa,YAAb,cAAyB,GACvC,AAAI,GACC,SAAM,OAAN,cAAY,SAAZ,cAAoB,iBACvB,EAAI,KAAK,CACR,KAAM,EACN,UAMJ,MAAO,IACL,IAEH,QAAQ,IAAI,uBAAwB,UAE7B,EAAP,CACD,EAAQ,MAAM,MAIjB,SAAkB,GAEX,GAGD,GAAQ,GI5Nf,GAAM,IAAoB,MACzB,EACA,IAGI,CACJ,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,WACR,OAAO,MAAO,EAAmB,IAAqB,CACtD,GAAI,CACH,GAAM,CAEL,IAAK,EACL,IAAK,EACL,OACG,EAAQ,kBACN,EAAmB,OAAO,KAAK,GAAU,OAE7C,CAAC,EAAK,IACF,GACG,EAAQ,WAAW,KAAK,AAAC,GACxB,EAAW,gBAAkB,GAIpC,QAEH,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DAA+D,EAAQ,WACrE,IAAI,AAAC,GAAM,KAAK,EAAE,iBAClB,KAAK,SAIT,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,EAAiB,SAAW,IAC3C,GAAG,OAAO,KAAK,EAAiB,iBAAmB,KAG9C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAIlB,EAAe,KAAM,IAAqB,GAE1C,EAAa,KAAM,GAAiB,QAAQ,GACjD,UAAW,GACR,IAGE,EAA0B,KAAM,IAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,IAAoB,EAAgB,GAC1C,QAAQ,IACP,+BAA+B,EAC9B,cACY,EAAO,aAGd,EAAP,CACD,QAAQ,MAAM,EAAO,EAAE,UACvB,EAAQ,UAIX,SAAQ,WAAW,IAAI,AAAC,GAAe,CACtC,GAAM,CAAE,UAAS,mBAAoB,EACrC,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CAEtC,EAAW,OAAO,GAAG,KAGnB,GACH,OAAO,OAAO,GAAiB,IAAI,AAAC,GAAmB,CAEtD,EAAW,OAAO,GAAG,OAIxB,EAAkB,GAEX,GAGD,GAAQ,GChGf,GAAM,IAAoB,MACzB,EACA,IAGI,CACJ,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,WACR,OAAO,MAAO,EAAmB,IAAqB,CACtD,GAAI,CACH,GAAM,CAEL,IAAK,EACL,IAAK,EACL,OACG,EAAQ,kBAEN,EAAmB,OAAO,KAAK,GAAU,OAE7C,CAAC,EAAK,IACF,GACG,EAAQ,WAAW,KAAK,AAAC,GACxB,EAAW,gBAAkB,GAIpC,QAEH,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DAA+D,EAAQ,WACrE,IAAI,AAAC,GAAM,KAAK,EAAE,iBAClB,KAAK,SAIT,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,EAAiB,SAAW,IAC3C,GAAG,OAAO,KAAK,EAAiB,iBAAmB,KAG9C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAGxB,QAAQ,IAAI,iBAAkB,GAE9B,GAAM,GAAe,KAAM,IAAqB,GAE1C,EAAY,KAAM,GAAiB,QAAQ,GAChD,WAAY,GACT,IAGE,EAA0B,KAAM,IAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,IAAoB,EAAgB,GAC1C,QAAQ,IACP,+BAA+B,EAC9B,cACY,EAAO,OAItB,QAAQ,IAAI,YAAa,SACjB,EAAP,CACD,QAAQ,MAAM,EAAO,EAAE,UACvB,EAAQ,UAIX,SAAQ,WAAW,IAAI,AAAC,GAAe,CACtC,GAAM,CAAE,UAAS,mBAAoB,EACrC,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CAEtC,EAAW,OAAO,GAAG,KAGnB,GACH,OAAO,OAAO,GAAiB,IAAI,AAAC,GAAmB,CAEtD,EAAW,OAAO,GAAG,OAIxB,EAAkB,GAEX,GAGD,GAAQ,GCpHf,OAAmB,qBACnB,GAAiB,mBAGjB,OAA8B,6BAYjB,GAA6B,mBAC7B,GAAsB,CAAC,IAK7B,GAAM,IAAqC,GA+HrC,GAAmB,KAAO,IAG/B,2BAAO,EAAP,QAAO,EAAQ,QAAM,KAAK,AAAC,GAC1B,EAAS,SASL,GAAmB,KAC/B,IAC2C,CAC3C,GAAM,GAAM,QAAQ,MAEd,EAAa,KAAM,AADJ,IAAI,cACa,QAAQ,CAC7C,MAAO,EAAW,CAAC,GAAY,CAAC,GAAG,GAAqB,gBACxD,MACA,QAAS,WAAK,MAAM,GAAK,KACzB,WAAY,WAEb,GAAI,GAAY,IAAe,KAC9B,KAAM,IAAI,OAAM,8BAA8B,KAE/C,GAAI,GACH,GAAI,EAAW,SAAS,SAAU,CACjC,GAAM,GAAW,KAAM,IACtB,GAGG,EAEJ,MACC,GAAW,SAAS,iBACnB,EAAqD,SACrD,OAED,EAAQ,EAAqD,OAE7D,EAAO,EAGD,CACN,OAAQ,OACR,SAAU,SACN,IACA,GAFM,CAGT,QAAS,OACL,iBAAM,SACN,GAAc,SAElB,UAAW,KACP,iBAAM,sBAIF,EAAW,SAAS,OAAQ,CACtC,GAAM,GAAsB,KAAM,qBAAc,CAC/C,SAAU,IAEL,EAAQ,EAAoB,IAAI,QACrC,EAAoB,IAAI,SACxB,EAAoB,IAErB,MAAO,CACN,OAAQ,KACR,SAAU,SACN,IACA,GAFM,CAGT,QAAS,OACL,iBAAM,SACN,GAAc,SAElB,UAAW,KACP,iBAAM,eAOd,MAAO,CAAE,OAAQ,gBAAiB,SAAU,KpBzN7C,OAAuC,kBAEjC,GAA+B,CACpC,QAAS,YACT,KAAM,SACN,WAAY,CACX,KAAM,SACN,YAAa,mBAEd,UAAW,GACX,MAAO,GACP,OAAQ,GACR,QAAS,AAAC,GAAW,CAAC,EAAM,IAAQ,CACnC,GAAI,EAAK,CACR,GAAM,CAAE,aAAY,sBAAuB,EAC3C,SAAW,GAAsB,IAAS,GAAK,GAAK,EAAK,MAAM,GACxD,OAEP,OAAO,KAKJ,EAAU,GAAI,YAEpB,AAAC,UAAY,CAEZ,GAAM,GAAY,QAAQ,KAAK,KAAK,AAAC,GAAQ,EAAI,WAAW,OAEtD,EAAa,EAChB,EAAU,SAAS,KAClB,EAAU,MAAM,KAAK,GACrB,QAAQ,KAAK,QAAQ,KAAK,QAAQ,GAAa,GAChD,OACG,CAAE,SAAU,EAAS,IAAO,KAAM,IAAiB,GACnD,CAAE,UAAS,aAAc,EAE/B,EACE,KAAK,UACL,YAAY,oBACZ,QAAQ,SACR,0BACA,OAAO,CAAC,EAAU,IAAmB,CACrC,EAAM,SAGR,EAAkB,GAElB,GAAM,GAA2C,GACjD,AAAI,GACH,OAAO,QAAQ,GAAS,QACvB,CAAC,CAAC,EAAY,KAAuD,CACpE,AAAI,kBAAc,SACjB,GAAc,GAAc,iBAAc,UAM9C,OAAO,OAAO,GAAa,IAAI,QAAQ,AAAC,GAAa,CACpD,AAAI,kBAAU,OACb,OAAO,KAAK,EAAS,MAAM,QAAQ,AAAC,GAAe,CAClD,AAAK,EAAc,IAClB,GAAc,GAAc,kBAAkB,SAMlD,QAAQ,IAAI,gBAAiB,GAE7B,GAAM,GAAM,GAAI,YAAI,CACnB,UAAW,GACX,iBAAkB,GAClB,YAAa,GACb,YAAa,GACb,gBAAiB,GACjB,cAAe,GACf,SAAU,CAAC,MAIN,EAAsD,GACtD,EAAsD,GACtD,EAA8C,GAEpD,OAAW,KAAc,QAAO,KAAK,GAAgB,CACpD,GAAM,GAAe,EAAc,GAC7B,EAAmB,KAAM,IAAiB,CAAE,KAAM,IAClD,CAAE,gBAAe,YAAa,GAAQ,KAAM,GAAiB,CAClE,MACA,aAAc,IAGf,AAAI,kBAAK,UACR,EAAyB,KAAK,EAAI,SAE/B,kBAAK,UACR,EAAyB,KAAK,EAAI,SAE/B,kBAAK,MACR,EAAqB,KAAK,EAAI,KAE3B,GACH,EAAc,CAAE,YAGlB,AAAI,EAAyB,QAC5B,KAAM,IAAkB,EAAS,CAChC,WAAY,IAGV,EAAyB,QAC5B,KAAM,IAAkB,EAAS,CAChC,WAAY,IAKd,KAAM,IAAe,GACrB,KAAM,IAAc,EAAS,CAAE,IAAK,IAGpC,KAAM,IAAe,GACrB,KAAM,GAAQ",
3
+ "sources": ["../../src/cli/index.ts", "../../src/constants.ts", "../../src/lib/json.ts", "../../src/lib/getConfig.ts", "../../src/lib/loadDotsecPlugin.ts", "../../src/lib/io.ts", "../../src/utils/logging.ts", "../../src/cli/options.ts", "../../src/cli/commands/decrypt.ts", "../../src/cli/commands/encrypt.ts", "../../src/lib/transformer.ts", "../../src/cli/commands/init.ts", "../../src/cli/commands/push.ts", "../../src/cli/commands/run.ts"],
4
+ "sourcesContent": ["import { Command } from \"commander\";\n\nimport { getMagicalConfig } from \"../lib/getConfig\";\nimport { loadDotsecPlugin } from \"../lib/loadDotsecPlugin\";\nimport {\n\tDotsecCliPluginDecryptHandler,\n\tDotsecCliPluginEncryptHandler,\n\tDotsecCliPluginPushHandler,\n\tDotsecPluginConfig,\n} from \"../types/plugin\";\nimport addDecryptProgram from \"./commands/decrypt\";\n// import addPushProgram from \"./commands/push\";\nimport addEncryptProgram from \"./commands/encrypt\";\nimport addInitCommand from \"./commands/init\";\nimport addPushProgram from \"./commands/push\";\nimport addRunCommand from \"./commands/run\";\nimport { setProgramOptions } from \"./options\";\nimport Ajv, { KeywordDefinition } from \"ajv\";\nimport yargsParser from \"yargs-parser\";\n\nconst separator: KeywordDefinition = {\n\tkeyword: \"separator\",\n\ttype: \"string\",\n\tmetaSchema: {\n\t\ttype: \"string\",\n\t\tdescription: \"value separator\",\n\t},\n\tmodifying: true,\n\tvalid: true,\n\terrors: false,\n\tcompile: (schema) => (data, ctx) => {\n\t\tif (ctx) {\n\t\t\tconst { parentData, parentDataProperty } = ctx;\n\t\t\tparentData[parentDataProperty] = data === \"\" ? [] : data.split(schema);\n\t\t\treturn true;\n\t\t} else {\n\t\t\treturn false;\n\t\t}\n\t},\n};\n\nconst program = new Command();\n\n(async () => {\n\tconst parsedOptions = yargsParser(process.argv);\n\tconst argvPluginModules: string[] = [];\n\tif (parsedOptions.plugin) {\n\t\tif (Array.isArray(parsedOptions.plugin)) {\n\t\t\targvPluginModules.push(...parsedOptions.plugin);\n\t\t} else {\n\t\t\targvPluginModules.push(parsedOptions.plugin);\n\t\t}\n\t}\n\tif (parsedOptions.p) {\n\t\tif (Array.isArray(parsedOptions.p)) {\n\t\t\targvPluginModules.push(...parsedOptions.p);\n\t\t} else {\n\t\t\targvPluginModules.push(parsedOptions.p);\n\t\t}\n\t}\n\n\tconst configFile = [\n\t\t...(Array.isArray(parsedOptions.config)\n\t\t\t? parsedOptions.config\n\t\t\t: [parsedOptions.config]),\n\t\t...(Array.isArray(parsedOptions.c) ? parsedOptions.c : [parsedOptions.c]),\n\t]?.[0];\n\n\tconst { contents: config = {} } = await getMagicalConfig(configFile);\n\tconst { defaults, variables } = config;\n\n\tprogram\n\t\t.name(\"dotsec\")\n\t\t.description(\".env, but secure\")\n\t\t.version(\"1.0.0\")\n\t\t.enablePositionalOptions()\n\t\t.action((_options, other: Command) => {\n\t\t\tother.help();\n\t\t});\n\n\tsetProgramOptions(program);\n\tconst ajv = new Ajv({\n\t\tallErrors: true,\n\t\tremoveAdditional: true,\n\t\tuseDefaults: true,\n\t\tcoerceTypes: true,\n\t\tallowUnionTypes: true,\n\t\taddUsedSchema: false,\n\t\tkeywords: [separator],\n\t});\n\t// if we have plugins in the cli, we need to define them in pluginModules\n\tconst pluginModules: { [key: string]: string } = {};\n\tif (argvPluginModules.length > 0) {\n\t\tfor (const pluginModule of argvPluginModules) {\n\t\t\t// let's load em up\n\t\t\tconst plugin = await loadDotsecPlugin({ name: pluginModule });\n\n\t\t\t// good, let's fire 'em up\n\t\t\tconst loadedPlugin = await plugin({ dotsecConfig: config, ajv });\n\t\t\tpluginModules[loadedPlugin.name] = pluginModule;\n\n\t\t\tif (argvPluginModules.length === 1) {\n\t\t\t\t// if we only have one plugin, let's set it as the default\n\t\t\t\tconfig.defaults = {\n\t\t\t\t\t...config.defaults,\n\t\t\t\t\tencryptionEngine: String(loadedPlugin.name),\n\t\t\t\t\tplugins: {\n\t\t\t\t\t\t...config.defaults?.plugins,\n\t\t\t\t\t\t[loadedPlugin.name]: {\n\t\t\t\t\t\t\t...config.defaults?.plugins?.[loadedPlugin.name],\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t};\n\t\t\t}\n\t\t}\n\t}\n\n\tif (defaults?.encryptionEngine) {\n\t\tif (!defaults?.plugins?.[defaults.encryptionEngine]) {\n\t\t\tdefaults.plugins = {\n\t\t\t\t...defaults.plugins,\n\t\t\t\t[defaults.encryptionEngine]: {},\n\t\t\t};\n\t\t}\n\t}\n\tif (defaults?.plugins) {\n\t\tObject.entries(defaults?.plugins).forEach(\n\t\t\t([pluginName, pluginModule]: [string, DotsecPluginConfig]) => {\n\t\t\t\tif (pluginModule?.module) {\n\t\t\t\t\tpluginModules[pluginName] = pluginModule?.module;\n\t\t\t\t} else {\n\t\t\t\t\tpluginModules[pluginName] = `@dotsec/plugin-${pluginName}`;\n\t\t\t\t}\n\t\t\t},\n\t\t);\n\t}\n\n\tObject.values(variables || {}).forEach((variable) => {\n\t\tif (variable?.push) {\n\t\t\tObject.keys(variable.push).forEach((pluginName) => {\n\t\t\t\tif (!pluginModules[pluginName]) {\n\t\t\t\t\tpluginModules[pluginName] = `@dotsec/plugin-${pluginName}`;\n\t\t\t\t}\n\t\t\t});\n\t\t}\n\t});\n\n\t// configure encryption command\n\tconst cliPluginEncryptHandlers: DotsecCliPluginEncryptHandler[] = [];\n\tconst cliPluginDecryptHandlers: DotsecCliPluginDecryptHandler[] = [];\n\tconst cliPluginPushHandlers: {\n\t\tpush: DotsecCliPluginPushHandler;\n\t\tdecrypt: DotsecCliPluginDecryptHandler;\n\t}[] = [];\n\n\tfor (const pluginName of Object.keys(pluginModules)) {\n\t\tconst pluginModule = pluginModules[pluginName];\n\t\tconst initDotsecPlugin = await loadDotsecPlugin({ name: pluginModule });\n\t\tconst { addCliCommand, cliHandlers: cli } = await initDotsecPlugin({\n\t\t\tajv,\n\t\t\tdotsecConfig: config,\n\t\t});\n\n\t\tif (cli?.encrypt) {\n\t\t\tcliPluginEncryptHandlers.push(cli.encrypt);\n\t\t}\n\t\tif (cli?.decrypt) {\n\t\t\tcliPluginDecryptHandlers.push(cli.decrypt);\n\t\t\tif (cli?.push) {\n\t\t\t\tcliPluginPushHandlers.push({ push: cli.push, decrypt: cli.decrypt });\n\t\t\t}\n\t\t}\n\t\tif (addCliCommand) {\n\t\t\taddCliCommand({ program });\n\t\t}\n\t}\n\tif (cliPluginEncryptHandlers.length) {\n\t\tawait addEncryptProgram(program, {\n\t\t\tdotsecConfig: config,\n\t\t\tencryptHandlers: cliPluginEncryptHandlers,\n\t\t});\n\t}\n\tif (cliPluginDecryptHandlers.length) {\n\t\tawait addDecryptProgram(program, {\n\t\t\tdotsecConfig: config,\n\t\t\tdecryptHandlers: cliPluginDecryptHandlers,\n\t\t});\n\t}\n\tif (cliPluginPushHandlers.length) {\n\t\tawait addPushProgram(program, {\n\t\t\tdotsecConfig: config,\n\t\t\thandlers: cliPluginPushHandlers,\n\t\t});\n\t}\n\n\t// add other commands\n\tawait addInitCommand(program);\n\tawait addRunCommand(program, {\n\t\tdotsecConfig: config,\n\t\tdecryptHandlers: cliPluginDecryptHandlers,\n\t});\n\t// await addDecryptCommand(program);\n\t// await addEncryptCommand(program);\n\tawait program.parse();\n})();\n", "import { DotsecConfig } from \"./types/config\";\n\nexport const DOTSEC_DEFAULT_CONFIG_FILE = \"dotsec.config.ts\";\nexport const DOTSEC_CONFIG_FILES = [DOTSEC_DEFAULT_CONFIG_FILE];\nexport const DOTSEC_DEFAULT_DOTSEC_FILENAME = \".sec\";\nexport const DOTSEC_DEFAULT_DOTENV_FILENAME = \".env\";\nexport const defaultConfig: DotsecConfig = {};\n", "import fs from \"fs\";\nimport path from \"node:path\";\n\n/**\n * Parse JSONC\n * @date 12/7/2022 - 12:48:45 PM\n *\n * @export\n * @param {string} data\n * @returns {*}\n */\nexport function jsoncParse(data: string) {\n\ttry {\n\t\treturn new Function(`return ${data.trim()}`)();\n\t} catch {\n\t\t// Silently ignore any error\n\t\t// That's what tsc/jsonc-parser did after all\n\t\treturn {};\n\t}\n}\n\n/**\n * Load JSON\n * @date 12/7/2022 - 12:48:57 PM\n *\n * @async\n * @param {string} filepath\n * @returns {unknown}\n */\nexport const loadJson = async (filepath: string) => {\n\ttry {\n\t\treturn jsoncParse(await fs.promises.readFile(filepath, \"utf8\"));\n\t} catch (error) {\n\t\tif (error instanceof Error) {\n\t\t\tthrow new Error(\n\t\t\t\t`Failed to parse ${path.relative(process.cwd(), filepath)}: ${\n\t\t\t\t\terror.message\n\t\t\t\t}`,\n\t\t\t);\n\t\t} else {\n\t\t\tthrow error;\n\t\t}\n\t}\n};\n", "import { DOTSEC_CONFIG_FILES, defaultConfig } from \"../constants\";\nimport { DotsecConfig } from \"../types/config\";\nimport { DotsecConfigAndSource } from \"../types/plugin\";\nimport { loadJson } from \"./json\";\nimport { bundleRequire } from \"bundle-require\";\nimport JoyCon from \"joycon\";\nimport path from \"path\";\n\nexport const getMagicalConfig = async (\n\tfilename?: string,\n): Promise<DotsecConfigAndSource> => {\n\tconst cwd = process.cwd();\n\tconst configJoycon = new JoyCon();\n\tconst configPath = await configJoycon.resolve({\n\t\tfiles: filename ? [filename] : [...DOTSEC_CONFIG_FILES, \"package.json\"],\n\t\tcwd,\n\t\tstopDir: path.parse(cwd).root,\n\t\tpackageKey: \"dotsec\",\n\t});\n\tif (filename && configPath === null) {\n\t\tthrow new Error(`Could not find config file ${filename}`);\n\t}\n\tif (configPath) {\n\t\tif (configPath.endsWith(\".json\")) {\n\t\t\tconst rawData = (await loadJson(configPath)) as Partial<DotsecConfig>;\n\n\t\t\tlet data: Partial<DotsecConfig>;\n\n\t\t\tif (\n\t\t\t\tconfigPath.endsWith(\"package.json\") &&\n\t\t\t\t(rawData as { dotsec: Partial<DotsecConfig> }).dotsec !== undefined\n\t\t\t) {\n\t\t\t\tdata = (rawData as { dotsec: Partial<DotsecConfig> }).dotsec;\n\t\t\t} else {\n\t\t\t\tdata = rawData as Partial<DotsecConfig>;\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tsource: \"json\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tdefaults: {\n\t\t\t\t\t\t...data?.defaults,\n\t\t\t\t\t\t...defaultConfig.defaults,\n\t\t\t\t\t\tplugins: {\n\t\t\t\t\t\t\t...data?.defaults?.plugins,\n\t\t\t\t\t\t\t...defaultConfig.defaults?.plugins,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tvariables: {\n\t\t\t\t\t\t...data?.variables,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t} else if (configPath.endsWith(\".ts\")) {\n\t\t\tconst bundleRequireResult = await bundleRequire({\n\t\t\t\tfilepath: configPath,\n\t\t\t});\n\t\t\tconst data = (bundleRequireResult.mod.dotsec ||\n\t\t\t\tbundleRequireResult.mod.default ||\n\t\t\t\tbundleRequireResult.mod) as Partial<DotsecConfig>;\n\n\t\t\treturn {\n\t\t\t\tsource: \"ts\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tdefaults: {\n\t\t\t\t\t\t...data?.defaults,\n\t\t\t\t\t\t...defaultConfig.defaults,\n\t\t\t\t\t\tplugins: {\n\t\t\t\t\t\t\t...data?.defaults?.plugins,\n\t\t\t\t\t\t\t...defaultConfig.defaults?.plugins,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tvariables: {\n\t\t\t\t\t\t...data?.variables,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n\n\treturn { source: \"defaultConfig\", contents: defaultConfig };\n};\n", "import { DotsecPluginModule } from \"../types/plugin\";\n\nexport const loadDotsecPlugin = async (options: {\n\tname: string;\n}): Promise<DotsecPluginModule> => {\n\treturn import(options.name).then((imported) => {\n\t\treturn imported.default;\n\t});\n};\n", "import fs, { stat } from \"node:fs/promises\";\nimport path from \"node:path\";\nimport prompts from \"prompts\";\n\nexport const readContentsFromFile = async (\n\tfilePath: string,\n): Promise<string> => {\n\treturn await fs.readFile(filePath, \"utf-8\");\n};\n\nexport const writeContentsToFile = async (\n\tfilePath: string,\n\tcontents: string,\n): Promise<void> => {\n\treturn await fs.writeFile(filePath, contents, \"utf-8\");\n};\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n\ttry {\n\t\tawait stat(source);\n\t\treturn true;\n\t} catch {\n\t\treturn false;\n\t}\n};\n\nexport const promptOverwriteIfFileExists = async ({\n\tfilePath,\n\tskip,\n}: {\n\tfilePath: string;\n\tskip?: boolean;\n}) => {\n\tlet overwriteResponse: prompts.Answers<\"overwrite\"> | undefined;\n\n\tif ((await fileExists(filePath)) && skip !== true) {\n\t\toverwriteResponse = await prompts({\n\t\t\ttype: \"confirm\",\n\t\t\tname: \"overwrite\",\n\t\t\tmessage: () => {\n\t\t\t\treturn `Overwrite './${path.relative(process.cwd(), filePath)}' ?`;\n\t\t\t},\n\t\t});\n\t} else {\n\t\toverwriteResponse = undefined;\n\t}\n\treturn overwriteResponse;\n};\n", "import chalk from \"chalk\"\nimport Table = require(\"cli-table\")\nexport { Table }\n\nlet _logger: Pick<Console, \"info\" | \"error\" | \"table\">\nexport const getLogger = () => {\n\tif (!_logger) {\n\t\t_logger = console\n\t}\n\n\treturn _logger\n}\nexport const writeLine = (str: string) => {\n\tprocess.stdout.write(str)\n}\nexport const emphasis = (str: string): string => chalk.yellowBright(str)\nexport const strong = (str: string): string => chalk.yellow.bold(str)\n\nexport const clientLogger = {\n\tdebug(content: object) {\n\t\tconsole.log(content)\n\t},\n\tinfo(content: object) {\n\t\tconsole.log(content)\n\t},\n\twarn(content: object) {\n\t\tconsole.log(content)\n\t},\n\terror(content: object) {\n\t\tconsole.error(content)\n\t},\n}\n", "import { Command } from \"commander\";\n\nimport {\n\tDOTSEC_DEFAULT_CONFIG_FILE,\n\tDOTSEC_DEFAULT_DOTENV_FILENAME,\n\tDOTSEC_DEFAULT_DOTSEC_FILENAME,\n} from \"../constants\";\n\ntype Options = {\n\t[optionName: string]:\n\t\t| [string, string]\n\t\t| [string, string, string | boolean | string[]];\n};\n\ntype CommandOptions = {\n\t[commandName: string]: {\n\t\tinheritsFrom?: string[];\n\t\toptions?: Options;\n\t\trequiredOptions?: Options;\n\t};\n};\nexport const commandOptions: CommandOptions = {\n\tdotsec: {\n\t\toptions: {\n\t\t\tverbose: [\"--verbose\", \"Verbose output\", false],\n\t\t\tconfigFile: [\n\t\t\t\t\"-c, --config-file, --configFile <configFile>\",\n\t\t\t\t\"Config file\",\n\t\t\t\tDOTSEC_DEFAULT_CONFIG_FILE,\n\t\t\t],\n\t\t\tplugin: [\n\t\t\t\t\"-p, --plugin <plugin>\",\n\t\t\t\t\"Comma-separated list of plugins to use\",\n\t\t\t],\n\t\t},\n\t},\n\tinit: {\n\t\toptions: {\n\t\t\tverbose: [\"--verbose\", \"Verbose output\", false],\n\t\t\tconfigFile: [\n\t\t\t\t\"-c, --config-file, --configFile <configFile>\",\n\t\t\t\t\"Config file\",\n\t\t\t\tDOTSEC_DEFAULT_CONFIG_FILE,\n\t\t\t],\n\n\t\t\tenv: [\"--env\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t\t// awsKeyAlias: [\n\t\t\t// \t\"--aws-key-alias <awsKeyAlias>\",\n\t\t\t// \t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t\t\t// \t\"alias/dotsec\",\n\t\t\t// ],\n\t\t\t// awsRegion: [\n\t\t\t// \t\"--aws-region <awsRegion>\",\n\t\t\t// \t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t\t\t// ],\n\t\t},\n\t},\n\n\tencrypt: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t},\n\t},\n\tdecrypt: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t},\n\t},\n\n\trun: {\n\t\tinheritsFrom: [\"dotsec\"],\n\n\t\toptions: {\n\t\t\twithEnv: [\n\t\t\t\t\"--with-env, --withEnv\",\n\t\t\t\t`Run command with ${DOTSEC_DEFAULT_DOTENV_FILENAME} file`,\n\t\t\t],\n\t\t\twithSec: [\n\t\t\t\t\"--with-sec, --withSec\",\n\t\t\t\t`Run command with ${DOTSEC_DEFAULT_DOTSEC_FILENAME} file`,\n\t\t\t],\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t},\n\t},\n\tpush: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\twithEnv: [\n\t\t\t\t\"--with-env, --withEnv\",\n\t\t\t\t`Run command with ${DOTSEC_DEFAULT_DOTENV_FILENAME} file`,\n\t\t\t],\n\t\t\twithSec: [\n\t\t\t\t\"--with-sec, --withSec\",\n\t\t\t\t`Run command with ${DOTSEC_DEFAULT_DOTSEC_FILENAME} file`,\n\t\t\t],\n\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t},\n\t},\n};\n\nconst getInheritedOptions = (\n\tcopts: CommandOptions,\n\tcommandName: string,\n\tresult: { options?: Options; requiredOptions?: Options } = {},\n): { options?: Options; requiredOptions?: Options } | undefined => {\n\tconst command = copts[commandName];\n\tif (command) {\n\t\tif (command.inheritsFrom) {\n\t\t\treturn command?.inheritsFrom.reduce(\n\t\t\t\t(acc, inheritedCommandName) => {\n\t\t\t\t\treturn getInheritedOptions(copts, inheritedCommandName, acc);\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\toptions: { ...result.options, ...command.options },\n\t\t\t\t\trequiredOptions: {\n\t\t\t\t\t\t...result.requiredOptions,\n\t\t\t\t\t\t...command.requiredOptions,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t} else {\n\t\t\treturn {\n\t\t\t\toptions: { ...result.options, ...command.options },\n\t\t\t\trequiredOptions: {\n\t\t\t\t\t...result.requiredOptions,\n\t\t\t\t\t...command.requiredOptions,\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n};\n\nexport const setProgramOptions = (program: Command, commandName?: string) => {\n\tconst programOptions = getInheritedOptions(\n\t\tcommandOptions,\n\t\tcommandName || program.name(),\n\t);\n\n\tif (programOptions?.options) {\n\t\tObject.values(programOptions.options).forEach(\n\t\t\t([option, description, defaultValue]) => {\n\t\t\t\tprogram.option(option, description, defaultValue);\n\t\t\t},\n\t\t);\n\t}\n\tif (programOptions?.requiredOptions) {\n\t\tObject.values(programOptions.requiredOptions).forEach(\n\t\t\t([option, description, defaultValue]) => {\n\t\t\t\tprogram.requiredOption(option, description, defaultValue);\n\t\t\t},\n\t\t);\n\t}\n};\n", "import {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { DecryptCommandOptions } from \"../../types\";\nimport { DotsecConfig } from \"../../types/config\";\nimport { DotsecCliPluginDecryptHandler } from \"../../types/plugin\";\nimport { strong } from \"../../utils/logging\";\nimport { setProgramOptions } from \"../options\";\nimport { Command } from \"commander\";\n\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n} & Record<string, unknown>;\n\nconst addEncryptProgram = async (\n\tprogram: Command,\n\toptions: {\n\t\tdotsecConfig: DotsecConfig;\n\t\tdecryptHandlers: DotsecCliPluginDecryptHandler[];\n\t},\n) => {\n\tconst { dotsecConfig, decryptHandlers } = options;\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"decrypt\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\ttry {\n\t\t\t\tconst {\n\t\t\t\t\t// verbose,\n\t\t\t\t\tenv: dotenvFilename,\n\t\t\t\t\tsec: dotsecFilename,\n\t\t\t\t\tengine,\n\t\t\t\t\tyes,\n\t\t\t\t} = command.optsWithGlobals<DecryptCommandOptions>();\n\n\t\t\t\tconst encryptionEngine =\n\t\t\t\t\tengine || dotsecConfig?.defaults?.encryptionEngine;\n\t\t\t\tconst pluginCliDecrypt = (decryptHandlers || []).find((handler) => {\n\t\t\t\t\treturn handler.triggerOptionValue === encryptionEngine;\n\t\t\t\t});\n\n\t\t\t\tif (!pluginCliDecrypt) {\n\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t`No decryption plugin found, available decryption engine(s): ${options.decryptHandlers\n\t\t\t\t\t\t\t.map((e) => `--${e.triggerOptionValue}`)\n\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t...Object.keys(pluginCliDecrypt.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliDecrypt.requiredOptions || {}),\n\t\t\t\t];\n\n\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t}),\n\t\t\t\t);\n\t\t\t\t// get current dot env file\n\t\t\t\tconst dotsecString = await readContentsFromFile(dotsecFilename);\n\n\t\t\t\tconst plaintext = await pluginCliDecrypt.handler({\n\t\t\t\t\tciphertext: dotsecString,\n\t\t\t\t\t...allOptionsValues,\n\t\t\t\t});\n\n\t\t\t\tconst dotenvOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotenvFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotenvOverwriteResponse === undefined ||\n\t\t\t\t\tdotenvOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotenvFilename, plaintext);\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote plaintext contents of ${strong(\n\t\t\t\t\t\t\tdotsecFilename,\n\t\t\t\t\t\t)} file to ${strong(dotenvFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tconsole.error(strong(e.message));\n\t\t\t\tcommand.help();\n\t\t\t}\n\t\t});\n\n\toptions.decryptHandlers.map((decryption) => {\n\t\tconst { options, requiredOptions } = decryption;\n\t\tif (options) {\n\t\t\tObject.values(options).map((option) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...option);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.values(requiredOptions).map((requiredOption) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...requiredOption);\n\t\t\t});\n\t\t}\n\t});\n\n\tconst engines = options.decryptHandlers.map((e) => e.triggerOptionValue);\n\tsubProgram.option(\n\t\t\"--engine <engine>\",\n\t\t`Encryption engine${engines.length > 0 ? \"s\" : \"\"} to use: ${\n\t\t\t(engines.join(\", \"), engines.length === 1 ? engines[0] : undefined)\n\t\t}`,\n\t\tengines.length === 1 ? engines[0] : undefined,\n\t);\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addEncryptProgram;\n", "import {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { EncryptCommandOptions } from \"../../types\";\nimport { DotsecConfig } from \"../../types/config\";\nimport { DotsecCliPluginEncryptHandler } from \"../../types/plugin\";\nimport { strong } from \"../../utils/logging\";\nimport { setProgramOptions } from \"../options\";\nimport { Command } from \"commander\";\n\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n} & Record<string, unknown>;\n\nconst addEncryptProgram = async (\n\tprogram: Command,\n\toptions: {\n\t\tencryptHandlers: DotsecCliPluginEncryptHandler[];\n\t\tdotsecConfig: DotsecConfig;\n\t},\n) => {\n\tconst { encryptHandlers, dotsecConfig } = options;\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"encrypt\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\ttry {\n\t\t\t\tconst {\n\t\t\t\t\t// verbose,\n\t\t\t\t\tenv: dotenvFilename,\n\t\t\t\t\tsec: dotsecFilename,\n\t\t\t\t\tengine,\n\t\t\t\t\tyes,\n\t\t\t\t} = command.optsWithGlobals<EncryptCommandOptions>();\n\n\t\t\t\tconst encryptionEngine =\n\t\t\t\t\tengine || dotsecConfig?.defaults?.encryptionEngine;\n\t\t\t\tconst pluginCliEncrypt = (encryptHandlers || []).find((handler) => {\n\t\t\t\t\treturn handler.triggerOptionValue === encryptionEngine;\n\t\t\t\t});\n\n\t\t\t\tif (!pluginCliEncrypt) {\n\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t`No encryption plugin found, available encryption engine(s): ${options.encryptHandlers\n\t\t\t\t\t\t\t.map((e) => e.triggerOptionValue)\n\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t...Object.keys(pluginCliEncrypt.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliEncrypt.requiredOptions || {}),\n\t\t\t\t];\n\n\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t}),\n\t\t\t\t);\n\n\t\t\t\tconst dotenvString = await readContentsFromFile(dotenvFilename);\n\n\t\t\t\tconst cipherText = await pluginCliEncrypt.handler({\n\t\t\t\t\tplaintext: dotenvString,\n\t\t\t\t\t...allOptionsValues,\n\t\t\t\t});\n\n\t\t\t\tconst dotsecOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotsecFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotsecOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotsecFilename, cipherText);\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote encrypted contents of ${strong(\n\t\t\t\t\t\t\tdotenvFilename,\n\t\t\t\t\t\t)} file to ${strong(dotsecFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tconsole.error(strong(e.message));\n\t\t\t\tcommand.help();\n\t\t\t}\n\t\t});\n\n\toptions.encryptHandlers.map((encryption) => {\n\t\tconst { options, requiredOptions } = encryption;\n\t\tif (options) {\n\t\t\tObject.values(options).map((option) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...option);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.values(requiredOptions).map((requiredOption) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...requiredOption);\n\t\t\t});\n\t\t}\n\t});\n\n\tconst engines = options.encryptHandlers.map((e) => e.triggerOptionValue);\n\tconst encryptionEngineNames = options.encryptHandlers.map(\n\t\t(e) => e.encryptionEngineName,\n\t);\n\tsubProgram.option(\n\t\t\"--engine <engine>\",\n\t\t`Encryption engine${engines.length > 0 ? \"s\" : \"\"}: ${\n\t\t\t(engines.join(\", \"), engines.length === 1 ? engines[0] : undefined)\n\t\t}`,\n\t\t// engines.length === 1 ? engines[0] : undefined,\n\t);\n\tsetProgramOptions(subProgram);\n\tsubProgram.description(\n\t\t`Encrypt .env file using ${encryptionEngineNames.join(\", \")}`,\n\t);\n\treturn subProgram;\n};\n\nexport default addEncryptProgram;\n", "import fs from \"node:fs\";\nimport * as ts from \"typescript\";\n\nexport const patchConfigFile = (options: {\n\tconfigFile: string;\n\tconfig?: {\n\t\taws?: {\n\t\t\tregion?: string;\n\t\t\tkms?: {\n\t\t\t\tkeyAlias?: string;\n\t\t\t};\n\t\t};\n\t};\n}) => {\n\tconst printer: ts.Printer = ts.createPrinter();\n\tconst source = fs.readFileSync(options.configFile, \"utf8\");\n\n\tconst transformer =\n\t\t<T extends ts.Node>(context: ts.TransformationContext) =>\n\t\t(rootNode: T) => {\n\t\t\tfunction visit(node: ts.Node): ts.Node {\n\t\t\t\tnode = ts.visitEachChild(node, visit, context);\n\t\t\t\tif (node.kind === ts.SyntaxKind.StringLiteral) {\n\t\t\t\t\tconst kmsNode = node?.parent?.parent?.parent;\n\t\t\t\t\tif (options.config?.aws?.kms?.keyAlias) {\n\t\t\t\t\t\tif (kmsNode?.getChildAt(0)?.getText() === \"kms\") {\n\t\t\t\t\t\t\tconst awsNode = kmsNode?.parent?.parent;\n\t\t\t\t\t\t\tif (awsNode?.getChildAt(0).getText() === \"aws\") {\n\t\t\t\t\t\t\t\treturn ts.createStringLiteral(\n\t\t\t\t\t\t\t\t\toptions.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif (options.config?.aws?.region) {\n\t\t\t\t\t\tif (node?.parent?.getChildAt(0)?.getText() === \"region\") {\n\t\t\t\t\t\t\tconst awsNode = node?.parent?.parent?.parent;\n\n\t\t\t\t\t\t\t// const awsNode = kmsNode?.parent?.parent;\n\t\t\t\t\t\t\tif (awsNode?.getChildAt(0).getText() === \"aws\") {\n\t\t\t\t\t\t\t\treturn ts.createStringLiteral(options.config?.aws?.region);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treturn node;\n\t\t\t}\n\t\t\treturn ts.visitNode(rootNode, visit);\n\t\t};\n\n\tconst sourceFile: ts.SourceFile = ts.createSourceFile(\n\t\t\"test.ts\",\n\t\tsource,\n\t\tts.ScriptTarget.ES2015,\n\t\ttrue,\n\t\tts.ScriptKind.TS,\n\t);\n\n\t// Options may be passed to transform\n\tconst result: ts.TransformationResult<ts.SourceFile> =\n\t\tts.transform<ts.SourceFile>(sourceFile, [transformer]);\n\n\tconst transformedSourceFile: ts.SourceFile = result.transformed[0];\n\n\tconst transformedSource = printer.printFile(transformedSourceFile);\n\tresult.dispose();\n\n\treturn transformedSource;\n};\n", "import { promptOverwriteIfFileExists, writeContentsToFile } from \"../../lib/io\";\nimport { InitCommandOptions } from \"../../types\";\nimport { Command } from \"commander\";\n\nimport { patchConfigFile } from \"../../lib/transformer\";\nimport { strong } from \"../../utils/logging\";\nimport { setProgramOptions } from \"../options\";\nimport path from \"node:path\";\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n};\n\nconst addInitProgram = async (program: Command) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"init\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\tconst { configFile, yes } = command.optsWithGlobals<InitCommandOptions>();\n\n\t\t\ttry {\n\t\t\t\tconst patchedConfigTemplate = patchConfigFile({\n\t\t\t\t\tconfigFile: path.resolve(\n\t\t\t\t\t\t__dirname,\n\t\t\t\t\t\t\"../../src/templates/dotsec.config.ts\",\n\t\t\t\t\t),\n\t\t\t\t});\n\t\t\t\tconst dotsecConfigOverwriteResponse = await promptOverwriteIfFileExists(\n\t\t\t\t\t{\n\t\t\t\t\t\tfilePath: configFile,\n\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tif (\n\t\t\t\t\tdotsecConfigOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecConfigOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(configFile, patchedConfigTemplate);\n\t\t\t\t\tconsole.log(`Wrote config file to ${strong(configFile)}`);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tcommand.error(e);\n\t\t\t}\n\t\t});\n\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addInitProgram;\n", "import { PushCommandOptions } from \"../../types\";\nimport { DotsecConfig } from \"../../types/config\";\nimport {\n\tDotsecCliPluginDecryptHandler,\n\tDotsecCliPluginPushHandler,\n} from \"../../types/plugin\";\nimport { setProgramOptions } from \"../options\";\nimport { Command } from \"commander\";\nimport { parse } from \"dotenv\";\nimport fs from \"node:fs\";\n\n/**\n * Decrypts, and pushes the contents of a .env file to AWS SSM, AWS Secrets Manager or GitHub Actions Secrets\n * @date 12/7/2022 - 9:16:48 AM\n *\n * @async\n * @param {Command} program\n * @returns {unknown}\n */\nconst addPushProgram = async (\n\tprogram: Command,\n\toptions: {\n\t\tdotsecConfig: DotsecConfig;\n\t\thandlers: {\n\t\t\tpush: DotsecCliPluginPushHandler;\n\t\t\tdecrypt: DotsecCliPluginDecryptHandler;\n\t\t}[];\n\t},\n) => {\n\tconst { dotsecConfig, handlers } = options;\n\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"push\")\n\t\t.action(async (_options: Record<string, string>, command: Command) => {\n\t\t\ttry {\n\t\t\t\tconst {\n\t\t\t\t\t// verbose,\n\t\t\t\t\tenv: dotenv,\n\t\t\t\t\tsec: dotsec,\n\t\t\t\t\twithEnv,\n\t\t\t\t\twithSec,\n\t\t\t\t\tengine,\n\t\t\t\t\tyes,\n\t\t\t\t} = command.optsWithGlobals<PushCommandOptions>();\n\n\t\t\t\tconst encryptionEngine =\n\t\t\t\t\tengine || dotsecConfig?.defaults?.encryptionEngine;\n\n\t\t\t\tconst pluginCliDecrypt = (handlers || []).find((handler) => {\n\t\t\t\t\treturn handler.decrypt?.triggerOptionValue === encryptionEngine;\n\t\t\t\t})?.decrypt;\n\n\t\t\t\tconst pluginCliPush = (handlers || []).find((handler) => {\n\t\t\t\t\treturn handler.push?.triggerOptionValue === encryptionEngine;\n\t\t\t\t})?.push;\n\n\t\t\t\tif (!pluginCliPush) {\n\t\t\t\t\tthrow new Error(\"No push plugin found!\");\n\t\t\t\t}\n\n\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t...Object.keys(pluginCliDecrypt?.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliDecrypt?.requiredOptions || {}),\n\t\t\t\t\t...Object.keys(pluginCliPush?.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliPush?.requiredOptions || {}),\n\t\t\t\t];\n\n\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t}),\n\t\t\t\t);\n\n\t\t\t\tif (withEnv && withSec) {\n\t\t\t\t\tthrow new Error(\"Cannot use both --with-env and --with-sec\");\n\t\t\t\t}\n\n\t\t\t\tlet envContents: string | undefined;\n\n\t\t\t\tif (withEnv || !(withEnv || withSec)) {\n\t\t\t\t\tif (!dotenv) {\n\t\t\t\t\t\tthrow new Error(\"No dotenv file specified in --env option\");\n\t\t\t\t\t}\n\t\t\t\t\tenvContents = fs.readFileSync(dotenv, \"utf8\");\n\t\t\t\t} else if (withSec) {\n\t\t\t\t\tif (!dotsec) {\n\t\t\t\t\t\tthrow new Error(\"No dotsec file specified in --sec option\");\n\t\t\t\t\t}\n\n\t\t\t\t\tif (!pluginCliDecrypt) {\n\t\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t\t`No decryption plugin found, available decryption engine(s): ${handlers\n\t\t\t\t\t\t\t\t.map((e) => `--${e.decrypt?.triggerOptionValue}`)\n\t\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\n\t\t\t\t\tconst dotSecContents = fs.readFileSync(dotsec, \"utf8\");\n\t\t\t\t\tenvContents = await pluginCliDecrypt.handler({\n\t\t\t\t\t\tciphertext: dotSecContents,\n\t\t\t\t\t\t...allOptionsValues,\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t\tif (envContents) {\n\t\t\t\t\t// convert to object\n\t\t\t\t\tconst envObject = parse(envContents);\n\t\t\t\t\tawait pluginCliPush.handler({\n\t\t\t\t\t\tvariables: envObject,\n\t\t\t\t\t\tyes,\n\t\t\t\t\t\t...allOptionsValues,\n\t\t\t\t\t});\n\t\t\t\t} else {\n\t\t\t\t\tthrow new Error(\"No .env or .sec file provided\");\n\t\t\t\t}\n\n\t\t\t\t// \t\t\tlet envContents: string | undefined;\n\n\t\t\t\t// \t\t\tif (env) {\n\t\t\t\t// \t\t\t\tconst dotenvFilename = isBoolean(env)\n\t\t\t\t// \t\t\t\t\t? DOTSEC_DEFAULT_DOTENV_FILENAME\n\t\t\t\t// \t\t\t\t\t: env;\n\t\t\t\t// \t\t\t\tenvContents = fs.readFileSync(dotenvFilename, \"utf8\");\n\t\t\t\t// \t\t\t} else if (sec) {\n\t\t\t\t// \t\t\t\tconst dotsecFilename = isBoolean(sec)\n\t\t\t\t// \t\t\t\t\t? DOTSEC_DEFAULT_DOTSEC_FILENAME\n\t\t\t\t// \t\t\t\t\t: sec;\n\t\t\t\t// \t\t\t\tconst dotSecContents = fs.readFileSync(dotsecFilename, \"utf8\");\n\t\t\t\t// \t\t\t\tconst encryptionEngine = await awsEncryptionEngineFactory({\n\t\t\t\t// \t\t\t\t\tverbose,\n\t\t\t\t// \t\t\t\t\tregion:\n\t\t\t\t// \t\t\t\t\t\tawsRegion ||\n\t\t\t\t// \t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t// \t\t\t\t\t\tdotsecConfig.config?.aws?.region,\n\t\t\t\t// \t\t\t\t\tkms: {\n\t\t\t\t// \t\t\t\t\t\tkeyAlias: awskeyAlias || dotsecConfig?.config?.aws?.kms?.keyAlias,\n\t\t\t\t// \t\t\t\t\t},\n\t\t\t\t// \t\t\t\t});\n\n\t\t\t\t// \t\t\t\tenvContents = await encryptionEngine.decrypt(dotSecContents);\n\t\t\t\t// \t\t\t} else {\n\t\t\t\t// \t\t\t\tthrow new Error('Must provide either \"--env\" or \"--sec\"');\n\t\t\t\t// \t\t\t}\n\n\t\t\t\t// \t\t\tconst envObject = parse(envContents);\n\n\t\t\t\t// \t\t\t// get dotsec config\n\t\t\t\t// \t\t\ttry {\n\t\t\t\t// \t\t\t\tif (toAwsSsm) {\n\t\t\t\t// \t\t\t\t\tconst ssmDefaults = dotsecConfig?.config?.aws?.ssm;\n\t\t\t\t// \t\t\t\t\tconst ssmType = ssmDefaults?.parameterType || \"SecureString\";\n\n\t\t\t\t// \t\t\t\t\tconst pathPrefix = ssmDefaults?.pathPrefix || \"\";\n\t\t\t\t// \t\t\t\t\tconst putParameterRequests = Object.entries(envObject).reduce<\n\t\t\t\t// \t\t\t\t\t\tPutParameterRequest[]\n\t\t\t\t// \t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t// \t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t// \t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t// \t\t\t\t\t\t\tif (entry) {\n\t\t\t\t// \t\t\t\t\t\t\t\tconst keyName = `${pathPrefix}${key}`;\n\t\t\t\t// \t\t\t\t\t\t\t\tif (entry.push?.aws?.ssm) {\n\t\t\t\t// \t\t\t\t\t\t\t\t\tconst putParameterRequest: PutParameterRequest = isBoolean(\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\tentry.push.aws.ssm,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t)\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t? {\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\tValue: value,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\tType: ssmType,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t }\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t: {\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\tType: ssmType,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\t...entry.push.aws.ssm,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\tValue: value,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t };\n\n\t\t\t\t// \t\t\t\t\t\t\t\t\tacc.push(putParameterRequest);\n\t\t\t\t// \t\t\t\t\t\t\t\t\t// return putParameterRequest;\n\t\t\t\t// \t\t\t\t\t\t\t\t}\n\t\t\t\t// \t\t\t\t\t\t\t}\n\t\t\t\t// \t\t\t\t\t\t}\n\n\t\t\t\t// \t\t\t\t\t\treturn acc;\n\t\t\t\t// \t\t\t\t\t}, []);\n\n\t\t\t\t// \t\t\t\t\tconst { confirm } = await promptConfirm({\n\t\t\t\t// \t\t\t\t\t\tmessage: `Are you sure you want to push the following variables to AWS SSM Parameter Store?\n\t\t\t\t// ${putParameterRequests\n\t\t\t\t// \t.map(({ Name }) => `- ${strong(Name || \"[no name]\")}`)\n\t\t\t\t// \t.join(\"\\n\")}`,\n\t\t\t\t// \t\t\t\t\t\tskip: yes,\n\t\t\t\t// \t\t\t\t\t});\n\n\t\t\t\t// \t\t\t\t\tif (confirm === true) {\n\t\t\t\t// \t\t\t\t\t\tconsole.log(\"pushing to AWS SSM Parameter Store\");\n\t\t\t\t// \t\t\t\t\t\tconst meh = await AwsSsm({\n\t\t\t\t// \t\t\t\t\t\t\tregion: awsRegion || dotsecConfig?.config?.aws?.region,\n\t\t\t\t// \t\t\t\t\t\t});\n\n\t\t\t\t// \t\t\t\t\t\tawait meh.put(putParameterRequests);\n\t\t\t\t// \t\t\t\t\t}\n\t\t\t\t// \t\t\t\t}\n\n\t\t\t\t// \t\t\t\t// secrets manager\n\t\t\t\t// \t\t\t\tif (toAwsSecretsManager) {\n\t\t\t\t// \t\t\t\t\t// create secretss\n\t\t\t\t// \t\t\t\t\tconst secretsManagerDefaults =\n\t\t\t\t// \t\t\t\t\t\tdotsecConfig?.config?.aws?.secretsManager;\n\t\t\t\t// \t\t\t\t\tconst pathPrefix = secretsManagerDefaults?.pathPrefix || \"\";\n\t\t\t\t// \t\t\t\t\tconst awsSecretsMananger = await AwsSecretsManager({\n\t\t\t\t// \t\t\t\t\t\tregion:\n\t\t\t\t// \t\t\t\t\t\t\tawsRegion ||\n\t\t\t\t// \t\t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t// \t\t\t\t\t\t\tdotsecConfig.config?.aws?.region,\n\t\t\t\t// \t\t\t\t\t});\n\n\t\t\t\t// \t\t\t\t\tconst createSecretRequests = Object.entries(envObject).reduce<\n\t\t\t\t// \t\t\t\t\t\tCreateSecretRequest[]\n\t\t\t\t// \t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t// \t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t// \t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t// \t\t\t\t\t\t\tif (entry) {\n\t\t\t\t// \t\t\t\t\t\t\t\tconst keyName = `${pathPrefix}${key}`;\n\t\t\t\t// \t\t\t\t\t\t\t\tif (entry.push?.aws?.ssm) {\n\t\t\t\t// \t\t\t\t\t\t\t\t\tconst createSecretRequest: CreateSecretRequest = isBoolean(\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\tentry.push.aws.ssm,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t)\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t? {\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\tSecretString: value,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t }\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t: {\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\t...entry.push.aws.ssm,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\tSecretString: value,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t };\n\n\t\t\t\t// \t\t\t\t\t\t\t\t\tacc.push(createSecretRequest);\n\t\t\t\t// \t\t\t\t\t\t\t\t}\n\t\t\t\t// \t\t\t\t\t\t\t}\n\t\t\t\t// \t\t\t\t\t\t}\n\n\t\t\t\t// \t\t\t\t\t\treturn acc;\n\t\t\t\t// \t\t\t\t\t}, []);\n\t\t\t\t// \t\t\t\t\tconst { push, updateSecretCommands, createSecretCommands } =\n\t\t\t\t// \t\t\t\t\t\tawait awsSecretsMananger.push(createSecretRequests);\n\t\t\t\t// \t\t\t\t\tconst confirmations: boolean[] = [];\n\t\t\t\t// \t\t\t\t\tif (updateSecretCommands.length > 0) {\n\t\t\t\t// \t\t\t\t\t\tconst { confirm: confirmUpdate } = await promptConfirm({\n\t\t\t\t// \t\t\t\t\t\t\tmessage: `Are you sure you want to update the following variables to AWS SSM Secrets Manager?\n\t\t\t\t// ${updateSecretCommands\n\t\t\t\t// \t.map(({ input: { SecretId } }) => `- ${strong(SecretId || \"[no name]\")}`)\n\t\t\t\t// \t.join(\"\\n\")}`,\n\t\t\t\t// \t\t\t\t\t\t\tskip: yes,\n\t\t\t\t// \t\t\t\t\t\t});\n\n\t\t\t\t// \t\t\t\t\t\tconfirmations.push(confirmUpdate);\n\t\t\t\t// \t\t\t\t\t}\n\t\t\t\t// \t\t\t\t\tif (createSecretCommands.length > 0) {\n\t\t\t\t// \t\t\t\t\t\tconst { confirm: confirmCreate } = await promptConfirm({\n\t\t\t\t// \t\t\t\t\t\t\tmessage: `Are you sure you want to create the following variables to AWS SSM Secrets Manager?\n\t\t\t\t// ${createSecretCommands\n\t\t\t\t// \t.map(({ input: { Name } }) => `- ${strong(Name || \"[no name]\")}`)\n\t\t\t\t// \t.join(\"\\n\")}`,\n\t\t\t\t// \t\t\t\t\t\t\tskip: yes,\n\t\t\t\t// \t\t\t\t\t\t});\n\n\t\t\t\t// \t\t\t\t\t\tconfirmations.push(confirmCreate);\n\t\t\t\t// \t\t\t\t\t}\n\t\t\t\t// \t\t\t\t\tif (confirmations.find((c) => c === false) === undefined) {\n\t\t\t\t// \t\t\t\t\t\tconsole.log(\"xpushing to AWS Secrets Manager\");\n\n\t\t\t\t// \t\t\t\t\t\tawait push();\n\t\t\t\t// \t\t\t\t\t}\n\t\t\t\t// \t\t\t\t}\n\n\t\t\t\t// \t\t\t\tif (toGitHubActionsSecrets) {\n\t\t\t\t// \t\t\t\t\t// which env vars should we push to github actions secrets?\n\t\t\t\t// \t\t\t\t\tconst githubActionsSecrets = Object.entries(envObject).reduce<\n\t\t\t\t// \t\t\t\t\t\t{ name: string; value: string }[]\n\t\t\t\t// \t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t// \t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t// \t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t// \t\t\t\t\t\t\tif (entry) {\n\t\t\t\t// \t\t\t\t\t\t\t\tif (entry.push?.github?.actionsSecrets) {\n\t\t\t\t// \t\t\t\t\t\t\t\t\tacc.push({\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\tname: key,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\tvalue,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t});\n\t\t\t\t// \t\t\t\t\t\t\t\t}\n\t\t\t\t// \t\t\t\t\t\t\t}\n\t\t\t\t// \t\t\t\t\t\t}\n\n\t\t\t\t// \t\t\t\t\t\treturn acc;\n\t\t\t\t// \t\t\t\t\t}, []);\n\n\t\t\t\t// \t\t\t\t\tconsole.log(\"githubActionsSecrets\", githubActionsSecrets);\n\t\t\t\t// \t\t\t\t}\n\t\t\t\t// \t\t\t} catch (e) {\n\t\t\t\t// \t\t\t\tcommand.error(e);\n\t\t\t\t// \t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tconsole.error(e);\n\t\t\t\tprocess.exit(1);\n\t\t\t}\n\t\t});\n\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addPushProgram;\n", "import fs from \"node:fs\";\n\nimport { Command } from \"commander\";\nimport { parse } from \"dotenv\";\n\nimport { RunCommandOptions } from \"../../types\";\nimport { DotsecConfig } from \"../../types/config\";\nimport { DotsecCliPluginDecryptHandler } from \"../../types/plugin\";\nimport { strong } from \"../../utils/logging\";\nimport { setProgramOptions } from \"../options\";\nimport { spawnSync } from \"node:child_process\";\nconst addRunProgam = (\n\tprogram: Command,\n\toptions?: {\n\t\tdotsecConfig: DotsecConfig;\n\t\tdecryptHandlers?: DotsecCliPluginDecryptHandler[];\n\t},\n) => {\n\tconst { dotsecConfig, decryptHandlers } = options || {};\n\n\tconst subProgram = program\n\t\t.command(\"run <command...>\")\n\t\t.usage(\"[--with-env --env .env] [--with-sec --sec .sec] [commandArgs...]\")\n\t\t.allowUnknownOption()\n\t\t.showHelpAfterError(true)\n\t\t.description(\n\t\t\t`Run a command in a separate process and populate env with decrypted .env or encrypted .sec values.\nThe --withEnv option will take precedence over the --withSec option. If neither are specified, the --withEnv option will be used by default.\n\n${\"Examples:\"}\n\n${\"Run a command with a .env file\"}\n\n$ dotsec run echo \"hello world\"\n\n\n${\"Run a command with a specific .env file\"}\n\n$ dotsec run --with-env --env .env.dev echo \"hello world\"\n\n\n${\"Run a command with a .sec file\"}\n\n$ dotsec run --with-sec echo \"hello world\"\n\n\n${\"Run a command with a specific .sec file\"}\n\n$ dotsec run --with-sec --sec .sec.dev echo \"hello world\"\n\n`,\n\t\t)\n\t\t.action(\n\t\t\tasync (\n\t\t\t\tcommands: string[],\n\t\t\t\t_options: Record<string, string>,\n\t\t\t\tcommand: Command,\n\t\t\t) => {\n\t\t\t\ttry {\n\t\t\t\t\tconst {\n\t\t\t\t\t\tenv: dotenv,\n\t\t\t\t\t\tsec: dotsec,\n\t\t\t\t\t\twithEnv,\n\t\t\t\t\t\twithSec,\n\t\t\t\t\t\tengine,\n\t\t\t\t\t} = command.optsWithGlobals<RunCommandOptions>();\n\n\t\t\t\t\tif (withEnv && withSec) {\n\t\t\t\t\t\tthrow new Error(\"Cannot use both --with-env and --with-sec\");\n\t\t\t\t\t}\n\n\t\t\t\t\tlet envContents: string | undefined;\n\n\t\t\t\t\tif (withEnv || !(withEnv || withSec)) {\n\t\t\t\t\t\tif (!dotenv) {\n\t\t\t\t\t\t\tthrow new Error(\"No dotenv file specified in --env option\");\n\t\t\t\t\t\t}\n\t\t\t\t\t\tenvContents = fs.readFileSync(dotenv, \"utf8\");\n\t\t\t\t\t} else if (withSec) {\n\t\t\t\t\t\tif (!dotsec) {\n\t\t\t\t\t\t\tthrow new Error(\"No dotsec file specified in --sec option\");\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tconst encryptionEngine =\n\t\t\t\t\t\t\tengine || dotsecConfig?.defaults?.encryptionEngine;\n\n\t\t\t\t\t\tconst pluginCliDecrypt = (decryptHandlers || []).find((handler) => {\n\t\t\t\t\t\t\treturn handler.triggerOptionValue === encryptionEngine;\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tif (!pluginCliDecrypt) {\n\t\t\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t\t\t`No decryption plugin found, available decryption engine(s): ${(\n\t\t\t\t\t\t\t\t\tdecryptHandlers || []\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t.map((e) => `--${e.triggerOptionValue}`)\n\t\t\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t\t\t...Object.keys(pluginCliDecrypt.options || {}),\n\t\t\t\t\t\t\t...Object.keys(pluginCliDecrypt.requiredOptions || {}),\n\t\t\t\t\t\t];\n\n\t\t\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t\t\t}),\n\t\t\t\t\t\t);\n\n\t\t\t\t\t\tconst dotSecContents = fs.readFileSync(dotsec, \"utf8\");\n\t\t\t\t\t\tenvContents = await pluginCliDecrypt.handler({\n\t\t\t\t\t\t\tciphertext: dotSecContents,\n\t\t\t\t\t\t\t...allOptionsValues,\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tif (envContents) {\n\t\t\t\t\t\tconst dotenvVars = parse(envContents);\n\t\t\t\t\t\tconst [userCommand, ...userCommandArgs] = commands;\n\t\t\t\t\t\tspawnSync(userCommand, [...userCommandArgs], {\n\t\t\t\t\t\t\tstdio: \"inherit\",\n\t\t\t\t\t\t\tshell: false,\n\t\t\t\t\t\t\tenv: {\n\t\t\t\t\t\t\t\t...process.env,\n\t\t\t\t\t\t\t\t...dotenvVars,\n\t\t\t\t\t\t\t\t__DOTSEC_ENV__: JSON.stringify(Object.keys(dotenvVars)),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t});\n\t\t\t\t\t} else {\n\t\t\t\t\t\tthrow new Error(\"No .env or .sec file provided\");\n\t\t\t\t\t}\n\t\t\t\t} catch (e) {\n\t\t\t\t\tconsole.error(strong(e.message));\n\t\t\t\t\tcommand.help();\n\t\t\t\t}\n\t\t\t},\n\t\t);\n\n\tsetProgramOptions(subProgram, \"run\");\n\tdecryptHandlers?.map((run) => {\n\t\tconst { options, requiredOptions } = run;\n\t\tif (options) {\n\t\t\tObject.values(options).map((option) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...option);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.values(requiredOptions).map((requiredOption) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...requiredOption);\n\t\t\t});\n\t\t}\n\t});\n\n\tif (decryptHandlers) {\n\t\tconst engines = decryptHandlers?.map((e) => e.triggerOptionValue);\n\n\t\tsubProgram.option(\n\t\t\t\"--engine <engine>\",\n\t\t\t`Encryption engine${engines.length > 0 ? \"s\" : \"\"}: ${\n\t\t\t\t(engines.join(\", \"), engines.length === 1 ? engines[0] : undefined)\n\t\t\t}`,\n\t\t\t// engines.length === 1 ? engines[0] : undefined,\n\t\t);\n\t}\n\treturn subProgram;\n};\n\nexport default addRunProgam;\n"],
5
+ "mappings": "y3BAAA,OAAwB,wBCEjB,GAAM,GAA6B,mBAC7B,GAAsB,CAAC,GACvB,EAAiC,OACjC,EAAiC,OACjC,EAA8B,GCN3C,OAAe,iBACf,GAAiB,wBAUV,YAAoB,EAAc,CACxC,GAAI,CACH,MAAO,IAAI,UAAS,UAAU,EAAK,iBAClC,CAGD,MAAO,IAYF,GAAM,IAAW,KAAO,IAAqB,CACnD,GAAI,CACH,MAAO,IAAW,KAAM,YAAG,SAAS,SAAS,EAAU,eAC/C,EAAP,CACD,KAAI,aAAiB,OACd,GAAI,OACT,mBAAmB,WAAK,SAAS,QAAQ,MAAO,OAC/C,EAAM,WAIF,ICpCT,OAA8B,6BAC9B,GAAmB,qBACnB,GAAiB,mBAEJ,GAAmB,KAC/B,IACoC,CAVrC,YAWC,GAAM,GAAM,QAAQ,MAEd,EAAa,KAAM,AADJ,IAAI,cACa,QAAQ,CAC7C,MAAO,EAAW,CAAC,GAAY,CAAC,GAAG,GAAqB,gBACxD,MACA,QAAS,WAAK,MAAM,GAAK,KACzB,WAAY,WAEb,GAAI,GAAY,IAAe,KAC9B,KAAM,IAAI,OAAM,8BAA8B,KAE/C,GAAI,GACH,GAAI,EAAW,SAAS,SAAU,CACjC,GAAM,GAAW,KAAM,IAAS,GAE5B,EAEJ,MACC,GAAW,SAAS,iBACnB,EAA8C,SAAW,OAE1D,EAAQ,EAA8C,OAEtD,EAAO,EAGD,CACN,OAAQ,OACR,SAAU,SACN,GACA,GAFM,CAGT,SAAU,SACN,iBAAM,UACN,EAAc,UAFR,CAGT,QAAS,OACL,oBAAM,WAAN,cAAgB,SAChB,KAAc,WAAd,cAAwB,WAG7B,UAAW,KACP,iBAAM,sBAIF,EAAW,SAAS,OAAQ,CACtC,GAAM,GAAsB,KAAM,qBAAc,CAC/C,SAAU,IAEL,EAAQ,EAAoB,IAAI,QACrC,EAAoB,IAAI,SACxB,EAAoB,IAErB,MAAO,CACN,OAAQ,KACR,SAAU,SACN,GACA,GAFM,CAGT,SAAU,SACN,iBAAM,UACN,EAAc,UAFR,CAGT,QAAS,OACL,oBAAM,WAAN,cAAgB,SAChB,KAAc,WAAd,cAAwB,WAG7B,UAAW,KACP,iBAAM,eAOd,MAAO,CAAE,OAAQ,gBAAiB,SAAU,IClFtC,GAAM,GAAmB,KAAO,IAG/B,2BAAO,EAAP,QAAO,EAAQ,QAAM,KAAK,AAAC,GAC1B,EAAS,SCNlB,MAAyB,+BACzB,GAAiB,wBACjB,GAAoB,sBAEP,EAAuB,KACnC,IAEO,KAAM,WAAG,SAAS,EAAU,SAGvB,EAAsB,MAClC,EACA,IAEO,KAAM,WAAG,UAAU,EAAU,EAAU,SAGlC,GAAa,KAAO,IAAqC,CACrE,GAAI,CACH,YAAM,WAAK,GACJ,QACN,CACD,MAAO,KAII,EAA8B,MAAO,CACjD,WACA,UAIK,CACL,GAAI,GAEJ,MAAK,MAAM,IAAW,IAAc,IAAS,GAC5C,EAAoB,KAAM,eAAQ,CACjC,KAAM,UACN,KAAM,YACN,QAAS,IACD,gBAAgB,WAAK,SAAS,QAAQ,MAAO,UAItD,EAAoB,OAEd,GC9CR,OAAkB,oBACX,GAAQ,QAAQ,aAehB,GAAM,GAAS,AAAC,GAAwB,WAAM,OAAO,KAAK,GCK1D,GAAM,IAAiC,CAC7C,OAAQ,CACP,QAAS,CACR,QAAS,CAAC,YAAa,iBAAkB,IACzC,WAAY,CACX,+CACA,cACA,GAED,OAAQ,CACP,wBACA,4CAIH,KAAM,CACL,QAAS,CACR,QAAS,CAAC,YAAa,iBAAkB,IACzC,WAAY,CACX,+CACA,cACA,GAGD,IAAK,CAAC,QAAS,oBAAqB,GACpC,IAAK,CAAC,QAAS,oBAAqB,GACpC,IAAK,CAAC,QAAS,4BAA6B,MAa9C,QAAS,CACR,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,oBAAqB,GAC1C,IAAK,CAAC,cAAe,oBAAqB,GAC1C,IAAK,CAAC,QAAS,4BAA6B,MAG9C,QAAS,CACR,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,oBAAqB,GAC1C,IAAK,CAAC,cAAe,oBAAqB,GAC1C,IAAK,CAAC,QAAS,4BAA6B,MAI9C,IAAK,CACJ,aAAc,CAAC,UAEf,QAAS,CACR,QAAS,CACR,wBACA,oBAAoB,UAErB,QAAS,CACR,wBACA,oBAAoB,UAErB,IAAK,CAAC,cAAe,oBAAqB,GAC1C,IAAK,CAAC,cAAe,oBAAqB,GAC1C,IAAK,CAAC,QAAS,4BAA6B,MAG9C,KAAM,CACL,aAAc,CAAC,UACf,QAAS,CACR,QAAS,CACR,wBACA,oBAAoB,UAErB,QAAS,CACR,wBACA,oBAAoB,UAGrB,IAAK,CAAC,cAAe,oBAAqB,GAC1C,IAAK,CAAC,cAAe,oBAAqB,GAC1C,IAAK,CAAC,QAAS,4BAA6B,OAKzC,GAAsB,CAC3B,EACA,EACA,EAA2D,KACO,CAClE,GAAM,GAAU,EAAM,GACtB,GAAI,EACH,MAAI,GAAQ,aACJ,iBAAS,aAAa,OAC5B,CAAC,EAAK,IACE,GAAoB,EAAO,EAAsB,GAEzD,CACC,QAAS,OAAK,EAAO,SAAY,EAAQ,SACzC,gBAAiB,OACb,EAAO,iBACP,EAAQ,mBAKP,CACN,QAAS,OAAK,EAAO,SAAY,EAAQ,SACzC,gBAAiB,OACb,EAAO,iBACP,EAAQ,mBAOH,EAAoB,CAAC,EAAkB,IAAyB,CAC5E,GAAM,GAAiB,GACtB,GACA,GAAe,EAAQ,QAGxB,AAAI,kBAAgB,UACnB,OAAO,OAAO,EAAe,SAAS,QACrC,CAAC,CAAC,EAAQ,EAAa,KAAkB,CACxC,EAAQ,OAAO,EAAQ,EAAa,KAInC,kBAAgB,kBACnB,OAAO,OAAO,EAAe,iBAAiB,QAC7C,CAAC,CAAC,EAAQ,EAAa,KAAkB,CACxC,EAAQ,eAAe,EAAQ,EAAa,MChJhD,GAAM,IAAoB,MACzB,EACA,IAII,CACJ,GAAM,CAAE,eAAc,mBAAoB,EACpC,EAAa,EACjB,0BACA,qBACA,QAAQ,WACR,OAAO,MAAO,EAAmB,IAAqB,CA7BzD,MA8BG,GAAI,CACH,GAAM,CAEL,IAAK,EACL,IAAK,EACL,SACA,OACG,EAAQ,kBAEN,EACL,GAAU,qBAAc,WAAd,cAAwB,kBAC7B,EAAoB,IAAmB,IAAI,KAAK,AAAC,GAC/C,EAAQ,qBAAuB,GAGvC,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DAA+D,EAAQ,gBACrE,IAAI,AAAC,GAAM,KAAK,EAAE,sBAClB,KAAK,SAIT,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,EAAiB,SAAW,IAC3C,GAAG,OAAO,KAAK,EAAiB,iBAAmB,KAG9C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAIlB,EAAe,KAAM,GAAqB,GAE1C,EAAY,KAAM,GAAiB,QAAQ,GAChD,WAAY,GACT,IAGE,EAA0B,KAAM,GAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,GAAoB,EAAgB,GAC1C,QAAQ,IACP,+BAA+B,EAC9B,cACY,EAAO,aAGd,EAAP,CACD,QAAQ,MAAM,EAAO,EAAE,UACvB,EAAQ,UAIX,EAAQ,gBAAgB,IAAI,AAAC,GAAe,CAC3C,GAAM,CAAE,UAAS,mBAAoB,EACrC,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CAEtC,EAAW,OAAO,GAAG,KAGnB,GACH,OAAO,OAAO,GAAiB,IAAI,AAAC,GAAmB,CAEtD,EAAW,OAAO,GAAG,OAKxB,GAAM,GAAU,EAAQ,gBAAgB,IAAI,AAAC,GAAM,EAAE,oBACrD,SAAW,OACV,oBACA,oBAAoB,EAAQ,OAAS,EAAI,IAAM,cAC7C,EAAQ,KAAK,MAAO,EAAQ,SAAW,EAAI,EAAQ,GAAK,SAE1D,EAAQ,SAAW,EAAI,EAAQ,GAAK,QAErC,EAAkB,GAEX,GAGD,GAAQ,GCxGf,GAAM,IAAoB,MACzB,EACA,IAII,CACJ,GAAM,CAAE,kBAAiB,gBAAiB,EACpC,EAAa,EACjB,0BACA,qBACA,QAAQ,WACR,OAAO,MAAO,EAAmB,IAAqB,CA7BzD,MA8BG,GAAI,CACH,GAAM,CAEL,IAAK,EACL,IAAK,EACL,SACA,OACG,EAAQ,kBAEN,EACL,GAAU,qBAAc,WAAd,cAAwB,kBAC7B,EAAoB,IAAmB,IAAI,KAAK,AAAC,GAC/C,EAAQ,qBAAuB,GAGvC,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DAA+D,EAAQ,gBACrE,IAAI,AAAC,GAAM,EAAE,oBACb,KAAK,SAIT,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,EAAiB,SAAW,IAC3C,GAAG,OAAO,KAAK,EAAiB,iBAAmB,KAG9C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAIlB,EAAe,KAAM,GAAqB,GAE1C,EAAa,KAAM,GAAiB,QAAQ,GACjD,UAAW,GACR,IAGE,EAA0B,KAAM,GAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,GAAoB,EAAgB,GAC1C,QAAQ,IACP,+BAA+B,EAC9B,cACY,EAAO,aAGd,EAAP,CACD,QAAQ,MAAM,EAAO,EAAE,UACvB,EAAQ,UAIX,EAAQ,gBAAgB,IAAI,AAAC,GAAe,CAC3C,GAAM,CAAE,UAAS,mBAAoB,EACrC,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CAEtC,EAAW,OAAO,GAAG,KAGnB,GACH,OAAO,OAAO,GAAiB,IAAI,AAAC,GAAmB,CAEtD,EAAW,OAAO,GAAG,OAKxB,GAAM,GAAU,EAAQ,gBAAgB,IAAI,AAAC,GAAM,EAAE,oBAC/C,EAAwB,EAAQ,gBAAgB,IACrD,AAAC,GAAM,EAAE,sBAEV,SAAW,OACV,oBACA,oBAAoB,EAAQ,OAAS,EAAI,IAAM,OAC7C,EAAQ,KAAK,MAAO,EAAQ,SAAW,EAAI,EAAQ,GAAK,UAI3D,EAAkB,GAClB,EAAW,YACV,2BAA2B,EAAsB,KAAK,SAEhD,GAGD,GAAQ,GC9Hf,OAAe,sBACf,EAAoB,yBAEP,GAAkB,AAAC,GAU1B,CACL,GAAM,GAAsB,AAAG,kBACzB,EAAS,WAAG,aAAa,EAAQ,WAAY,QAE7C,EACL,AAAoB,GACpB,AAAC,GAAgB,CAChB,WAAe,EAAwB,CApB1C,wCAsBI,GADA,EAAO,AAAG,iBAAe,EAAM,EAAO,GAClC,EAAK,OAAS,AAAG,aAAW,cAAe,CAC9C,GAAM,GAAU,uBAAM,SAAN,cAAc,SAAd,cAAsB,OACtC,GAAI,YAAQ,SAAR,cAAgB,MAAhB,cAAqB,MAArB,cAA0B,WACzB,qBAAS,WAAW,KAApB,cAAwB,aAAc,MAAO,CAChD,GAAM,GAAU,oBAAS,SAAT,cAAiB,OACjC,GAAI,kBAAS,WAAW,GAAG,aAAc,MACxC,MAAO,AAAG,uBACT,WAAQ,SAAR,cAAgB,MAAhB,cAAqB,MAArB,cAA0B,UAK9B,GAAI,SAAQ,SAAR,cAAgB,MAAhB,cAAqB,SACpB,wBAAM,SAAN,cAAc,WAAW,KAAzB,cAA6B,aAAc,SAAU,CACxD,GAAM,GAAU,uBAAM,SAAN,cAAc,SAAd,cAAsB,OAGtC,GAAI,kBAAS,WAAW,GAAG,aAAc,MACxC,MAAO,AAAG,uBAAoB,QAAQ,SAAR,cAAgB,MAAhB,cAAqB,SAMvD,MAAO,GAER,MAAO,AAAG,aAAU,EAAU,IAG1B,EAA4B,AAAG,mBACpC,UACA,EACA,AAAG,eAAa,OAChB,GACA,AAAG,aAAW,IAIT,EACL,AAAG,YAAyB,EAAY,CAAC,IAEpC,EAAuC,EAAO,YAAY,GAE1D,EAAoB,EAAQ,UAAU,GAC5C,SAAO,UAEA,GC7DR,OAAiB,wBAMX,GAAiB,KAAO,IAAqB,CAClD,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,QACR,OAAO,MAAO,EAAmB,IAAqB,CACtD,GAAM,CAAE,aAAY,OAAQ,EAAQ,kBAEpC,GAAI,CACH,GAAM,GAAwB,GAAgB,CAC7C,WAAY,WAAK,QAChB,UACA,0CAGI,EAAgC,KAAM,GAC3C,CACC,SAAU,EACV,KAAM,IAGR,AACC,KAAkC,QAClC,EAA8B,YAAc,KAE5C,MAAM,GAAoB,EAAY,GACtC,QAAQ,IAAI,wBAAwB,EAAO,aAEpC,EAAP,CACD,EAAQ,MAAM,MAIjB,SAAkB,GAEX,GAGD,GAAQ,GC3Cf,OAAsB,qBACtB,EAAe,sBAUT,GAAiB,MACtB,EACA,IAOI,CACJ,GAAM,CAAE,eAAc,YAAa,EAE7B,EAAa,EACjB,0BACA,qBACA,QAAQ,QACR,OAAO,MAAO,EAAkC,IAAqB,CAnCxE,UAoCG,GAAI,CACH,GAAM,CAEL,IAAK,EACL,IAAK,EACL,UACA,UACA,SACA,OACG,EAAQ,kBAEN,EACL,GAAU,qBAAc,WAAd,cAAwB,kBAE7B,EAAoB,OAAY,IAAI,KAAK,AAAC,GAAY,CAlDhE,MAmDK,MAAO,MAAQ,UAAR,cAAiB,sBAAuB,MADtB,cAEtB,QAEE,EAAiB,OAAY,IAAI,KAAK,AAAC,GAAY,CAtD7D,MAuDK,MAAO,MAAQ,OAAR,cAAc,sBAAuB,MADtB,cAEnB,KAEJ,GAAI,CAAC,EACJ,KAAM,IAAI,OAAM,yBAGjB,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,kBAAkB,UAAW,IAC5C,GAAG,OAAO,KAAK,kBAAkB,kBAAmB,IACpD,GAAG,OAAO,KAAK,kBAAe,UAAW,IACzC,GAAG,OAAO,KAAK,kBAAe,kBAAmB,KAG5C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAIxB,GAAI,GAAW,EACd,KAAM,IAAI,OAAM,6CAGjB,GAAI,GAEJ,GAAI,GAAW,CAAE,IAAW,GAAU,CACrC,GAAI,CAAC,EACJ,KAAM,IAAI,OAAM,4CAEjB,EAAc,UAAG,aAAa,EAAQ,gBAC5B,EAAS,CACnB,GAAI,CAAC,EACJ,KAAM,IAAI,OAAM,4CAGjB,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DAA+D,EAC7D,IAAI,AAAC,GAAG,CA9FjB,MA8FoB,WAAK,KAAE,UAAF,cAAW,uBAC3B,KAAK,SAIT,GAAM,GAAiB,UAAG,aAAa,EAAQ,QAC/C,EAAc,KAAM,GAAiB,QAAQ,GAC5C,WAAY,GACT,IAGL,GAAI,EAAa,CAEhB,GAAM,GAAY,aAAM,GACxB,KAAM,GAAc,QAAQ,GAC3B,UAAW,EACX,OACG,QAGJ,MAAM,IAAI,OAAM,uCA4LT,EAAP,CACD,QAAQ,MAAM,GACd,QAAQ,KAAK,MAIhB,SAAkB,GAEX,GAGD,GAAQ,GCzTf,MAAe,sBAGf,GAAsB,qBAOtB,OAA0B,iCACpB,GAAe,CACpB,EACA,IAII,CACJ,GAAM,CAAE,eAAc,mBAAoB,GAAW,GAE/C,EAAa,EACjB,QAAQ,oBACR,MAAM,oEACN,qBACA,mBAAmB,IACnB,YACA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GA0BA,OACA,MACC,EACA,EACA,IACI,CAzDR,MA0DI,GAAI,CACH,GAAM,CACL,IAAK,EACL,IAAK,EACL,UACA,UACA,UACG,EAAQ,kBAEZ,GAAI,GAAW,EACd,KAAM,IAAI,OAAM,6CAGjB,GAAI,GAEJ,GAAI,GAAW,CAAE,IAAW,GAAU,CACrC,GAAI,CAAC,EACJ,KAAM,IAAI,OAAM,4CAEjB,EAAc,UAAG,aAAa,EAAQ,gBAC5B,EAAS,CACnB,GAAI,CAAC,EACJ,KAAM,IAAI,OAAM,4CAGjB,GAAM,GACL,GAAU,qBAAc,WAAd,cAAwB,kBAE7B,EAAoB,IAAmB,IAAI,KAAK,AAAC,GAC/C,EAAQ,qBAAuB,GAGvC,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DACC,IAAmB,IAElB,IAAI,AAAC,GAAM,KAAK,EAAE,sBAClB,KAAK,SAIT,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,EAAiB,SAAW,IAC3C,GAAG,OAAO,KAAK,EAAiB,iBAAmB,KAG9C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAIlB,EAAiB,UAAG,aAAa,EAAQ,QAC/C,EAAc,KAAM,GAAiB,QAAQ,GAC5C,WAAY,GACT,IAGL,GAAI,EAAa,CAChB,GAAM,GAAa,aAAM,GACnB,CAAC,KAAgB,GAAmB,EAC1C,iBAAU,EAAa,CAAC,GAAG,GAAkB,CAC5C,MAAO,UACP,MAAO,GACP,IAAK,SACD,QAAQ,KACR,GAFC,CAGJ,eAAgB,KAAK,UAAU,OAAO,KAAK,YAI7C,MAAM,IAAI,OAAM,uCAET,EAAP,CACD,QAAQ,MAAM,EAAO,EAAE,UACvB,EAAQ,UAsBZ,GAjBA,EAAkB,EAAY,OAC9B,WAAiB,IAAI,AAAC,GAAQ,CAC7B,GAAM,CAAE,UAAS,mBAAoB,EACrC,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CAEtC,EAAW,OAAO,GAAG,KAGnB,GACH,OAAO,OAAO,GAAiB,IAAI,AAAC,GAAmB,CAEtD,EAAW,OAAO,GAAG,OAKpB,EAAiB,CACpB,GAAM,GAAU,iBAAiB,IAAI,AAAC,GAAM,EAAE,oBAE9C,EAAW,OACV,oBACA,oBAAoB,EAAQ,OAAS,EAAI,IAAM,OAC7C,EAAQ,KAAK,MAAO,EAAQ,SAAW,EAAI,EAAQ,GAAK,UAK5D,MAAO,IAGD,GAAQ,GbzJf,OAAuC,kBACvC,GAAwB,2BAElB,GAA+B,CACpC,QAAS,YACT,KAAM,SACN,WAAY,CACX,KAAM,SACN,YAAa,mBAEd,UAAW,GACX,MAAO,GACP,OAAQ,GACR,QAAS,AAAC,GAAW,CAAC,EAAM,IAAQ,CACnC,GAAI,EAAK,CACR,GAAM,CAAE,aAAY,sBAAuB,EAC3C,SAAW,GAAsB,IAAS,GAAK,GAAK,EAAK,MAAM,GACxD,OAEP,OAAO,KAKJ,EAAU,GAAI,YAEpB,AAAC,UAAY,CA3Cb,YA4CC,GAAM,GAAgB,eAAY,QAAQ,MACpC,EAA8B,GACpC,AAAI,EAAc,QACjB,CAAI,MAAM,QAAQ,EAAc,QAC/B,EAAkB,KAAK,GAAG,EAAc,QAExC,EAAkB,KAAK,EAAc,SAGnC,EAAc,GACjB,CAAI,MAAM,QAAQ,EAAc,GAC/B,EAAkB,KAAK,GAAG,EAAc,GAExC,EAAkB,KAAK,EAAc,IAIvC,GAAM,GAAa,CAClB,GAAI,MAAM,QAAQ,EAAc,QAC7B,EAAc,OACd,CAAC,EAAc,QAClB,GAAI,MAAM,QAAQ,EAAc,GAAK,EAAc,EAAI,CAAC,EAAc,IACnE,GAEE,CAAE,SAAU,EAAS,IAAO,KAAM,IAAiB,GACnD,CAAE,WAAU,aAAc,EAEhC,EACE,KAAK,UACL,YAAY,oBACZ,QAAQ,SACR,0BACA,OAAO,CAAC,EAAU,IAAmB,CACrC,EAAM,SAGR,EAAkB,GAClB,GAAM,GAAM,GAAI,YAAI,CACnB,UAAW,GACX,iBAAkB,GAClB,YAAa,GACb,YAAa,GACb,gBAAiB,GACjB,cAAe,GACf,SAAU,CAAC,MAGN,EAA2C,GACjD,GAAI,EAAkB,OAAS,EAC9B,OAAW,KAAgB,GAAmB,CAK7C,GAAM,GAAe,KAAM,AAHZ,MAAM,GAAiB,CAAE,KAAM,KAGZ,CAAE,aAAc,EAAQ,QAC1D,EAAc,EAAa,MAAQ,EAE/B,EAAkB,SAAW,GAEhC,GAAO,SAAW,OACd,EAAO,UADO,CAEjB,iBAAkB,OAAO,EAAa,MACtC,QAAS,OACL,KAAO,WAAP,cAAiB,SADZ,EAEP,EAAa,MAAO,KACjB,QAAO,WAAP,cAAiB,UAAjB,cAA2B,EAAa,YAQjD,AAAI,kBAAU,mBACR,sBAAU,UAAV,cAAoB,EAAS,oBACjC,GAAS,QAAU,OACf,EAAS,SADM,EAEjB,EAAS,kBAAmB,OAI5B,kBAAU,UACb,OAAO,QAAQ,iBAAU,SAAS,QACjC,CAAC,CAAC,EAAY,KAAgD,CAC7D,AAAI,kBAAc,QACjB,EAAc,GAAc,iBAAc,OAE1C,EAAc,GAAc,kBAAkB,MAMlD,OAAO,OAAO,GAAa,IAAI,QAAQ,AAAC,GAAa,CACpD,AAAI,kBAAU,OACb,OAAO,KAAK,EAAS,MAAM,QAAQ,AAAC,GAAe,CAClD,AAAK,EAAc,IAClB,GAAc,GAAc,kBAAkB,SAOlD,GAAM,GAA4D,GAC5D,EAA4D,GAC5D,EAGA,GAEN,OAAW,KAAc,QAAO,KAAK,GAAgB,CACpD,GAAM,GAAe,EAAc,GAC7B,EAAmB,KAAM,GAAiB,CAAE,KAAM,IAClD,CAAE,gBAAe,YAAa,GAAQ,KAAM,GAAiB,CAClE,MACA,aAAc,IAGf,AAAI,kBAAK,UACR,EAAyB,KAAK,EAAI,SAE/B,kBAAK,UACR,GAAyB,KAAK,EAAI,SAC9B,kBAAK,OACR,EAAsB,KAAK,CAAE,KAAM,EAAI,KAAM,QAAS,EAAI,WAGxD,GACH,EAAc,CAAE,YAGlB,AAAI,EAAyB,QAC5B,KAAM,IAAkB,EAAS,CAChC,aAAc,EACd,gBAAiB,IAGf,EAAyB,QAC5B,KAAM,IAAkB,EAAS,CAChC,aAAc,EACd,gBAAiB,IAGf,EAAsB,QACzB,KAAM,IAAe,EAAS,CAC7B,aAAc,EACd,SAAU,IAKZ,KAAM,IAAe,GACrB,KAAM,IAAc,EAAS,CAC5B,aAAc,EACd,gBAAiB,IAIlB,KAAM,GAAQ",
6
6
  "names": []
7
7
  }