npm - dotsec - Versions diffs - 1.0.0-alpha.2 → 1.0.0-alpha.20 - Mend

dotsec 1.0.0-alpha.2 → 1.0.0-alpha.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/README.md +191 -39
package/bin/dotsec.js +1 -1
package/dist/cli/index.js +37 -0
package/dist/cli/index.js.map +7 -0
package/dist/cli/index.mjs +37 -0
package/dist/cli/index.mjs.map +7 -0
package/dist/index.d.ts +141 -11
package/dist/index.js +1 -43
package/dist/index.js.map +3 -3
package/dist/index.mjs +2 -0
package/dist/index.mjs.map +7 -0
package/package.json +26 -31
package/src/templates/dotsec.config.ts +15 -0
package/bin/ds.js +0 -3
package/dist/cli.d.ts +0 -1
package/dist/cli.js +0 -2237
package/dist/cli.js.map +0 -7
package/dist/ds/cli.js +0 -1111
package/dist/ds/cli.js.map +0 -7
package/dist/esm/cli.js +0 -2245
package/dist/esm/cli.js.map +0 -7
package/dist/esm/ds/cli.js +0 -1116
package/dist/esm/ds/cli.js.map +0 -7
package/dist/esm/index.js +0 -16
package/dist/esm/index.js.map +0 -7

package/README.md CHANGED Viewed

@@ -1,105 +1,257 @@
 # dotsec
-Secure dot env. Encrypts your .env so you can safely store it in your project.
+The solution offers encryption and decryption of `.env` files to and from `.sec` files, the ability to run a command with the values of a `.env`/`.sec` file in its environment, and the ability to push selected `.env`/`.sec` entries to AWS Systems Manager Parameter Store and AWS Secrets Manager.
+Encrypts your `.env` file with the AWS Encryption SDK so you can safely commit it to your repository.
+## Features
+- Encryption of `.env` files to `.sec` files.
+- Decryption of `.sec` files to `.env` files.
+- Run a command with the values of a `.env` file in its environment.
+- Run a command with the values of a `.sec` file in its environment.
+- Push selected `.env`/`.sec` entries to AWS Systems Manager Parameter Store.
+- Push selected `.env`/`.sec` entries to AWS Secrets Manager.
+- Holds no opinion on how you should manage your organization's user roles and permissions, you know best.
+### AWS plugin
+- Supported KMS key types: symmetric and assymetric:
+  - `SYMMETRIC_DEFAULT`
+  - `RSA_2048`
+    - `RSAES_OAEP_SHA_256`
+  - `RSA_3072`
+    - `RSAES_OAEP_SHA_256`
+  - `RSA_4096`
+    - `RSAES_OAEP_SHA_256`
+  - `SM2PKE`
+## Requirements
+- For initialisation enough credentials for creating a KMS key, and alias.
+- For usage enough credentials for using the KMS key to encrypt and/or decrypt.
+- An AWS KMS key with an alias.
+## Installation
+```sh
+npm install --save-dev dotsec @dotsec/plugin-aws
+```
+Add the folowing to dotsec.config.ts:
+```ts
+import { DotsecPluginAws } from "@dotsec/plugin-aws";
+import { DotsecConfig } from "dotsec";
+export const dotsec: DotsecConfig<{ plugins: DotsecPluginAws }> = {
+ defaults: {
+  encryptionEngine: "aws",
+ },
+};
+```
 ## Usage
-### Execute a command and use the values of a .env file in its environment
+If you don't have a .env file, create one:
 ```sh
-npx dotsec --env-file .env {command}
+I_CAN_SEE="clearly now"
+SINGING="in the rain"
+I_BLESS_THE_RAINS="down in Africa"
 ```
-This command also supports injecting AWS assumed role credentials into the process environment.
+### Execute a command and use the values of a .env file in its environment
+```sh
+npx dotsec run --with-env node -e "console.log(process.env.I_BLESS_THE_RAINS)"
+```
-You can specify the ARN of the role to assume in three ways:
+### Encrypt a .env file to .sec
-- By adding the `--aws-assume-role-arn` flag
-- By setting the `AWS_ASSUME_ROLE_ARN` environment variable
-- By adding the `AWS_ASSUME_ROLE_ARN` environment variable to your target `.env` file
+```sh
+npx dotsec encrypt
+```
-#### By adding the `--aws-assume-role-arn` flag
+### Execute a command and use the values of a .sec file in its environment
 ```sh
-npx dotsec --env-file .env --aws-assume-role-arn arn:aws:iam::123456789012:role/special-role {command}
+npx dotsec run --with-sec node -e "console.log(process.env.I_BLESS_THE_RAINS)"
 ```
-#### By setting the `AWS_ASSUME_ROLE_ARN` environment variable
+### Decrypt a .sec file to .env
 ```sh
-AWS_ASSUME_ROLE_ARN=arn:aws:iam::123456789012:role/special-role npx dotsec --env-file .env {command}
+npx dotsec decrypt
 ```
-#### By adding the `AWS_ASSUME_ROLE_ARN` environment variable to your target `.env` file
+### Push selected .env entries to AWS Systems Manager Parameter Store
+Edit the `dotsec.config.ts` file. Add the following to the `aws` object:
+```ts
+{
+    ...
+    variables: {
+        "I_BLESS_THE_RAINS": {
+            push: {
+                aws: {
+                    ssm: true
+                }
+            }
+        }
+    }
+}
+```
-...
-AWS_ASSUME_ROLE_ARN=arn:aws:iam::123456789012:role/special-role
-...
+Run the following command:
 ```sh
-npx dotsec --env-file .env {command}
+npx dotsec push
 ```
-Please refer to `dotsec help` for more information on other command line options.
+> You might want to set AWS_REGION before running the command. If you don't, the region will be set to `eu-west-1`.
+<!--
+## Usage
-#### Secure usage
+If you don't have an AWS KMS key with an alias, you can create one with the following command:
-Create a user managed AWS KMS key, add an alias. Refer to the AWS documentation for [creating keys](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) and [managing aliases](https://docs.aws.amazon.com/kms/latest/developerguide/alias-manage.html#alias-create)
+```sh
+aws kms create-key --description "Dotsec key" --region eu-west-1
+```
-> the default key alias is set to `alias/top-secret`
+Take not of the `KeyMetadata.KeyId` value, and create an alias for it:
-### Execute a command and use the decrypted values of a .sec file in its environment
+> Note: You are free to pick any allowed alias name.
 ```sh
-npx dotsec {command}
+aws kms create-alias --alias-name alias/dotsec --target-key-id <key-id>
 ```
-#### Other commands
+### Execute a command and use the values of a .env file in its environment
+Create a .env file if you don't have one already, and add some values:
+```sh
+echo "MY_FANCY_ENV_VAR='yes yes yallzies'\nHEY_HO='Let\'s go'" > .env
+```
-### Encrypting a `.env` file into a `.sec` file
+The following command will create an encrypted version of the `.env` file, and store it in a file called `.sec`. It will also create a config file called `dotsec.config.ts` which contains the KMS key alias, and AWS region. (Note: you don't have to add the key alias and region to the config file, you can also pass them as options to the dotsec aws sub command. See `dotsec init aws --help` for more information.)
 ```sh
-npx dotsec encrypt-env
+npx dotsec init --aws-region eu-west-1 [--aws-key-alias alias/dotsec]
 ```
-### Decrypting a `.sec` file into a `.env` file
+The following files will be created:
+- `.sec` - The encrypted version of the `.env` file.
+- `dotsec.config.ts` - The config file containing the KMS key alias and AWS region.
+### Add files to Git
+Add the `.sec` and `dotsec.config.ts` files to your repository, and commit these accordingly.
+### Run a process with your .env file
 ```sh
-npx dotsec decrypt-env
+npx dotsec run --env .env command env
 ```
-### Using a `.sec` file as environment variables
+### Run a process with your .sec file
 ```sh
-npx dotsec node index.js
+npx dotsec run --sec .sec command env
 ```
-## Using json secrets
+For more options see `dotsec run --help`.
-### Encrypting a `secrets.json` file into a `secrets.encrypted.json` file
+### Decrypt a .sec file to .env
 ```sh
-npx dotsec encrypt-secrets-json
+npx dotsec decrypt
 ```
-### Decrypting a `secrets.encrypted.json` file into a `secrets.json` file
+For more options see `dotsec decrypt --help`.
+### Encrypt a .env file to .sec
 ```sh
-npx dotsec decrypt-secrets-json
+npx dotsec encrypt
+```
+For more options see `dotsec encrypt --help`.
+### Push selected .env/.sec entries to AWS Systems Manager Parameter Store
+Take your favorite editor, and edit the `dotsec.config.ts` file. Add the following to the `aws` object:
+```ts
+{
+    variables: {
+        "NAME_OF_ENV_VAR_YOU_WANT_TO_PUSH": {
+            push: {
+                aws: {
+                    ssm: true
+                }
+            }
+        }
+    }
+}
 ```
-### Offload a `secrets.encrypted.json` file to SSM
+> Take a look at the DotsecConfig type for more options on how to configure SSM pushes.
 ```sh
-npx dotsec offload-secrets-json-to-ssm
+npx dotsec push --env --to-aws-ssm
 ```
+### Push selected .env/.sec entries to AWS Secrets Manager
+Take your favorite editor, and edit the `dotsec.config.ts` file. Add the following to the `aws` object:
+```ts
+{
+    variables: {
+        "NAME_OF_ENV_VAR_YOU_WANT_TO_PUSH": {
+            push: {
+                aws: {
+                    secretsManager: true
+                }
+            }
+        }
+    }
+}
+```
+> Take a look at the DotsecConfig type for more options on how to configure Secrets Manager pushes.
+```sh
+npx dotsec push --env --to-aws-secrets-manager
+``` -->
 ### FAQ
-#### Is it safe to commit a `.sec` file alongside your code?
+#### Is it safe to commit a `.sec` and `dotsec.config.ts` file alongside your code?
-Yes it is. The encryption key is managed by AWS, as long as you audit which principals can encrypt and decrypt you're good.
+Yes it is. But it is up to you to make sure that access to the KMS key is restricted to the people who need to decrypt and/or encrypt the `.sec` file.
 #### Should I use this in production?
 We do, however, since this package is relatively new, I don't think you should.
+## Roadmap
+- Write some tests already.
+- Add support in-code use like `dotsec.config()`
+- Add support for Node preload modules like `node -r dotsec/register index.js`
+- Add watcher for `.env` file changes and automatically encrypt
+- Write guide on postinstall for npm/yarn/pnpm
+- ~~Add chunking for encoding larger files with assymetric keys. Current limit is 4kb.~~
+- Add support for other encryption SDKs like GCP KMS, Azure Key Vault, etc.
+- ~~Split up dotsec package in multiple packages, one for each encryption SDK.~~
+- Add support for pulling entries to GitHub actions secrets.
+## Limitations
+- The only supported encryption SDK is the AWS Encryption SDK. For now.
+- ~~Assymetric keys are supported, but the encrypted file size is limited to the payload size of the key. Until chunking is implemented, that is.~~
+- AWS Secrets Manager secrets which are marked for deletion **cannot** be updated until the deletion is complete. As of writing, the minimum deletion time is 7 days. This means that if you want to update a deleted AWS Secrets Manager secret, you have to wait at least 7 days before you can update it again. This is a limitation of AWS Secrets Manager, not dotsec

package/bin/dotsec.js CHANGED Viewed

@@ -1,3 +1,3 @@
 #!/usr/bin/env node
-require("../dist/ds/cli");
+require('../dist/cli');

package/dist/cli/index.js ADDED Viewed

@@ -0,0 +1,37 @@
+var Ae=Object.create;var U=Object.defineProperty,je=Object.defineProperties,$e=Object.getOwnPropertyDescriptor,ke=Object.getOwnPropertyDescriptors,Le=Object.getOwnPropertyNames,Z=Object.getOwnPropertySymbols,He=Object.getPrototypeOf,ee=Object.prototype.hasOwnProperty,Ne=Object.prototype.propertyIsEnumerable;var te=(e,t,r)=>t in e?U(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r,s=(e,t)=>{for(var r in t||(t={}))ee.call(t,r)&&te(e,r,t[r]);if(Z)for(var r of Z(t))Ne.call(t,r)&&te(e,r,t[r]);return e},S=(e,t)=>je(e,ke(t)),Ie=e=>U(e,"__esModule",{value:!0});var Re=(e,t,r)=>{if(t&&typeof t=="object"||typeof t=="function")for(let n of Le(t))!ee.call(e,n)&&n!=="default"&&U(e,n,{get:()=>t[n],enumerable:!(r=$e(t,n))||r.enumerable});return e},w=e=>Re(Ie(U(e!=null?Ae(He(e)):{},"default",e&&e.__esModule&&"default"in e?{get:()=>e.default,enumerable:!0}:{value:e,enumerable:!0})),e);var Te=w(require("commander"));var R="dotsec.config.ts",oe=[R],b=".sec",P=".env",$={};var ne=w(require("fs")),ie=w(require("node:path"));function Ve(e){try{return new Function(`return ${e.trim()}`)()}catch{return{}}}var re=async e=>{try{return Ve(await ne.default.promises.readFile(e,"utf8"))}catch(t){throw t instanceof Error?new Error(`Failed to parse ${ie.default.relative(process.cwd(),e)}: ${t.message}`):t}};var se=w(require("bundle-require")),ae=w(require("joycon")),ce=w(require("path")),pe=async e=>{var i,l,m,a;let t=process.cwd(),n=await new ae.default().resolve({files:e?[e]:[...oe,"package.json"],cwd:t,stopDir:ce.default.parse(t).root,packageKey:"dotsec"});if(e&&n===null)throw new Error(`Could not find config file ${e}`);if(n){if(n.endsWith(".json")){let c=await re(n),o;return n.endsWith("package.json")&&c.dotsec!==void 0?o=c.dotsec:o=c,{source:"json",contents:S(s(s({},$),o),{defaults:S(s(s({},o==null?void 0:o.defaults),$.defaults),{plugins:s(s({},(i=o==null?void 0:o.defaults)==null?void 0:i.plugins),(l=$.defaults)==null?void 0:l.plugins)}),push:s({},o==null?void 0:o.push)})}}else if(n.endsWith(".ts")){let c=await(0,se.bundleRequire)({filepath:n}),o=c.mod.dotsec||c.mod.default||c.mod;return{source:"ts",contents:S(s(s({},$),o),{defaults:S(s(s({},o==null?void 0:o.defaults),$.defaults),{plugins:s(s({},(m=o==null?void 0:o.defaults)==null?void 0:m.plugins),(a=$.defaults)==null?void 0:a.plugins)}),push:s({},o==null?void 0:o.push)})}}}return{source:"defaultConfig",contents:$}};var G=async e=>Promise.resolve().then(()=>w(require(e.name))).then(t=>t.default);var V=w(require("node:fs/promises")),le=w(require("node:path")),me=w(require("prompts")),K=async e=>await V.default.readFile(e,"utf-8"),H=async(e,t)=>await V.default.writeFile(e,t,"utf-8"),qe=async e=>{try{return await(0,V.stat)(e),!0}catch{return!1}},N=async({filePath:e,skip:t})=>{let r;return await qe(e)&&t!==!0?r=await(0,me.default)({type:"confirm",name:"overwrite",message:()=>`Overwrite './${le.default.relative(process.cwd(),e)}' ?`}):r=void 0,r};var fe=w(require("chalk")),pt=require("cli-table");var _=e=>fe.default.yellow.bold(e);var Ue={decrypt:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file",P],sec:["--sec <sec>","Path to .sec file",b],yes:["--yes","Skip confirmation prompts",!1]}}},de=Ue;var Ke={dotsec:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",R],plugin:["-p, --plugin <plugin>","Comma-separated list of plugins to use"]}}},q=Ke;var Me={encrypt:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file",P],sec:["--sec <sec>","Path to .sec file",b],yes:["--yes","Skip confirmation prompts",!1]}}},ue=Me;var Ge={init:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",R],env:["--env","Path to .env file",P],sec:["--sec","Path to .sec file",b],yes:["--yes","Skip confirmation prompts",!1]}}},ge=Ge;var We={pull:{inheritsFrom:["dotsec"],options:{withEnv:["--with-env, --withEnv",`Run command with ${P} file`],withSec:["--with-sec, --withSec",`Run command with ${b} file`],env:["--env <env>","Path to .env file",P],sec:["--sec <sec>","Path to .sec file",b],yes:["--yes","Skip confirmation prompts",!1]}}},M=We;var Je={runEnvOnly:{inheritsFrom:["dotsec"],usage:"[commandArgs...]",options:{env:["--env <env>","Path to .env file",P],yes:["--yes","Skip confirmation prompts",!1]},description:"Run a command in a separate process and populate env with contents of a dotenv file.",helpText:`Examples:
+Run a command with a .env file
+$ dotsec run echo "hello world"
+Run a command with a specific .env file
+$ dotsec run --with-env --env .env.dev echo "hello world"
+`},run:{inheritsFrom:["dotsec"],options:{withEnv:["--with-env, --withEnv",`Run command with ${P} file`],withSec:["--with-sec, --withSec",`Run command with ${b} file`],env:["--env <env>","Path to .env file",P],sec:["--sec <sec>","Path to .sec file",b],yes:["--yes","Skip confirmation prompts",!1]},usage:"[--with-env --env .env] [--with-sec --sec .sec] [commandArgs...]",description:`Run a command in a separate process and populate env with either
+			- contents of a dotenv file
+			- decrypted values of a dotsec file.
+The --withEnv option will take precedence over the --withSec option. If neither are specified, the --withEnv option will be used by default.`,helpText:`Examples:
+Run a command with a .env file
+$ dotsec run echo "hello world"
+Run a command with a specific .env file
+$ dotsec run --with-env --env .env.dev echo "hello world"
+Run a command with a .sec file
+$ dotsec run --with-sec echo "hello world"
+Run a command with a specific .sec file
+$ dotsec run --with-sec --sec .sec.dev echo "hello world"
+`},push:{options:S(s({},q.dotsec.options),{withEnv:["--with-env, --withEnv",`Run command with ${P} file`],withSec:["--with-sec, --withSec",`Run command with ${b} file`],env:["--env <env>","Path to .env file",P],sec:["--sec <sec>","Path to .sec file",b],yes:["--yes","Skip confirmation prompts",!1]}),requiredOptions:s({},q.dotsec.requiredOptions)}},he=Je;var Be=s(s(s(s(s(s(s({},q),ge),ue),de),he),M),M);var x=(e,t)=>{let r=Be[t||e.name()];if(r){let{options:n,requiredOptions:i,description:l,usage:m,helpText:a}=r;n&&Object.values(n).forEach(([c,o,p])=>{e.option(c,o,p)}),i&&Object.values(i).forEach(([c,o,p])=>{e.requiredOption(c,o,p)}),l&&e.description(l),m&&e.description(m),a&&e.description(a)}};var ze=async(e,t)=>{let{dotsecConfig:r,decryptHandlers:n}=t,i=e.enablePositionalOptions().passThroughOptions().command("decrypt").action(async(m,a)=>{var c;try{let{env:o,sec:p,engine:u,yes:E}=a.optsWithGlobals(),O=u||((c=r==null?void 0:r.defaults)==null?void 0:c.encryptionEngine),F=(n||[]).find(v=>v.triggerOptionValue===O);if(!F)throw new Error(`No decryption plugin found, available decryption engine(s): ${t.decryptHandlers.map(v=>`--${v.triggerOptionValue}`).join(", ")}`);let g=[...Object.keys(F.options||{}),...Object.keys(F.requiredOptions||{})],f=Object.fromEntries(g.map(v=>[v,m[v]])),d=await K(p),y=await F.handler(s({ciphertext:d},f)),h=await N({filePath:o,skip:E});(h===void 0||h.overwrite===!0)&&(await H(o,y),console.log(`Wrote plaintext contents of ${_(p)} file to ${_(o)}`))}catch(o){console.error(_(o.message)),a.help()}});t.decryptHandlers.map(m=>{let{options:a,requiredOptions:c}=m;a&&Object.values(a).map(o=>{i.option(...o)}),c&&Object.values(c).map(o=>{i.option(...o)})});let l=t.decryptHandlers.map(m=>m.triggerOptionValue);return i.option("--engine <engine>",`Encryption engine${l.length>0?"s":""} to use: ${l.join(", "),l.length===1?l[0]:void 0}`,l.length===1?l[0]:void 0),x(i),i},ye=ze;var Qe=async(e,t)=>{let{encryptHandlers:r,dotsecConfig:n}=t,i=e.enablePositionalOptions().passThroughOptions().command("encrypt").action(async(a,c)=>{var o;try{let{env:p,sec:u,engine:E,yes:O}=c.optsWithGlobals(),F=E||((o=n==null?void 0:n.defaults)==null?void 0:o.encryptionEngine),g=(r||[]).find(C=>C.triggerOptionValue===F);if(!g)throw new Error(`No encryption plugin found, available encryption engine(s): ${t.encryptHandlers.map(C=>C.triggerOptionValue).join(", ")}`);let f=[...Object.keys(g.options||{}),...Object.keys(g.requiredOptions||{})],d=Object.fromEntries(f.map(C=>[C,a[C]])),y=await K(p),h=await g.handler(s({plaintext:y},d)),v=await N({filePath:u,skip:O});(v===void 0||v.overwrite===!0)&&(await H(u,h),console.log(`Wrote encrypted contents of ${_(p)} file to ${_(u)}`))}catch(p){console.error(_(p.message)),c.help()}});t.encryptHandlers.map(a=>{let{options:c,requiredOptions:o}=a;c&&Object.values(c).map(p=>{i.option(...p)}),o&&Object.values(o).map(p=>{i.option(...p)})});let l=t.encryptHandlers.map(a=>a.triggerOptionValue),m=t.encryptHandlers.map(a=>a.encryptionEngineName);return i.option("--engine <engine>",`Encryption engine${l.length>0?"s":""}: ${l.join(", "),l.length===1?l[0]:void 0}`),x(i),i.description(`Encrypt .env file using ${m.join(", ")}`),i},we=Qe;var Ce=w(require("node:fs")),D=w(require("typescript")),De=e=>{let t=D.createPrinter(),r=Ce.default.readFileSync(e.configFile,"utf8"),n=c=>o=>{function p(u){var E,O,F,g,f,d,y,h,v,C,T,A,I,B,z,Q,X,Y;if(u=D.visitEachChild(u,p,c),u.kind===D.SyntaxKind.StringLiteral){let L=(O=(E=u==null?void 0:u.parent)==null?void 0:E.parent)==null?void 0:O.parent;if(((f=(g=(F=e.config)==null?void 0:F.aws)==null?void 0:g.kms)==null?void 0:f.keyAlias)&&((d=L==null?void 0:L.getChildAt(0))==null?void 0:d.getText())==="kms"){let k=(y=L==null?void 0:L.parent)==null?void 0:y.parent;if((k==null?void 0:k.getChildAt(0).getText())==="aws")return D.createStringLiteral((C=(v=(h=e.config)==null?void 0:h.aws)==null?void 0:v.kms)==null?void 0:C.keyAlias)}if(((A=(T=e.config)==null?void 0:T.aws)==null?void 0:A.region)&&((B=(I=u==null?void 0:u.parent)==null?void 0:I.getChildAt(0))==null?void 0:B.getText())==="region"){let k=(Q=(z=u==null?void 0:u.parent)==null?void 0:z.parent)==null?void 0:Q.parent;if((k==null?void 0:k.getChildAt(0).getText())==="aws")return D.createStringLiteral((Y=(X=e.config)==null?void 0:X.aws)==null?void 0:Y.region)}}return u}return D.visitNode(o,p)},i=D.createSourceFile("test.ts",r,D.ScriptTarget.ES2015,!0,D.ScriptKind.TS),l=D.transform(i,[n]),m=l.transformed[0],a=t.printFile(m);return l.dispose(),a};var Ee=w(require("node:path")),Xe=async e=>{let t=e.enablePositionalOptions().passThroughOptions().command("init").description("OMG").action(async(r,n)=>{let{configFile:i,yes:l}=n.optsWithGlobals();try{let m=De({configFile:Ee.default.resolve(__dirname,"../../src/templates/dotsec.config.ts")}),a=await N({filePath:i,skip:l});(a===void 0||a.overwrite===!0)&&(await H(i,m),console.log(`Wrote config file to ${_(i)}`))}catch(m){n.error(m)}});return x(t),t},Oe=Xe;var ve=w(require("dotenv")),W=w(require("node:fs")),Ye=async(e,t)=>{let{dotsecConfig:r,handlers:n}=t,i=e.enablePositionalOptions().passThroughOptions().command("push").action(async(l,m)=>{var a,c,o;try{let{env:p,sec:u,withEnv:E,withSec:O,engine:F,yes:g}=m.optsWithGlobals(),f=F||((a=r==null?void 0:r.defaults)==null?void 0:a.encryptionEngine),d=(c=(n||[]).find(T=>{var A;return((A=T.decrypt)==null?void 0:A.triggerOptionValue)===f}))==null?void 0:c.decrypt,y=(o=(n||[]).find(T=>{var A;return((A=T.push)==null?void 0:A.triggerOptionValue)===f}))==null?void 0:o.push;if(!y)throw new Error("No push plugin found!");let h=[...Object.keys((d==null?void 0:d.options)||{}),...Object.keys((d==null?void 0:d.requiredOptions)||{}),...Object.keys((y==null?void 0:y.options)||{}),...Object.keys((y==null?void 0:y.requiredOptions)||{})],v=Object.fromEntries(h.map(T=>[T,l[T]]));if(E&&O)throw new Error("Cannot use both --with-env and --with-sec");let C;if(E||!(E||O)){if(!p)throw new Error("No dotenv file specified in --env option");C=W.default.readFileSync(p,"utf8")}else if(O){if(!u)throw new Error("No dotsec file specified in --sec option");if(!d)throw new Error(`No decryption plugin found, available decryption engine(s): ${n.map(A=>{var I;return`--${(I=A.decrypt)==null?void 0:I.triggerOptionValue}`}).join(", ")}`);let T=W.default.readFileSync(u,"utf8");C=await d.handler(s({ciphertext:T},v))}if(C){let T=(0,ve.parse)(C);await y.handler(s({push:T,yes:g},v))}else throw new Error("No .env or .sec file provided")}catch(p){console.error(p),process.exit(1)}});return x(i),i},Fe=Ye;var J=w(require("node:fs")),Pe=w(require("dotenv"));var Se=w(require("node:child_process")),Ze=(e,t)=>{let{dotsecConfig:r,decryptHandlers:n}=t||{},i=n!==void 0&&n.length>0,l=e.command("run <command...>").allowUnknownOption(!0).showHelpAfterError(!0).action(async(m,a,c)=>{var o;try{let{env:p,sec:u,withEnv:E,withSec:O,engine:F}=c.optsWithGlobals();if(E&&O)throw new Error("Cannot use both --with-env and --with-sec");let g;if(E||!(E||O)||i===!1){if(!p)throw new Error("No dotenv file specified in --env option");g=J.default.readFileSync(p,"utf8")}else if(O){if(!u)throw new Error("No dotsec file specified in --sec option");let f=F||((o=r==null?void 0:r.defaults)==null?void 0:o.encryptionEngine),d=(n||[]).find(C=>C.triggerOptionValue===f);if(!d)throw new Error(`No decryption plugin found, available decryption engine(s): ${(n||[]).map(C=>`--${C.triggerOptionValue}`).join(", ")}`);let y=[...Object.keys(d.options||{}),...Object.keys(d.requiredOptions||{})],h=Object.fromEntries(y.map(C=>[C,a[C]])),v=J.default.readFileSync(u,"utf8");g=await d.handler(s({ciphertext:v},h))}if(g){let f=(0,Pe.parse)(g),[d,...y]=m;(0,Se.spawnSync)(d,[...y],{stdio:"inherit",shell:!1,env:S(s(s({},process.env),f),{__DOTSEC_ENV__:JSON.stringify(Object.keys(f))})})}else throw new Error("No .env or .sec file provided")}catch(p){console.error(_(p.message)),c.help()}});if(x(l,i?"run":"runEnvOnly"),i){n==null||n.map(a=>{let{options:c,requiredOptions:o}=a;c&&Object.values(c).map(p=>{l.option(...p)}),o&&Object.values(o).map(p=>{l.option(...p)})});let m=n==null?void 0:n.map(a=>a.triggerOptionValue);l.option("--engine <engine>",`Encryption engine${m.length>0?"s":""}: ${m.join(", "),m.length===1?m[0]:void 0}`)}return l},be=Ze;var _e=w(require("ajv")),xe=w(require("yargs-parser")),et={keyword:"separator",type:"string",metaSchema:{type:"string",description:"value separator"},modifying:!0,valid:!0,errors:!1,compile:e=>(t,r)=>{if(r){let{parentData:n,parentDataProperty:i}=r;return n[i]=t===""?[]:t.split(e),!0}else return!1}},j=new Te.Command;(async()=>{var u,E,O,F;let e=(0,xe.default)(process.argv),t=[];e.plugin&&(Array.isArray(e.plugin)?t.push(...e.plugin):t.push(e.plugin)),e.p&&(Array.isArray(e.p)?t.push(...e.p):t.push(e.p));let r=[...Array.isArray(e.config)?e.config:[e.config],...Array.isArray(e.c)?e.c:[e.c]][0],{contents:n={}}=await pe(r),{defaults:i,push:l}=n;j.name("dotsec").description(".env, but secure").version("1.0.0").enablePositionalOptions().action((g,f)=>{f.help()}),x(j);let m=new _e.default({allErrors:!0,removeAdditional:!0,useDefaults:!0,coerceTypes:!0,allowUnionTypes:!0,addUsedSchema:!1,keywords:[et]}),a={};if(t.length>0)for(let g of t){let d=await(await G({name:g}))({dotsecConfig:n,ajv:m});a[d.name]=g,t.length===1&&(n.defaults=S(s({},n.defaults),{encryptionEngine:String(d.name),plugins:S(s({},(u=n.defaults)==null?void 0:u.plugins),{[d.name]:s({},(O=(E=n.defaults)==null?void 0:E.plugins)==null?void 0:O[d.name])})}))}(i==null?void 0:i.encryptionEngine)&&(((F=i==null?void 0:i.plugins)==null?void 0:F[i.encryptionEngine])||(i.plugins=S(s({},i.plugins),{[i.encryptionEngine]:{}}))),(i==null?void 0:i.plugins)&&Object.entries(i==null?void 0:i.plugins).forEach(([g,f])=>{(f==null?void 0:f.module)?a[g]=f==null?void 0:f.module:a[g]=`@dotsec/plugin-${g}`}),Object.values(l||{}).forEach(g=>{Object.keys(g).forEach(f=>{a[f]||(a[f]=`@dotsec/plugin-${f}`)})});let c=[],o=[],p=[];for(let g of Object.keys(a)){let f=a[g],d=await G({name:f}),{addCliCommand:y,cliHandlers:h}=await d({ajv:m,dotsecConfig:n});(h==null?void 0:h.encrypt)&&c.push(h.encrypt),(h==null?void 0:h.decrypt)&&(o.push(h.decrypt),(h==null?void 0:h.push)&&p.push({push:h.push,decrypt:h.decrypt})),y&&y({program:j})}c.length&&await we(j,{dotsecConfig:n,encryptHandlers:c}),o.length&&await ye(j,{dotsecConfig:n,decryptHandlers:o}),p.length&&await Fe(j,{dotsecConfig:n,handlers:p}),await Oe(j),await be(j,{dotsecConfig:n,decryptHandlers:o}),await j.parse()})();
+//# sourceMappingURL=index.js.map

package/dist/cli/index.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/cli/index.ts", "../../src/constants.ts", "../../src/lib/json.ts", "../../src/lib/getConfig.ts", "../../src/lib/loadDotsecPlugin.ts", "../../src/lib/io.ts", "../../src/utils/logging.ts", "../../src/cli/options/decrypt.ts", "../../src/cli/options/dotsec.ts", "../../src/cli/options/encrypt.ts", "../../src/cli/options/init.ts", "../../src/cli/options/push.ts", "../../src/cli/options/run.ts", "../../src/cli/options/index.ts", "../../src/cli/commands/decrypt.ts", "../../src/cli/commands/encrypt.ts", "../../src/lib/transformer.ts", "../../src/cli/commands/init.ts", "../../src/cli/commands/push.ts", "../../src/cli/commands/run.ts"],
+  "sourcesContent": ["import { Command } from \"commander\";\n\nimport { getMagicalConfig } from \"../lib/getConfig\";\nimport { loadDotsecPlugin } from \"../lib/loadDotsecPlugin\";\nimport {\n\tDotsecCliPluginDecryptHandler,\n\tDotsecCliPluginEncryptHandler,\n\tDotsecCliPluginPushHandler,\n\tDotsecPluginConfig,\n} from \"../types/plugin\";\nimport addDecryptProgram from \"./commands/decrypt\";\nimport addEncryptProgram from \"./commands/encrypt\";\nimport addInitCommand from \"./commands/init\";\nimport addPushProgram from \"./commands/push\";\nimport addRunCommand from \"./commands/run\";\nimport { setProgramOptions } from \"./options\";\nimport Ajv, { KeywordDefinition } from \"ajv\";\nimport yargsParser from \"yargs-parser\";\n\nconst separator: KeywordDefinition = {\n\tkeyword: \"separator\",\n\ttype: \"string\",\n\tmetaSchema: {\n\t\ttype: \"string\",\n\t\tdescription: \"value separator\",\n\t},\n\tmodifying: true,\n\tvalid: true,\n\terrors: false,\n\tcompile: (schema) => (data, ctx) => {\n\t\tif (ctx) {\n\t\t\tconst { parentData, parentDataProperty } = ctx;\n\t\t\tparentData[parentDataProperty] = data === \"\" ? [] : data.split(schema);\n\t\t\treturn true;\n\t\t} else {\n\t\t\treturn false;\n\t\t}\n\t},\n};\n\nconst program = new Command();\n\n(async () => {\n\tconst parsedOptions = yargsParser(process.argv);\n\tconst argvPluginModules: string[] = [];\n\tif (parsedOptions.plugin) {\n\t\tif (Array.isArray(parsedOptions.plugin)) {\n\t\t\targvPluginModules.push(...parsedOptions.plugin);\n\t\t} else {\n\t\t\targvPluginModules.push(parsedOptions.plugin);\n\t\t}\n\t}\n\tif (parsedOptions.p) {\n\t\tif (Array.isArray(parsedOptions.p)) {\n\t\t\targvPluginModules.push(...parsedOptions.p);\n\t\t} else {\n\t\t\targvPluginModules.push(parsedOptions.p);\n\t\t}\n\t}\n\n\tconst configFile = [\n\t\t...(Array.isArray(parsedOptions.config)\n\t\t\t? parsedOptions.config\n\t\t\t: [parsedOptions.config]),\n\t\t...(Array.isArray(parsedOptions.c) ? parsedOptions.c : [parsedOptions.c]),\n\t]?.[0];\n\n\tconst { contents: config = {} } = await getMagicalConfig(configFile);\n\tconst { defaults, push: pushVariables } = config;\n\n\tprogram\n\t\t.name(\"dotsec\")\n\t\t.description(\".env, but secure\")\n\t\t.version(\"1.0.0\")\n\t\t.enablePositionalOptions()\n\t\t.action((_options, other: Command) => {\n\t\t\tother.help();\n\t\t});\n\n\tsetProgramOptions(program);\n\tconst ajv = new Ajv({\n\t\tallErrors: true,\n\t\tremoveAdditional: true,\n\t\tuseDefaults: true,\n\t\tcoerceTypes: true,\n\t\tallowUnionTypes: true,\n\t\taddUsedSchema: false,\n\t\tkeywords: [separator],\n\t});\n\t// if we have plugins in the cli, we need to define them in pluginModules\n\tconst pluginModules: { [key: string]: string } = {};\n\tif (argvPluginModules.length > 0) {\n\t\tfor (const pluginModule of argvPluginModules) {\n\t\t\t// let's load em up\n\t\t\tconst plugin = await loadDotsecPlugin({ name: pluginModule });\n\n\t\t\t// good, let's fire 'em up\n\t\t\tconst loadedPlugin = await plugin({ dotsecConfig: config, ajv });\n\t\t\tpluginModules[loadedPlugin.name] = pluginModule;\n\n\t\t\tif (argvPluginModules.length === 1) {\n\t\t\t\t// if we only have one plugin, let's set it as the default\n\t\t\t\tconfig.defaults = {\n\t\t\t\t\t...config.defaults,\n\t\t\t\t\tencryptionEngine: String(loadedPlugin.name),\n\t\t\t\t\tplugins: {\n\t\t\t\t\t\t...config.defaults?.plugins,\n\t\t\t\t\t\t[loadedPlugin.name]: {\n\t\t\t\t\t\t\t...config.defaults?.plugins?.[loadedPlugin.name],\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t};\n\t\t\t}\n\t\t}\n\t}\n\n\tif (defaults?.encryptionEngine) {\n\t\tif (!defaults?.plugins?.[defaults.encryptionEngine]) {\n\t\t\tdefaults.plugins = {\n\t\t\t\t...defaults.plugins,\n\t\t\t\t[defaults.encryptionEngine]: {},\n\t\t\t};\n\t\t}\n\t}\n\tif (defaults?.plugins) {\n\t\tObject.entries(defaults?.plugins).forEach(\n\t\t\t([pluginName, pluginModule]: [string, DotsecPluginConfig]) => {\n\t\t\t\tif (pluginModule?.module) {\n\t\t\t\t\tpluginModules[pluginName] = pluginModule?.module;\n\t\t\t\t} else {\n\t\t\t\t\tpluginModules[pluginName] = `@dotsec/plugin-${pluginName}`;\n\t\t\t\t}\n\t\t\t},\n\t\t);\n\t}\n\n\tObject.values(pushVariables || {}).forEach((pushVariable) => {\n\t\tObject.keys(pushVariable).forEach((pluginName) => {\n\t\t\tif (!pluginModules[pluginName]) {\n\t\t\t\tpluginModules[pluginName] = `@dotsec/plugin-${pluginName}`;\n\t\t\t}\n\t\t});\n\t});\n\n\t// configure encryption command\n\tconst cliPluginEncryptHandlers: DotsecCliPluginEncryptHandler[] = [];\n\tconst cliPluginDecryptHandlers: DotsecCliPluginDecryptHandler[] = [];\n\tconst cliPluginPushHandlers: {\n\t\tpush: DotsecCliPluginPushHandler;\n\t\tdecrypt: DotsecCliPluginDecryptHandler;\n\t}[] = [];\n\n\tfor (const pluginName of Object.keys(pluginModules)) {\n\t\tconst pluginModule = pluginModules[pluginName];\n\t\tconst initDotsecPlugin = await loadDotsecPlugin({ name: pluginModule });\n\t\tconst { addCliCommand, cliHandlers: cli } = await initDotsecPlugin({\n\t\t\tajv,\n\t\t\tdotsecConfig: config,\n\t\t});\n\n\t\tif (cli?.encrypt) {\n\t\t\tcliPluginEncryptHandlers.push(cli.encrypt);\n\t\t}\n\t\tif (cli?.decrypt) {\n\t\t\tcliPluginDecryptHandlers.push(cli.decrypt);\n\t\t\tif (cli?.push) {\n\t\t\t\tcliPluginPushHandlers.push({ push: cli.push, decrypt: cli.decrypt });\n\t\t\t}\n\t\t}\n\n\t\tif (addCliCommand) {\n\t\t\taddCliCommand({ program });\n\t\t}\n\t}\n\tif (cliPluginEncryptHandlers.length) {\n\t\tawait addEncryptProgram(program, {\n\t\t\tdotsecConfig: config,\n\t\t\tencryptHandlers: cliPluginEncryptHandlers,\n\t\t});\n\t}\n\tif (cliPluginDecryptHandlers.length) {\n\t\tawait addDecryptProgram(program, {\n\t\t\tdotsecConfig: config,\n\t\t\tdecryptHandlers: cliPluginDecryptHandlers,\n\t\t});\n\t}\n\tif (cliPluginPushHandlers.length) {\n\t\tawait addPushProgram(program, {\n\t\t\tdotsecConfig: config,\n\t\t\thandlers: cliPluginPushHandlers,\n\t\t});\n\t}\n\n\t// add other commands\n\tawait addInitCommand(program);\n\tawait addRunCommand(program, {\n\t\tdotsecConfig: config,\n\t\tdecryptHandlers: cliPluginDecryptHandlers,\n\t});\n\tawait program.parse();\n})();\n", "import { DotsecConfig } from \"./types/config\";\n\nexport const DOTSEC_DEFAULT_CONFIG_FILE = \"dotsec.config.ts\";\nexport const DOTSEC_CONFIG_FILES = [DOTSEC_DEFAULT_CONFIG_FILE];\nexport const DOTSEC_DEFAULT_DOTSEC_FILENAME = \".sec\";\nexport const DOTSEC_DEFAULT_DOTENV_FILENAME = \".env\";\nexport const defaultConfig: DotsecConfig = {};\n", "import fs from \"fs\";\nimport path from \"node:path\";\n\n/**\n * Parse JSONC\n * @date 12/7/2022 - 12:48:45 PM\n *\n * @export\n * @param {string} data\n * @returns {*}\n */\nexport function jsoncParse(data: string) {\n\ttry {\n\t\treturn new Function(`return ${data.trim()}`)();\n\t} catch {\n\t\t// Silently ignore any error\n\t\t// That's what tsc/jsonc-parser did after all\n\t\treturn {};\n\t}\n}\n\n/**\n * Load JSON\n * @date 12/7/2022 - 12:48:57 PM\n *\n * @async\n * @param {string} filepath\n * @returns {unknown}\n */\nexport const loadJson = async (filepath: string) => {\n\ttry {\n\t\treturn jsoncParse(await fs.promises.readFile(filepath, \"utf8\"));\n\t} catch (error) {\n\t\tif (error instanceof Error) {\n\t\t\tthrow new Error(\n\t\t\t\t`Failed to parse ${path.relative(process.cwd(), filepath)}: ${\n\t\t\t\t\terror.message\n\t\t\t\t}`,\n\t\t\t);\n\t\t} else {\n\t\t\tthrow error;\n\t\t}\n\t}\n};\n", "import { DOTSEC_CONFIG_FILES, defaultConfig } from \"../constants\";\nimport { DotsecConfig } from \"../types/config\";\nimport { DotsecConfigAndSource } from \"../types/plugin\";\nimport { loadJson } from \"./json\";\nimport { bundleRequire } from \"bundle-require\";\nimport JoyCon from \"joycon\";\nimport path from \"path\";\n\nexport const getMagicalConfig = async (\n\tfilename?: string,\n): Promise<DotsecConfigAndSource> => {\n\tconst cwd = process.cwd();\n\tconst configJoycon = new JoyCon();\n\tconst configPath = await configJoycon.resolve({\n\t\tfiles: filename ? [filename] : [...DOTSEC_CONFIG_FILES, \"package.json\"],\n\t\tcwd,\n\t\tstopDir: path.parse(cwd).root,\n\t\tpackageKey: \"dotsec\",\n\t});\n\tif (filename && configPath === null) {\n\t\tthrow new Error(`Could not find config file ${filename}`);\n\t}\n\tif (configPath) {\n\t\tif (configPath.endsWith(\".json\")) {\n\t\t\tconst rawData = (await loadJson(configPath)) as Partial<DotsecConfig>;\n\n\t\t\tlet data: Partial<DotsecConfig>;\n\n\t\t\tif (\n\t\t\t\tconfigPath.endsWith(\"package.json\") &&\n\t\t\t\t(rawData as { dotsec: Partial<DotsecConfig> }).dotsec !== undefined\n\t\t\t) {\n\t\t\t\tdata = (rawData as { dotsec: Partial<DotsecConfig> }).dotsec;\n\t\t\t} else {\n\t\t\t\tdata = rawData as Partial<DotsecConfig>;\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tsource: \"json\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tdefaults: {\n\t\t\t\t\t\t...data?.defaults,\n\t\t\t\t\t\t...defaultConfig.defaults,\n\t\t\t\t\t\tplugins: {\n\t\t\t\t\t\t\t...data?.defaults?.plugins,\n\t\t\t\t\t\t\t...defaultConfig.defaults?.plugins,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tpush: {\n\t\t\t\t\t\t...data?.push,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t} else if (configPath.endsWith(\".ts\")) {\n\t\t\tconst bundleRequireResult = await bundleRequire({\n\t\t\t\tfilepath: configPath,\n\t\t\t});\n\t\t\tconst data = (bundleRequireResult.mod.dotsec ||\n\t\t\t\tbundleRequireResult.mod.default ||\n\t\t\t\tbundleRequireResult.mod) as Partial<DotsecConfig>;\n\n\t\t\treturn {\n\t\t\t\tsource: \"ts\",\n\t\t\t\tcontents: {\n\t\t\t\t\t...defaultConfig,\n\t\t\t\t\t...data,\n\t\t\t\t\tdefaults: {\n\t\t\t\t\t\t...data?.defaults,\n\t\t\t\t\t\t...defaultConfig.defaults,\n\t\t\t\t\t\tplugins: {\n\t\t\t\t\t\t\t...data?.defaults?.plugins,\n\t\t\t\t\t\t\t...defaultConfig.defaults?.plugins,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tpush: {\n\t\t\t\t\t\t...data?.push,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n\n\treturn { source: \"defaultConfig\", contents: defaultConfig };\n};\n", "import { DotsecPluginModule } from \"../types/plugin\";\n\nexport const loadDotsecPlugin = async (options: {\n\tname: string;\n}): Promise<DotsecPluginModule> => {\n\treturn import(options.name).then((imported) => {\n\t\treturn imported.default;\n\t});\n};\n", "import fs, { stat } from \"node:fs/promises\";\nimport path from \"node:path\";\nimport prompts from \"prompts\";\n\nexport const readContentsFromFile = async (\n\tfilePath: string,\n): Promise<string> => {\n\treturn await fs.readFile(filePath, \"utf-8\");\n};\n\nexport const writeContentsToFile = async (\n\tfilePath: string,\n\tcontents: string,\n): Promise<void> => {\n\treturn await fs.writeFile(filePath, contents, \"utf-8\");\n};\n\nexport const fileExists = async (source: string): Promise<boolean> => {\n\ttry {\n\t\tawait stat(source);\n\t\treturn true;\n\t} catch {\n\t\treturn false;\n\t}\n};\n\nexport const promptOverwriteIfFileExists = async ({\n\tfilePath,\n\tskip,\n}: {\n\tfilePath: string;\n\tskip?: boolean;\n}) => {\n\tlet overwriteResponse: prompts.Answers<\"overwrite\"> | undefined;\n\n\tif ((await fileExists(filePath)) && skip !== true) {\n\t\toverwriteResponse = await prompts({\n\t\t\ttype: \"confirm\",\n\t\t\tname: \"overwrite\",\n\t\t\tmessage: () => {\n\t\t\t\treturn `Overwrite './${path.relative(process.cwd(), filePath)}' ?`;\n\t\t\t},\n\t\t});\n\t} else {\n\t\toverwriteResponse = undefined;\n\t}\n\treturn overwriteResponse;\n};\n", "import chalk from \"chalk\"\nimport Table = require(\"cli-table\")\nexport { Table }\n\nlet _logger: Pick<Console, \"info\" | \"error\" | \"table\">\nexport const getLogger = () => {\n\tif (!_logger) {\n\t\t_logger = console\n\t}\n\n\treturn _logger\n}\nexport const writeLine = (str: string) => {\n\tprocess.stdout.write(str)\n}\nexport const emphasis = (str: string): string => chalk.yellowBright(str)\nexport const strong = (str: string): string => chalk.yellow.bold(str)\n\nexport const clientLogger = {\n\tdebug(content: object) {\n\t\tconsole.log(content)\n\t},\n\tinfo(content: object) {\n\t\tconsole.log(content)\n\t},\n\twarn(content: object) {\n\t\tconsole.log(content)\n\t},\n\terror(content: object) {\n\t\tconsole.error(content)\n\t},\n}\n", "import {\n\tDOTSEC_DEFAULT_DOTENV_FILENAME,\n\tDOTSEC_DEFAULT_DOTSEC_FILENAME,\n} from \"../../constants\";\nimport { DotSecCommandsDefaults } from \"./types\";\n\nconst decryptCommandDefaults: DotSecCommandsDefaults = {\n\tdecrypt: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t},\n\t},\n};\n\nexport default decryptCommandDefaults;\n", "import { DOTSEC_DEFAULT_CONFIG_FILE } from \"../../constants\";\nimport { DotSecCommandsDefaults } from \"./types\";\n\nconst dotsecCommandDefaults: DotSecCommandsDefaults = {\n\tdotsec: {\n\t\toptions: {\n\t\t\tverbose: [\"--verbose\", \"Verbose output\", false],\n\t\t\tconfigFile: [\n\t\t\t\t\"-c, --config-file, --configFile <configFile>\",\n\t\t\t\t\"Config file\",\n\t\t\t\tDOTSEC_DEFAULT_CONFIG_FILE,\n\t\t\t],\n\t\t\tplugin: [\n\t\t\t\t\"-p, --plugin <plugin>\",\n\t\t\t\t\"Comma-separated list of plugins to use\",\n\t\t\t],\n\t\t},\n\t},\n};\n\nexport default dotsecCommandDefaults;\n", "import {\n\tDOTSEC_DEFAULT_DOTENV_FILENAME,\n\tDOTSEC_DEFAULT_DOTSEC_FILENAME,\n} from \"../../constants\";\nimport { DotSecCommandsDefaults } from \"./types\";\n\nconst encryptCommandDefaults: DotSecCommandsDefaults = {\n\tencrypt: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t},\n\t},\n};\n\nexport default encryptCommandDefaults;\n", "import {\n\tDOTSEC_DEFAULT_CONFIG_FILE,\n\tDOTSEC_DEFAULT_DOTENV_FILENAME,\n\tDOTSEC_DEFAULT_DOTSEC_FILENAME,\n} from \"../../constants\";\nimport { DotSecCommandsDefaults } from \"./types\";\n\nconst initCommandDefaults: DotSecCommandsDefaults = {\n\tinit: {\n\t\toptions: {\n\t\t\tverbose: [\"--verbose\", \"Verbose output\", false],\n\t\t\tconfigFile: [\n\t\t\t\t\"-c, --config-file, --configFile <configFile>\",\n\t\t\t\t\"Config file\",\n\t\t\t\tDOTSEC_DEFAULT_CONFIG_FILE,\n\t\t\t],\n\n\t\t\tenv: [\"--env\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t\t// awsKeyAlias: [\n\t\t\t// \t\"--aws-key-alias <awsKeyAlias>\",\n\t\t\t// \t\"AWS KMS key alias, overrides the value provided in dotsec.config (config.aws.kms.keyAlias)\",\n\t\t\t// \t\"alias/dotsec\",\n\t\t\t// ],\n\t\t\t// awsRegion: [\n\t\t\t// \t\"--aws-region <awsRegion>\",\n\t\t\t// \t\"AWS region, overrides the value provided in dotsec.config (config.aws.region) and AWS_REGION\",\n\t\t\t// ],\n\t\t},\n\t},\n};\n\nexport default initCommandDefaults;\n", "import {\n\tDOTSEC_DEFAULT_DOTENV_FILENAME,\n\tDOTSEC_DEFAULT_DOTSEC_FILENAME,\n} from \"../../constants\";\nimport { DotSecCommandsDefaults } from \"./types\";\n\nconst pullCommandDefaults: DotSecCommandsDefaults = {\n\tpull: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\toptions: {\n\t\t\twithEnv: [\n\t\t\t\t\"--with-env, --withEnv\",\n\t\t\t\t`Run command with ${DOTSEC_DEFAULT_DOTENV_FILENAME} file`,\n\t\t\t],\n\t\t\twithSec: [\n\t\t\t\t\"--with-sec, --withSec\",\n\t\t\t\t`Run command with ${DOTSEC_DEFAULT_DOTSEC_FILENAME} file`,\n\t\t\t],\n\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t},\n\t},\n};\n\nexport default pullCommandDefaults;\n", "import {\n\tDOTSEC_DEFAULT_DOTENV_FILENAME,\n\tDOTSEC_DEFAULT_DOTSEC_FILENAME,\n} from \"../../constants\";\nimport dotsecCommandDefaults from \"./dotsec\";\nimport { DotSecCommandsDefaults } from \"./types\";\n\nconst runCommandDefaults: DotSecCommandsDefaults = {\n\trunEnvOnly: {\n\t\tinheritsFrom: [\"dotsec\"],\n\t\tusage: \"[commandArgs...]\",\n\t\toptions: {\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t},\n\n\t\tdescription:\n\t\t\t\"Run a command in a separate process and populate env with contents of a dotenv file.\",\n\t\thelpText: `${\"Examples:\"}\n\n${\"Run a command with a .env file\"}\n\n$ dotsec run echo \"hello world\"\n\n\n${\"Run a command with a specific .env file\"}\n\n$ dotsec run --with-env --env .env.dev echo \"hello world\"\n\n`,\n\t},\n\trun: {\n\t\tinheritsFrom: [\"dotsec\"],\n\n\t\toptions: {\n\t\t\twithEnv: [\n\t\t\t\t\"--with-env, --withEnv\",\n\t\t\t\t`Run command with ${DOTSEC_DEFAULT_DOTENV_FILENAME} file`,\n\t\t\t],\n\t\t\twithSec: [\n\t\t\t\t\"--with-sec, --withSec\",\n\t\t\t\t`Run command with ${DOTSEC_DEFAULT_DOTSEC_FILENAME} file`,\n\t\t\t],\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t},\n\n\t\tusage: \"[--with-env --env .env] [--with-sec --sec .sec] [commandArgs...]\",\n\t\tdescription: `Run a command in a separate process and populate env with either \n\t\t\t- contents of a dotenv file\n\t\t\t- decrypted values of a dotsec file.\n\nThe --withEnv option will take precedence over the --withSec option. If neither are specified, the --withEnv option will be used by default.`,\n\t\thelpText: `${\"Examples:\"}\n\n${\"Run a command with a .env file\"}\n\n$ dotsec run echo \"hello world\"\n\n\n${\"Run a command with a specific .env file\"}\n\n$ dotsec run --with-env --env .env.dev echo \"hello world\"\n\n\n${\"Run a command with a .sec file\"}\n\n$ dotsec run --with-sec echo \"hello world\"\n\n\n${\"Run a command with a specific .sec file\"}\n\n$ dotsec run --with-sec --sec .sec.dev echo \"hello world\"\n`,\n\t},\n\tpush: {\n\t\toptions: {\n\t\t\t...dotsecCommandDefaults.dotsec.options,\n\t\t\twithEnv: [\n\t\t\t\t\"--with-env, --withEnv\",\n\t\t\t\t`Run command with ${DOTSEC_DEFAULT_DOTENV_FILENAME} file`,\n\t\t\t],\n\t\t\twithSec: [\n\t\t\t\t\"--with-sec, --withSec\",\n\t\t\t\t`Run command with ${DOTSEC_DEFAULT_DOTSEC_FILENAME} file`,\n\t\t\t],\n\n\t\t\tenv: [\"--env <env>\", \"Path to .env file\", DOTSEC_DEFAULT_DOTENV_FILENAME],\n\t\t\tsec: [\"--sec <sec>\", \"Path to .sec file\", DOTSEC_DEFAULT_DOTSEC_FILENAME],\n\t\t\tyes: [\"--yes\", \"Skip confirmation prompts\", false],\n\t\t},\n\t\trequiredOptions: {\n\t\t\t...dotsecCommandDefaults.dotsec.requiredOptions,\n\t\t},\n\t},\n};\n\nexport default runCommandDefaults;\n", "import { Command } from \"commander\";\n\nimport decryptCommandDefaults from \"./decrypt\";\nimport dotsecCommandDefaults from \"./dotsec\";\nimport encryptCommandDefaults from \"./encrypt\";\nimport initCommandDefaults from \"./init\";\nimport pullCommandDefaults from \"./push\";\nimport pushCommandDefaults from \"./push\";\nimport runCommandDefaults from \"./run\";\nimport {\n\tDotSecCommandDefaults,\n\tDotSecCommandOptions,\n\tDotSecCommandsDefaults,\n} from \"./types\";\n\nexport const commandOptions: DotSecCommandsDefaults = {\n\t...dotsecCommandDefaults,\n\t...initCommandDefaults,\n\t...encryptCommandDefaults,\n\t...decryptCommandDefaults,\n\t...runCommandDefaults,\n\t...pushCommandDefaults,\n\t...pullCommandDefaults,\n};\n\nconst getInheritedOptions = (\n\tcopts: DotSecCommandsDefaults,\n\tcommandName: string,\n\tresult: {\n\t\toptions?: DotSecCommandOptions;\n\t\trequiredOptions?: DotSecCommandOptions;\n\t} = {},\n): DotSecCommandDefaults | undefined => {\n\tconst command = copts[commandName];\n\tif (command) {\n\t\tif (command.inheritsFrom) {\n\t\t\treturn command?.inheritsFrom.reduce(\n\t\t\t\t(acc, inheritedCommandName) => {\n\t\t\t\t\treturn getInheritedOptions(copts, inheritedCommandName, acc);\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\t...command,\n\t\t\t\t\toptions: { ...result.options, ...command.options },\n\t\t\t\t\trequiredOptions: {\n\t\t\t\t\t\t...result.requiredOptions,\n\t\t\t\t\t\t...command.requiredOptions,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t} else {\n\t\t\treturn {\n\t\t\t\t...command,\n\t\t\t\toptions: { ...result.options, ...command.options },\n\t\t\t\trequiredOptions: {\n\t\t\t\t\t...result.requiredOptions,\n\t\t\t\t\t...command.requiredOptions,\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n};\n\nexport const setProgramOptions = (program: Command, commandName?: string) => {\n\tconst programOptions = commandOptions[commandName || program.name()];\n\t// const programOptions = getInheritedOptions(\n\t// \tcommandOptions,\n\t// \tcommandName || program.name(),\n\t// );\n\n\tif (programOptions) {\n\t\tconst { options, requiredOptions, description, usage, helpText } =\n\t\t\tprogramOptions;\n\t\tif (options) {\n\t\t\tObject.values(options).forEach(([option, description, defaultValue]) => {\n\t\t\t\tprogram.option(option, description, defaultValue);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.values(requiredOptions).forEach(\n\t\t\t\t([option, description, defaultValue]) => {\n\t\t\t\t\tprogram.requiredOption(option, description, defaultValue);\n\t\t\t\t},\n\t\t\t);\n\n\t\t\t// Object.values(requiredOptions).forEach(\n\t\t\t// \t([option, description, defaultValue]) => {\n\t\t\t// \t\tprogram.requiredOption(option, description, defaultValue);\n\t\t\t// \t},\n\t\t\t// );\n\t\t}\n\t\tif (description) {\n\t\t\tprogram.description(description);\n\t\t}\n\t\tif (usage) {\n\t\t\tprogram.description(usage);\n\t\t}\n\t\tif (helpText) {\n\t\t\tprogram.description(helpText);\n\t\t}\n\t}\n};\n", "import {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { DecryptCommandOptions } from \"../../types\";\nimport { DotsecConfig } from \"../../types/config\";\nimport { DotsecCliPluginDecryptHandler } from \"../../types/plugin\";\nimport { strong } from \"../../utils/logging\";\nimport { setProgramOptions } from \"../options\";\nimport { Command } from \"commander\";\n\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n} & Record<string, unknown>;\n\nconst addEncryptProgram = async (\n\tprogram: Command,\n\toptions: {\n\t\tdotsecConfig: DotsecConfig;\n\t\tdecryptHandlers: DotsecCliPluginDecryptHandler[];\n\t},\n) => {\n\tconst { dotsecConfig, decryptHandlers } = options;\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"decrypt\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\ttry {\n\t\t\t\tconst {\n\t\t\t\t\t// verbose,\n\t\t\t\t\tenv: dotenvFilename,\n\t\t\t\t\tsec: dotsecFilename,\n\t\t\t\t\tengine,\n\t\t\t\t\tyes,\n\t\t\t\t} = command.optsWithGlobals<DecryptCommandOptions>();\n\n\t\t\t\tconst encryptionEngine =\n\t\t\t\t\tengine || dotsecConfig?.defaults?.encryptionEngine;\n\t\t\t\tconst pluginCliDecrypt = (decryptHandlers || []).find((handler) => {\n\t\t\t\t\treturn handler.triggerOptionValue === encryptionEngine;\n\t\t\t\t});\n\n\t\t\t\tif (!pluginCliDecrypt) {\n\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t`No decryption plugin found, available decryption engine(s): ${options.decryptHandlers\n\t\t\t\t\t\t\t.map((e) => `--${e.triggerOptionValue}`)\n\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t...Object.keys(pluginCliDecrypt.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliDecrypt.requiredOptions || {}),\n\t\t\t\t];\n\n\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t}),\n\t\t\t\t);\n\t\t\t\t// get current dot env file\n\t\t\t\tconst dotsecString = await readContentsFromFile(dotsecFilename);\n\n\t\t\t\tconst plaintext = await pluginCliDecrypt.handler({\n\t\t\t\t\tciphertext: dotsecString,\n\t\t\t\t\t...allOptionsValues,\n\t\t\t\t});\n\n\t\t\t\tconst dotenvOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotenvFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotenvOverwriteResponse === undefined ||\n\t\t\t\t\tdotenvOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotenvFilename, plaintext);\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote plaintext contents of ${strong(\n\t\t\t\t\t\t\tdotsecFilename,\n\t\t\t\t\t\t)} file to ${strong(dotenvFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tconsole.error(strong(e.message));\n\t\t\t\tcommand.help();\n\t\t\t}\n\t\t});\n\n\toptions.decryptHandlers.map((decryption) => {\n\t\tconst { options, requiredOptions } = decryption;\n\t\tif (options) {\n\t\t\tObject.values(options).map((option) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...option);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.values(requiredOptions).map((requiredOption) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...requiredOption);\n\t\t\t});\n\t\t}\n\t});\n\n\tconst engines = options.decryptHandlers.map((e) => e.triggerOptionValue);\n\tsubProgram.option(\n\t\t\"--engine <engine>\",\n\t\t`Encryption engine${engines.length > 0 ? \"s\" : \"\"} to use: ${\n\t\t\t(engines.join(\", \"), engines.length === 1 ? engines[0] : undefined)\n\t\t}`,\n\t\tengines.length === 1 ? engines[0] : undefined,\n\t);\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addEncryptProgram;\n", "import {\n\tpromptOverwriteIfFileExists,\n\treadContentsFromFile,\n\twriteContentsToFile,\n} from \"../../lib/io\";\nimport { EncryptCommandOptions } from \"../../types\";\nimport { DotsecConfig } from \"../../types/config\";\nimport { DotsecCliPluginEncryptHandler } from \"../../types/plugin\";\nimport { strong } from \"../../utils/logging\";\nimport { setProgramOptions } from \"../options\";\nimport { Command } from \"commander\";\n\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n} & Record<string, unknown>;\n\nconst addEncryptProgram = async (\n\tprogram: Command,\n\toptions: {\n\t\tencryptHandlers: DotsecCliPluginEncryptHandler[];\n\t\tdotsecConfig: DotsecConfig;\n\t},\n) => {\n\tconst { encryptHandlers, dotsecConfig } = options;\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"encrypt\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\ttry {\n\t\t\t\tconst {\n\t\t\t\t\t// verbose,\n\t\t\t\t\tenv: dotenvFilename,\n\t\t\t\t\tsec: dotsecFilename,\n\t\t\t\t\tengine,\n\t\t\t\t\tyes,\n\t\t\t\t} = command.optsWithGlobals<EncryptCommandOptions>();\n\n\t\t\t\tconst encryptionEngine =\n\t\t\t\t\tengine || dotsecConfig?.defaults?.encryptionEngine;\n\t\t\t\tconst pluginCliEncrypt = (encryptHandlers || []).find((handler) => {\n\t\t\t\t\treturn handler.triggerOptionValue === encryptionEngine;\n\t\t\t\t});\n\n\t\t\t\tif (!pluginCliEncrypt) {\n\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t`No encryption plugin found, available encryption engine(s): ${options.encryptHandlers\n\t\t\t\t\t\t\t.map((e) => e.triggerOptionValue)\n\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t...Object.keys(pluginCliEncrypt.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliEncrypt.requiredOptions || {}),\n\t\t\t\t];\n\n\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t}),\n\t\t\t\t);\n\n\t\t\t\tconst dotenvString = await readContentsFromFile(dotenvFilename);\n\n\t\t\t\tconst cipherText = await pluginCliEncrypt.handler({\n\t\t\t\t\tplaintext: dotenvString,\n\t\t\t\t\t...allOptionsValues,\n\t\t\t\t});\n\n\t\t\t\tconst dotsecOverwriteResponse = await promptOverwriteIfFileExists({\n\t\t\t\t\tfilePath: dotsecFilename,\n\t\t\t\t\tskip: yes,\n\t\t\t\t});\n\t\t\t\tif (\n\t\t\t\t\tdotsecOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(dotsecFilename, cipherText);\n\t\t\t\t\tconsole.log(\n\t\t\t\t\t\t`Wrote encrypted contents of ${strong(\n\t\t\t\t\t\t\tdotenvFilename,\n\t\t\t\t\t\t)} file to ${strong(dotsecFilename)}`,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tconsole.error(strong(e.message));\n\t\t\t\tcommand.help();\n\t\t\t}\n\t\t});\n\n\toptions.encryptHandlers.map((encryption) => {\n\t\tconst { options, requiredOptions } = encryption;\n\t\tif (options) {\n\t\t\tObject.values(options).map((option) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...option);\n\t\t\t});\n\t\t}\n\t\tif (requiredOptions) {\n\t\t\tObject.values(requiredOptions).map((requiredOption) => {\n\t\t\t\t// @ts-ignore\n\t\t\t\tsubProgram.option(...requiredOption);\n\t\t\t});\n\t\t}\n\t});\n\n\tconst engines = options.encryptHandlers.map((e) => e.triggerOptionValue);\n\tconst encryptionEngineNames = options.encryptHandlers.map(\n\t\t(e) => e.encryptionEngineName,\n\t);\n\tsubProgram.option(\n\t\t\"--engine <engine>\",\n\t\t`Encryption engine${engines.length > 0 ? \"s\" : \"\"}: ${\n\t\t\t(engines.join(\", \"), engines.length === 1 ? engines[0] : undefined)\n\t\t}`,\n\t\t// engines.length === 1 ? engines[0] : undefined,\n\t);\n\tsetProgramOptions(subProgram);\n\tsubProgram.description(\n\t\t`Encrypt .env file using ${encryptionEngineNames.join(\", \")}`,\n\t);\n\treturn subProgram;\n};\n\nexport default addEncryptProgram;\n", "import fs from \"node:fs\";\nimport * as ts from \"typescript\";\n\nexport const patchConfigFile = (options: {\n\tconfigFile: string;\n\tconfig?: {\n\t\taws?: {\n\t\t\tregion?: string;\n\t\t\tkms?: {\n\t\t\t\tkeyAlias?: string;\n\t\t\t};\n\t\t};\n\t};\n}) => {\n\tconst printer: ts.Printer = ts.createPrinter();\n\tconst source = fs.readFileSync(options.configFile, \"utf8\");\n\n\tconst transformer =\n\t\t<T extends ts.Node>(context: ts.TransformationContext) =>\n\t\t(rootNode: T) => {\n\t\t\tfunction visit(node: ts.Node): ts.Node {\n\t\t\t\tnode = ts.visitEachChild(node, visit, context);\n\t\t\t\tif (node.kind === ts.SyntaxKind.StringLiteral) {\n\t\t\t\t\tconst kmsNode = node?.parent?.parent?.parent;\n\t\t\t\t\tif (options.config?.aws?.kms?.keyAlias) {\n\t\t\t\t\t\tif (kmsNode?.getChildAt(0)?.getText() === \"kms\") {\n\t\t\t\t\t\t\tconst awsNode = kmsNode?.parent?.parent;\n\t\t\t\t\t\t\tif (awsNode?.getChildAt(0).getText() === \"aws\") {\n\t\t\t\t\t\t\t\treturn ts.createStringLiteral(\n\t\t\t\t\t\t\t\t\toptions.config?.aws?.kms?.keyAlias,\n\t\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif (options.config?.aws?.region) {\n\t\t\t\t\t\tif (node?.parent?.getChildAt(0)?.getText() === \"region\") {\n\t\t\t\t\t\t\tconst awsNode = node?.parent?.parent?.parent;\n\n\t\t\t\t\t\t\t// const awsNode = kmsNode?.parent?.parent;\n\t\t\t\t\t\t\tif (awsNode?.getChildAt(0).getText() === \"aws\") {\n\t\t\t\t\t\t\t\treturn ts.createStringLiteral(options.config?.aws?.region);\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treturn node;\n\t\t\t}\n\t\t\treturn ts.visitNode(rootNode, visit);\n\t\t};\n\n\tconst sourceFile: ts.SourceFile = ts.createSourceFile(\n\t\t\"test.ts\",\n\t\tsource,\n\t\tts.ScriptTarget.ES2015,\n\t\ttrue,\n\t\tts.ScriptKind.TS,\n\t);\n\n\t// Options may be passed to transform\n\tconst result: ts.TransformationResult<ts.SourceFile> =\n\t\tts.transform<ts.SourceFile>(sourceFile, [transformer]);\n\n\tconst transformedSourceFile: ts.SourceFile = result.transformed[0];\n\n\tconst transformedSource = printer.printFile(transformedSourceFile);\n\tresult.dispose();\n\n\treturn transformedSource;\n};\n", "import { promptOverwriteIfFileExists, writeContentsToFile } from \"../../lib/io\";\nimport { InitCommandOptions } from \"../../types\";\nimport { Command } from \"commander\";\n\nimport { patchConfigFile } from \"../../lib/transformer\";\nimport { strong } from \"../../utils/logging\";\nimport { setProgramOptions } from \"../options\";\nimport path from \"node:path\";\ntype Formats = {\n\tenv?: string;\n\tawsKeyAlias?: string;\n};\n\nconst addInitProgram = async (program: Command) => {\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"init\")\n\t\t.description(\"OMG\")\n\t\t.action(async (_options: Formats, command: Command) => {\n\t\t\tconst { configFile, yes } = command.optsWithGlobals<InitCommandOptions>();\n\n\t\t\ttry {\n\t\t\t\tconst patchedConfigTemplate = patchConfigFile({\n\t\t\t\t\tconfigFile: path.resolve(\n\t\t\t\t\t\t__dirname,\n\t\t\t\t\t\t\"../../src/templates/dotsec.config.ts\",\n\t\t\t\t\t),\n\t\t\t\t});\n\t\t\t\tconst dotsecConfigOverwriteResponse = await promptOverwriteIfFileExists(\n\t\t\t\t\t{\n\t\t\t\t\t\tfilePath: configFile,\n\t\t\t\t\t\tskip: yes,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tif (\n\t\t\t\t\tdotsecConfigOverwriteResponse === undefined ||\n\t\t\t\t\tdotsecConfigOverwriteResponse.overwrite === true\n\t\t\t\t) {\n\t\t\t\t\tawait writeContentsToFile(configFile, patchedConfigTemplate);\n\t\t\t\t\tconsole.log(`Wrote config file to ${strong(configFile)}`);\n\t\t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tcommand.error(e);\n\t\t\t}\n\t\t});\n\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addInitProgram;\n", "import { PushCommandOptions } from \"../../types\";\nimport { DotsecConfig } from \"../../types/config\";\nimport {\n\tDotsecCliPluginDecryptHandler,\n\tDotsecCliPluginPushHandler,\n} from \"../../types/plugin\";\nimport { setProgramOptions } from \"../options\";\nimport { Command } from \"commander\";\nimport { parse } from \"dotenv\";\nimport fs from \"node:fs\";\n\n/**\n * Decrypts, and pushes the contents of a .env file to AWS SSM, AWS Secrets Manager or GitHub Actions Secrets\n * @date 12/7/2022 - 9:16:48 AM\n *\n * @async\n * @param {Command} program\n * @returns {unknown}\n */\nconst addPushProgram = async (\n\tprogram: Command,\n\toptions: {\n\t\tdotsecConfig: DotsecConfig;\n\t\thandlers: {\n\t\t\tpush: DotsecCliPluginPushHandler;\n\t\t\tdecrypt: DotsecCliPluginDecryptHandler;\n\t\t}[];\n\t},\n) => {\n\tconst { dotsecConfig, handlers } = options;\n\n\tconst subProgram = program\n\t\t.enablePositionalOptions()\n\t\t.passThroughOptions()\n\t\t.command(\"push\")\n\t\t.action(async (_options: Record<string, string>, command: Command) => {\n\t\t\ttry {\n\t\t\t\tconst {\n\t\t\t\t\t// verbose,\n\t\t\t\t\tenv: dotenv,\n\t\t\t\t\tsec: dotsec,\n\t\t\t\t\twithEnv,\n\t\t\t\t\twithSec,\n\t\t\t\t\tengine,\n\t\t\t\t\tyes,\n\t\t\t\t} = command.optsWithGlobals<PushCommandOptions>();\n\n\t\t\t\tconst encryptionEngine =\n\t\t\t\t\tengine || dotsecConfig?.defaults?.encryptionEngine;\n\n\t\t\t\tconst pluginCliDecrypt = (handlers || []).find((handler) => {\n\t\t\t\t\treturn handler.decrypt?.triggerOptionValue === encryptionEngine;\n\t\t\t\t})?.decrypt;\n\n\t\t\t\tconst pluginCliPush = (handlers || []).find((handler) => {\n\t\t\t\t\treturn handler.push?.triggerOptionValue === encryptionEngine;\n\t\t\t\t})?.push;\n\n\t\t\t\tif (!pluginCliPush) {\n\t\t\t\t\tthrow new Error(\"No push plugin found!\");\n\t\t\t\t}\n\n\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t...Object.keys(pluginCliDecrypt?.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliDecrypt?.requiredOptions || {}),\n\t\t\t\t\t...Object.keys(pluginCliPush?.options || {}),\n\t\t\t\t\t...Object.keys(pluginCliPush?.requiredOptions || {}),\n\t\t\t\t];\n\n\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t}),\n\t\t\t\t);\n\n\t\t\t\tif (withEnv && withSec) {\n\t\t\t\t\tthrow new Error(\"Cannot use both --with-env and --with-sec\");\n\t\t\t\t}\n\n\t\t\t\tlet envContents: string | undefined;\n\n\t\t\t\tif (withEnv || !(withEnv || withSec)) {\n\t\t\t\t\tif (!dotenv) {\n\t\t\t\t\t\tthrow new Error(\"No dotenv file specified in --env option\");\n\t\t\t\t\t}\n\t\t\t\t\tenvContents = fs.readFileSync(dotenv, \"utf8\");\n\t\t\t\t} else if (withSec) {\n\t\t\t\t\tif (!dotsec) {\n\t\t\t\t\t\tthrow new Error(\"No dotsec file specified in --sec option\");\n\t\t\t\t\t}\n\n\t\t\t\t\tif (!pluginCliDecrypt) {\n\t\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t\t`No decryption plugin found, available decryption engine(s): ${handlers\n\t\t\t\t\t\t\t\t.map((e) => `--${e.decrypt?.triggerOptionValue}`)\n\t\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\n\t\t\t\t\tconst dotSecContents = fs.readFileSync(dotsec, \"utf8\");\n\t\t\t\t\tenvContents = await pluginCliDecrypt.handler({\n\t\t\t\t\t\tciphertext: dotSecContents,\n\t\t\t\t\t\t...allOptionsValues,\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t\tif (envContents) {\n\t\t\t\t\t// convert to object\n\t\t\t\t\tconst envObject = parse(envContents);\n\t\t\t\t\tawait pluginCliPush.handler({\n\t\t\t\t\t\tpush: envObject,\n\t\t\t\t\t\tyes,\n\t\t\t\t\t\t...allOptionsValues,\n\t\t\t\t\t});\n\t\t\t\t} else {\n\t\t\t\t\tthrow new Error(\"No .env or .sec file provided\");\n\t\t\t\t}\n\n\t\t\t\t// \t\t\tlet envContents: string | undefined;\n\n\t\t\t\t// \t\t\tif (env) {\n\t\t\t\t// \t\t\t\tconst dotenvFilename = isBoolean(env)\n\t\t\t\t// \t\t\t\t\t? DOTSEC_DEFAULT_DOTENV_FILENAME\n\t\t\t\t// \t\t\t\t\t: env;\n\t\t\t\t// \t\t\t\tenvContents = fs.readFileSync(dotenvFilename, \"utf8\");\n\t\t\t\t// \t\t\t} else if (sec) {\n\t\t\t\t// \t\t\t\tconst dotsecFilename = isBoolean(sec)\n\t\t\t\t// \t\t\t\t\t? DOTSEC_DEFAULT_DOTSEC_FILENAME\n\t\t\t\t// \t\t\t\t\t: sec;\n\t\t\t\t// \t\t\t\tconst dotSecContents = fs.readFileSync(dotsecFilename, \"utf8\");\n\t\t\t\t// \t\t\t\tconst encryptionEngine = await awsEncryptionEngineFactory({\n\t\t\t\t// \t\t\t\t\tverbose,\n\t\t\t\t// \t\t\t\t\tregion:\n\t\t\t\t// \t\t\t\t\t\tawsRegion ||\n\t\t\t\t// \t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t// \t\t\t\t\t\tdotsecConfig.config?.aws?.region,\n\t\t\t\t// \t\t\t\t\tkms: {\n\t\t\t\t// \t\t\t\t\t\tkeyAlias: awskeyAlias || dotsecConfig?.config?.aws?.kms?.keyAlias,\n\t\t\t\t// \t\t\t\t\t},\n\t\t\t\t// \t\t\t\t});\n\n\t\t\t\t// \t\t\t\tenvContents = await encryptionEngine.decrypt(dotSecContents);\n\t\t\t\t// \t\t\t} else {\n\t\t\t\t// \t\t\t\tthrow new Error('Must provide either \"--env\" or \"--sec\"');\n\t\t\t\t// \t\t\t}\n\n\t\t\t\t// \t\t\tconst envObject = parse(envContents);\n\n\t\t\t\t// \t\t\t// get dotsec config\n\t\t\t\t// \t\t\ttry {\n\t\t\t\t// \t\t\t\tif (toAwsSsm) {\n\t\t\t\t// \t\t\t\t\tconst ssmDefaults = dotsecConfig?.config?.aws?.ssm;\n\t\t\t\t// \t\t\t\t\tconst ssmType = ssmDefaults?.parameterType || \"SecureString\";\n\n\t\t\t\t// \t\t\t\t\tconst pathPrefix = ssmDefaults?.pathPrefix || \"\";\n\t\t\t\t// \t\t\t\t\tconst putParameterRequests = Object.entries(envObject).reduce<\n\t\t\t\t// \t\t\t\t\t\tPutParameterRequest[]\n\t\t\t\t// \t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t// \t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t// \t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t// \t\t\t\t\t\t\tif (entry) {\n\t\t\t\t// \t\t\t\t\t\t\t\tconst keyName = `${pathPrefix}${key}`;\n\t\t\t\t// \t\t\t\t\t\t\t\tif (entry.push?.aws?.ssm) {\n\t\t\t\t// \t\t\t\t\t\t\t\t\tconst putParameterRequest: PutParameterRequest = isBoolean(\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\tentry.push.aws.ssm,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t)\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t? {\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\tValue: value,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\tType: ssmType,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t  }\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t: {\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\tType: ssmType,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\t...entry.push.aws.ssm,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\tValue: value,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t  };\n\n\t\t\t\t// \t\t\t\t\t\t\t\t\tacc.push(putParameterRequest);\n\t\t\t\t// \t\t\t\t\t\t\t\t\t// return putParameterRequest;\n\t\t\t\t// \t\t\t\t\t\t\t\t}\n\t\t\t\t// \t\t\t\t\t\t\t}\n\t\t\t\t// \t\t\t\t\t\t}\n\n\t\t\t\t// \t\t\t\t\t\treturn acc;\n\t\t\t\t// \t\t\t\t\t}, []);\n\n\t\t\t\t// \t\t\t\t\tconst { confirm } = await promptConfirm({\n\t\t\t\t// \t\t\t\t\t\tmessage: `Are you sure you want to push the following variables to AWS SSM Parameter Store?\n\t\t\t\t// ${putParameterRequests\n\t\t\t\t// \t.map(({ Name }) => `- ${strong(Name || \"[no name]\")}`)\n\t\t\t\t// \t.join(\"\\n\")}`,\n\t\t\t\t// \t\t\t\t\t\tskip: yes,\n\t\t\t\t// \t\t\t\t\t});\n\n\t\t\t\t// \t\t\t\t\tif (confirm === true) {\n\t\t\t\t// \t\t\t\t\t\tconsole.log(\"pushing to AWS SSM Parameter Store\");\n\t\t\t\t// \t\t\t\t\t\tconst meh = await AwsSsm({\n\t\t\t\t// \t\t\t\t\t\t\tregion: awsRegion || dotsecConfig?.config?.aws?.region,\n\t\t\t\t// \t\t\t\t\t\t});\n\n\t\t\t\t// \t\t\t\t\t\tawait meh.put(putParameterRequests);\n\t\t\t\t// \t\t\t\t\t}\n\t\t\t\t// \t\t\t\t}\n\n\t\t\t\t// \t\t\t\t// secrets manager\n\t\t\t\t// \t\t\t\tif (toAwsSecretsManager) {\n\t\t\t\t// \t\t\t\t\t// create secretss\n\t\t\t\t// \t\t\t\t\tconst secretsManagerDefaults =\n\t\t\t\t// \t\t\t\t\t\tdotsecConfig?.config?.aws?.secretsManager;\n\t\t\t\t// \t\t\t\t\tconst pathPrefix = secretsManagerDefaults?.pathPrefix || \"\";\n\t\t\t\t// \t\t\t\t\tconst awsSecretsMananger = await AwsSecretsManager({\n\t\t\t\t// \t\t\t\t\t\tregion:\n\t\t\t\t// \t\t\t\t\t\t\tawsRegion ||\n\t\t\t\t// \t\t\t\t\t\t\tprocess.env.AWS_REGION ||\n\t\t\t\t// \t\t\t\t\t\t\tdotsecConfig.config?.aws?.region,\n\t\t\t\t// \t\t\t\t\t});\n\n\t\t\t\t// \t\t\t\t\tconst createSecretRequests = Object.entries(envObject).reduce<\n\t\t\t\t// \t\t\t\t\t\tCreateSecretRequest[]\n\t\t\t\t// \t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t// \t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t// \t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t// \t\t\t\t\t\t\tif (entry) {\n\t\t\t\t// \t\t\t\t\t\t\t\tconst keyName = `${pathPrefix}${key}`;\n\t\t\t\t// \t\t\t\t\t\t\t\tif (entry.push?.aws?.ssm) {\n\t\t\t\t// \t\t\t\t\t\t\t\t\tconst createSecretRequest: CreateSecretRequest = isBoolean(\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\tentry.push.aws.ssm,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t)\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t? {\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\tSecretString: value,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t  }\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t: {\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\tName: keyName,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\t...entry.push.aws.ssm,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t\t\tSecretString: value,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\t  };\n\n\t\t\t\t// \t\t\t\t\t\t\t\t\tacc.push(createSecretRequest);\n\t\t\t\t// \t\t\t\t\t\t\t\t}\n\t\t\t\t// \t\t\t\t\t\t\t}\n\t\t\t\t// \t\t\t\t\t\t}\n\n\t\t\t\t// \t\t\t\t\t\treturn acc;\n\t\t\t\t// \t\t\t\t\t}, []);\n\t\t\t\t// \t\t\t\t\tconst { push, updateSecretCommands, createSecretCommands } =\n\t\t\t\t// \t\t\t\t\t\tawait awsSecretsMananger.push(createSecretRequests);\n\t\t\t\t// \t\t\t\t\tconst confirmations: boolean[] = [];\n\t\t\t\t// \t\t\t\t\tif (updateSecretCommands.length > 0) {\n\t\t\t\t// \t\t\t\t\t\tconst { confirm: confirmUpdate } = await promptConfirm({\n\t\t\t\t// \t\t\t\t\t\t\tmessage: `Are you sure you want to update the following variables to AWS SSM Secrets Manager?\n\t\t\t\t// ${updateSecretCommands\n\t\t\t\t// \t.map(({ input: { SecretId } }) => `- ${strong(SecretId || \"[no name]\")}`)\n\t\t\t\t// \t.join(\"\\n\")}`,\n\t\t\t\t// \t\t\t\t\t\t\tskip: yes,\n\t\t\t\t// \t\t\t\t\t\t});\n\n\t\t\t\t// \t\t\t\t\t\tconfirmations.push(confirmUpdate);\n\t\t\t\t// \t\t\t\t\t}\n\t\t\t\t// \t\t\t\t\tif (createSecretCommands.length > 0) {\n\t\t\t\t// \t\t\t\t\t\tconst { confirm: confirmCreate } = await promptConfirm({\n\t\t\t\t// \t\t\t\t\t\t\tmessage: `Are you sure you want to create the following variables to AWS SSM Secrets Manager?\n\t\t\t\t// ${createSecretCommands\n\t\t\t\t// \t.map(({ input: { Name } }) => `- ${strong(Name || \"[no name]\")}`)\n\t\t\t\t// \t.join(\"\\n\")}`,\n\t\t\t\t// \t\t\t\t\t\t\tskip: yes,\n\t\t\t\t// \t\t\t\t\t\t});\n\n\t\t\t\t// \t\t\t\t\t\tconfirmations.push(confirmCreate);\n\t\t\t\t// \t\t\t\t\t}\n\t\t\t\t// \t\t\t\t\tif (confirmations.find((c) => c === false) === undefined) {\n\t\t\t\t// \t\t\t\t\t\tconsole.log(\"xpushing to AWS Secrets Manager\");\n\n\t\t\t\t// \t\t\t\t\t\tawait push();\n\t\t\t\t// \t\t\t\t\t}\n\t\t\t\t// \t\t\t\t}\n\n\t\t\t\t// \t\t\t\tif (toGitHubActionsSecrets) {\n\t\t\t\t// \t\t\t\t\t// which env vars should we push to github actions secrets?\n\t\t\t\t// \t\t\t\t\tconst githubActionsSecrets = Object.entries(envObject).reduce<\n\t\t\t\t// \t\t\t\t\t\t{ name: string; value: string }[]\n\t\t\t\t// \t\t\t\t\t>((acc, [key, value]) => {\n\t\t\t\t// \t\t\t\t\t\tif (dotsecConfig.variables?.[key]) {\n\t\t\t\t// \t\t\t\t\t\t\tconst entry = dotsecConfig.variables?.[key];\n\t\t\t\t// \t\t\t\t\t\t\tif (entry) {\n\t\t\t\t// \t\t\t\t\t\t\t\tif (entry.push?.github?.actionsSecrets) {\n\t\t\t\t// \t\t\t\t\t\t\t\t\tacc.push({\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\tname: key,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t\tvalue,\n\t\t\t\t// \t\t\t\t\t\t\t\t\t});\n\t\t\t\t// \t\t\t\t\t\t\t\t}\n\t\t\t\t// \t\t\t\t\t\t\t}\n\t\t\t\t// \t\t\t\t\t\t}\n\n\t\t\t\t// \t\t\t\t\t\treturn acc;\n\t\t\t\t// \t\t\t\t\t}, []);\n\n\t\t\t\t// \t\t\t\t\tconsole.log(\"githubActionsSecrets\", githubActionsSecrets);\n\t\t\t\t// \t\t\t\t}\n\t\t\t\t// \t\t\t} catch (e) {\n\t\t\t\t// \t\t\t\tcommand.error(e);\n\t\t\t\t// \t\t\t}\n\t\t\t} catch (e) {\n\t\t\t\tconsole.error(e);\n\t\t\t\tprocess.exit(1);\n\t\t\t}\n\t\t});\n\n\tsetProgramOptions(subProgram);\n\n\treturn subProgram;\n};\n\nexport default addPushProgram;\n", "import fs from \"node:fs\";\n\nimport { Command } from \"commander\";\nimport { parse } from \"dotenv\";\n\nimport { RunCommandOptions } from \"../../types\";\nimport { DotsecConfig } from \"../../types/config\";\nimport { DotsecCliPluginDecryptHandler } from \"../../types/plugin\";\nimport { strong } from \"../../utils/logging\";\nimport { setProgramOptions } from \"../options\";\nimport { spawnSync } from \"node:child_process\";\nconst addRunProgam = (\n\tprogram: Command,\n\toptions?: {\n\t\tdotsecConfig: DotsecConfig;\n\t\tdecryptHandlers?: DotsecCliPluginDecryptHandler[];\n\t},\n) => {\n\tconst { dotsecConfig, decryptHandlers } = options || {};\n\n\t// is there an encryption engine?\n\tconst hasDecryptEngine =\n\t\tdecryptHandlers !== undefined && decryptHandlers.length > 0;\n\n\tconst subProgram = program\n\t\t.command(\"run <command...>\")\n\t\t.allowUnknownOption(true)\n\t\t.showHelpAfterError(true)\n\t\t.action(\n\t\t\tasync (\n\t\t\t\tcommands: string[],\n\t\t\t\t_options: Record<string, string>,\n\t\t\t\tcommand: Command,\n\t\t\t) => {\n\t\t\t\ttry {\n\t\t\t\t\tconst {\n\t\t\t\t\t\tenv: dotenv,\n\t\t\t\t\t\tsec: dotsec,\n\t\t\t\t\t\twithEnv,\n\t\t\t\t\t\twithSec,\n\t\t\t\t\t\tengine,\n\t\t\t\t\t} = command.optsWithGlobals<RunCommandOptions>();\n\n\t\t\t\t\tif (withEnv && withSec) {\n\t\t\t\t\t\tthrow new Error(\"Cannot use both --with-env and --with-sec\");\n\t\t\t\t\t}\n\n\t\t\t\t\tlet envContents: string | undefined;\n\n\t\t\t\t\tif (withEnv || !(withEnv || withSec) || hasDecryptEngine === false) {\n\t\t\t\t\t\tif (!dotenv) {\n\t\t\t\t\t\t\tthrow new Error(\"No dotenv file specified in --env option\");\n\t\t\t\t\t\t}\n\t\t\t\t\t\tenvContents = fs.readFileSync(dotenv, \"utf8\");\n\t\t\t\t\t} else if (withSec) {\n\t\t\t\t\t\tif (!dotsec) {\n\t\t\t\t\t\t\tthrow new Error(\"No dotsec file specified in --sec option\");\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tconst encryptionEngine =\n\t\t\t\t\t\t\tengine || dotsecConfig?.defaults?.encryptionEngine;\n\n\t\t\t\t\t\tconst pluginCliDecrypt = (decryptHandlers || []).find((handler) => {\n\t\t\t\t\t\t\treturn handler.triggerOptionValue === encryptionEngine;\n\t\t\t\t\t\t});\n\n\t\t\t\t\t\tif (!pluginCliDecrypt) {\n\t\t\t\t\t\t\tthrow new Error(\n\t\t\t\t\t\t\t\t`No decryption plugin found, available decryption engine(s): ${(\n\t\t\t\t\t\t\t\t\tdecryptHandlers || []\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t.map((e) => `--${e.triggerOptionValue}`)\n\t\t\t\t\t\t\t\t\t.join(\", \")}`,\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tconst allOptionKeys = [\n\t\t\t\t\t\t\t...Object.keys(pluginCliDecrypt.options || {}),\n\t\t\t\t\t\t\t...Object.keys(pluginCliDecrypt.requiredOptions || {}),\n\t\t\t\t\t\t];\n\n\t\t\t\t\t\tconst allOptionsValues = Object.fromEntries(\n\t\t\t\t\t\t\tallOptionKeys.map((key) => {\n\t\t\t\t\t\t\t\treturn [key, _options[key]];\n\t\t\t\t\t\t\t}),\n\t\t\t\t\t\t);\n\n\t\t\t\t\t\tconst dotSecContents = fs.readFileSync(dotsec, \"utf8\");\n\t\t\t\t\t\tenvContents = await pluginCliDecrypt.handler({\n\t\t\t\t\t\t\tciphertext: dotSecContents,\n\t\t\t\t\t\t\t...allOptionsValues,\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tif (envContents) {\n\t\t\t\t\t\tconst dotenvVars = parse(envContents);\n\t\t\t\t\t\tconst [userCommand, ...userCommandArgs] = commands;\n\t\t\t\t\t\tspawnSync(userCommand, [...userCommandArgs], {\n\t\t\t\t\t\t\tstdio: \"inherit\",\n\t\t\t\t\t\t\tshell: false,\n\t\t\t\t\t\t\tenv: {\n\t\t\t\t\t\t\t\t...process.env,\n\t\t\t\t\t\t\t\t...dotenvVars,\n\t\t\t\t\t\t\t\t__DOTSEC_ENV__: JSON.stringify(Object.keys(dotenvVars)),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t});\n\t\t\t\t\t} else {\n\t\t\t\t\t\tthrow new Error(\"No .env or .sec file provided\");\n\t\t\t\t\t}\n\t\t\t\t} catch (e) {\n\t\t\t\t\tconsole.error(strong(e.message));\n\t\t\t\t\tcommand.help();\n\t\t\t\t}\n\t\t\t},\n\t\t);\n\n\tsetProgramOptions(subProgram, hasDecryptEngine ? \"run\" : \"runEnvOnly\");\n\n\tif (hasDecryptEngine) {\n\t\tdecryptHandlers?.map((run) => {\n\t\t\tconst { options, requiredOptions } = run;\n\t\t\tif (options) {\n\t\t\t\tObject.values(options).map((option) => {\n\t\t\t\t\t// @ts-ignore\n\t\t\t\t\tsubProgram.option(...option);\n\t\t\t\t});\n\t\t\t}\n\t\t\tif (requiredOptions) {\n\t\t\t\tObject.values(requiredOptions).map((requiredOption) => {\n\t\t\t\t\t// @ts-ignore\n\t\t\t\t\tsubProgram.option(...requiredOption);\n\t\t\t\t});\n\t\t\t}\n\t\t});\n\t\tconst engines = decryptHandlers?.map((e) => e.triggerOptionValue);\n\n\t\tsubProgram.option(\n\t\t\t\"--engine <engine>\",\n\t\t\t`Encryption engine${engines.length > 0 ? \"s\" : \"\"}: ${\n\t\t\t\t(engines.join(\", \"), engines.length === 1 ? engines[0] : undefined)\n\t\t\t}`,\n\t\t\t// engines.length === 1 ? engines[0] : undefined,\n\t\t);\n\t}\n\treturn subProgram;\n};\n\nexport default addRunProgam;\n"],
+  "mappings": "+3BAAA,OAAwB,wBCEjB,GAAM,GAA6B,mBAC7B,GAAsB,CAAC,GACvB,EAAiC,OACjC,EAAiC,OACjC,EAA8B,GCN3C,OAAe,iBACf,GAAiB,wBAUV,YAAoB,EAAc,CACxC,GAAI,CACH,MAAO,IAAI,UAAS,UAAU,EAAK,iBAClC,CAGD,MAAO,IAYF,GAAM,IAAW,KAAO,IAAqB,CACnD,GAAI,CACH,MAAO,IAAW,KAAM,YAAG,SAAS,SAAS,EAAU,eAC/C,EAAP,CACD,KAAI,aAAiB,OACd,GAAI,OACT,mBAAmB,WAAK,SAAS,QAAQ,MAAO,OAC/C,EAAM,WAIF,ICpCT,OAA8B,6BAC9B,GAAmB,qBACnB,GAAiB,mBAEJ,GAAmB,KAC/B,IACoC,CAVrC,YAWC,GAAM,GAAM,QAAQ,MAEd,EAAa,KAAM,AADJ,IAAI,cACa,QAAQ,CAC7C,MAAO,EAAW,CAAC,GAAY,CAAC,GAAG,GAAqB,gBACxD,MACA,QAAS,WAAK,MAAM,GAAK,KACzB,WAAY,WAEb,GAAI,GAAY,IAAe,KAC9B,KAAM,IAAI,OAAM,8BAA8B,KAE/C,GAAI,GACH,GAAI,EAAW,SAAS,SAAU,CACjC,GAAM,GAAW,KAAM,IAAS,GAE5B,EAEJ,MACC,GAAW,SAAS,iBACnB,EAA8C,SAAW,OAE1D,EAAQ,EAA8C,OAEtD,EAAO,EAGD,CACN,OAAQ,OACR,SAAU,SACN,GACA,GAFM,CAGT,SAAU,SACN,iBAAM,UACN,EAAc,UAFR,CAGT,QAAS,OACL,oBAAM,WAAN,cAAgB,SAChB,KAAc,WAAd,cAAwB,WAG7B,KAAM,KACF,iBAAM,iBAIF,EAAW,SAAS,OAAQ,CACtC,GAAM,GAAsB,KAAM,qBAAc,CAC/C,SAAU,IAEL,EAAQ,EAAoB,IAAI,QACrC,EAAoB,IAAI,SACxB,EAAoB,IAErB,MAAO,CACN,OAAQ,KACR,SAAU,SACN,GACA,GAFM,CAGT,SAAU,SACN,iBAAM,UACN,EAAc,UAFR,CAGT,QAAS,OACL,oBAAM,WAAN,cAAgB,SAChB,KAAc,WAAd,cAAwB,WAG7B,KAAM,KACF,iBAAM,UAOd,MAAO,CAAE,OAAQ,gBAAiB,SAAU,IClFtC,GAAM,GAAmB,KAAO,IAG/B,2BAAO,EAAP,QAAO,EAAQ,QAAM,KAAK,AAAC,GAC1B,EAAS,SCNlB,MAAyB,+BACzB,GAAiB,wBACjB,GAAoB,sBAEP,EAAuB,KACnC,IAEO,KAAM,WAAG,SAAS,EAAU,SAGvB,EAAsB,MAClC,EACA,IAEO,KAAM,WAAG,UAAU,EAAU,EAAU,SAGlC,GAAa,KAAO,IAAqC,CACrE,GAAI,CACH,YAAM,WAAK,GACJ,QACN,CACD,MAAO,KAII,EAA8B,MAAO,CACjD,WACA,UAIK,CACL,GAAI,GAEJ,MAAK,MAAM,IAAW,IAAc,IAAS,GAC5C,EAAoB,KAAM,eAAQ,CACjC,KAAM,UACN,KAAM,YACN,QAAS,IACD,gBAAgB,WAAK,SAAS,QAAQ,MAAO,UAItD,EAAoB,OAEd,GC9CR,OAAkB,oBACX,GAAQ,QAAQ,aAehB,GAAM,GAAS,AAAC,GAAwB,WAAM,OAAO,KAAK,GCVjE,GAAM,IAAiD,CACtD,QAAS,CACR,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,oBAAqB,GAC1C,IAAK,CAAC,cAAe,oBAAqB,GAC1C,IAAK,CAAC,QAAS,4BAA6B,OAKxC,GAAQ,GCdf,GAAM,IAAgD,CACrD,OAAQ,CACP,QAAS,CACR,QAAS,CAAC,YAAa,iBAAkB,IACzC,WAAY,CACX,+CACA,cACA,GAED,OAAQ,CACP,wBACA,6CAMG,EAAQ,GCdf,GAAM,IAAiD,CACtD,QAAS,CACR,aAAc,CAAC,UACf,QAAS,CACR,IAAK,CAAC,cAAe,oBAAqB,GAC1C,IAAK,CAAC,cAAe,oBAAqB,GAC1C,IAAK,CAAC,QAAS,4BAA6B,OAKxC,GAAQ,GCVf,GAAM,IAA8C,CACnD,KAAM,CACL,QAAS,CACR,QAAS,CAAC,YAAa,iBAAkB,IACzC,WAAY,CACX,+CACA,cACA,GAGD,IAAK,CAAC,QAAS,oBAAqB,GACpC,IAAK,CAAC,QAAS,oBAAqB,GACpC,IAAK,CAAC,QAAS,4BAA6B,OAcxC,GAAQ,GC3Bf,GAAM,IAA8C,CACnD,KAAM,CACL,aAAc,CAAC,UACf,QAAS,CACR,QAAS,CACR,wBACA,oBAAoB,UAErB,QAAS,CACR,wBACA,oBAAoB,UAGrB,IAAK,CAAC,cAAe,oBAAqB,GAC1C,IAAK,CAAC,cAAe,oBAAqB,GAC1C,IAAK,CAAC,QAAS,4BAA6B,OAKxC,EAAQ,GCnBf,GAAM,IAA6C,CAClD,WAAY,CACX,aAAc,CAAC,UACf,MAAO,mBACP,QAAS,CACR,IAAK,CAAC,cAAe,oBAAqB,GAC1C,IAAK,CAAC,QAAS,4BAA6B,KAG7C,YACC,uFACD,SAAU;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAaX,IAAK,CACJ,aAAc,CAAC,UAEf,QAAS,CACR,QAAS,CACR,wBACA,oBAAoB,UAErB,QAAS,CACR,wBACA,oBAAoB,UAErB,IAAK,CAAC,cAAe,oBAAqB,GAC1C,IAAK,CAAC,cAAe,oBAAqB,GAC1C,IAAK,CAAC,QAAS,4BAA6B,KAG7C,MAAO,mEACP,YAAa;AAAA;AAAA;AAAA;AAAA,8IAKb,SAAU;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAsBX,KAAM,CACL,QAAS,OACL,EAAsB,OAAO,SADxB,CAER,QAAS,CACR,wBACA,oBAAoB,UAErB,QAAS,CACR,wBACA,oBAAoB,UAGrB,IAAK,CAAC,cAAe,oBAAqB,GAC1C,IAAK,CAAC,cAAe,oBAAqB,GAC1C,IAAK,CAAC,QAAS,4BAA6B,MAE7C,gBAAiB,KACb,EAAsB,OAAO,mBAK5B,GAAQ,GCnFR,GAAM,IAAyC,iBAClD,GACA,IACA,IACA,IACA,IACA,GACA,GAwCG,GAAM,GAAoB,CAAC,EAAkB,IAAyB,CAC5E,GAAM,GAAiB,GAAe,GAAe,EAAQ,QAM7D,GAAI,EAAgB,CACnB,GAAM,CAAE,UAAS,kBAAiB,cAAa,QAAO,YACrD,EACD,AAAI,GACH,OAAO,OAAO,GAAS,QAAQ,CAAC,CAAC,EAAQ,EAAa,KAAkB,CACvE,EAAQ,OAAO,EAAQ,EAAa,KAGlC,GACH,OAAO,OAAO,GAAiB,QAC9B,CAAC,CAAC,EAAQ,EAAa,KAAkB,CACxC,EAAQ,eAAe,EAAQ,EAAa,KAU3C,GACH,EAAQ,YAAY,GAEjB,GACH,EAAQ,YAAY,GAEjB,GACH,EAAQ,YAAY,KChFvB,GAAM,IAAoB,MACzB,EACA,IAII,CACJ,GAAM,CAAE,eAAc,mBAAoB,EACpC,EAAa,EACjB,0BACA,qBACA,QAAQ,WACR,OAAO,MAAO,EAAmB,IAAqB,CA7BzD,MA8BG,GAAI,CACH,GAAM,CAEL,IAAK,EACL,IAAK,EACL,SACA,OACG,EAAQ,kBAEN,EACL,GAAU,qBAAc,WAAd,cAAwB,kBAC7B,EAAoB,IAAmB,IAAI,KAAK,AAAC,GAC/C,EAAQ,qBAAuB,GAGvC,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DAA+D,EAAQ,gBACrE,IAAI,AAAC,GAAM,KAAK,EAAE,sBAClB,KAAK,SAIT,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,EAAiB,SAAW,IAC3C,GAAG,OAAO,KAAK,EAAiB,iBAAmB,KAG9C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAIlB,EAAe,KAAM,GAAqB,GAE1C,EAAY,KAAM,GAAiB,QAAQ,GAChD,WAAY,GACT,IAGE,EAA0B,KAAM,GAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,GAAoB,EAAgB,GAC1C,QAAQ,IACP,+BAA+B,EAC9B,cACY,EAAO,aAGd,EAAP,CACD,QAAQ,MAAM,EAAO,EAAE,UACvB,EAAQ,UAIX,EAAQ,gBAAgB,IAAI,AAAC,GAAe,CAC3C,GAAM,CAAE,UAAS,mBAAoB,EACrC,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CAEtC,EAAW,OAAO,GAAG,KAGnB,GACH,OAAO,OAAO,GAAiB,IAAI,AAAC,GAAmB,CAEtD,EAAW,OAAO,GAAG,OAKxB,GAAM,GAAU,EAAQ,gBAAgB,IAAI,AAAC,GAAM,EAAE,oBACrD,SAAW,OACV,oBACA,oBAAoB,EAAQ,OAAS,EAAI,IAAM,cAC7C,EAAQ,KAAK,MAAO,EAAQ,SAAW,EAAI,EAAQ,GAAK,SAE1D,EAAQ,SAAW,EAAI,EAAQ,GAAK,QAErC,EAAkB,GAEX,GAGD,GAAQ,GCxGf,GAAM,IAAoB,MACzB,EACA,IAII,CACJ,GAAM,CAAE,kBAAiB,gBAAiB,EACpC,EAAa,EACjB,0BACA,qBACA,QAAQ,WACR,OAAO,MAAO,EAAmB,IAAqB,CA7BzD,MA8BG,GAAI,CACH,GAAM,CAEL,IAAK,EACL,IAAK,EACL,SACA,OACG,EAAQ,kBAEN,EACL,GAAU,qBAAc,WAAd,cAAwB,kBAC7B,EAAoB,IAAmB,IAAI,KAAK,AAAC,GAC/C,EAAQ,qBAAuB,GAGvC,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DAA+D,EAAQ,gBACrE,IAAI,AAAC,GAAM,EAAE,oBACb,KAAK,SAIT,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,EAAiB,SAAW,IAC3C,GAAG,OAAO,KAAK,EAAiB,iBAAmB,KAG9C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAIlB,EAAe,KAAM,GAAqB,GAE1C,EAAa,KAAM,GAAiB,QAAQ,GACjD,UAAW,GACR,IAGE,EAA0B,KAAM,GAA4B,CACjE,SAAU,EACV,KAAM,IAEP,AACC,KAA4B,QAC5B,EAAwB,YAAc,KAEtC,MAAM,GAAoB,EAAgB,GAC1C,QAAQ,IACP,+BAA+B,EAC9B,cACY,EAAO,aAGd,EAAP,CACD,QAAQ,MAAM,EAAO,EAAE,UACvB,EAAQ,UAIX,EAAQ,gBAAgB,IAAI,AAAC,GAAe,CAC3C,GAAM,CAAE,UAAS,mBAAoB,EACrC,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CAEtC,EAAW,OAAO,GAAG,KAGnB,GACH,OAAO,OAAO,GAAiB,IAAI,AAAC,GAAmB,CAEtD,EAAW,OAAO,GAAG,OAKxB,GAAM,GAAU,EAAQ,gBAAgB,IAAI,AAAC,GAAM,EAAE,oBAC/C,EAAwB,EAAQ,gBAAgB,IACrD,AAAC,GAAM,EAAE,sBAEV,SAAW,OACV,oBACA,oBAAoB,EAAQ,OAAS,EAAI,IAAM,OAC7C,EAAQ,KAAK,MAAO,EAAQ,SAAW,EAAI,EAAQ,GAAK,UAI3D,EAAkB,GAClB,EAAW,YACV,2BAA2B,EAAsB,KAAK,SAEhD,GAGD,GAAQ,GC9Hf,OAAe,sBACf,EAAoB,yBAEP,GAAkB,AAAC,GAU1B,CACL,GAAM,GAAsB,AAAG,kBACzB,EAAS,WAAG,aAAa,EAAQ,WAAY,QAE7C,EACL,AAAoB,GACpB,AAAC,GAAgB,CAChB,WAAe,EAAwB,CApB1C,wCAsBI,GADA,EAAO,AAAG,iBAAe,EAAM,EAAO,GAClC,EAAK,OAAS,AAAG,aAAW,cAAe,CAC9C,GAAM,GAAU,uBAAM,SAAN,cAAc,SAAd,cAAsB,OACtC,GAAI,YAAQ,SAAR,cAAgB,MAAhB,cAAqB,MAArB,cAA0B,WACzB,qBAAS,WAAW,KAApB,cAAwB,aAAc,MAAO,CAChD,GAAM,GAAU,oBAAS,SAAT,cAAiB,OACjC,GAAI,kBAAS,WAAW,GAAG,aAAc,MACxC,MAAO,AAAG,uBACT,WAAQ,SAAR,cAAgB,MAAhB,cAAqB,MAArB,cAA0B,UAK9B,GAAI,SAAQ,SAAR,cAAgB,MAAhB,cAAqB,SACpB,wBAAM,SAAN,cAAc,WAAW,KAAzB,cAA6B,aAAc,SAAU,CACxD,GAAM,GAAU,uBAAM,SAAN,cAAc,SAAd,cAAsB,OAGtC,GAAI,kBAAS,WAAW,GAAG,aAAc,MACxC,MAAO,AAAG,uBAAoB,QAAQ,SAAR,cAAgB,MAAhB,cAAqB,SAMvD,MAAO,GAER,MAAO,AAAG,aAAU,EAAU,IAG1B,EAA4B,AAAG,mBACpC,UACA,EACA,AAAG,eAAa,OAChB,GACA,AAAG,aAAW,IAIT,EACL,AAAG,YAAyB,EAAY,CAAC,IAEpC,EAAuC,EAAO,YAAY,GAE1D,EAAoB,EAAQ,UAAU,GAC5C,SAAO,UAEA,GC7DR,OAAiB,wBAMX,GAAiB,KAAO,IAAqB,CAClD,GAAM,GAAa,EACjB,0BACA,qBACA,QAAQ,QACR,YAAY,OACZ,OAAO,MAAO,EAAmB,IAAqB,CACtD,GAAM,CAAE,aAAY,OAAQ,EAAQ,kBAEpC,GAAI,CACH,GAAM,GAAwB,GAAgB,CAC7C,WAAY,WAAK,QAChB,UACA,0CAGI,EAAgC,KAAM,GAC3C,CACC,SAAU,EACV,KAAM,IAGR,AACC,KAAkC,QAClC,EAA8B,YAAc,KAE5C,MAAM,GAAoB,EAAY,GACtC,QAAQ,IAAI,wBAAwB,EAAO,aAEpC,EAAP,CACD,EAAQ,MAAM,MAIjB,SAAkB,GAEX,GAGD,GAAQ,GC5Cf,OAAsB,qBACtB,EAAe,sBAUT,GAAiB,MACtB,EACA,IAOI,CACJ,GAAM,CAAE,eAAc,YAAa,EAE7B,EAAa,EACjB,0BACA,qBACA,QAAQ,QACR,OAAO,MAAO,EAAkC,IAAqB,CAnCxE,UAoCG,GAAI,CACH,GAAM,CAEL,IAAK,EACL,IAAK,EACL,UACA,UACA,SACA,OACG,EAAQ,kBAEN,EACL,GAAU,qBAAc,WAAd,cAAwB,kBAE7B,EAAoB,OAAY,IAAI,KAAK,AAAC,GAAY,CAlDhE,MAmDK,MAAO,MAAQ,UAAR,cAAiB,sBAAuB,MADtB,cAEtB,QAEE,EAAiB,OAAY,IAAI,KAAK,AAAC,GAAY,CAtD7D,MAuDK,MAAO,MAAQ,OAAR,cAAc,sBAAuB,MADtB,cAEnB,KAEJ,GAAI,CAAC,EACJ,KAAM,IAAI,OAAM,yBAGjB,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,kBAAkB,UAAW,IAC5C,GAAG,OAAO,KAAK,kBAAkB,kBAAmB,IACpD,GAAG,OAAO,KAAK,kBAAe,UAAW,IACzC,GAAG,OAAO,KAAK,kBAAe,kBAAmB,KAG5C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAIxB,GAAI,GAAW,EACd,KAAM,IAAI,OAAM,6CAGjB,GAAI,GAEJ,GAAI,GAAW,CAAE,IAAW,GAAU,CACrC,GAAI,CAAC,EACJ,KAAM,IAAI,OAAM,4CAEjB,EAAc,UAAG,aAAa,EAAQ,gBAC5B,EAAS,CACnB,GAAI,CAAC,EACJ,KAAM,IAAI,OAAM,4CAGjB,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DAA+D,EAC7D,IAAI,AAAC,GAAG,CA9FjB,MA8FoB,WAAK,KAAE,UAAF,cAAW,uBAC3B,KAAK,SAIT,GAAM,GAAiB,UAAG,aAAa,EAAQ,QAC/C,EAAc,KAAM,GAAiB,QAAQ,GAC5C,WAAY,GACT,IAGL,GAAI,EAAa,CAEhB,GAAM,GAAY,aAAM,GACxB,KAAM,GAAc,QAAQ,GAC3B,KAAM,EACN,OACG,QAGJ,MAAM,IAAI,OAAM,uCA4LT,EAAP,CACD,QAAQ,MAAM,GACd,QAAQ,KAAK,MAIhB,SAAkB,GAEX,GAGD,GAAQ,GCzTf,MAAe,sBAGf,GAAsB,qBAOtB,OAA0B,iCACpB,GAAe,CACpB,EACA,IAII,CACJ,GAAM,CAAE,eAAc,mBAAoB,GAAW,GAG/C,EACL,IAAoB,QAAa,EAAgB,OAAS,EAErD,EAAa,EACjB,QAAQ,oBACR,mBAAmB,IACnB,mBAAmB,IACnB,OACA,MACC,EACA,EACA,IACI,CAjCR,MAkCI,GAAI,CACH,GAAM,CACL,IAAK,EACL,IAAK,EACL,UACA,UACA,UACG,EAAQ,kBAEZ,GAAI,GAAW,EACd,KAAM,IAAI,OAAM,6CAGjB,GAAI,GAEJ,GAAI,GAAW,CAAE,IAAW,IAAY,IAAqB,GAAO,CACnE,GAAI,CAAC,EACJ,KAAM,IAAI,OAAM,4CAEjB,EAAc,UAAG,aAAa,EAAQ,gBAC5B,EAAS,CACnB,GAAI,CAAC,EACJ,KAAM,IAAI,OAAM,4CAGjB,GAAM,GACL,GAAU,qBAAc,WAAd,cAAwB,kBAE7B,EAAoB,IAAmB,IAAI,KAAK,AAAC,GAC/C,EAAQ,qBAAuB,GAGvC,GAAI,CAAC,EACJ,KAAM,IAAI,OACT,+DACC,IAAmB,IAElB,IAAI,AAAC,GAAM,KAAK,EAAE,sBAClB,KAAK,SAIT,GAAM,GAAgB,CACrB,GAAG,OAAO,KAAK,EAAiB,SAAW,IAC3C,GAAG,OAAO,KAAK,EAAiB,iBAAmB,KAG9C,EAAmB,OAAO,YAC/B,EAAc,IAAI,AAAC,GACX,CAAC,EAAK,EAAS,MAIlB,EAAiB,UAAG,aAAa,EAAQ,QAC/C,EAAc,KAAM,GAAiB,QAAQ,GAC5C,WAAY,GACT,IAGL,GAAI,EAAa,CAChB,GAAM,GAAa,aAAM,GACnB,CAAC,KAAgB,GAAmB,EAC1C,iBAAU,EAAa,CAAC,GAAG,GAAkB,CAC5C,MAAO,UACP,MAAO,GACP,IAAK,SACD,QAAQ,KACR,GAFC,CAGJ,eAAgB,KAAK,UAAU,OAAO,KAAK,YAI7C,MAAM,IAAI,OAAM,uCAET,EAAP,CACD,QAAQ,MAAM,EAAO,EAAE,UACvB,EAAQ,UAOZ,GAFA,EAAkB,EAAY,EAAmB,MAAQ,cAErD,EAAkB,CACrB,WAAiB,IAAI,AAAC,GAAQ,CAC7B,GAAM,CAAE,UAAS,mBAAoB,EACrC,AAAI,GACH,OAAO,OAAO,GAAS,IAAI,AAAC,GAAW,CAEtC,EAAW,OAAO,GAAG,KAGnB,GACH,OAAO,OAAO,GAAiB,IAAI,AAAC,GAAmB,CAEtD,EAAW,OAAO,GAAG,OAIxB,GAAM,GAAU,iBAAiB,IAAI,AAAC,GAAM,EAAE,oBAE9C,EAAW,OACV,oBACA,oBAAoB,EAAQ,OAAS,EAAI,IAAM,OAC7C,EAAQ,KAAK,MAAO,EAAQ,SAAW,EAAI,EAAQ,GAAK,UAK5D,MAAO,IAGD,GAAQ,GnBlIf,OAAuC,kBACvC,GAAwB,2BAElB,GAA+B,CACpC,QAAS,YACT,KAAM,SACN,WAAY,CACX,KAAM,SACN,YAAa,mBAEd,UAAW,GACX,MAAO,GACP,OAAQ,GACR,QAAS,AAAC,GAAW,CAAC,EAAM,IAAQ,CACnC,GAAI,EAAK,CACR,GAAM,CAAE,aAAY,sBAAuB,EAC3C,SAAW,GAAsB,IAAS,GAAK,GAAK,EAAK,MAAM,GACxD,OAEP,OAAO,KAKJ,EAAU,GAAI,YAEpB,AAAC,UAAY,CA1Cb,YA2CC,GAAM,GAAgB,eAAY,QAAQ,MACpC,EAA8B,GACpC,AAAI,EAAc,QACjB,CAAI,MAAM,QAAQ,EAAc,QAC/B,EAAkB,KAAK,GAAG,EAAc,QAExC,EAAkB,KAAK,EAAc,SAGnC,EAAc,GACjB,CAAI,MAAM,QAAQ,EAAc,GAC/B,EAAkB,KAAK,GAAG,EAAc,GAExC,EAAkB,KAAK,EAAc,IAIvC,GAAM,GAAa,CAClB,GAAI,MAAM,QAAQ,EAAc,QAC7B,EAAc,OACd,CAAC,EAAc,QAClB,GAAI,MAAM,QAAQ,EAAc,GAAK,EAAc,EAAI,CAAC,EAAc,IACnE,GAEE,CAAE,SAAU,EAAS,IAAO,KAAM,IAAiB,GACnD,CAAE,WAAU,KAAM,GAAkB,EAE1C,EACE,KAAK,UACL,YAAY,oBACZ,QAAQ,SACR,0BACA,OAAO,CAAC,EAAU,IAAmB,CACrC,EAAM,SAGR,EAAkB,GAClB,GAAM,GAAM,GAAI,YAAI,CACnB,UAAW,GACX,iBAAkB,GAClB,YAAa,GACb,YAAa,GACb,gBAAiB,GACjB,cAAe,GACf,SAAU,CAAC,MAGN,EAA2C,GACjD,GAAI,EAAkB,OAAS,EAC9B,OAAW,KAAgB,GAAmB,CAK7C,GAAM,GAAe,KAAM,AAHZ,MAAM,GAAiB,CAAE,KAAM,KAGZ,CAAE,aAAc,EAAQ,QAC1D,EAAc,EAAa,MAAQ,EAE/B,EAAkB,SAAW,GAEhC,GAAO,SAAW,OACd,EAAO,UADO,CAEjB,iBAAkB,OAAO,EAAa,MACtC,QAAS,OACL,KAAO,WAAP,cAAiB,SADZ,EAEP,EAAa,MAAO,KACjB,QAAO,WAAP,cAAiB,UAAjB,cAA2B,EAAa,YAQjD,AAAI,kBAAU,mBACR,sBAAU,UAAV,cAAoB,EAAS,oBACjC,GAAS,QAAU,OACf,EAAS,SADM,EAEjB,EAAS,kBAAmB,OAI5B,kBAAU,UACb,OAAO,QAAQ,iBAAU,SAAS,QACjC,CAAC,CAAC,EAAY,KAAgD,CAC7D,AAAI,kBAAc,QACjB,EAAc,GAAc,iBAAc,OAE1C,EAAc,GAAc,kBAAkB,MAMlD,OAAO,OAAO,GAAiB,IAAI,QAAQ,AAAC,GAAiB,CAC5D,OAAO,KAAK,GAAc,QAAQ,AAAC,GAAe,CACjD,AAAK,EAAc,IAClB,GAAc,GAAc,kBAAkB,SAMjD,GAAM,GAA4D,GAC5D,EAA4D,GAC5D,EAGA,GAEN,OAAW,KAAc,QAAO,KAAK,GAAgB,CACpD,GAAM,GAAe,EAAc,GAC7B,EAAmB,KAAM,GAAiB,CAAE,KAAM,IAClD,CAAE,gBAAe,YAAa,GAAQ,KAAM,GAAiB,CAClE,MACA,aAAc,IAGf,AAAI,kBAAK,UACR,EAAyB,KAAK,EAAI,SAE/B,kBAAK,UACR,GAAyB,KAAK,EAAI,SAC9B,kBAAK,OACR,EAAsB,KAAK,CAAE,KAAM,EAAI,KAAM,QAAS,EAAI,WAIxD,GACH,EAAc,CAAE,YAGlB,AAAI,EAAyB,QAC5B,KAAM,IAAkB,EAAS,CAChC,aAAc,EACd,gBAAiB,IAGf,EAAyB,QAC5B,KAAM,IAAkB,EAAS,CAChC,aAAc,EACd,gBAAiB,IAGf,EAAsB,QACzB,KAAM,IAAe,EAAS,CAC7B,aAAc,EACd,SAAU,IAKZ,KAAM,IAAe,GACrB,KAAM,IAAc,EAAS,CAC5B,aAAc,EACd,gBAAiB,IAElB,KAAM,GAAQ",
+  "names": []
+}

package/dist/cli/index.mjs ADDED Viewed

@@ -0,0 +1,37 @@
+var he=Object.create;var R=Object.defineProperty,ye=Object.defineProperties,we=Object.getOwnPropertyDescriptor,Ce=Object.getOwnPropertyDescriptors,De=Object.getOwnPropertyNames,z=Object.getOwnPropertySymbols,Ee=Object.getPrototypeOf,Q=Object.prototype.hasOwnProperty,Oe=Object.prototype.propertyIsEnumerable;var X=(e,t,r)=>t in e?R(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r,s=(e,t)=>{for(var r in t||(t={}))Q.call(t,r)&&X(e,r,t[r]);if(z)for(var r of z(t))Oe.call(t,r)&&X(e,r,t[r]);return e},F=(e,t)=>ye(e,Ce(t)),ve=e=>R(e,"__esModule",{value:!0});var U=(e=>typeof require!="undefined"?require:typeof Proxy!="undefined"?new Proxy(e,{get:(t,r)=>(typeof require!="undefined"?require:t)[r]}):e)(function(e){if(typeof require!="undefined")return require.apply(this,arguments);throw new Error('Dynamic require of "'+e+'" is not supported')});var Fe=(e,t,r)=>{if(t&&typeof t=="object"||typeof t=="function")for(let n of De(t))!Q.call(e,n)&&n!=="default"&&R(e,n,{get:()=>t[n],enumerable:!(r=we(t,n))||r.enumerable});return e},Y=e=>Fe(ve(R(e!=null?he(Ee(e)):{},"default",e&&e.__esModule&&"default"in e?{get:()=>e.default,enumerable:!0}:{value:e,enumerable:!0})),e);import{Command as at}from"commander";var N="dotsec.config.ts",Z=[N],P=".sec",v=".env",A={};import Pe from"fs";import Se from"node:path";function be(e){try{return new Function(`return ${e.trim()}`)()}catch{return{}}}var ee=async e=>{try{return be(await Pe.promises.readFile(e,"utf8"))}catch(t){throw t instanceof Error?new Error(`Failed to parse ${Se.relative(process.cwd(),e)}: ${t.message}`):t}};import{bundleRequire as Te}from"bundle-require";import _e from"joycon";import xe from"path";var te=async e=>{var i,l,m,a;let t=process.cwd(),n=await new _e().resolve({files:e?[e]:[...Z,"package.json"],cwd:t,stopDir:xe.parse(t).root,packageKey:"dotsec"});if(e&&n===null)throw new Error(`Could not find config file ${e}`);if(n){if(n.endsWith(".json")){let c=await ee(n),o;return n.endsWith("package.json")&&c.dotsec!==void 0?o=c.dotsec:o=c,{source:"json",contents:F(s(s({},A),o),{defaults:F(s(s({},o==null?void 0:o.defaults),A.defaults),{plugins:s(s({},(i=o==null?void 0:o.defaults)==null?void 0:i.plugins),(l=A.defaults)==null?void 0:l.plugins)}),push:s({},o==null?void 0:o.push)})}}else if(n.endsWith(".ts")){let c=await Te({filepath:n}),o=c.mod.dotsec||c.mod.default||c.mod;return{source:"ts",contents:F(s(s({},A),o),{defaults:F(s(s({},o==null?void 0:o.defaults),A.defaults),{plugins:s(s({},(m=o==null?void 0:o.defaults)==null?void 0:m.plugins),(a=A.defaults)==null?void 0:a.plugins)}),push:s({},o==null?void 0:o.push)})}}}return{source:"defaultConfig",contents:A}};var K=async e=>Promise.resolve().then(()=>Y(U(e.name))).then(t=>t.default);import oe,{stat as Ae}from"node:fs/promises";import je from"node:path";import $e from"prompts";var V=async e=>await oe.readFile(e,"utf-8"),k=async(e,t)=>await oe.writeFile(e,t,"utf-8"),ke=async e=>{try{return await Ae(e),!0}catch{return!1}},L=async({filePath:e,skip:t})=>{let r;return await ke(e)&&t!==!0?r=await $e({type:"confirm",name:"overwrite",message:()=>`Overwrite './${je.relative(process.cwd(),e)}' ?`}):r=void 0,r};import Le from"chalk";var Tt=U("cli-table");var b=e=>Le.yellow.bold(e);var He={decrypt:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file",v],sec:["--sec <sec>","Path to .sec file",P],yes:["--yes","Skip confirmation prompts",!1]}}},ne=He;var Ne={dotsec:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",N],plugin:["-p, --plugin <plugin>","Comma-separated list of plugins to use"]}}},I=Ne;var Ie={encrypt:{inheritsFrom:["dotsec"],options:{env:["--env <env>","Path to .env file",v],sec:["--sec <sec>","Path to .sec file",P],yes:["--yes","Skip confirmation prompts",!1]}}},ie=Ie;var Re={init:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",N],env:["--env","Path to .env file",v],sec:["--sec","Path to .sec file",P],yes:["--yes","Skip confirmation prompts",!1]}}},re=Re;var Ve={pull:{inheritsFrom:["dotsec"],options:{withEnv:["--with-env, --withEnv",`Run command with ${v} file`],withSec:["--with-sec, --withSec",`Run command with ${P} file`],env:["--env <env>","Path to .env file",v],sec:["--sec <sec>","Path to .sec file",P],yes:["--yes","Skip confirmation prompts",!1]}}},q=Ve;var qe={runEnvOnly:{inheritsFrom:["dotsec"],usage:"[commandArgs...]",options:{env:["--env <env>","Path to .env file",v],yes:["--yes","Skip confirmation prompts",!1]},description:"Run a command in a separate process and populate env with contents of a dotenv file.",helpText:`Examples:
+Run a command with a .env file
+$ dotsec run echo "hello world"
+Run a command with a specific .env file
+$ dotsec run --with-env --env .env.dev echo "hello world"
+`},run:{inheritsFrom:["dotsec"],options:{withEnv:["--with-env, --withEnv",`Run command with ${v} file`],withSec:["--with-sec, --withSec",`Run command with ${P} file`],env:["--env <env>","Path to .env file",v],sec:["--sec <sec>","Path to .sec file",P],yes:["--yes","Skip confirmation prompts",!1]},usage:"[--with-env --env .env] [--with-sec --sec .sec] [commandArgs...]",description:`Run a command in a separate process and populate env with either
+			- contents of a dotenv file
+			- decrypted values of a dotsec file.
+The --withEnv option will take precedence over the --withSec option. If neither are specified, the --withEnv option will be used by default.`,helpText:`Examples:
+Run a command with a .env file
+$ dotsec run echo "hello world"
+Run a command with a specific .env file
+$ dotsec run --with-env --env .env.dev echo "hello world"
+Run a command with a .sec file
+$ dotsec run --with-sec echo "hello world"
+Run a command with a specific .sec file
+$ dotsec run --with-sec --sec .sec.dev echo "hello world"
+`},push:{options:F(s({},I.dotsec.options),{withEnv:["--with-env, --withEnv",`Run command with ${v} file`],withSec:["--with-sec, --withSec",`Run command with ${P} file`],env:["--env <env>","Path to .env file",v],sec:["--sec <sec>","Path to .sec file",P],yes:["--yes","Skip confirmation prompts",!1]}),requiredOptions:s({},I.dotsec.requiredOptions)}},se=qe;var Ue=s(s(s(s(s(s(s({},I),re),ie),ne),se),q),q);var T=(e,t)=>{let r=Ue[t||e.name()];if(r){let{options:n,requiredOptions:i,description:l,usage:m,helpText:a}=r;n&&Object.values(n).forEach(([c,o,p])=>{e.option(c,o,p)}),i&&Object.values(i).forEach(([c,o,p])=>{e.requiredOption(c,o,p)}),l&&e.description(l),m&&e.description(m),a&&e.description(a)}};var Ke=async(e,t)=>{let{dotsecConfig:r,decryptHandlers:n}=t,i=e.enablePositionalOptions().passThroughOptions().command("decrypt").action(async(m,a)=>{var c;try{let{env:o,sec:p,engine:u,yes:C}=a.optsWithGlobals(),D=u||((c=r==null?void 0:r.defaults)==null?void 0:c.encryptionEngine),O=(n||[]).find(E=>E.triggerOptionValue===D);if(!O)throw new Error(`No decryption plugin found, available decryption engine(s): ${t.decryptHandlers.map(E=>`--${E.triggerOptionValue}`).join(", ")}`);let g=[...Object.keys(O.options||{}),...Object.keys(O.requiredOptions||{})],f=Object.fromEntries(g.map(E=>[E,m[E]])),d=await V(p),y=await O.handler(s({ciphertext:d},f)),h=await L({filePath:o,skip:C});(h===void 0||h.overwrite===!0)&&(await k(o,y),console.log(`Wrote plaintext contents of ${b(p)} file to ${b(o)}`))}catch(o){console.error(b(o.message)),a.help()}});t.decryptHandlers.map(m=>{let{options:a,requiredOptions:c}=m;a&&Object.values(a).map(o=>{i.option(...o)}),c&&Object.values(c).map(o=>{i.option(...o)})});let l=t.decryptHandlers.map(m=>m.triggerOptionValue);return i.option("--engine <engine>",`Encryption engine${l.length>0?"s":""} to use: ${l.join(", "),l.length===1?l[0]:void 0}`,l.length===1?l[0]:void 0),T(i),i},ae=Ke;var Me=async(e,t)=>{let{encryptHandlers:r,dotsecConfig:n}=t,i=e.enablePositionalOptions().passThroughOptions().command("encrypt").action(async(a,c)=>{var o;try{let{env:p,sec:u,engine:C,yes:D}=c.optsWithGlobals(),O=C||((o=n==null?void 0:n.defaults)==null?void 0:o.encryptionEngine),g=(r||[]).find(w=>w.triggerOptionValue===O);if(!g)throw new Error(`No encryption plugin found, available encryption engine(s): ${t.encryptHandlers.map(w=>w.triggerOptionValue).join(", ")}`);let f=[...Object.keys(g.options||{}),...Object.keys(g.requiredOptions||{})],d=Object.fromEntries(f.map(w=>[w,a[w]])),y=await V(p),h=await g.handler(s({plaintext:y},d)),E=await L({filePath:u,skip:D});(E===void 0||E.overwrite===!0)&&(await k(u,h),console.log(`Wrote encrypted contents of ${b(p)} file to ${b(u)}`))}catch(p){console.error(b(p.message)),c.help()}});t.encryptHandlers.map(a=>{let{options:c,requiredOptions:o}=a;c&&Object.values(c).map(p=>{i.option(...p)}),o&&Object.values(o).map(p=>{i.option(...p)})});let l=t.encryptHandlers.map(a=>a.triggerOptionValue),m=t.encryptHandlers.map(a=>a.encryptionEngineName);return i.option("--engine <engine>",`Encryption engine${l.length>0?"s":""}: ${l.join(", "),l.length===1?l[0]:void 0}`),T(i),i.description(`Encrypt .env file using ${m.join(", ")}`),i},ce=Me;import Ge from"node:fs";import{ScriptKind as Ye,ScriptTarget as Xe,SyntaxKind as Be,createPrinter as We,createSourceFile as Qe,createStringLiteral as le,transform as Ze,visitEachChild as Je,visitNode as ze}from"typescript";var pe=e=>{let t=We(),r=Ge.readFileSync(e.configFile,"utf8"),n=c=>o=>{function p(u){var C,D,O,g,f,d,y,h,E,w,S,_,H,M,G,W,J,B;if(u=Je(u,p,c),u.kind===Be.StringLiteral){let $=(D=(C=u==null?void 0:u.parent)==null?void 0:C.parent)==null?void 0:D.parent;if(((f=(g=(O=e.config)==null?void 0:O.aws)==null?void 0:g.kms)==null?void 0:f.keyAlias)&&((d=$==null?void 0:$.getChildAt(0))==null?void 0:d.getText())==="kms"){let j=(y=$==null?void 0:$.parent)==null?void 0:y.parent;if((j==null?void 0:j.getChildAt(0).getText())==="aws")return le((w=(E=(h=e.config)==null?void 0:h.aws)==null?void 0:E.kms)==null?void 0:w.keyAlias)}if(((_=(S=e.config)==null?void 0:S.aws)==null?void 0:_.region)&&((M=(H=u==null?void 0:u.parent)==null?void 0:H.getChildAt(0))==null?void 0:M.getText())==="region"){let j=(W=(G=u==null?void 0:u.parent)==null?void 0:G.parent)==null?void 0:W.parent;if((j==null?void 0:j.getChildAt(0).getText())==="aws")return le((B=(J=e.config)==null?void 0:J.aws)==null?void 0:B.region)}}return u}return ze(o,p)},i=Qe("test.ts",r,Xe.ES2015,!0,Ye.TS),l=Ze(i,[n]),m=l.transformed[0],a=t.printFile(m);return l.dispose(),a};import et from"node:path";var tt=async e=>{let t=e.enablePositionalOptions().passThroughOptions().command("init").description("OMG").action(async(r,n)=>{let{configFile:i,yes:l}=n.optsWithGlobals();try{let m=pe({configFile:et.resolve(__dirname,"../../src/templates/dotsec.config.ts")}),a=await L({filePath:i,skip:l});(a===void 0||a.overwrite===!0)&&(await k(i,m),console.log(`Wrote config file to ${b(i)}`))}catch(m){n.error(m)}});return T(t),t},me=tt;import{parse as ot}from"dotenv";import fe from"node:fs";var nt=async(e,t)=>{let{dotsecConfig:r,handlers:n}=t,i=e.enablePositionalOptions().passThroughOptions().command("push").action(async(l,m)=>{var a,c,o;try{let{env:p,sec:u,withEnv:C,withSec:D,engine:O,yes:g}=m.optsWithGlobals(),f=O||((a=r==null?void 0:r.defaults)==null?void 0:a.encryptionEngine),d=(c=(n||[]).find(S=>{var _;return((_=S.decrypt)==null?void 0:_.triggerOptionValue)===f}))==null?void 0:c.decrypt,y=(o=(n||[]).find(S=>{var _;return((_=S.push)==null?void 0:_.triggerOptionValue)===f}))==null?void 0:o.push;if(!y)throw new Error("No push plugin found!");let h=[...Object.keys((d==null?void 0:d.options)||{}),...Object.keys((d==null?void 0:d.requiredOptions)||{}),...Object.keys((y==null?void 0:y.options)||{}),...Object.keys((y==null?void 0:y.requiredOptions)||{})],E=Object.fromEntries(h.map(S=>[S,l[S]]));if(C&&D)throw new Error("Cannot use both --with-env and --with-sec");let w;if(C||!(C||D)){if(!p)throw new Error("No dotenv file specified in --env option");w=fe.readFileSync(p,"utf8")}else if(D){if(!u)throw new Error("No dotsec file specified in --sec option");if(!d)throw new Error(`No decryption plugin found, available decryption engine(s): ${n.map(_=>{var H;return`--${(H=_.decrypt)==null?void 0:H.triggerOptionValue}`}).join(", ")}`);let S=fe.readFileSync(u,"utf8");w=await d.handler(s({ciphertext:S},E))}if(w){let S=ot(w);await y.handler(s({push:S,yes:g},E))}else throw new Error("No .env or .sec file provided")}catch(p){console.error(p),process.exit(1)}});return T(i),i},de=nt;import ue from"node:fs";import{parse as it}from"dotenv";import{spawnSync as rt}from"node:child_process";var st=(e,t)=>{let{dotsecConfig:r,decryptHandlers:n}=t||{},i=n!==void 0&&n.length>0,l=e.command("run <command...>").allowUnknownOption(!0).showHelpAfterError(!0).action(async(m,a,c)=>{var o;try{let{env:p,sec:u,withEnv:C,withSec:D,engine:O}=c.optsWithGlobals();if(C&&D)throw new Error("Cannot use both --with-env and --with-sec");let g;if(C||!(C||D)||i===!1){if(!p)throw new Error("No dotenv file specified in --env option");g=ue.readFileSync(p,"utf8")}else if(D){if(!u)throw new Error("No dotsec file specified in --sec option");let f=O||((o=r==null?void 0:r.defaults)==null?void 0:o.encryptionEngine),d=(n||[]).find(w=>w.triggerOptionValue===f);if(!d)throw new Error(`No decryption plugin found, available decryption engine(s): ${(n||[]).map(w=>`--${w.triggerOptionValue}`).join(", ")}`);let y=[...Object.keys(d.options||{}),...Object.keys(d.requiredOptions||{})],h=Object.fromEntries(y.map(w=>[w,a[w]])),E=ue.readFileSync(u,"utf8");g=await d.handler(s({ciphertext:E},h))}if(g){let f=it(g),[d,...y]=m;rt(d,[...y],{stdio:"inherit",shell:!1,env:F(s(s({},process.env),f),{__DOTSEC_ENV__:JSON.stringify(Object.keys(f))})})}else throw new Error("No .env or .sec file provided")}catch(p){console.error(b(p.message)),c.help()}});if(T(l,i?"run":"runEnvOnly"),i){n==null||n.map(a=>{let{options:c,requiredOptions:o}=a;c&&Object.values(c).map(p=>{l.option(...p)}),o&&Object.values(o).map(p=>{l.option(...p)})});let m=n==null?void 0:n.map(a=>a.triggerOptionValue);l.option("--engine <engine>",`Encryption engine${m.length>0?"s":""}: ${m.join(", "),m.length===1?m[0]:void 0}`)}return l},ge=st;import ct from"ajv";import pt from"yargs-parser";var lt={keyword:"separator",type:"string",metaSchema:{type:"string",description:"value separator"},modifying:!0,valid:!0,errors:!1,compile:e=>(t,r)=>{if(r){let{parentData:n,parentDataProperty:i}=r;return n[i]=t===""?[]:t.split(e),!0}else return!1}},x=new at;(async()=>{var u,C,D,O;let e=pt(process.argv),t=[];e.plugin&&(Array.isArray(e.plugin)?t.push(...e.plugin):t.push(e.plugin)),e.p&&(Array.isArray(e.p)?t.push(...e.p):t.push(e.p));let r=[...Array.isArray(e.config)?e.config:[e.config],...Array.isArray(e.c)?e.c:[e.c]][0],{contents:n={}}=await te(r),{defaults:i,push:l}=n;x.name("dotsec").description(".env, but secure").version("1.0.0").enablePositionalOptions().action((g,f)=>{f.help()}),T(x);let m=new ct({allErrors:!0,removeAdditional:!0,useDefaults:!0,coerceTypes:!0,allowUnionTypes:!0,addUsedSchema:!1,keywords:[lt]}),a={};if(t.length>0)for(let g of t){let d=await(await K({name:g}))({dotsecConfig:n,ajv:m});a[d.name]=g,t.length===1&&(n.defaults=F(s({},n.defaults),{encryptionEngine:String(d.name),plugins:F(s({},(u=n.defaults)==null?void 0:u.plugins),{[d.name]:s({},(D=(C=n.defaults)==null?void 0:C.plugins)==null?void 0:D[d.name])})}))}(i==null?void 0:i.encryptionEngine)&&(((O=i==null?void 0:i.plugins)==null?void 0:O[i.encryptionEngine])||(i.plugins=F(s({},i.plugins),{[i.encryptionEngine]:{}}))),(i==null?void 0:i.plugins)&&Object.entries(i==null?void 0:i.plugins).forEach(([g,f])=>{(f==null?void 0:f.module)?a[g]=f==null?void 0:f.module:a[g]=`@dotsec/plugin-${g}`}),Object.values(l||{}).forEach(g=>{Object.keys(g).forEach(f=>{a[f]||(a[f]=`@dotsec/plugin-${f}`)})});let c=[],o=[],p=[];for(let g of Object.keys(a)){let f=a[g],d=await K({name:f}),{addCliCommand:y,cliHandlers:h}=await d({ajv:m,dotsecConfig:n});(h==null?void 0:h.encrypt)&&c.push(h.encrypt),(h==null?void 0:h.decrypt)&&(o.push(h.decrypt),(h==null?void 0:h.push)&&p.push({push:h.push,decrypt:h.decrypt})),y&&y({program:x})}c.length&&await ce(x,{dotsecConfig:n,encryptHandlers:c}),o.length&&await ae(x,{dotsecConfig:n,decryptHandlers:o}),p.length&&await de(x,{dotsecConfig:n,handlers:p}),await me(x),await ge(x,{dotsecConfig:n,decryptHandlers:o}),await x.parse()})();
+//# sourceMappingURL=index.mjs.map