dotsec 2.0.0-alpha.1 → 4.0.0-alpha.0

package/dist/cli/index.mjs

@@ -1,29 +1,111 @@
-var De=Object.create;var G=Object.defineProperty,Fe=Object.defineProperties,Pe=Object.getOwnPropertyDescriptor,xe=Object.getOwnPropertyDescriptors,be=Object.getOwnPropertyNames,te=Object.getOwnPropertySymbols,Se=Object.getPrototypeOf,ne=Object.prototype.hasOwnProperty,Te=Object.prototype.propertyIsEnumerable;var oe=(e,t,r)=>t in e?G(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r,c=(e,t)=>{for(var r in t||(t={}))ne.call(t,r)&&oe(e,r,t[r]);if(te)for(var r of te(t))Te.call(t,r)&&oe(e,r,t[r]);return e},x=(e,t)=>Fe(e,xe(t)),$e=e=>G(e,"__esModule",{value:!0});var B=(e=>typeof require!="undefined"?require:typeof Proxy!="undefined"?new Proxy(e,{get:(t,r)=>(typeof require!="undefined"?require:t)[r]}):e)(function(e){if(typeof require!="undefined")return require.apply(this,arguments);throw new Error('Dynamic require of "'+e+'" is not supported')});var _e=(e,t,r)=>{if(t&&typeof t=="object"||typeof t=="function")for(let n of be(t))!ne.call(e,n)&&n!=="default"&&G(e,n,{get:()=>t[n],enumerable:!(r=Pe(t,n))||r.enumerable});return e},ie=e=>_e($e(G(e!=null?De(Se(e)):{},"default",e&&e.__esModule&&"default"in e?{get:()=>e.default,enumerable:!0}:{value:e,enumerable:!0})),e);import{Command as wt}from"commander";var L="dotsec.config.ts",re=[L],Y=".sec",z=".env",j={defaults:{encryptionEngine:"pke",plugins:{pke:{}}}};import ke from"fs";import je from"node:path";function Ae(e){try{return new Function(`return ${e.trim()}`)()}catch{return{}}}var se=async e=>{try{return Ae(await ke.promises.readFile(e,"utf8"))}catch(t){throw t instanceof Error?new Error(`Failed to parse ${je.relative(process.cwd(),e)}: ${t.message}`):t}};import{bundleRequire as Ve}from"bundle-require";import Ie from"joycon";import Ne from"path";var ae=async e=>{var o,a,l,s;let t=process.cwd(),n=await new Ie().resolve({files:e?[e]:[...re,"package.json"],cwd:t,stopDir:Ne.parse(t).root,packageKey:"dotsec"});if(e&&n===null)throw new Error(`Could not find config file ${e}`);if(n){if(n.endsWith(".json")){let p=await se(n),i;return n.endsWith("package.json")&&p.dotsec!==void 0?i=p.dotsec:i=p,{source:"json",contents:x(c(c({},j),i),{defaults:x(c(c({},i==null?void 0:i.defaults),j.defaults),{plugins:c(c({},(o=i==null?void 0:i.defaults)==null?void 0:o.plugins),(a=j.defaults)==null?void 0:a.plugins)}),push:c({},i==null?void 0:i.push)})}}else if(n.endsWith(".ts")){let p=await Ve({filepath:n}),i=p.mod.dotsec||p.mod.default||p.mod;return{source:"ts",contents:x(c(c({},j),i),{defaults:x(c(c({},i==null?void 0:i.defaults),j.defaults),{plugins:c(c({},(l=i==null?void 0:i.defaults)==null?void 0:l.plugins),(s=j.defaults)==null?void 0:s.plugins)}),push:c({},i==null?void 0:i.push)})}}}return{source:"defaultConfig",contents:j}};var Q=async e=>Promise.resolve().then(()=>ie(B(e.name))).then(t=>t.default);import{Option as He}from"commander";var _=(e,t,r)=>{e&&Object.values(e).map(n=>{let o;if(Array.isArray(n)){let[a,l,s]=n;o={flags:a,description:l,defaultValue:s}}else{let{flags:a,description:l,defaultValue:s,env:p,fn:i}=n;o={flags:a,description:l,defaultValue:s,env:p,fn:i}}if(o){let a=new He(o.flags,o.description);o.fn&&a.argParser(o.fn),o.defaultValue&&a.default(o.defaultValue),o.env&&a.env(o.env),r&&a.makeOptionMandatory(!0),t.addOption(a)}})};import ce,{stat as Re}from"node:fs/promises";import Le from"node:path";import qe from"prompts";var M=async e=>await ce.readFile(e,"utf-8"),I=async(e,t)=>await ce.writeFile(e,t,"utf-8"),Ke=async e=>{try{return await Re(e),!0}catch{return!1}},H=async({filePath:e,skip:t})=>{let r;return await Ke(e)&&t!==!0?r=await qe({type:"confirm",name:"overwrite",message:()=>`Overwrite './${Le.relative(process.cwd(),e)}' ?`}):r=void 0,r};import We from"chalk";var Ut=B("cli-table");var P=e=>We.yellow.bold(e);import{Option as ze}from"commander";var b={option:["--env-file <envFile>",`Path to .env file. If not provided, will look for value in 'ENV_FILE' environment variable. If not provided, will look for '${z}' file in current directory.`,z],env:"ENV_FILE"},$={option:["--sec-file, <secFile>",`Path to .sec file. If not provided, will look for value in 'SEC_FILE' environment variable. If not provided, will look for '${Y}' file in current directory.`,Y],env:"SEC_FILE"},q={option:["--with-env, --withEnv","Run command using a dot env file"]},K={option:["--with-sec, --withSec","Run command with a dotsec file"]},S={option:["--yes","Skip confirmation prompts"]};var Ue={decrypt:{inheritsFrom:["dotsec"],options:{envFile:b,secFile:$,yes:S}}},pe=Ue;var Ge={dotsec:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",L],plugin:["--plugin <plugin>","Comma-separated list of plugins to use"]}}},W=Ge;var Me={encrypt:{inheritsFrom:["dotsec"],options:{envFile:b,secFile:$,createManifest:{option:["--create-manifest",`Create a markdown manifest file containing the source of the encrypted variables, encryption method etc as well as the names of the encrypted variables. Be careful, this file will contain the names of the encrypted variables in plain text.
-The default file name is derived from the name of the encrypted file. 
+import{Command as Ke}from"commander";var de="dotsec.config.ts",G=[de],R=".sec",M=".env",T={defaults:{}};import fe from"fs";import me from"node:path";function ge(t){try{return new Function(`return ${t.trim()}`)()}catch{return{}}}var W=async t=>{try{return ge(await fe.promises.readFile(t,"utf8"))}catch(i){throw i instanceof Error?new Error(`Failed to parse ${me.relative(process.cwd(),t)}: ${i.message}`):i}};import{bundleRequire as ue}from"bundle-require";import ye from"joycon";import Oe from"path";var U=async t=>{let i=process.cwd(),n=await new ye().resolve({files:t?[t]:[...G,"package.json"],cwd:i,stopDir:Oe.parse(i).root,packageKey:"dotsec"});if(t&&n===null)throw new Error(`Could not find config file ${t}`);if(n){if(n.endsWith(".json")){let e=await W(n),o;return n.endsWith("package.json")&&e.dotsec!==void 0?o=e.dotsec:o=e,{source:"json",contents:{...T,...o,defaults:{...o?.defaults,...T.defaults,plugins:{...o?.defaults?.plugins,...T.defaults?.plugins}},push:{...o?.push}}}}else if(n.endsWith(".ts")){let e=await ue({filepath:n}),o=e.mod.dotsec||e.mod.default||e.mod;return{source:"ts",contents:{...T,...o,defaults:{...o?.defaults,...T.defaults,plugins:{...o?.defaults?.plugins,...T.defaults?.plugins}},push:{...o?.push}}}}}return{source:"defaultConfig",contents:T}};var q=async t=>import(t.name).then(i=>i.default);import{Option as Ce}from"commander";var F=(t,i,p)=>{t&&Object.values(t).map(n=>{let e;if(Array.isArray(n)){let[o,a,l]=n;e={flags:o,description:a,defaultValue:l}}else{let{flags:o,description:a,defaultValue:l,choices:s,env:r,fn:f}=n;e={flags:o,description:a,defaultValue:l,choices:s,env:r,fn:f}}if(e){let o=new Ce(e.flags,e.description);e.fn&&o.argParser(e.fn),e.defaultValue&&o.default(e.defaultValue),e.env&&o.env(e.env),p&&o.makeOptionMandatory(!0),e.choices&&o.choices(e.choices),i.addOption(o)}})};import K,{stat as he}from"node:fs/promises";import ve from"node:path";import Ee from"prompts";var j=async t=>await K.readFile(t,"utf-8"),_=async(t,i)=>await K.writeFile(t,i,"utf-8"),we=async t=>{try{return await he(t),!0}catch{return!1}},V=async({filePath:t,skip:i})=>{let p;return await we(t)&&i!==!0?p=await Ee({type:"confirm",name:"overwrite",message:()=>`Overwrite './${ve.relative(process.cwd(),t)}' ?`}):p=void 0,p};import De from"chalk";import On from"cli-table";var C=t=>De.yellow.bold(t);import{Option as Te}from"commander";var b={option:["--env-file <envFile>",`Path to .env file. If not provided, will look for value in 'ENV_FILE' environment variable. If not provided, will look for '${M}' file in current directory.`,M],env:"ENV_FILE"},I={option:["--sec-file, <secFile>",`Path to .sec file. If not provided, will look for value in 'SEC_FILE' environment variable. If not provided, will look for '${R}' file in current directory.`,R],env:"SEC_FILE"},k={flags:"--using <using>",description:"Wether to use a dot env file or a dot sec file",choices:["env","sec"],env:"DOTSEC_USING"},J={flags:"--using <using>",description:"Wether to use a dot env file or a dot sec file",choices:["env"],env:"DOTSEC_USING"},P={option:["--yes","Skip confirmation prompts"]};var D={option:["-c, --config-file, --configFile <configFile>","Config file"],env:"DOTSEC_CONFIG_FILE"},B={option:["--plugin <plugin>","Comma-separated list of plugins to use"],env:"DOTSEC_PLUGIN"},Y={option:["--engine <engine>","Encryption engine to use"],env:"DOTSEC_ENGINE"},H={option:["--create-manifest","Create a markdown manifest file. See the --manifest-file option for more information."],env:"CREATE_MANIFEST"},L={option:["--manifest-file <manifestFile>","Specify the name of the manifest file to create."],env:"ENCRYPTION_MANIFEST_FILE"};var Fe={decrypt:{options:{configFile:D,envFile:b,secFile:I,createManifest:H,manifestFile:L,yes:P},description:"Decrypt a sec file",helpText:`Examples:
 
-See the --manifest-file option for more information.
-`],env:"DOTSEC_ENCRYPTION_CREATE_MANIFEST"},manifestFile:{option:["--manifest-file <manifestFile>",`Specify the name of the manifest file to create. 
-This option is only used if the --create-manifest option is set to true.
 
-If this option is not specified, the default name will be derived from the name of the encrypted file.
+Decrypt .sec file to .env file
 
-For example, if the encrypted file is named ".sec", the manifest file will be named ".sec.encryption-manifest.md".
-`],env:"DOTSEC_ENCRYPTION_MANIFEST_FILE"},yes:S}}},le=Me;var Je={init:{options:{verbose:["--verbose","Verbose output",!1],configFile:["-c, --config-file, --configFile <configFile>","Config file",L],envFile:b,secFile:$,yes:S}}},me=Je;var Be={pull:{inheritsFrom:["dotsec"],options:{withEnv:q,withSec:K,envFile:b,secFile:$,yes:S}}},J=Be;var Ye={runEnvOnly:{inheritsFrom:["dotsec"],usage:"[commandArgs...]",options:{envFile:b,yes:S},description:"Run a command in a separate process and populate env with contents of a dotenv file.",helpText:`Examples:
+$ npx dotsec decrypt
 
-Run a command with a .env file
 
-$ dotsec run echo "hello world"
+Specify a different .sec file
+
+$ npx dotsec decrypt --sec-file .sec.dev
+$ SEC_FILE=.sec.dev npx dotsec decrypt
+
+Specify a different .env file
+
+$ npx dotsec decrypt --env-file .env.dev
+$ ENV_FILE=.env.dev npx dotsec decrypt
+
+Write a manifest file
+
+$ npx dotsec decrypt --create-manifest
+$ CREATE_MANIFEST=true npx dotsec decrypt
+
+Specify a different manifest file
+
+$ npx dotsec decrypt --manifest-file .manifest.dev
+$ MANIFEST_FILE=.manifest.dev npx dotsec decrypt
+`}},z=Fe;var xe={dotsec:{options:{configFile:D,plugin:B}}},Q=xe;var Pe={encrypt:{options:{configFile:D,envFile:b,secFile:I,createManifest:H,manifestFile:L,yes:P},description:"Encrypt an env file",helpText:`Examples:
+
+
+Encrypt .env file to .sec file
+
+$ npx dotsec encrypt
+
+
+Specify a different .env file
+
+$ npx dotsec encrypt --env-file .env.dev
+$ ENV_FILE=.env.dev npx dotsec encrypt
+
+Specify a different .sec file
+
+$ npx dotsec encrypt --sec-file .sec.dev
+$ SEC_FILE=.sec.dev npx dotsec encrypt
+
+
+Write a manifest file
+
+$ npx dotsec encrypt --create-manifest
+$ CREATE_MANIFEST=true npx dotsec encrypt
+
+
+Specify a different manifest file
+
+$ npx dotsec encrypt --manifest-file .manifest.dev
+$ MANIFEST_FILE=.manifest.dev npx dotsec encrypt
+`}},X=Pe;var $e={init:{options:{configFile:D,yes:P},description:"Initialize a dotsec project by creating a dotsec.config.ts file.",helpText:`Examples:
+
+Create a dotsec.config.ts file in the current directory
+
+$ npx dotsec init
+
+
+Overwrite an existing dotsec.config.ts file in the current directory
+
+$ npx dotsec init --yes
+
+
+Create a dotsec config file in the current directory with a specific config file name
+
+By specifying the --config-file option, you can create a dotsec config file with a specific name.
+
+$ npx dotsec init --config-file dotsec.config.ts
+
+$ DOTSEC_CONFIG_FILE=my.config.ts npx dotsec init
+`}},Z=$e;var be={push:{options:{configFile:D,envFile:b,secFile:I,yes:P},requiredOptions:{using:k},description:"Push variables from env or sec file to a remote",helpText:`Examples:
+
+Push variables from .env file to remote
+
+$ npx dotsec push --using env
+$ DOTSEC_USING=env npx dotsec push
+
+
+Push variables from .sec file to remote
+
+$ npx dotsec push --using sec
+$ DOTSEC_USING=sec npx dotsec push
+`}},ee=be;var Se={runEnvOnly:{usage:"--using env [commandArgs...]",options:{configFile:D,envFile:b,yes:P,engine:Y},requiredOptions:{using:J},description:"Run a command in a separate process and populate env with contents of a dotenv file.",helpText:`Examples:
+		
+Run a command with a .env file
+		
+$ npx dotsec run --using env node -e "console.log(process.env)"
 
 
 Run a command with a specific .env file
 
-$ dotsec run --env-file .env.dev echo "hello world"
+$ npx dotsec run --using env --env-file .env node -e "console.log(process.env)"
+
 
 Run a command with a specific ENV_FILE variable
 
-$ ENV_FILE=.env.dev dotsec run echo "hello world"
+$ ENV_FILE=.env.dev npx dotsec run --using env node -e "console.log(process.env)"
+
 
-`},run:{inheritsFrom:["dotsec"],options:{withEnv:q,withSec:K,envFile:b,secFile:$,yes:S},usage:"[--with-env --env-file .env] [--with-sec --sec-file .sec] [commandArgs...]",description:`Run a command in a separate process and populate env with either 
+You can also specify 'using' as an environment variable
+
+$ DOTSEC_USING=env npx dotsec run node -e "console.log(process.env)"
+		`},run:{options:{configFile:D,envFile:b,secFile:I,yes:P},requiredOptions:{using:k},usage:"[--using env] [--using sec] [commandArgs...]",description:`Run a command in a separate process and populate env with either 
 			- contents of a dotenv file
 			- decrypted values of a dotsec file.
 
@@ -47,21 +129,39 @@ $ dotsec run --with-sec echo "hello world"
 Run a command with a specific .sec file
 
 $ dotsec run --with-sec --sec-file .sec.dev echo "hello world"
-`},push:{options:x(c({},W.dotsec.options),{withEnv:q,withSec:K,envFile:b,secFile:$,yes:S}),requiredOptions:c({},W.dotsec.requiredOptions)}},de=Ye;var Qe=c(c(c(c(c(c(c({},W),me),le),pe),de),J),J);var Xe=e=>Array.isArray(e)?{option:e}:e,fe=(e,t)=>{var p,i,d;let r=Xe(e),[n,o,a]=r.option,l=(d=(i=(p=t==null?void 0:t.dotsecConfig)==null?void 0:p.defaults)==null?void 0:i.options)==null?void 0:d[t==null?void 0:t.optionKey],s=new ze(n,o+(l?". Default from config.":""));return a&&s.default(l||a),r.env&&s.env(r.env),(t==null?void 0:t.required)&&s.makeOptionMandatory(!0),s},T=e=>{let{program:t,commandName:r,dotsecConfig:n}=e,o=Qe[r||t.name()];if(o){let{options:a,requiredOptions:l,description:s,usage:p,helpText:i}=o;a&&Object.keys(a).forEach(d=>{let f=a[d],O=fe(f,{dotsecConfig:n,optionKey:d});t.addOption(O)}),l&&Object.keys(l).forEach(d=>{let f=l[d],O=fe(f,{required:!0,dotsecConfig:n,optionKey:d});t.addOption(O)}),s&&t.description(s),p&&t.description(p),i&&t.description(i)}};var Ze=async(e,t)=>{let{dotsecConfig:r,decryptHandlers:n}=t,o=e.enablePositionalOptions().passThroughOptions().command("decrypt").action(async(l,s)=>{var p;try{let{envFile:i,secFile:d,engine:f,yes:O}=s.optsWithGlobals(),E=f||((p=r==null?void 0:r.defaults)==null?void 0:p.encryptionEngine),v=(n||[]).find(w=>w.triggerOptionValue===E);if(!v)throw new Error(`No decryption plugin found, available decryption engine(s): ${t.decryptHandlers.map(w=>`--${w.triggerOptionValue}`).join(", ")}`);console.log("Decrypting with",P(v.encryptionEngineName||v.triggerOptionValue),"engine");let y=[...Object.keys(v.options||{}),...Object.keys(v.requiredOptions||{})],u=Object.fromEntries(y.map(w=>[w,l[w]])),m=await M(d),h=await v.handler(c({ciphertext:m},u)),g=await H({filePath:i,skip:O});(g===void 0||g.overwrite===!0)&&(await I(i,h),console.log(`Wrote plaintext contents of ${P(d)} file to ${P(i)}`))}catch(i){console.error(P(i.message)),s.help()}});t.decryptHandlers.map(l=>{let{options:s,requiredOptions:p}=l;_(s,o),_(p,o,!0)});let a=t.decryptHandlers.map(l=>l.triggerOptionValue);return o.option("--engine <engine>",`Encryption engine${a.length>0?"s":""} to use: ${a.length===1?a[0]:a.join(", ")}`,a.length===1?a[0]:void 0),T({program:o,dotsecConfig:r}),o},ue=Ze;import{parse as et}from"dotenv";var tt=async(e,t)=>{let{encryptHandlers:r,dotsecConfig:n}=t,o=e.enablePositionalOptions().passThroughOptions().command("encrypt").action(async(s,p)=>{var i;try{let{envFile:d,secFile:f,engine:O,createManifest:E,manifestFile:v,yes:y}=p.optsWithGlobals(),u=O||((i=n==null?void 0:n.defaults)==null?void 0:i.encryptionEngine),m=(r||[]).find(C=>C.triggerOptionValue===u);if(!m)throw new Error(`No encryption plugin found, available encryption engine(s): ${t.encryptHandlers.map(C=>C.triggerOptionValue).join(", ")}`);console.log("Encrypting with",P(m.encryptionEngineName||m.triggerOptionValue),"engine");let h=[...Object.keys(m.options||{}),...Object.keys(m.requiredOptions||{})],g=Object.fromEntries(h.map(C=>[C,s[C]])),w=await M(d),D=await m.handler(c({plaintext:w},g)),F=await H({filePath:f,skip:y});if((F===void 0||F.overwrite===!0)&&(await I(f,D),console.log(`Wrote encrypted contents of ${P(d)} file to ${P(f)}`),E)){let C=et(w),A=`# Dotsec encryption manifest 
+`}},ne=Se;var _e={...Q,...Z,...X,...z,...ne,...ee},Ie=t=>{if(Array.isArray(t)){let[i,p,n]=t;return{flags:i,description:p,defaultValue:n}}else{if("option"in t){let[i,p,n]=t.option;return{flags:i,description:p,defaultValue:n,env:t.env}}return t}},te=(t,i)=>{let p=i?.dotsecConfig?.defaults?.options?.[i?.optionKey],n=Ie(t),e=new Te(n.flags,n.description);return n.fn&&e.argParser(n.fn),n.defaultValue&&e.default(p||n.defaultValue),n.env&&e.env(n.env),i.required&&e.makeOptionMandatory(!0),n.choices&&e.choices(n.choices),e},x=t=>{let{program:i,commandName:p,dotsecConfig:n}=t,e=_e[p||i.name()];if(e){let{options:o,requiredOptions:a,description:l,usage:s,helpText:r}=e;o&&Object.keys(o).forEach(f=>{let m=o[f],d=te(m,{dotsecConfig:n,optionKey:f});i.addOption(d)}),a&&Object.keys(a).forEach(f=>{let m=a[f],d=te(m,{required:!0,dotsecConfig:n,optionKey:f});i.addOption(d)}),l&&i.description(l),s&&i.usage(s),r&&i.description(r)}};import{parse as Ne}from"dotenv";var je=async(t,i)=>{let{dotsecConfig:p,decryptHandlers:n}=i,e=t.enablePositionalOptions().passThroughOptions().command("decrypt").action(async(a,l)=>{try{let{envFile:s,secFile:r,engine:f,createManifest:m,manifestFile:d,yes:c}=l.optsWithGlobals(),O=f||p?.defaults?.encryptionEngine,u=(n||[]).find(h=>h.triggerOptionValue===O);if(!u)throw new Error(`No decryption plugin found, available decryption engine(s): ${i.decryptHandlers.map(h=>`--${h.triggerOptionValue}`).join(", ")}`);console.log("Decrypting with",C(u.encryptionEngineName||u.triggerOptionValue),"engine");let g=[...Object.keys(u.options||{}),...Object.keys(u.requiredOptions||{})],w=Object.fromEntries(g.map(h=>[h,a[h]])),v=await j(r),E=await u.handler({ciphertext:v,...w}),N=await V({filePath:s,skip:c});if((N===void 0||N.overwrite===!0)&&(await _(s,E),console.log(`Wrote plaintext contents of ${C(r)} file to ${C(s)}`)),m){let h=Ne(E),y=`# Dotsec decryption manifest 
+
+## Overview
+
+- plaintext source: ${s}
+- ciphertext target: ${r}
+- created: ${new Date().toUTCString()}
+- Decryption engine: ${u.encryptionEngineName||u.triggerOptionValue}
+- Decryption engine options: ${JSON.stringify(w)}
+
+## Variables
+
+| Key | 
+| --- | 
+${Object.keys(h).map(A=>`| \`${A} \`| `).join(`
+`)}
+`,$=d||`${s}.decryption-manifest.md`;await _($,y),console.log(`Wrote manifest of ${C(s)} file to ${C($)}`)}}catch(s){console.error(C(s.message)),l.help()}});i.decryptHandlers.map(a=>{let{options:l,requiredOptions:s}=a;F(l,e),F(s,e,!0)});let o=i.decryptHandlers.map(a=>a.triggerOptionValue);return e.option("--engine <engine>",`Encryption engine${o.length>0?"s":""} to use: ${o.length===1?o[0]:o.join(", ")}`,o.length===1?o[0]:void 0),x({program:e,dotsecConfig:p}),e},oe=je;import{parse as Ve}from"dotenv";var Ae=async(t,i)=>{let{encryptHandlers:p,dotsecConfig:n}=i,e=t.enablePositionalOptions().passThroughOptions().command("encrypt").action(async(l,s)=>{try{let{envFile:r,secFile:f,engine:m,createManifest:d,manifestFile:c,yes:O}=s.optsWithGlobals(),u=m||n?.defaults?.encryptionEngine,g=(p||[]).find(y=>y.triggerOptionValue===u);if(!g)throw new Error(`No encryption plugin found, available encryption engine(s): ${i.encryptHandlers.map(y=>y.triggerOptionValue).join(", ")}`);let w=[...Object.keys(g.options||{}),...Object.keys(g.requiredOptions||{})],v=Object.fromEntries(w.map(y=>[y,l[y]])),E=await j(r),N=await g.handler({plaintext:E,...v}),h=await V({filePath:f,skip:O});if((h===void 0||h.overwrite===!0)&&(await _(f,N),console.log(`Wrote encrypted contents of ${C(r)} file to ${C(f)}`),d)){let y=Ve(E),$=`# Dotsec encryption manifest 
 
 ## Overview
 
-- plaintext source: ${d}
+- plaintext source: ${r}
 - ciphertext target: ${f}
 - created: ${new Date().toUTCString()}
-- encryption engine: ${m.encryptionEngineName||m.triggerOptionValue}
-- encryption engine options: ${JSON.stringify(g)}
+- encryption engine: ${g.encryptionEngineName||g.triggerOptionValue}
+- encryption engine options: ${JSON.stringify(v)}
 
 ## Variables
 
 | Key | 
 | --- | 
-${Object.keys(C).map(U=>`| \`${U} \`| `).join(`
+${Object.keys(y).map(le=>`| \`${le} \`| `).join(`
 `)}
-`,R=v||`${f}.encryption-manifest.md`;await I(R,A),console.log(`Wrote manifest of ${P(d)} file to ${P(R)}`)}}catch(d){console.error(P(d.message)),p.help()}});t.encryptHandlers.map(s=>{let{options:p,requiredOptions:i}=s;_(p,o),_(i,o,!0)});let a=t.encryptHandlers.map(s=>s.triggerOptionValue),l=t.encryptHandlers.map(s=>s.encryptionEngineName);return o.option("--engine <engine>",`Encryption engine${a.length>0?"s":""}: ${a.length===1?a[0]:a.join(", ")}`),T({program:o,dotsecConfig:n}),o.description(`Encrypt .env file using ${l.join(", ")}`),o},ge=tt;import nt from"node:fs";import{ScriptKind as pt,ScriptTarget as ct,SyntaxKind as rt,createPrinter as ot,createSourceFile as at,createStringLiteral as he,transform as lt,visitEachChild as it,visitNode as st}from"typescript";var ye=e=>{let t=ot(),r=nt.readFileSync(e.configFile,"utf8"),n=p=>i=>{function d(f){var O,E,v,y,u,m,h,g,w,D,F,C,A,R,U,X,Z,ee;if(f=it(f,d,p),f.kind===rt.StringLiteral){let N=(E=(O=f==null?void 0:f.parent)==null?void 0:O.parent)==null?void 0:E.parent;if(((u=(y=(v=e.config)==null?void 0:v.aws)==null?void 0:y.kms)==null?void 0:u.keyAlias)&&((m=N==null?void 0:N.getChildAt(0))==null?void 0:m.getText())==="kms"){let V=(h=N==null?void 0:N.parent)==null?void 0:h.parent;if((V==null?void 0:V.getChildAt(0).getText())==="aws")return he((D=(w=(g=e.config)==null?void 0:g.aws)==null?void 0:w.kms)==null?void 0:D.keyAlias)}if(((C=(F=e.config)==null?void 0:F.aws)==null?void 0:C.region)&&((R=(A=f==null?void 0:f.parent)==null?void 0:A.getChildAt(0))==null?void 0:R.getText())==="region"){let V=(X=(U=f==null?void 0:f.parent)==null?void 0:U.parent)==null?void 0:X.parent;if((V==null?void 0:V.getChildAt(0).getText())==="aws")return he((ee=(Z=e.config)==null?void 0:Z.aws)==null?void 0:ee.region)}}return f}return st(i,d)},o=at("test.ts",r,ct.ES2015,!0,pt.TS),a=lt(o,[n]),l=a.transformed[0],s=t.printFile(l);return a.dispose(),s};import mt from"node:path";var dt=async(e,t)=>{let{dotsecConfig:r}=t,n=e.enablePositionalOptions().passThroughOptions().command("init").action(async(o,a)=>{let{configFile:l,yes:s}=a.optsWithGlobals();try{let p=ye({configFile:mt.resolve(__dirname,"../../src/templates/dotsec.config.ts")}),i=await H({filePath:l,skip:s});(i===void 0||i.overwrite===!0)&&(await I(l,p),console.log(`Wrote config file to ${P(l)}`))}catch(p){a.error(p)}});return T({program:n,dotsecConfig:r}),n},Ce=dt;import{parse as ft}from"dotenv";import{expand as ut}from"dotenv-expand";import Oe from"node:fs";var gt=async(e,t)=>{let{dotsecConfig:r,handlers:n}=t,o=e.enablePositionalOptions().passThroughOptions().command("push").action(async(a,l)=>{var s,p,i;try{let{envFile:d,secFile:f,withEnv:O,withSec:E,engine:v,yes:y}=l.optsWithGlobals(),u=v||((s=r==null?void 0:r.defaults)==null?void 0:s.encryptionEngine),m=(p=(n||[]).find(F=>{var C;return((C=F.decrypt)==null?void 0:C.triggerOptionValue)===u}))==null?void 0:p.decrypt,h=(i=(n||[]).find(F=>{var C;return((C=F.push)==null?void 0:C.triggerOptionValue)===u}))==null?void 0:i.push;if(!h)throw new Error("No push plugin found!");let g=[...Object.keys((m==null?void 0:m.options)||{}),...Object.keys((m==null?void 0:m.requiredOptions)||{}),...Object.keys((h==null?void 0:h.options)||{}),...Object.keys((h==null?void 0:h.requiredOptions)||{})],w=Object.fromEntries(g.map(F=>[F,a[F]]));if(O&&E)throw new Error("Cannot use both --with-env and --with-sec");let D;if(O||!(O||E)){if(!d)throw new Error("No dotenv file specified in --env-file option");D=Oe.readFileSync(d,"utf8")}else if(E){if(!f)throw new Error("No dotsec file specified in --sec-file option");if(!m)throw new Error(`No decryption plugin found, available decryption engine(s): ${n.map(C=>{var A;return`--${(A=C.decrypt)==null?void 0:A.triggerOptionValue}`}).join(", ")}`);let F=Oe.readFileSync(f,"utf8");D=await m.handler(c({ciphertext:F},w))}if(D){let F=ft(D),C=ut({ignoreProcessEnv:!0,parsed:c(c({},process.env),F)});C.parsed&&await h.handler(c({push:C.parsed,yes:y},w))}else throw new Error("No .env or .sec file provided")}catch(d){console.error(d),process.exit(1)}});return T({program:o,dotsecConfig:r}),o},we=gt;import ve from"node:fs";import{parse as yt}from"dotenv";import{expand as ht}from"dotenv-expand";import{spawnSync as Ct}from"node:child_process";var Ot=(e,t)=>{let{dotsecConfig:r,decryptHandlers:n}=t||{},o=n!==void 0&&n.length>0,a=e.command("run <command...>").allowUnknownOption(!0).enablePositionalOptions().passThroughOptions().showHelpAfterError(!0).action(async(l,s,p)=>{var i;try{let{envFile:d,secFile:f,withEnv:O,withSec:E,engine:v}=p.optsWithGlobals();if(O&&E)throw new Error("Cannot use both --with-env and --with-sec");let y;if(O||!(O||E)||o===!1){if(!d)throw new Error("No dotenv file specified in --env-file option");y=ve.readFileSync(d,"utf8")}else if(E){if(!f)throw new Error("No dotsec file specified in --sec-file option");let u=v||((i=r==null?void 0:r.defaults)==null?void 0:i.encryptionEngine),m=(n||[]).find(D=>D.triggerOptionValue===u);if(!m)throw new Error(`No decryption plugin found, available decryption engine(s): ${(n||[]).map(D=>`--${D.triggerOptionValue}`).join(", ")}`);let h=[...Object.keys(m.options||{}),...Object.keys(m.requiredOptions||{})],g=Object.fromEntries(h.map(D=>[D,s[D]])),w=ve.readFileSync(f,"utf8");y=await m.handler(c({ciphertext:w},g))}if(y){let u=yt(y),m=ht({ignoreProcessEnv:!0,parsed:c(c({},process.env),u)}),[h,...g]=l,w=Ct(h,[...g],{stdio:"inherit",shell:!1,encoding:"utf-8",env:x(c(c({},m.parsed),process.env),{__DOTSEC_ENV__:JSON.stringify(Object.keys(u))})});w.status!==0&&process.exit(w.status||1)}else throw new Error("No .env or .sec file provided")}catch(d){console.error(P(d.message)),p.help()}});if(T({program:a,commandName:o?"run":"runEnvOnly",dotsecConfig:r}),o){n==null||n.map(s=>{let{options:p,requiredOptions:i}=s;_(p,a),_(i,a,!0)});let l=n==null?void 0:n.map(s=>s.triggerOptionValue);a.option("--engine <engine>",`Encryption engine${l.length>0?"s":""}: ${l.join(", "),l.length===1?l[0]:void 0}`)}return a},Ee=Ot;import vt from"ajv";import Et from"yargs-parser";var Dt={keyword:"separator",type:"string",metaSchema:{type:"string",description:"value separator"},modifying:!0,valid:!0,errors:!1,compile:e=>(t,r)=>{if(r){let{parentData:n,parentDataProperty:o}=r;return n[o]=t===""?[]:t.split(e),!0}else return!1}},k=new wt;(async()=>{var f,O,E,v;let e=Et(process.argv),t=[];e.plugin&&(Array.isArray(e.plugin)?t.push(...e.plugin):t.push(e.plugin));let r=[...Array.isArray(e.config)?e.config:[e.config],...Array.isArray(e.c)?e.c:[e.c]][0],{contents:n={}}=await ae(r),{defaults:o,push:a}=n;k.name("dotsec").description(".env, but secure").version("1.0.0").enablePositionalOptions().action((y,u)=>{u.help()}),T({program:k,dotsecConfig:n});let l=new vt({allErrors:!0,removeAdditional:!0,useDefaults:!0,coerceTypes:!0,allowUnionTypes:!0,addUsedSchema:!1,keywords:[Dt]}),s={};if(t.length>0)for(let y of t){let m=await(await Q({name:y}))({dotsecConfig:n,ajv:l,configFile:r});s[m.name]=y,t.length===1&&(n.defaults=x(c({},n.defaults),{encryptionEngine:String(m.name),plugins:x(c({},(f=n.defaults)==null?void 0:f.plugins),{[m.name]:c({},(E=(O=n.defaults)==null?void 0:O.plugins)==null?void 0:E[m.name])})}))}(o==null?void 0:o.encryptionEngine)&&(((v=o==null?void 0:o.plugins)==null?void 0:v[o.encryptionEngine])||(o.plugins=x(c({},o.plugins),{[o.encryptionEngine]:{}}))),(o==null?void 0:o.plugins)&&Object.entries(o==null?void 0:o.plugins).forEach(([y,u])=>{(u==null?void 0:u.module)?s[y]=u==null?void 0:u.module:s[y]=`@dotsec/plugin-${y}`}),Object.values(a||{}).forEach(y=>{Object.keys(y).forEach(u=>{s[u]||(s[u]=`@dotsec/plugin-${u}`)})});let p=[],i=[],d=[];for(let y of Object.keys(s)){let u=s[y],m=await Q({name:u}),{addCliCommand:h,cliHandlers:g}=await m({ajv:l,dotsecConfig:n,configFile:r});(g==null?void 0:g.encrypt)&&p.push(g.encrypt),(g==null?void 0:g.decrypt)&&(i.push(g.decrypt),(g==null?void 0:g.push)&&d.push({push:g.push,decrypt:g.decrypt})),h&&h({program:k})}p.length&&await ge(k,{dotsecConfig:n,encryptHandlers:p}),i.length&&await ue(k,{dotsecConfig:n,decryptHandlers:i}),d.length&&await we(k,{dotsecConfig:n,handlers:d}),await Ce(k,{dotsecConfig:n}),await Ee(k,{dotsecConfig:n,decryptHandlers:i}),await k.parse()})();
-//# sourceMappingURL=index.mjs.map
+`,A=c||`${f}.encryption-manifest.md`;await _(A,$),console.log(`Wrote manifest of ${C(r)} file to ${C(A)}`)}}catch(r){console.error(C(r.message)),s.help()}});i.encryptHandlers.map(l=>{let{options:s,requiredOptions:r}=l;F(s,e),F(r,e,!0)});let o=i.encryptHandlers.map(l=>l.triggerOptionValue),a=i.encryptHandlers.map(l=>l.encryptionEngineName);return e.option("--engine <engine>",`Encryption engine${o.length>0?"s":""}: ${o.length===1?o[0]:o.join(", ")}`,o.length===1?o[0]:void 0),x({program:e,dotsecConfig:n}),e.description(`Encrypt .env file using ${a.join(", ")}`),e},ie=Ae;import ke from"node:path";var He=async(t,i)=>{let{dotsecConfig:p}=i,n=t.enablePositionalOptions().passThroughOptions().command("init").action(async(e,o)=>{let{configFile:a="dotsec.config.ts",yes:l}=o.optsWithGlobals();try{let s=await j(ke.resolve(__dirname,"../../src/templates/dotsec.config.ts")),r=await V({filePath:a,skip:l});(r===void 0||r.overwrite===!0)&&(await _(a,s),console.log(`Wrote config file to ${C(a)}`))}catch(s){o.error(s)}});return x({program:n,dotsecConfig:p}),n},re=He;import{parse as Le}from"dotenv";import{expand as Re}from"dotenv-expand";import se from"node:fs";var Me=async(t,i)=>{let{dotsecConfig:p,handlers:n}=i,e=t.enablePositionalOptions().passThroughOptions().command("push").action(async(r,f)=>{try{let{using:m,envFile:d,secFile:c,engine:O,yes:u}=f.optsWithGlobals(),g=O||p?.defaults?.encryptionEngine,w=(n||[]).find(y=>y.decrypt?.triggerOptionValue===g)?.decrypt,v=(n||[]).find(y=>y.push?.triggerOptionValue===g)?.push;if(!v)throw new Error("No push plugin found!");let E=[...Object.keys(w?.options||{}),...Object.keys(w?.requiredOptions||{}),...Object.keys(v?.options||{}),...Object.keys(v?.requiredOptions||{})],N=Object.fromEntries(E.map(y=>[y,r[y]])),h;if(m==="env"){if(!d)throw new Error("No dotenv file specified in --env-file option");h=se.readFileSync(d,"utf8")}else{if(!c)throw new Error("No dotsec file specified in --sec-file option");if(!w)throw new Error(`No decryption plugin found, available decryption engine(s): ${n.map($=>`--${$.decrypt?.triggerOptionValue}`).join(", ")}`);let y=se.readFileSync(c,"utf8");h=await w.handler({ciphertext:y,...N})}if(h){let y=Le(h),$=Re({ignoreProcessEnv:!0,parsed:{...process.env,...y}});$.parsed&&await v.handler({push:$.parsed,yes:u,...N})}else throw new Error("No .env or .sec file provided")}catch(m){console.error(m),process.exit(1)}});x({program:e,dotsecConfig:p});let o=i.handlers.map(({decrypt:r})=>r.triggerOptionValue);e.option("--engine <engine>",`Encryption engine${o.length>0?"s":""} to use: ${o.length===1?o[0]:o.join(", ")}`,o.length===1?o[0]:void 0);let a={};i.handlers.forEach(r=>{Object.keys(r).map(f=>{let{options:m,requiredOptions:d}=r[f];Object.keys(m||{}).forEach(c=>{a[c]=Array.isArray(m[c])?m[c]:{...a[c],...m[c]}}),Object.keys(d||{}).forEach(c=>{a[c]=Array.isArray(d[c])?d[c]:{...a[c],...d[c],required:!0}})})});let l=[],s=[];return n.forEach(r=>{r.push?.description&&s.push(r.push.description),r.push?.usage&&l.push(r.push.usage)}),s.length>0&&e.description(s.join(`
+`)),l.length>0&&e.usage(l.join(`
+`)),F(Object.fromEntries(Object.entries(a).filter(([r,f])=>f.required!==!0)),e),F(Object.fromEntries(Object.entries(a).filter(([r,f])=>f.required===!0)),e,!0),e},ae=Me;import ce from"node:fs";import{parse as qe}from"dotenv";import{expand as Ge}from"dotenv-expand";import{spawnSync as We}from"node:child_process";var Ue=(t,i)=>{let{dotsecConfig:p,decryptHandlers:n}=i||{},e=n!==void 0&&n.length>0,o=t.command("run <command...>").allowUnknownOption(!0).enablePositionalOptions().passThroughOptions().showHelpAfterError(!0).action(async(a,l,s)=>{try{let{envFile:r,using:f,secFile:m,engine:d}=s.optsWithGlobals(),c;if(f==="env"||e===!1){if(!r)throw new Error("No dotenv file specified in --env-file option");c=ce.readFileSync(r,"utf8")}else if(f==="sec"){if(!m)throw new Error("No dotsec file specified in --sec-file option");let O=d||p?.defaults?.encryptionEngine,u=(n||[]).find(E=>E.triggerOptionValue===O);if(!u)throw new Error(`No decryption plugin found, available decryption engine(s): ${(n||[]).map(E=>`--${E.triggerOptionValue}`).join(", ")}`);let g=[...Object.keys(u.options||{}),...Object.keys(u.requiredOptions||{})],w=Object.fromEntries(g.map(E=>[E,l[E]])),v=ce.readFileSync(m,"utf8");c=await u.handler({ciphertext:v,...w})}if(c){let O=qe(c),u=Ge({ignoreProcessEnv:!0,parsed:{...process.env,...O}}),[g,...w]=a,v=We(g,[...w],{stdio:"inherit",shell:!1,encoding:"utf-8",env:{...u.parsed,...process.env,__DOTSEC_ENV__:JSON.stringify(Object.keys(O))}});v.status!==0&&process.exit(v.status||1)}else throw new Error("No .env or .sec file provided")}catch(r){console.error(C(r.message)),s.help()}});if(x({program:o,commandName:e?"run":"runEnvOnly",dotsecConfig:p}),e){n?.map(l=>{let{options:s,requiredOptions:r}=l;F(s,o),F(r,o,!0)});let a=n?.map(l=>l.triggerOptionValue);o.option("--engine <engine>",`Encryption engine${a.length>0?"s":""}: ${a.join(", "),a.length===1?a[0]:void 0}`)}return o},pe=Ue;import Je from"ajv";import Be from"yargs-parser";var Ye={keyword:"separator",type:"string",metaSchema:{type:"string",description:"value separator"},modifying:!0,valid:!0,errors:!1,compile:t=>(i,p)=>{if(p){let{parentData:n,parentDataProperty:e}=p;return n[e]=i===""?[]:i.split(t),!0}else return!1}},S=new Ke;(async()=>{let t=Be(process.argv),i=[];t.plugin&&(Array.isArray(t.plugin)?i.push(...t.plugin):i.push(t.plugin));let p=[...Array.isArray(t.configFile)?t.configFile:[t.configFile],...Array.isArray(t.c)?t.c:[t.c]][0]||process.env.DOTSEC_CONFIG_FILE,{contents:n={}}=await U(p),{defaults:e={},push:o,plugins:a}=n;S.name("dotsec").description(".env, but secure").version("1.0.0").enablePositionalOptions().action((d,c)=>{c.help()}),x({program:S,dotsecConfig:n});let l=new Je({allErrors:!0,removeAdditional:!0,useDefaults:!0,coerceTypes:!0,allowUnionTypes:!0,addUsedSchema:!1,keywords:[Ye]}),s={};if(a)for(let d of a)e?.plugins?.[d]||(e.plugins={...e.plugins,[d]:{}});if(i.length>0)for(let d of i){let O=await(await q({name:d}))({dotsecConfig:n,ajv:l,configFile:p});s[O.name]=d,i.length===1&&(n.defaults={...n.defaults,encryptionEngine:String(O.name),plugins:{...n.defaults?.plugins,[O.name]:{...n.defaults?.plugins?.[O.name]}}})}e?.encryptionEngine&&(e?.plugins?.[e.encryptionEngine]||(e.plugins={...e.plugins,[e.encryptionEngine]:{}})),e?.plugins&&Object.entries(e?.plugins).forEach(([d,c])=>{c?.name?s[d]=c?.name:s[d]=`@dotsec/plugin-${d}`}),Object.values(o||{}).forEach(d=>{Object.keys(d).forEach(c=>{s[c]||(s[c]=`@dotsec/plugin-${c}`)})});let r=[],f=[],m=[];for(let d of Object.keys(s)){let c=s[d],O=await q({name:c}),{addCliCommand:u,cliHandlers:g}=await O({ajv:l,dotsecConfig:n,configFile:p});g?.encrypt&&r.push(g.encrypt),g?.decrypt&&(f.push(g.decrypt),g?.push&&m.push({push:g.push,decrypt:g.decrypt})),u&&u({program:S})}r.length&&await ie(S,{dotsecConfig:n,encryptHandlers:r}),f.length&&await oe(S,{dotsecConfig:n,decryptHandlers:f}),m.length&&await ae(S,{dotsecConfig:n,handlers:m}),await re(S,{dotsecConfig:n}),await pe(S,{dotsecConfig:n,decryptHandlers:f}),await S.parse()})();
+//# sourceMappingURL=index.mjs.map