env-secrets 0.1.0 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/dependabot.yml +16 -0
- package/README.md +20 -0
- package/dist/index.js +47 -0
- package/dist/vaults/secretsmanager.js +100 -0
- package/dist/vaults/utils.js +48 -0
- package/dist/version.js +5 -0
- package/package.json +11 -10
- package/src/tsconfig.json +23 -0
- package/src/version.ts +3 -1
- package/tsconfig.json +7 -12
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
version: 2
|
|
2
|
+
updates:
|
|
3
|
+
- package-ecosystem: "npm"
|
|
4
|
+
versioning-strategy: increase
|
|
5
|
+
directory: "/"
|
|
6
|
+
schedule:
|
|
7
|
+
interval: "monthly"
|
|
8
|
+
labels:
|
|
9
|
+
- "dependencies"
|
|
10
|
+
open-pull-requests-limit: 100
|
|
11
|
+
pull-request-branch-name:
|
|
12
|
+
separator: "-"
|
|
13
|
+
ignore:
|
|
14
|
+
- dependency-name: "fs-extra"
|
|
15
|
+
- dependency-name: "*"
|
|
16
|
+
update-types: ["version-update:semver-major"]
|
package/README.md
CHANGED
|
@@ -13,3 +13,23 @@ Use debug-js pass in env-secrets for the main application and env-secrets:<vault
|
|
|
13
13
|
```
|
|
14
14
|
DEBUG=env-secrets,env-secrets:secretsmanager npx ts-node src/index.ts aws -s local/sample -r ca-central-1 -p marka -- env
|
|
15
15
|
```
|
|
16
|
+
|
|
17
|
+
## Publishing
|
|
18
|
+
|
|
19
|
+
Login into npm
|
|
20
|
+
|
|
21
|
+
```
|
|
22
|
+
npm login
|
|
23
|
+
```
|
|
24
|
+
|
|
25
|
+
Try a dry run:
|
|
26
|
+
|
|
27
|
+
```
|
|
28
|
+
npm run release -- patch --dry-run
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
Run:
|
|
32
|
+
|
|
33
|
+
```
|
|
34
|
+
npm run release -- patch
|
|
35
|
+
```
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
"use strict";
|
|
3
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
4
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
5
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
6
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
7
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
8
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
9
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
10
|
+
});
|
|
11
|
+
};
|
|
12
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
13
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
14
|
+
};
|
|
15
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
16
|
+
const commander_1 = require("commander");
|
|
17
|
+
const node_child_process_1 = require("node:child_process");
|
|
18
|
+
const debug_1 = __importDefault(require("debug"));
|
|
19
|
+
const version_1 = require("./version");
|
|
20
|
+
const secretsmanager_1 = require("./vaults/secretsmanager");
|
|
21
|
+
const debug = (0, debug_1.default)('env-secrets');
|
|
22
|
+
const program = new commander_1.Command();
|
|
23
|
+
program
|
|
24
|
+
.name('env-secrets')
|
|
25
|
+
.description('pull secrets from vaults and inject them into the running environment')
|
|
26
|
+
.version(version_1.LIB_VERSION);
|
|
27
|
+
program
|
|
28
|
+
.command('aws')
|
|
29
|
+
.description('get secrets from AWS secrets manager')
|
|
30
|
+
.addArgument(new commander_1.Argument('[program...]', 'program to run'))
|
|
31
|
+
.requiredOption('-s, --secret <secret>', 'secret to get')
|
|
32
|
+
.option('-p, --profile <profile>', 'profile to use')
|
|
33
|
+
.option('-r, --region <region>', 'region to use')
|
|
34
|
+
.action((program, options) => __awaiter(void 0, void 0, void 0, function* () {
|
|
35
|
+
let env = yield (0, secretsmanager_1.secretsmanager)(options);
|
|
36
|
+
env = Object.assign({}, process.env, env);
|
|
37
|
+
debug(env);
|
|
38
|
+
if (program) {
|
|
39
|
+
debug(`${program[0]} ${program.slice(1)}`);
|
|
40
|
+
(0, node_child_process_1.spawn)(program[0], program.slice(1), {
|
|
41
|
+
stdio: 'inherit',
|
|
42
|
+
shell: true,
|
|
43
|
+
env
|
|
44
|
+
});
|
|
45
|
+
}
|
|
46
|
+
}));
|
|
47
|
+
program.parse();
|
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.secretsmanager = void 0;
|
|
16
|
+
const aws_sdk_1 = __importDefault(require("aws-sdk"));
|
|
17
|
+
const debug_1 = __importDefault(require("debug"));
|
|
18
|
+
const debug = (0, debug_1.default)('env-secrets:secretsmanager');
|
|
19
|
+
const checkConnection = () => __awaiter(void 0, void 0, void 0, function* () {
|
|
20
|
+
const sts = new aws_sdk_1.default.STS();
|
|
21
|
+
const myPromise = new Promise((resolve, reject) => {
|
|
22
|
+
sts.getCallerIdentity({}, (err, data) => {
|
|
23
|
+
if (err)
|
|
24
|
+
reject(err);
|
|
25
|
+
else {
|
|
26
|
+
resolve(data);
|
|
27
|
+
}
|
|
28
|
+
});
|
|
29
|
+
});
|
|
30
|
+
let value;
|
|
31
|
+
let err;
|
|
32
|
+
yield myPromise
|
|
33
|
+
.then((v) => {
|
|
34
|
+
value = v;
|
|
35
|
+
})
|
|
36
|
+
.catch((e) => {
|
|
37
|
+
err = e;
|
|
38
|
+
});
|
|
39
|
+
if (err) {
|
|
40
|
+
console.error(err);
|
|
41
|
+
}
|
|
42
|
+
debug(value);
|
|
43
|
+
return !!value;
|
|
44
|
+
});
|
|
45
|
+
const secretsmanager = (options) => __awaiter(void 0, void 0, void 0, function* () {
|
|
46
|
+
const { secret, profile, region } = options;
|
|
47
|
+
const { AWS_ACCESS_KEY_ID: awsAccessKeyId, AWS_SECRET_ACCESS_KEY: awsSecretAccessKey } = process.env;
|
|
48
|
+
if (profile) {
|
|
49
|
+
console.log(`Using profile: ${profile}`);
|
|
50
|
+
const credentials = new aws_sdk_1.default.SharedIniFileCredentials({
|
|
51
|
+
profile
|
|
52
|
+
});
|
|
53
|
+
aws_sdk_1.default.config.credentials = credentials;
|
|
54
|
+
}
|
|
55
|
+
else if (awsAccessKeyId && awsSecretAccessKey) {
|
|
56
|
+
console.log('Using environment variables');
|
|
57
|
+
}
|
|
58
|
+
else {
|
|
59
|
+
console.log('Using profile: default');
|
|
60
|
+
}
|
|
61
|
+
if (region) {
|
|
62
|
+
aws_sdk_1.default.config.update({ region });
|
|
63
|
+
}
|
|
64
|
+
if (!aws_sdk_1.default.config.region) {
|
|
65
|
+
console.log('no region set');
|
|
66
|
+
}
|
|
67
|
+
const connected = yield checkConnection();
|
|
68
|
+
if (connected) {
|
|
69
|
+
const sm = new aws_sdk_1.default.SecretsManager();
|
|
70
|
+
try {
|
|
71
|
+
const response = yield sm
|
|
72
|
+
.getSecretValue({
|
|
73
|
+
SecretId: secret
|
|
74
|
+
})
|
|
75
|
+
.promise();
|
|
76
|
+
const secretvalue = response.SecretString;
|
|
77
|
+
try {
|
|
78
|
+
if (secretvalue) {
|
|
79
|
+
return JSON.parse(secretvalue);
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
catch (err) {
|
|
83
|
+
console.error(err);
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
catch (err) {
|
|
87
|
+
if (err && err.code === 'ResourceNotFoundException') {
|
|
88
|
+
console.error(`${secret} not found`);
|
|
89
|
+
}
|
|
90
|
+
else if (err && err.code === 'ConfigError') {
|
|
91
|
+
console.error(err.message);
|
|
92
|
+
}
|
|
93
|
+
else {
|
|
94
|
+
console.error(err);
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
return {};
|
|
98
|
+
}
|
|
99
|
+
});
|
|
100
|
+
exports.secretsmanager = secretsmanager;
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
+
if (mod && mod.__esModule) return mod;
|
|
20
|
+
var result = {};
|
|
21
|
+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
+
__setModuleDefault(result, mod);
|
|
23
|
+
return result;
|
|
24
|
+
};
|
|
25
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
+
exports.objectToEnv = exports.objectToExport = exports.replaceWithAstrisk = void 0;
|
|
27
|
+
const os = __importStar(require("os"));
|
|
28
|
+
const replaceWithAstrisk = (str) => {
|
|
29
|
+
if (str) {
|
|
30
|
+
return [...str]
|
|
31
|
+
.map((e, i) => {
|
|
32
|
+
if (i > 0 && i < str.length - 4) {
|
|
33
|
+
return '*';
|
|
34
|
+
}
|
|
35
|
+
return e;
|
|
36
|
+
})
|
|
37
|
+
.join('');
|
|
38
|
+
}
|
|
39
|
+
};
|
|
40
|
+
exports.replaceWithAstrisk = replaceWithAstrisk;
|
|
41
|
+
const objectToExport = (obj) => {
|
|
42
|
+
return Object.entries(obj).reduce((env, [OutputKey, OutputValue]) => `${env}export ${OutputKey}=${OutputValue}${os.EOL}`, '');
|
|
43
|
+
};
|
|
44
|
+
exports.objectToExport = objectToExport;
|
|
45
|
+
const objectToEnv = (obj) => {
|
|
46
|
+
return Object.entries(obj).map(([OutputKey, OutputValue]) => (process.env[OutputKey] = OutputValue));
|
|
47
|
+
};
|
|
48
|
+
exports.objectToEnv = objectToEnv;
|
package/dist/version.js
ADDED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "env-secrets",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.3",
|
|
4
4
|
"description": "get secrets from a secrets vault and inject them into the running environment",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"author": "Mark C Allen (@markcallen)",
|
|
@@ -9,28 +9,29 @@
|
|
|
9
9
|
"license": "MIT",
|
|
10
10
|
"private": false,
|
|
11
11
|
"scripts": {
|
|
12
|
-
"
|
|
13
|
-
"build": "rimraf ./dist && tsc -b",
|
|
12
|
+
"build": "rimraf ./dist && tsc -b src",
|
|
14
13
|
"postbuild": "chmod 755 ./dist/index.js",
|
|
15
14
|
"lint": "eslint . --ext .ts",
|
|
15
|
+
"release": "release-it",
|
|
16
16
|
"prettier:fix": "npx prettier --write .",
|
|
17
17
|
"prettier:check": "npx prettier --check ."
|
|
18
18
|
},
|
|
19
19
|
"devDependencies": {
|
|
20
20
|
"@types/debug": "^4.1.7",
|
|
21
|
-
"@types/node": "^18.11.
|
|
22
|
-
"@typescript-eslint/eslint-plugin": "^5.
|
|
23
|
-
"@typescript-eslint/parser": "^5.
|
|
24
|
-
"eslint": "^8.
|
|
21
|
+
"@types/node": "^18.11.18",
|
|
22
|
+
"@typescript-eslint/eslint-plugin": "^5.48.0",
|
|
23
|
+
"@typescript-eslint/parser": "^5.48.0",
|
|
24
|
+
"eslint": "^8.31.0",
|
|
25
25
|
"eslint-config-prettier": "^8.5.0",
|
|
26
26
|
"eslint-plugin-prettier": "^4.2.1",
|
|
27
|
-
"prettier": "^2.
|
|
27
|
+
"prettier": "^2.8.1",
|
|
28
|
+
"release-it": "^15.6.0",
|
|
28
29
|
"rimraf": "^3.0.2",
|
|
29
30
|
"ts-node": "^10.9.1",
|
|
30
|
-
"typescript": "^4.
|
|
31
|
+
"typescript": "^4.9.4"
|
|
31
32
|
},
|
|
32
33
|
"dependencies": {
|
|
33
|
-
"aws-sdk": "^2.
|
|
34
|
+
"aws-sdk": "^2.1287.0",
|
|
34
35
|
"commander": "^9.4.1",
|
|
35
36
|
"debug": "^4.3.4"
|
|
36
37
|
},
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
{
|
|
2
|
+
"compilerOptions": {
|
|
3
|
+
"target": "es2016",
|
|
4
|
+
"lib": [
|
|
5
|
+
"es6"
|
|
6
|
+
],
|
|
7
|
+
"module": "commonjs",
|
|
8
|
+
"rootDir": ".",
|
|
9
|
+
"resolveJsonModule": true,
|
|
10
|
+
"allowJs": true,
|
|
11
|
+
"outDir": "../dist",
|
|
12
|
+
"esModuleInterop": true,
|
|
13
|
+
"forceConsistentCasingInFileNames": true,
|
|
14
|
+
"strict": true,
|
|
15
|
+
"noImplicitAny": true,
|
|
16
|
+
"skipLibCheck": true
|
|
17
|
+
},
|
|
18
|
+
"references": [
|
|
19
|
+
{
|
|
20
|
+
"path": "../"
|
|
21
|
+
}
|
|
22
|
+
]
|
|
23
|
+
}
|
package/src/version.ts
CHANGED
package/tsconfig.json
CHANGED
|
@@ -1,16 +1,11 @@
|
|
|
1
1
|
{
|
|
2
2
|
"compilerOptions": {
|
|
3
|
-
"
|
|
4
|
-
"
|
|
5
|
-
"module": "commonjs",
|
|
6
|
-
"rootDir": "src",
|
|
3
|
+
"rootDir": ".",
|
|
4
|
+
"outDir": ".",
|
|
7
5
|
"resolveJsonModule": true,
|
|
8
|
-
"
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
"
|
|
12
|
-
|
|
13
|
-
"noImplicitAny": true,
|
|
14
|
-
"skipLibCheck": true
|
|
15
|
-
}
|
|
6
|
+
"composite": true
|
|
7
|
+
},
|
|
8
|
+
"files": [
|
|
9
|
+
"package.json"
|
|
10
|
+
]
|
|
16
11
|
}
|