env-secrets 0.1.3 → 0.1.7

package/.eslintrc

@@ -8,8 +8,11 @@
     "plugin:@typescript-eslint/recommended",
     "prettier"
   ],
+  "env": {
+    "jest": true
+  },
   "rules": {
-    "no-console": 1,
-    "prettier/prettier": 2
+    "no-console": "warn",
+    "prettier/prettier": "error"
   }
 }

package/.github/dependabot.yml

@@ -1,16 +1,16 @@
 version: 2
 updates:
-  - package-ecosystem: "npm"
+  - package-ecosystem: 'npm'
     versioning-strategy: increase
-    directory: "/"
+    directory: '/'
     schedule:
-      interval: "monthly"
+      interval: 'monthly'
     labels:
-      - "dependencies"
+      - 'dependencies'
     open-pull-requests-limit: 100
     pull-request-branch-name:
-      separator: "-"
+      separator: '-'
     ignore:
-      - dependency-name: "fs-extra"
-      - dependency-name: "*"
-        update-types: ["version-update:semver-major"]
+      - dependency-name: 'fs-extra'
+      - dependency-name: '*'
+        update-types: ['version-update:semver-major']

package/.github/workflows/build-main.yml

@@ -0,0 +1,48 @@
+---
+name: Build
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18.14.0
+
+      - name: Install Node.js dependencies
+        run: yarn
+
+      - name: Slack Notification
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_CHANNEL: feed-github
+          SLACK_COLOR: ${{ job.status }}
+          SLACK_ICON: https://avatars.githubusercontent.com/u/82425418?s=200&v=4
+          SLACK_TITLE: 'env-secrets to dev :rocket:'
+          SLACK_USERNAME: env-secrets-bot
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
+
+      - name: Notify failures
+        if: failure()
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_LINK_NAMES: true
+          SLACK_MESSAGE:
+            # prettier-ignore
+            "hey @${{ github.actor }}, @mark, sorry to let you know you broke the build"
+          SLACK_CHANNEL: feed-github
+          SLACK_COLOR: ${{ job.status }}
+          SLACK_ICON: https://avatars.githubusercontent.com/u/82425418?s=200&v=4
+          SLACK_TITLE: 'Failed: env-secrets to dev :fire:'
+          SLACK_USERNAME: env-secrets-bot
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}

package/.github/workflows/lint.yaml

@@ -0,0 +1,31 @@
+name: Lint
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  run-linters:
+    name: Run linters
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out Git repository
+        uses: actions/checkout@v3
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18.14.2
+
+      # ESLint and Prettier must be in `package.json`
+      - name: Install Node.js dependencies
+        run: yarn --frozen-lockfile
+
+      - name: Run linters
+        uses: wearerequired/lint-action@v1
+        with:
+          eslint: true
+          eslint_extensions: js,ts
+          prettier: true

package/.github/workflows/release.yml

@@ -0,0 +1,54 @@
+---
+name: Release and Publish
+
+on:
+  workflow_dispatch:
+
+jobs:
+  release:
+    if: ${{ github.ref == 'refs/heads/main' }}
+    name: Create Github Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Clone Repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: git config
+        run: |
+          git config user.name "${GITHUB_ACTOR}"
+          git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18.14.0
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: Install Node.js dependencies
+        run: yarn
+
+      - name: Install Node.js dependencies
+        run: yarn build
+
+      - name: Github release
+        run: yarn release patch --ci
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+
+      - name: Notify failures
+        if: failure()
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_LINK_NAMES: true
+          SLACK_MESSAGE:
+            # prettier-ignore
+            "hey @${{ github.actor }}, @mark, sorry to let you know you broke the build"
+          SLACK_CHANNEL: feed-github
+          SLACK_COLOR: ${{ job.status }}
+          SLACK_ICON: https://avatars.githubusercontent.com/u/82425418?s=200&v=4
+          SLACK_TITLE: 'Failed: cld-cli to dev :fire:'
+          SLACK_USERNAME: cld-cli-bot
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}

package/.github/workflows/snyk.yaml

@@ -0,0 +1,27 @@
+name: Synk analysis
+
+on: push
+
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/node@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      - name: Notify failures
+        if: failure()
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_LINK_NAMES: true
+          SLACK_MESSAGE:
+            # prettier-ignore
+            "hey @${{ github.actor }}, @mark, sorry to let you know you broke the build"
+          SLACK_CHANNEL: feed-github
+          SLACK_COLOR: ${{ job.status }}
+          SLACK_ICON: https://avatars.githubusercontent.com/u/82425418?s=200&v=4
+          SLACK_TITLE: 'Failed: env-secrets to dev :fire:'
+          SLACK_USERNAME: env-secrets-bot
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}

package/.github/workflows/unittests.yaml

@@ -0,0 +1,46 @@
+name: Unit Tests
+
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [14.x, 16.x, 18.x]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Set up Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - name: Install dependencies
+        run: yarn
+
+      - name: Build
+        run: yarn build
+
+      - name: Run the tests
+        run: yarn test --coverage
+
+      - name: Notify failures
+        if: failure()
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_LINK_NAMES: true
+          SLACK_MESSAGE:
+            # prettier-ignore
+            "hey @${{ github.actor }}, @mark, sorry to let you know you broke the build"
+          SLACK_CHANNEL: feed-github
+          SLACK_COLOR: ${{ job.status }}

package/.husky/pre-commit

@@ -0,0 +1,4 @@
+#!/usr/bin/env sh
+. "$(dirname -- "$0")/_/husky.sh"
+
+npx lint-staged

package/.lintstagedrc

@@ -0,0 +1,9 @@
+{
+  "*.{js,ts}": [
+    "prettier --write",
+    "eslint --fix"
+  ],
+  "*.{json,md,yaml}": [
+    "prettier --write"
+  ],
+}

package/.nvmrc

@@ -1 +1 @@
-v16.17.0
+v18.14.2

package/.prettierignore

@@ -0,0 +1 @@
+dist/

package/.release-it.json

@@ -0,0 +1,12 @@
+{
+  "git": {
+    "commitMessage": "chore: release v${version}"
+  },
+  "github": {
+    "release": true,
+    "releaseNotes": "./generate-release-notes.sh ${tagName}"
+  },
+  "npm": {
+    "publish": true
+  }
+}

package/README.md

@@ -2,16 +2,101 @@
 
 Get secrets from a vault and inject them as environment variables
 
+[![Version](https://img.shields.io/npm/v/env-secrets.svg)](https://npmjs.org/package/env-secrets)
+[![build](https://img.shields.io/github/actions/workflow/status/markcallen/env-secrets/build-main.yml)](https://github.com/markcallen/env-secrets/tree/main)
+[![test](https://img.shields.io/github/actions/workflow/status/markcallen/env-secrets/unittests.yaml)](https://github.com/markcallen/env-secrets/tree/main)
+![vulnerabilities](https://img.shields.io/snyk/vulnerabilities/github/markcallen/env-secrets)
+[![Downloads/week](https://img.shields.io/npm/dw/env-secrets.svg)](https://npmjs.org/package/env-secrets)
+[![License](https://img.shields.io/npm/l/env-secrets.svg)](https://github.com/markcallen/env-secrets/blob/main/LICENSE)
+
 ## Setup
 
 Install node
 
-## Debug
+## Installation
+
+Globally
+
+```
+npm install -g env-secrets
+```
+
+Project specific
+
+```
+npm install env-secrets
+```
+
+when using project specific run using npx
+
+```
+npx env-secrets ...
+```
+
+## Usage
+
+AWS
+
+```
+env-secrets aws -s <secret name> -r <region> -p <profile> -- <program to run>
+```
+
+`<secret name>` is the name of the secret in Secrets Manager
+
+`<region>` is the region where the secret to stored. It is optional, the AWS_DEFAULT_REGION environment variable will be used instead.
+
+`<profile>` is the local aws profile to use. It is optional, the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables will be used instead.
+
+example:
+
+```
+env-secrets aws -s local/sample -r us-east-1 -p marka -- env
+```
+
+Create a Secret using AWS cli
 
-Use debug-js pass in env-secrets for the main application and env-secrets:<vault> for vault specific debugging
+```
+aws secretsmanager create-secret \
+    --region us-east-1 \
+    --profile marka \
+    --name local/sample \
+    --description "local/sample secret" \
+    --secret-string "{\"user\":\"marka\",\"password\":\"mypassword\"}"
+```
+
+## Development
+
+Setup node using [nvm](https://github.com/nvm-sh/nvm). Or use node 18.x.
+
+```
+nvm use
+```
+
+Install yarn
+
+```
+npm install -y yarn
+```
+
+Setup
+
+```
+yarn
+```
+
+Run
 
 ```
-DEBUG=env-secrets,env-secrets:secretsmanager npx ts-node src/index.ts aws -s local/sample -r ca-central-1 -p marka -- env
+npx ts-node src/index.ts aws -s local/sample -r us-east-1 -p marka -- env
+```
+
+### Debug
+
+Uses debug-js to show debug logs by passing in env-secrets for the main application
+and env-secrets:{vault} for vault specific debugging
+
+```
+DEBUG=env-secrets,env-secrets:secretsmanager npx ts-node src/index.ts aws -s local/sample -r us-east-1 -p marka -- env
 ```
 
 ## Publishing
@@ -33,3 +118,13 @@ Run:
 ```
 npm run release -- patch
 ```
+
+## License
+
+Distributed under the MIT License. See `LICENSE` for more information.
+
+## Contact
+
+Mark C Allen - [@markcallen](https://www.linkedin.com/in/markcallen/)
+
+Project Link: [https://github.com/markcallen/env-secrets](https://github.com/markcallen/env-secrets)

package/__tests__/index.test.ts

@@ -0,0 +1,37 @@
+import * as path from 'path';
+import { exec } from 'child_process';
+
+type Cli = {
+  code: number;
+  error: Error;
+  stdout: any;
+  stderr: any;
+};
+
+describe('CLI tests', () => {
+  test('general help', async () => {
+    const result = await cli(['-h'], '.');
+    expect(result.code).toBe(0);
+  });
+  test('aws help', async () => {
+    const result = await cli(['aws -h'], '.');
+    expect(result.code).toBe(0);
+  });
+});
+
+function cli(args, cwd): Promise<Cli> {
+  return new Promise((resolve) => {
+    exec(
+      `node ${path.resolve('./dist/index')} ${args.join(' ')}`,
+      { cwd },
+      (error, stdout, stderr) => {
+        resolve({
+          code: error && error.code ? error.code : 0,
+          error,
+          stdout,
+          stderr
+        });
+      }
+    );
+  });
+}

package/dist/index.js

@@ -20,10 +20,12 @@ const version_1 = require("./version");
 const secretsmanager_1 = require("./vaults/secretsmanager");
 const debug = (0, debug_1.default)('env-secrets');
 const program = new commander_1.Command();
+// main program
 program
     .name('env-secrets')
     .description('pull secrets from vaults and inject them into the running environment')
     .version(version_1.LIB_VERSION);
+// aws secretsmanager
 program
     .command('aws')
     .description('get secrets from AWS secrets manager')
@@ -35,7 +37,7 @@ program
     let env = yield (0, secretsmanager_1.secretsmanager)(options);
     env = Object.assign({}, process.env, env);
     debug(env);
-    if (program) {
+    if (program && program.length > 0) {
         debug(`${program[0]} ${program.slice(1)}`);
         (0, node_child_process_1.spawn)(program[0], program.slice(1), {
             stdio: 'inherit',

package/dist/vaults/secretsmanager.js

@@ -18,7 +18,7 @@ const debug_1 = __importDefault(require("debug"));
 const debug = (0, debug_1.default)('env-secrets:secretsmanager');
 const checkConnection = () => __awaiter(void 0, void 0, void 0, function* () {
     const sts = new aws_sdk_1.default.STS();
-    const myPromise = new Promise((resolve, reject) => {
+    const getCallerPromise = new Promise((resolve, reject) => {
         sts.getCallerIdentity({}, (err, data) => {
             if (err)
                 reject(err);
@@ -29,7 +29,7 @@ const checkConnection = () => __awaiter(void 0, void 0, void 0, function* () {
     });
     let value;
     let err;
-    yield myPromise
+    yield getCallerPromise
         .then((v) => {
         value = v;
     })
@@ -38,6 +38,7 @@ const checkConnection = () => __awaiter(void 0, void 0, void 0, function* () {
     });
     if (err) {
         console.error(err);
+        return false;
     }
     debug(value);
     return !!value;
@@ -46,23 +47,23 @@ const secretsmanager = (options) => __awaiter(void 0, void 0, void 0, function*
     const { secret, profile, region } = options;
     const { AWS_ACCESS_KEY_ID: awsAccessKeyId, AWS_SECRET_ACCESS_KEY: awsSecretAccessKey } = process.env;
     if (profile) {
-        console.log(`Using profile: ${profile}`);
+        debug(`Using profile: ${profile}`);
         const credentials = new aws_sdk_1.default.SharedIniFileCredentials({
             profile
         });
         aws_sdk_1.default.config.credentials = credentials;
     }
     else if (awsAccessKeyId && awsSecretAccessKey) {
-        console.log('Using environment variables');
+        debug('Using environment variables');
     }
     else {
-        console.log('Using profile: default');
+        debug('Using profile: default');
     }
     if (region) {
         aws_sdk_1.default.config.update({ region });
     }
     if (!aws_sdk_1.default.config.region) {
-        console.log('no region set');
+        debug('no region set');
     }
     const connected = yield checkConnection();
     if (connected) {
@@ -96,5 +97,8 @@ const secretsmanager = (options) => __awaiter(void 0, void 0, void 0, function*
         }
         return {};
     }
+    else {
+        console.error('Unable to connect to AWS');
+    }
 });
 exports.secretsmanager = secretsmanager;

package/generate-release-notes.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+#
+
+url=$(git config --get remote.origin.url)
+
+re="^(https|git)(:\/\/|@)([^\/:]+)[\/:]([^\/:]+)\/(.+)(\.git)?$"
+
+if [[ $url =~ $re ]]; then
+    protocol=${BASH_REMATCH[1]}
+    separator=${BASH_REMATCH[2]}
+    hostname=${BASH_REMATCH[3]}
+    user=${BASH_REMATCH[4]}
+    repo=$(basename ${BASH_REMATCH[5]} .git)
+fi
+
+REPO=$user/$repo
+
+LAST=$(curl -s -L \
+  -H "Accept: application/vnd.github+json" \
+  -H "Authorization: Bearer ${GITHUB_TOKEN}" \
+  -H "X-GitHub-Api-Version: 2022-11-28" \
+  https://api.github.com/repos/${REPO}/releases | jq -r .[0].tag_name)
+
+LATEST=$1
+
+echo **Full Changelog**: https://github.com/${REPO}/compare/${LAST}...${LATEST}
+
+git log --pretty="- %s" ${LAST}..HEAD

package/jest.config.js

@@ -0,0 +1,6 @@
+/** @type {import('ts-jest').JestConfigWithTsJest} */
+// eslint-disable-next-line no-undef
+module.exports = {
+  preset: 'ts-jest',
+  testEnvironment: 'node'
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "env-secrets",
-  "version": "0.1.3",
+  "version": "0.1.7",
   "description": "get secrets from a secrets vault and inject them into the running environment",
   "main": "index.js",
   "author": "Mark C Allen (@markcallen)",
@@ -9,32 +9,51 @@
   "license": "MIT",
   "private": false,
   "scripts": {
+    "prepare": "husky install",
     "build": "rimraf ./dist && tsc -b src",
     "postbuild": "chmod 755 ./dist/index.js",
-    "lint": "eslint . --ext .ts",
+    "lint": "eslint . --ext .ts,.js",
     "release": "release-it",
     "prettier:fix": "npx prettier --write .",
-    "prettier:check": "npx prettier --check ."
+    "prettier:check": "npx prettier --check .",
+    "test": "jest"
   },
   "devDependencies": {
     "@types/debug": "^4.1.7",
-    "@types/node": "^18.11.18",
-    "@typescript-eslint/eslint-plugin": "^5.48.0",
-    "@typescript-eslint/parser": "^5.48.0",
-    "eslint": "^8.31.0",
-    "eslint-config-prettier": "^8.5.0",
+    "@types/jest": "^29.4.0",
+    "@types/node": "^18.15.11",
+    "@typescript-eslint/eslint-plugin": "^5.57.1",
+    "@typescript-eslint/parser": "^5.57.0",
+    "eslint": "^8.37.0",
+    "eslint-config-prettier": "^8.8.0",
     "eslint-plugin-prettier": "^4.2.1",
-    "prettier": "^2.8.1",
-    "release-it": "^15.6.0",
+    "husky": "^8.0.3",
+    "jest": "^29.5.0",
+    "lint-staged": "^13.2.0",
+    "prettier": "^2.8.7",
+    "release-it": "^15.10.1",
     "rimraf": "^3.0.2",
+    "ts-jest": "^29.0.5",
     "ts-node": "^10.9.1",
-    "typescript": "^4.9.4"
+    "typescript": "^4.9.5"
   },
   "dependencies": {
-    "aws-sdk": "^2.1287.0",
-    "commander": "^9.4.1",
+    "aws-sdk": "^2.1351.0",
+    "commander": "^9.5.0",
     "debug": "^4.3.4"
   },
+  "lint-staged": {
+    "*.{ts,js}": [
+      "prettier --write .",
+      "eslint --fix ."
+    ],
+    "*.{json,md,yaml}": [
+      "prettier --write ."
+    ]
+  },
+  "publishConfig": {
+    "registry": "https://registry.npmjs.org/"
+  },
   "bin": {
     "env-secrets": "./dist/index.js"
   }

package/src/index.ts

@@ -11,6 +11,7 @@ const debug = Debug('env-secrets');
 
 const program = new Command();
 
+// main program
 program
   .name('env-secrets')
   .description(
@@ -18,6 +19,7 @@ program
   )
   .version(LIB_VERSION);
 
+// aws secretsmanager
 program
   .command('aws')
   .description('get secrets from AWS secrets manager')
@@ -29,7 +31,7 @@ program
     let env = await secretsmanager(options);
     env = Object.assign({}, process.env, env);
     debug(env);
-    if (program) {
+    if (program && program.length > 0) {
       debug(`${program[0]} ${program.slice(1)}`);
       spawn(program[0], program.slice(1), {
         stdio: 'inherit',

package/src/tsconfig.json

@@ -1,9 +1,7 @@
 {
   "compilerOptions": {
     "target": "es2016",
-    "lib": [
-      "es6"
-    ],
+    "lib": ["es6"],
     "module": "commonjs",
     "rootDir": ".",
     "resolveJsonModule": true,

package/src/vaults/secretsmanager.ts

@@ -12,7 +12,7 @@ interface secretsmanagerType {
 const checkConnection = async () => {
   const sts = new AWS.STS();
 
-  const myPromise = new Promise((resolve, reject) => {
+  const getCallerPromise = new Promise((resolve, reject) => {
     sts.getCallerIdentity({}, (err, data) => {
       if (err) reject(err);
       else {
@@ -24,7 +24,7 @@ const checkConnection = async () => {
   let value;
   let err;
 
-  await myPromise
+  await getCallerPromise
     .then((v) => {
       value = v;
     })
@@ -34,6 +34,7 @@ const checkConnection = async () => {
 
   if (err) {
     console.error(err);
+    return false;
   }
   debug(value);
 
@@ -47,22 +48,22 @@ export const secretsmanager = async (options: secretsmanagerType) => {
     AWS_SECRET_ACCESS_KEY: awsSecretAccessKey
   } = process.env;
   if (profile) {
-    console.log(`Using profile: ${profile}`);
+    debug(`Using profile: ${profile}`);
     const credentials = new AWS.SharedIniFileCredentials({
       profile
     });
     AWS.config.credentials = credentials;
   } else if (awsAccessKeyId && awsSecretAccessKey) {
-    console.log('Using environment variables');
+    debug('Using environment variables');
   } else {
-    console.log('Using profile: default');
+    debug('Using profile: default');
   }
 
   if (region) {
     AWS.config.update({ region });
   }
   if (!AWS.config.region) {
-    console.log('no region set');
+    debug('no region set');
   }
 
   const connected = await checkConnection();
@@ -97,5 +98,7 @@ export const secretsmanager = async (options: secretsmanagerType) => {
     }
 
     return {};
+  } else {
+    console.error('Unable to connect to AWS');
   }
 };

package/tsconfig.json

@@ -3,9 +3,8 @@
     "rootDir": ".",
     "outDir": ".",
     "resolveJsonModule": true,
+    "esModuleInterop": true,
     "composite": true
   },
-  "files": [
-    "package.json"
-  ]
+  "files": ["package.json"]
 }