npm - env-secrets - Versions diffs - 0.2.0 → 0.3.0 - Mend

env-secrets 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (60) hide show

package/.devcontainer/devcontainer.json +10 -6
package/.dockerignore +9 -0
package/.eslintignore +4 -2
package/.github/dependabot.yml +4 -0
package/.github/workflows/build-main.yml +6 -2
package/.github/workflows/deploy-docs.yml +50 -0
package/.github/workflows/e2e-tests.yaml +54 -0
package/.github/workflows/lint.yaml +6 -2
package/.github/workflows/release.yml +2 -2
package/.github/workflows/snyk.yaml +5 -1
package/.github/workflows/unittests.yaml +9 -66
package/.lintstagedrc +2 -7
package/.prettierignore +6 -0
package/AGENTS.md +149 -0
package/Dockerfile +14 -0
package/README.md +331 -13
package/__e2e__/README.md +160 -0
package/__e2e__/index.test.ts +334 -32
package/__e2e__/setup.ts +58 -0
package/__e2e__/utils/debug-logger.ts +45 -0
package/__e2e__/utils/test-utils.ts +645 -0
package/__tests__/index.test.ts +266 -9
package/__tests__/vaults/secretsmanager.test.ts +460 -0
package/__tests__/vaults/utils.test.ts +9 -9
package/dist/index.js +36 -10
package/dist/vaults/secretsmanager.js +17 -5
package/dist/vaults/utils.js +2 -2
package/docker-compose.yaml +29 -0
package/docs/AWS.md +257 -0
package/jest.config.js +3 -1
package/jest.e2e.config.js +8 -0
package/package.json +10 -7
package/src/index.ts +44 -10
package/src/vaults/secretsmanager.ts +16 -5
package/src/vaults/utils.ts +6 -4
package/website/docs/advanced-usage.mdx +399 -0
package/website/docs/best-practices.mdx +416 -0
package/website/docs/cli-reference.mdx +204 -0
package/website/docs/examples.mdx +960 -0
package/website/docs/faq.mdx +302 -0
package/website/docs/index.mdx +56 -0
package/website/docs/installation.mdx +30 -0
package/website/docs/overview.mdx +17 -0
package/website/docs/production-deployment.mdx +622 -0
package/website/docs/providers/aws-secrets-manager.mdx +28 -0
package/website/docs/security.mdx +122 -0
package/website/docs/troubleshooting.mdx +236 -0
package/website/docs/tutorials/local-dev/devcontainer-localstack.mdx +31 -0
package/website/docs/tutorials/local-dev/docker-compose.mdx +22 -0
package/website/docs/tutorials/local-dev/nextjs.mdx +18 -0
package/website/docs/tutorials/local-dev/node-python-go.mdx +39 -0
package/website/docs/tutorials/local-dev/quickstart.mdx +23 -0
package/website/docusaurus.config.ts +89 -0
package/website/package.json +21 -0
package/website/sidebars.ts +33 -0
package/website/src/css/custom.css +1 -0
package/website/static/img/env-secrets.png +0 -0
package/website/static/img/favicon.ico +0 -0
package/website/static/img/logo.svg +4 -0
package/website/yarn.lock +8764 -0

package/__e2e__/index.test.ts CHANGED Viewed

@@ -1,37 +1,339 @@
+import {
+  LocalStackHelper,
+  cli,
+  cliWithEnv,
+  createTempFile,
+  cleanupTempFile,
+  createTestProfile,
+  restoreTestProfile,
+  TestSecret,
+  CreatedSecret
+} from './utils/test-utils';
+import { debugLog } from './utils/debug-logger';
+import * as fs from 'fs';
 import * as path from 'path';
-import { exec } from 'child_process';
-type Cli = {
-  code: number;
-  error: Error;
-  stdout: any;
-  stderr: any;
-};
-describe('CLI tests', () => {
-  test('general help', async () => {
-    const result = await cli(['-h'], '.');
-    expect(result.code).toBe(0);
+import * as os from 'os';
+describe('End-to-End Tests', () => {
+  let localStack: LocalStackHelper;
+  let awsDir: string | undefined;
+  beforeAll(async () => {
+    localStack = new LocalStackHelper();
+    await localStack.waitForLocalStack();
+    // Create test AWS profile
+    awsDir = createTestProfile();
   });
-  test('aws help', async () => {
-    const result = await cli(['aws -h'], '.');
-    expect(result.code).toBe(0);
+  afterAll(async () => {
+    // Clean up all secrets created during this test run
+    await localStack.cleanupRunSecrets();
+    // Restore AWS profile
+    restoreTestProfile(awsDir);
+  });
+  // Helper function to create a secret for a test
+  const createTestSecret = async (
+    secret: TestSecret,
+    region?: string
+  ): Promise<CreatedSecret> => {
+    return await localStack.createSecret(secret, region);
+  };
+  // Helper function to create LocalStack environment variables
+  const getLocalStackEnv = (overrides: Record<string, string> = {}) => ({
+    AWS_ENDPOINT_URL: process.env.LOCALSTACK_URL || 'http://localhost:4566',
+    AWS_ACCESS_KEY_ID: 'test',
+    AWS_SECRET_ACCESS_KEY: 'test',
+    AWS_DEFAULT_REGION: 'us-east-1',
+    ...overrides
   });
-});
-function cli(args, cwd): Promise<Cli> {
-  return new Promise((resolve) => {
-    exec(
-      `node ${path.resolve('./dist/index')} ${args.join(' ')}`,
-      { cwd },
-      (error, stdout, stderr) => {
-        resolve({
-          code: error && error.code ? error.code : 0,
-          error: error || new Error(),
-          stdout,
-          stderr
-        });
-      }
-    );
+  describe('CLI Help Commands', () => {
+    test('should show general help', async () => {
+      const result = await cli(['-h']);
+      expect(result.code).toBe(0);
+      expect(result.stdout).toContain('env-secrets');
+      expect(result.stdout).toContain('pull secrets from vaults');
+    });
+    test('should show AWS command help', async () => {
+      const result = await cli(['aws', '-h']);
+      expect(result.code).toBe(0);
+      expect(result.stdout).toContain('get secrets from AWS secrets manager');
+      expect(result.stdout).toContain('--secret');
+    });
+    test('should show version', async () => {
+      const result = await cli(['--version']);
+      expect(result.code).toBe(0);
+      expect(result.stdout).toMatch(/^\d+\.\d+\.\d+/);
+    });
   });
-}
+  describe('AWS Secrets Manager Integration', () => {
+    describe('Using Default AWS Credentials', () => {
+      test('should retrieve basic JSON secret', async () => {
+        const secret = await createTestSecret({
+          name: 'test-secret-basic',
+          value:
+            '{"API_KEY": "secret123", "DATABASE_URL": "postgres://localhost:5432/test"}',
+          description: 'Basic test secret with API key and database URL'
+        });
+        const result = await cliWithEnv(
+          ['aws', '-s', secret.prefixedName],
+          getLocalStackEnv()
+        );
+        expect(result.code).toBe(0);
+        expect(result.stderr).toBe('');
+      });
+      test('should retrieve simple string secret', async () => {
+        const secret = await createTestSecret({
+          name: 'test-secret-simple',
+          value: 'simple-string-value',
+          description: 'Simple string secret'
+        });
+        const result = await cliWithEnv(
+          ['aws', '-s', secret.prefixedName],
+          getLocalStackEnv()
+        );
+        expect(result.code).toBe(0);
+        expect(result.stderr).toBe('');
+      });
+      test('should retrieve complex JSON secret', async () => {
+        const secret = await createTestSecret({
+          name: 'test-secret-complex',
+          value:
+            '{"NESTED": {"KEY": "value"}, "ARRAY": [1, 2, 3], "BOOLEAN": true, "NUMBER": 42}',
+          description: 'Complex JSON secret'
+        });
+        const result = await cliWithEnv(
+          ['aws', '-s', secret.prefixedName],
+          getLocalStackEnv()
+        );
+        expect(result.code).toBe(0);
+        expect(result.stderr).toBe('');
+      });
+      test('should retrieve secret with special characters', async () => {
+        const secret = await createTestSecret({
+          name: 'test-secret-special-chars',
+          value:
+            '{"PASSWORD": "p@ssw0rd!#$%", "URL": "https://api.example.com/v1?key=value&other=test"}',
+          description: 'Secret with special characters'
+        });
+        const result = await cliWithEnv(
+          ['aws', '-s', secret.prefixedName],
+          getLocalStackEnv()
+        );
+        expect(result.code).toBe(0);
+        expect(result.stderr).toBe('');
+      });
+      test('should handle non-existent secret', async () => {
+        const result = await cliWithEnv(
+          ['aws', '-s', 'non-existent-secret'],
+          getLocalStackEnv()
+        );
+        expect(result.code).toBe(0);
+        expect(result.stderr).toContain('non-existent-secret not found');
+      });
+      test('should work with custom region', async () => {
+        const secret = await createTestSecret(
+          {
+            name: `test-secret-region-${Date.now()}`,
+            value:
+              '{"API_KEY": "secret123", "DATABASE_URL": "postgres://localhost:5432/test"}',
+            description: 'Basic test secret for us-west-2'
+          },
+          'us-west-2'
+        );
+        const result = await cliWithEnv(
+          ['aws', '-s', secret.prefixedName, '-r', 'us-west-2'],
+          getLocalStackEnv()
+        );
+        expect(result.code).toBe(0);
+        expect(result.stderr).toBe('');
+      });
+    });
+    describe('Using AWS Profile', () => {
+      test('should retrieve secret using default profile', async () => {
+        const secret = await createTestSecret({
+          name: 'test-secret-profile',
+          value:
+            '{"API_KEY": "secret123", "DATABASE_URL": "postgres://localhost:5432/test"}',
+          description: 'Secret for profile test'
+        });
+        const result = await cliWithEnv(
+          ['aws', '-s', secret.prefixedName],
+          getLocalStackEnv()
+        );
+        expect(result.code).toBe(0);
+        expect(result.stderr).toBe('');
+      });
+      test('should retrieve secret using custom profile', async () => {
+        const secret = await createTestSecret({
+          name: 'test-secret-profile-custom',
+          value:
+            '{"API_KEY": "secret123", "DATABASE_URL": "postgres://localhost:5432/test"}',
+          description: 'Secret for custom profile test'
+        });
+        const result = await cliWithEnv(
+          ['aws', '-s', secret.prefixedName, '-p', 'env-secrets-test'],
+          getLocalStackEnv()
+        );
+        expect(result.code).toBe(0);
+        expect(result.stderr).toBe('');
+      });
+    });
+    describe('Output to File', () => {
+      test('should write secrets to file', async () => {
+        debugLog('Starting test...');
+        const secret = await createTestSecret({
+          name: `test-secret-file-${Date.now()}`,
+          value:
+            '{"API_KEY": "secret123", "DATABASE_URL": "postgres://localhost:5432/test"}',
+          description: 'Secret for file output test'
+        });
+        debugLog('Secret created successfully');
+        const tempFile = path.join(
+          os.tmpdir(),
+          `env-secrets-test-${Date.now()}.env`
+        );
+        const result = await cliWithEnv(
+          ['aws', '-s', secret.prefixedName, '-o', tempFile],
+          getLocalStackEnv()
+        );
+        debugLog('CLI result:', {
+          code: result.code,
+          stdout: result.stdout,
+          stderr: result.stderr
+        });
+        expect(result.code).toBe(0);
+        expect(result.stdout).toContain(`Secrets written to ${tempFile}`);
+        // Verify file contents
+        const fileContent = fs.readFileSync(tempFile, 'utf8');
+        expect(fileContent).toContain('API_KEY=secret123');
+        expect(fileContent).toContain(
+          'DATABASE_URL=postgres://localhost:5432/test'
+        );
+        cleanupTempFile(tempFile);
+      });
+      test('should not overwrite existing file', async () => {
+        const tempFile = createTempFile('existing content');
+        try {
+          const result = await cliWithEnv(
+            ['aws', '-s', 'test-secret-basic', '-o', tempFile],
+            getLocalStackEnv()
+          );
+          expect(result.code).toBe(1);
+          expect(result.stderr).toContain(
+            'already exists and will not be overwritten'
+          );
+          // Verify file was not modified
+          const fileContent = fs.readFileSync(tempFile, 'utf8');
+          expect(fileContent).toBe('existing content');
+        } finally {
+          cleanupTempFile(tempFile);
+        }
+      });
+    });
+    describe('Program Execution', () => {
+      test('should execute program with injected environment variables', async () => {
+        const secret = await createTestSecret({
+          name: `test-secret-exec-${Date.now()}`,
+          value:
+            '{"API_KEY": "secret123", "DATABASE_URL": "postgres://localhost:5432/test"}',
+          description: 'Secret for program execution test'
+        });
+        const result = await cliWithEnv(
+          ['aws', '-s', secret.prefixedName, 'echo', '$API_KEY'],
+          getLocalStackEnv()
+        );
+        expect(result.code).toBe(0);
+        // In test mode, the CLI outputs the environment variables as JSON
+        const envVars = JSON.parse(result.stdout.trim());
+        expect(envVars.API_KEY).toBe('secret123');
+        expect(envVars.DATABASE_URL).toBe('postgres://localhost:5432/test');
+      });
+      test('should handle program execution errors gracefully', async () => {
+        const secret = await createTestSecret({
+          name: `test-secret-error-${Date.now()}`,
+          value: '{"API_KEY": "secret123"}',
+          description: 'Secret for error handling test'
+        });
+        const result = await cliWithEnv(
+          ['aws', '-s', secret.prefixedName, 'nonexistent-command'],
+          getLocalStackEnv()
+        );
+        expect(result.code).toBe(0);
+        // In test mode, the CLI outputs the environment variables as JSON
+        const envVars = JSON.parse(result.stdout.trim());
+        expect(envVars.API_KEY).toBe('secret123');
+      });
+    });
+    describe('Error Handling', () => {
+      test('should handle invalid AWS credentials', async () => {
+        const result = await cliWithEnv(
+          ['aws', '-s', 'test-secret-basic'],
+          getLocalStackEnv({
+            AWS_ACCESS_KEY_ID: 'invalid',
+            AWS_SECRET_ACCESS_KEY: 'invalid'
+          })
+        );
+        // LocalStack accepts any credentials, so this should succeed
+        expect(result.code).toBe(0);
+      });
+      test('should handle missing secret parameter', async () => {
+        const result = await cliWithEnv(['aws'], getLocalStackEnv());
+        expect(result.code).toBe(1);
+        expect(result.stderr).toContain('required option');
+      });
+    });
+  });
+});

package/__e2e__/setup.ts ADDED Viewed

@@ -0,0 +1,58 @@
+// E2E Test Setup
+// This file runs before all e2e tests
+import { LocalStackHelper, checkAwslocalInstalled } from './utils/test-utils';
+import { debugLog, debugError } from './utils/debug-logger';
+// Increase timeout for e2e tests
+jest.setTimeout(30000);
+// Global setup for e2e tests
+beforeAll(async () => {
+  debugLog('Setting up E2E test environment...');
+  // Check if awslocal is installed
+  await checkAwslocalInstalled();
+  // Check if LocalStack is available
+  const localStack = new LocalStackHelper();
+  try {
+    await localStack.waitForLocalStack();
+    debugLog('LocalStack is ready for E2E tests');
+  } catch (error) {
+    debugError(
+      'LocalStack is not available, some tests may fail:',
+      error.message
+    );
+    process.exit(1);
+  }
+});
+// Global cleanup
+afterAll(async () => {
+  debugLog('Cleaning up E2E test environment...');
+});
+// Suppress console.log during tests unless DEBUG is set
+// But always show console.error and console.warn for debugging
+const originalConsoleLog = console.log;
+const originalConsoleInfo = console.info;
+const originalConsoleDebug = console.debug;
+beforeEach(() => {
+  if (!process.env.DEBUG) {
+    console.log = jest.fn();
+    console.info = jest.fn();
+    console.debug = jest.fn();
+    // Keep console.error and console.warn enabled for debugging
+  }
+});
+afterEach(() => {
+  if (!process.env.DEBUG) {
+    console.log = originalConsoleLog;
+    console.info = originalConsoleInfo;
+    console.debug = originalConsoleDebug;
+    // console.error and console.warn are already enabled
+  }
+});

package/__e2e__/utils/debug-logger.ts ADDED Viewed

@@ -0,0 +1,45 @@
+/**
+ * Debug logging utility for e2e tests
+ * Only outputs logs when DEBUG environment variable is set
+ */
+export class DebugLogger {
+  private static isDebugEnabled(): boolean {
+    return process.env.DEBUG === 'true' || process.env.DEBUG === '1';
+  }
+  static log(message: string, ...args: any[]): void {
+    if (DebugLogger.isDebugEnabled()) {
+      console.log(message, ...args);
+    }
+  }
+  static error(message: string, ...args: any[]): void {
+    // Always show errors for debugging
+    console.error(message, ...args);
+  }
+  static warn(message: string, ...args: any[]): void {
+    // Always show warnings for debugging
+    console.warn(message, ...args);
+  }
+  static info(message: string, ...args: any[]): void {
+    if (DebugLogger.isDebugEnabled()) {
+      console.info(message, ...args);
+    }
+  }
+  static debug(message: string, ...args: any[]): void {
+    if (DebugLogger.isDebugEnabled()) {
+      console.debug(message, ...args);
+    }
+  }
+}
+// Export convenience functions
+export const debugLog = DebugLogger.log;
+export const debugError = DebugLogger.error;
+export const debugWarn = DebugLogger.warn;
+export const debugInfo = DebugLogger.info;
+export const debugDebug = DebugLogger.debug;