npm - env-secrets - Versions diffs - 0.3.2 → 0.3.3 - Mend

env-secrets 0.3.2 → 0.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/.codex/rules/cicd.md +170 -0
package/.codex/rules/linting.md +174 -0
package/.codex/rules/local-dev-badges.md +93 -0
package/.codex/rules/local-dev-env.md +271 -0
package/.codex/rules/local-dev-license.md +104 -0
package/.codex/rules/local-dev-mcp.md +72 -0
package/.codex/rules/logging.md +358 -0
package/.codex/rules/observability.md +25 -0
package/.codex/rules/testing.md +133 -0
package/.github/workflows/lint.yaml +7 -8
package/.github/workflows/release.yml +1 -1
package/.github/workflows/unittests.yaml +1 -1
package/AGENTS.md +1 -1
package/README.md +1 -1
package/__tests__/vaults/secretsmanager.test.ts +57 -20
package/dist/vaults/secretsmanager.js +15 -3
package/docs/AWS.md +1 -1
package/eslint.config.js +67 -0
package/package.json +23 -13
package/src/vaults/secretsmanager.ts +28 -3
package/website/docs/examples.mdx +1 -1
package/website/docs/installation.mdx +1 -1
package/.eslintignore +0 -4
package/.eslintrc +0 -18
package/.lintstagedrc +0 -4

package/__tests__/vaults/secretsmanager.test.ts CHANGED Viewed

@@ -1,13 +1,34 @@
-import {
-  SecretsManagerClient,
-  GetSecretValueCommand
-} from '@aws-sdk/client-secrets-manager';
-import { STSClient, GetCallerIdentityCommand } from '@aws-sdk/client-sts';
+import { SecretsManagerClient } from '@aws-sdk/client-secrets-manager';
+import { STSClient } from '@aws-sdk/client-sts';
 import { fromIni } from '@aws-sdk/credential-providers';
+// Mock send functions - must be declared before jest.mock calls
+const mockSecretsManagerSend = jest.fn();
+const mockSTSSend = jest.fn();
 // Mock the AWS SDK and dependencies
-jest.mock('@aws-sdk/client-secrets-manager');
-jest.mock('@aws-sdk/client-sts');
+jest.mock('@aws-sdk/client-secrets-manager', () => {
+  return {
+    SecretsManagerClient: jest.fn().mockImplementation(() => ({
+      send: mockSecretsManagerSend
+    })),
+    GetSecretValueCommand: jest.fn().mockImplementation((input) => ({
+      input
+    }))
+  };
+});
+jest.mock('@aws-sdk/client-sts', () => {
+  return {
+    STSClient: jest.fn().mockImplementation(() => ({
+      send: mockSTSSend
+    })),
+    GetCallerIdentityCommand: jest.fn().mockImplementation((input) => ({
+      input
+    }))
+  };
+});
 jest.mock('@aws-sdk/credential-providers');
 jest.mock('debug', () => {
   const mockDebug = jest.fn();
@@ -27,8 +48,6 @@ const mockFromIni = fromIni as jest.MockedFunction<typeof fromIni>;
 describe('secretsmanager', () => {
   let originalEnv: NodeJS.ProcessEnv;
-  let mockSecretsManagerSend: jest.MockedFunction<any>;
-  let mockSTSSend: jest.MockedFunction<any>;
   beforeEach(() => {
     // Clear all mocks
@@ -37,13 +56,6 @@ describe('secretsmanager', () => {
     // Reset process.env
     originalEnv = { ...process.env };
     process.env = { ...originalEnv };
-    // Setup AWS client mocks
-    mockSecretsManagerSend = jest.fn();
-    mockSTSSend = jest.fn();
-    mockSecretsManagerClient.prototype.send = mockSecretsManagerSend;
-    mockSTSClient.prototype.send = mockSTSSend;
   });
   afterEach(() => {
@@ -72,10 +84,10 @@ describe('secretsmanager', () => {
       });
       expect(mockSTSSend).toHaveBeenCalledWith(
-        expect.any(GetCallerIdentityCommand)
+        expect.objectContaining({ input: {} })
       );
       expect(mockSecretsManagerSend).toHaveBeenCalledWith(
-        expect.any(GetSecretValueCommand)
+        expect.objectContaining({ input: expect.anything() })
       );
       expect(result).toEqual({
         API_KEY: 'test-key',
@@ -93,11 +105,33 @@ describe('secretsmanager', () => {
       });
       expect(mockSTSSend).toHaveBeenCalledWith(
-        expect.any(GetCallerIdentityCommand)
+        expect.objectContaining({ input: {} })
       );
       expect(mockSecretsManagerSend).not.toHaveBeenCalled();
       expect(result).toEqual({});
     });
+    it('should surface a clean error when profile credentials cannot be loaded', async () => {
+      const consoleErrorSpy = jest
+        .spyOn(console, 'error')
+        .mockImplementation(() => undefined);
+      mockSTSSend.mockRejectedValueOnce({
+        name: 'CredentialsProviderError',
+        message: 'Could not load credentials from any providers'
+      });
+      const result = await secretsmanager({
+        secret: 'my-secret',
+        profile: 'missing-profile',
+        region: 'us-east-1'
+      });
+      expect(consoleErrorSpy).toHaveBeenCalledWith(
+        'Could not load credentials from any providers'
+      );
+      expect(result).toEqual({});
+      expect(mockSecretsManagerSend).not.toHaveBeenCalled();
+    });
   });
   describe('credential handling', () => {
@@ -426,7 +460,10 @@ describe('secretsmanager', () => {
       });
       expect(mockFromIni).toHaveBeenCalledWith({ profile: 'production' });
-      expect(mockSTSClient).toHaveBeenCalledWith({ region: 'us-west-2' });
+      expect(mockSTSClient).toHaveBeenCalledWith({
+        region: 'us-west-2',
+        credentials: mockCredentials
+      });
       expect(mockSecretsManagerClient).toHaveBeenCalledWith({
         region: 'us-west-2',
         credentials: mockCredentials

package/dist/vaults/secretsmanager.js CHANGED Viewed

@@ -18,8 +18,15 @@ const client_sts_1 = require("@aws-sdk/client-sts");
 const credential_providers_1 = require("@aws-sdk/credential-providers");
 const debug_1 = __importDefault(require("debug"));
 const debug = (0, debug_1.default)('env-secrets:secretsmanager');
-const checkConnection = (region) => __awaiter(void 0, void 0, void 0, function* () {
-    const stsClient = new client_sts_1.STSClient({ region });
+const isCredentialsError = (error) => {
+    if (!error || typeof error !== 'object') {
+        return false;
+    }
+    const errorName = 'name' in error ? error.name : undefined;
+    return (errorName === 'CredentialsError' || errorName === 'CredentialsProviderError');
+};
+const checkConnection = (region, credentials) => __awaiter(void 0, void 0, void 0, function* () {
+    const stsClient = new client_sts_1.STSClient({ region, credentials });
     const command = new client_sts_1.GetCallerIdentityCommand({});
     try {
         const data = yield stsClient.send(command);
@@ -27,6 +34,11 @@ const checkConnection = (region) => __awaiter(void 0, void 0, void 0, function*
         return true;
     }
     catch (err) {
+        if (isCredentialsError(err) && err.message) {
+            // eslint-disable-next-line no-console
+            console.error(err.message);
+            return false;
+        }
         // eslint-disable-next-line no-console
         console.error(err);
         return false;
@@ -55,7 +67,7 @@ const secretsmanager = (options) => __awaiter(void 0, void 0, void 0, function*
     if (!config.region) {
         debug('no region set');
     }
-    const connected = yield checkConnection(region);
+    const connected = yield checkConnection(region, credentials);
     if (connected) {
         const client = new client_secrets_manager_1.SecretsManagerClient(config);
         try {

package/docs/AWS.md CHANGED Viewed

@@ -10,7 +10,7 @@ The `env-secrets` tool supports AWS Secrets Manager as a secret vault. It can re
 - [AWS CLI](https://docs.aws.amazon.com/cli/index.html) installed and configured
 - AWS credentials with appropriate permissions to access Secrets Manager
-- Node.js 18.0.0 or higher
+- Node.js 20.0.0 or higher
 ## Authentication Methods

package/eslint.config.js ADDED Viewed

@@ -0,0 +1,67 @@
+const globals = require('globals');
+const js = require('@eslint/js');
+const tsParser = require('@typescript-eslint/parser');
+const tsPlugin = require('@typescript-eslint/eslint-plugin');
+const prettierPlugin = require('eslint-plugin-prettier');
+const prettierConfig = require('eslint-config-prettier');
+const tsEslintRecommendedRules =
+  tsPlugin.configs['eslint-recommended']?.overrides?.[0]?.rules ?? {};
+module.exports = [
+  {
+    ignores: [
+      'node_modules/**',
+      'dist/**',
+      'website/build/**',
+      'website/node_modules/**',
+      'website/.docusaurus/**',
+      'coverage/**',
+      'coverage-e2e/**'
+    ]
+  },
+  {
+    ...js.configs.recommended,
+    files: ['**/*.{js,mjs,cjs}'],
+    languageOptions: {
+      ...(js.configs.recommended.languageOptions ?? {}),
+      globals: globals.node
+    },
+    rules: {
+      ...(js.configs.recommended.rules ?? {}),
+      'no-console': 'warn'
+    }
+  },
+  {
+    files: ['**/*.ts'],
+    languageOptions: {
+      parser: tsParser,
+      parserOptions: {
+        ecmaVersion: 'latest',
+        sourceType: 'module'
+      },
+      globals: {
+        ...globals.node,
+        ...globals.jest
+      }
+    },
+    plugins: {
+      '@typescript-eslint': tsPlugin
+    },
+    rules: {
+      ...(js.configs.recommended.rules ?? {}),
+      ...tsEslintRecommendedRules,
+      ...(tsPlugin.configs.recommended.rules ?? {}),
+      'no-console': 'warn'
+    }
+  },
+  {
+    plugins: {
+      prettier: prettierPlugin
+    },
+    rules: {
+      'prettier/prettier': 'error'
+    }
+  },
+  prettierConfig
+];

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "env-secrets",
-  "version": "0.3.2",
+  "version": "0.3.3",
   "description": "get secrets from a secrets vault and inject them into the running environment",
   "main": "index.js",
   "author": "Mark C Allen (@markcallen)",
@@ -16,10 +16,12 @@
     "build": "rimraf ./dist && tsc -b src",
     "start": "node dist/index.js",
     "postbuild": "chmod 755 ./dist/index.js",
-    "lint": "eslint . --ext .ts,.js",
+    "lint": "eslint .",
+    "lint:fix": "eslint . --fix",
     "release": "release-it",
-    "prettier:fix": "npx prettier --write .",
-    "prettier:check": "npx prettier --check .",
+    "prettier": "prettier . --check",
+    "prettier:fix": "prettier . --write",
+    "prettier:check": "prettier . --check",
     "test": "npm run test:unit && npm run test:e2e",
     "test:unit": "jest __tests__",
     "test:unit:coverage": "jest __tests__ --coverage",
@@ -27,6 +29,7 @@
     "test:e2e:debug": "npm run build && DEBUG=true jest --config jest.e2e.config.js"
   },
   "devDependencies": {
+    "@everydaydevopsio/ballast": "^3.2.1",
     "@types/debug": "^4.1.12",
     "@types/jest": "^29.5.14",
     "@types/node": "^18.19.130",
@@ -36,30 +39,37 @@
     "eslint": "^8.57.1",
     "eslint-config-prettier": "^8.10.2",
     "eslint-plugin-prettier": "^4.2.5",
+    "globals": "^16.0.0",
     "husky": "^8.0.3",
     "jest": "^29.7.0",
     "lint-staged": "13.3.0",
     "prettier": "^2.8.8",
     "release-it": "^15.11.0",
     "rimraf": "^3.0.2",
+    "tsc-files": "^1.1.4",
     "ts-jest": "^29.4.6",
     "ts-node": "^10.9.2",
     "typescript": "^4.9.5"
   },
   "dependencies": {
-    "@aws-sdk/client-secrets-manager": "^3.899.0",
-    "@aws-sdk/client-sts": "^3.899.0",
-    "@aws-sdk/credential-providers": "^3.899.0",
+    "@aws-sdk/client-secrets-manager": "^3.990.0",
+    "@aws-sdk/client-sts": "^3.990.0",
+    "@aws-sdk/credential-providers": "^3.990.0",
     "commander": "^9.5.0",
     "debug": "^4.4.3"
   },
   "lint-staged": {
-    "*.{ts,js}": [
-      "prettier --write .",
-      "eslint --fix ."
+    "**/*.js": [
+      "prettier --write",
+      "eslint --fix"
     ],
-    "*.{json,md,mdx,yaml,yml}": [
-      "prettier --write ."
+    "**/*.ts": [
+      "tsc-files --noEmit --project src/tsconfig.json",
+      "prettier --write",
+      "eslint --fix"
+    ],
+    "**/*.{json,md,mdx,yaml,yml}": [
+      "prettier --write"
     ]
   },
   "publishConfig": {
@@ -70,6 +80,6 @@
     "env-secrets": "dist/index.js"
   },
   "engines": {
-    "node": ">=18.0.0"
+    "node": ">=20.0.0"
   }
 }

package/src/vaults/secretsmanager.ts CHANGED Viewed

@@ -14,8 +14,27 @@ interface secretsmanagerType {
   region?: string;
 }
-const checkConnection = async (region?: string) => {
-  const stsClient = new STSClient({ region });
+interface AWSLikeError {
+  name?: string;
+  message?: string;
+}
+const isCredentialsError = (error: unknown): error is AWSLikeError => {
+  if (!error || typeof error !== 'object') {
+    return false;
+  }
+  const errorName = 'name' in error ? error.name : undefined;
+  return (
+    errorName === 'CredentialsError' || errorName === 'CredentialsProviderError'
+  );
+};
+const checkConnection = async (
+  region?: string,
+  credentials?: ReturnType<typeof fromIni>
+) => {
+  const stsClient = new STSClient({ region, credentials });
   const command = new GetCallerIdentityCommand({});
   try {
@@ -23,6 +42,12 @@ const checkConnection = async (region?: string) => {
     debug(data);
     return true;
   } catch (err) {
+    if (isCredentialsError(err) && err.message) {
+      // eslint-disable-next-line no-console
+      console.error(err.message);
+      return false;
+    }
     // eslint-disable-next-line no-console
     console.error(err);
     return false;
@@ -57,7 +82,7 @@ export const secretsmanager = async (options: secretsmanagerType) => {
     debug('no region set');
   }
-  const connected = await checkConnection(region);
+  const connected = await checkConnection(region, credentials);
   if (connected) {
     const client = new SecretsManagerClient(config);

package/website/docs/examples.mdx CHANGED Viewed

@@ -738,7 +738,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v2
         with:

package/website/docs/installation.mdx CHANGED Viewed

@@ -4,7 +4,7 @@ title: Installation
 ## Requirements
-- Node.js 18+
+- Node.js 20.0.0 or higher
 - (For AWS) AWS credentials via env vars, profile, or IAM role
 ## Install

package/.eslintignore DELETED Viewed

@@ -1,4 +0,0 @@
-node_modules/
-dist/
-website/build/
-website/node_modules/

package/.eslintrc DELETED Viewed

@@ -1,18 +0,0 @@
-{
-  "root": true,
-  "parser": "@typescript-eslint/parser",
-  "plugins": ["@typescript-eslint", "prettier"],
-  "extends": [
-    "eslint:recommended",
-    "plugin:@typescript-eslint/eslint-recommended",
-    "plugin:@typescript-eslint/recommended",
-    "prettier"
-  ],
-  "env": {
-    "jest": true
-  },
-  "rules": {
-    "no-console": "warn",
-    "prettier/prettier": "error"
-  }
-}

package/.lintstagedrc DELETED Viewed

@@ -1,4 +0,0 @@
-{
-  "*.{js,ts}": ["prettier --write", "eslint --fix"],
-  "*.{json,md,yaml}": ["prettier --write"]
-}