envilder 0.9.2 → 0.9.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +204 -278
- package/ROADMAP.md +5 -5
- package/docs/CHANGELOG.md +9 -513
- package/docs/changelogs/cli.md +498 -0
- package/docs/changelogs/gha.md +74 -0
- package/docs/changelogs/sdk-dotnet.md +80 -0
- package/docs/changelogs/sdk-nodejs.md +22 -0
- package/docs/changelogs/sdk-python.md +82 -0
- package/lib/envilder/core/application/pushEnvToSecrets/PushEnvToSecretsCommandHandler.js +3 -3
- package/lib/envilder/core/application/pushEnvToSecrets/PushEnvToSecretsCommandHandler.js.map +1 -1
- package/lib/sdks/nodejs/src/application/envilder-client.d.ts +29 -0
- package/lib/sdks/nodejs/src/application/envilder-client.d.ts.map +1 -0
- package/lib/sdks/nodejs/src/application/envilder-client.js +60 -0
- package/lib/sdks/nodejs/src/application/envilder-client.js.map +1 -0
- package/lib/sdks/nodejs/src/application/envilder.d.ts +64 -0
- package/lib/sdks/nodejs/src/application/envilder.d.ts.map +1 -0
- package/lib/sdks/nodejs/src/application/envilder.js +168 -0
- package/lib/sdks/nodejs/src/application/envilder.js.map +1 -0
- package/lib/sdks/nodejs/src/application/map-file-parser.d.ts +14 -0
- package/lib/sdks/nodejs/src/application/map-file-parser.d.ts.map +1 -0
- package/lib/sdks/nodejs/src/application/map-file-parser.js +55 -0
- package/lib/sdks/nodejs/src/application/map-file-parser.js.map +1 -0
- package/lib/sdks/nodejs/src/application/secret-validation.d.ts +18 -0
- package/lib/sdks/nodejs/src/application/secret-validation.d.ts.map +1 -0
- package/lib/sdks/nodejs/src/application/secret-validation.js +32 -0
- package/lib/sdks/nodejs/src/application/secret-validation.js.map +1 -0
- package/lib/sdks/nodejs/src/domain/envilder-options.d.ts +7 -0
- package/lib/sdks/nodejs/src/domain/envilder-options.d.ts.map +1 -0
- package/lib/sdks/nodejs/src/domain/envilder-options.js +2 -0
- package/lib/sdks/nodejs/src/domain/envilder-options.js.map +1 -0
- package/lib/sdks/nodejs/src/domain/map-file-config.d.ts +7 -0
- package/lib/sdks/nodejs/src/domain/map-file-config.d.ts.map +1 -0
- package/lib/sdks/nodejs/src/domain/map-file-config.js +2 -0
- package/lib/sdks/nodejs/src/domain/map-file-config.js.map +1 -0
- package/lib/sdks/nodejs/src/domain/parsed-map-file.d.ts +6 -0
- package/lib/sdks/nodejs/src/domain/parsed-map-file.d.ts.map +1 -0
- package/lib/sdks/nodejs/src/domain/parsed-map-file.js +2 -0
- package/lib/sdks/nodejs/src/domain/parsed-map-file.js.map +1 -0
- package/lib/sdks/nodejs/src/domain/ports/secret-provider.d.ts +18 -0
- package/lib/sdks/nodejs/src/domain/ports/secret-provider.d.ts.map +1 -0
- package/lib/sdks/nodejs/src/domain/ports/secret-provider.js +2 -0
- package/lib/sdks/nodejs/src/domain/ports/secret-provider.js.map +1 -0
- package/lib/sdks/nodejs/src/domain/secret-provider-type.d.ts +5 -0
- package/lib/sdks/nodejs/src/domain/secret-provider-type.d.ts.map +1 -0
- package/lib/sdks/nodejs/src/domain/secret-provider-type.js +6 -0
- package/lib/sdks/nodejs/src/domain/secret-provider-type.js.map +1 -0
- package/lib/sdks/nodejs/src/index.d.ts +12 -0
- package/lib/sdks/nodejs/src/index.d.ts.map +1 -0
- package/lib/sdks/nodejs/src/index.js +11 -0
- package/lib/sdks/nodejs/src/index.js.map +1 -0
- package/lib/sdks/nodejs/src/infrastructure/aws/aws-ssm-secret-provider.d.ts +17 -0
- package/lib/sdks/nodejs/src/infrastructure/aws/aws-ssm-secret-provider.d.ts.map +1 -0
- package/lib/sdks/nodejs/src/infrastructure/aws/aws-ssm-secret-provider.js +56 -0
- package/lib/sdks/nodejs/src/infrastructure/aws/aws-ssm-secret-provider.js.map +1 -0
- package/lib/sdks/nodejs/src/infrastructure/azure/azure-key-vault-secret-provider.d.ts +15 -0
- package/lib/sdks/nodejs/src/infrastructure/azure/azure-key-vault-secret-provider.d.ts.map +1 -0
- package/lib/sdks/nodejs/src/infrastructure/azure/azure-key-vault-secret-provider.js +68 -0
- package/lib/sdks/nodejs/src/infrastructure/azure/azure-key-vault-secret-provider.js.map +1 -0
- package/lib/sdks/nodejs/src/infrastructure/secret-provider-factory.d.ts +5 -0
- package/lib/sdks/nodejs/src/infrastructure/secret-provider-factory.d.ts.map +1 -0
- package/lib/sdks/nodejs/src/infrastructure/secret-provider-factory.js +42 -0
- package/lib/sdks/nodejs/src/infrastructure/secret-provider-factory.js.map +1 -0
- package/package.json +17 -8
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"map-file-config.d.ts","sourceRoot":"","sources":["../../../../../src/sdks/nodejs/src/domain/map-file-config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAEpE,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,QAAQ,CAAC,EAAE,kBAAkB,CAAC;IACvC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;CAC3B"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"map-file-config.js","sourceRoot":"","sources":["../../../../../src/sdks/nodejs/src/domain/map-file-config.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"parsed-map-file.d.ts","sourceRoot":"","sources":["../../../../../src/sdks/nodejs/src/domain/parsed-map-file.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAE1D,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;IAC/B,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAChD"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"parsed-map-file.js","sourceRoot":"","sources":["../../../../../src/sdks/nodejs/src/domain/parsed-map-file.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Abstracts access to a secret store (e.g. AWS SSM Parameter Store, Azure Key Vault).
|
|
3
|
+
* Implement this interface to add support for a new secret provider.
|
|
4
|
+
*/
|
|
5
|
+
export interface ISecretProvider {
|
|
6
|
+
/**
|
|
7
|
+
* Retrieves multiple secrets by their provider-specific identifiers.
|
|
8
|
+
*
|
|
9
|
+
* For AWS SSM these are parameter paths (e.g. `/app/db-url`);
|
|
10
|
+
* for Azure Key Vault these are secret names.
|
|
11
|
+
*
|
|
12
|
+
* Secrets that do not exist are silently omitted from the result.
|
|
13
|
+
*
|
|
14
|
+
* @returns A map of name → value for secrets that were found.
|
|
15
|
+
*/
|
|
16
|
+
getSecrets(names: string[]): Promise<Map<string, string>>;
|
|
17
|
+
}
|
|
18
|
+
//# sourceMappingURL=secret-provider.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secret-provider.d.ts","sourceRoot":"","sources":["../../../../../../src/sdks/nodejs/src/domain/ports/secret-provider.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B;;;;;;;;;OASG;IACH,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CAC3D"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secret-provider.js","sourceRoot":"","sources":["../../../../../../src/sdks/nodejs/src/domain/ports/secret-provider.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secret-provider-type.d.ts","sourceRoot":"","sources":["../../../../../src/sdks/nodejs/src/domain/secret-provider-type.ts"],"names":[],"mappings":"AAAA,oBAAY,kBAAkB;IAC5B,GAAG,QAAQ;IACX,KAAK,UAAU;CAChB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secret-provider-type.js","sourceRoot":"","sources":["../../../../../src/sdks/nodejs/src/domain/secret-provider-type.ts"],"names":[],"mappings":"AAAA,MAAM,CAAN,IAAY,kBAGX;AAHD,WAAY,kBAAkB;IAC5B,iCAAW,CAAA;IACX,qCAAe,CAAA;AACjB,CAAC,EAHW,kBAAkB,KAAlB,kBAAkB,QAG7B"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
export { Envilder } from './application/envilder.js';
|
|
2
|
+
export { EnvilderClient } from './application/envilder-client.js';
|
|
3
|
+
export { MapFileParser } from './application/map-file-parser.js';
|
|
4
|
+
export { SecretValidationError, validateSecrets, } from './application/secret-validation.js';
|
|
5
|
+
export type { EnvilderOptions } from './domain/envilder-options.js';
|
|
6
|
+
export type { MapFileConfig } from './domain/map-file-config.js';
|
|
7
|
+
export type { ParsedMapFile } from './domain/parsed-map-file.js';
|
|
8
|
+
export type { ISecretProvider } from './domain/ports/secret-provider.js';
|
|
9
|
+
export { SecretProviderType } from './domain/secret-provider-type.js';
|
|
10
|
+
export { AwsSsmSecretProvider } from './infrastructure/aws/aws-ssm-secret-provider.js';
|
|
11
|
+
export { AzureKeyVaultSecretProvider } from './infrastructure/azure/azure-key-vault-secret-provider.js';
|
|
12
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/sdks/nodejs/src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,QAAQ,EAAE,MAAM,2BAA2B,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,kCAAkC,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAC;AACjE,OAAO,EACL,qBAAqB,EACrB,eAAe,GAChB,MAAM,oCAAoC,CAAC;AAC5C,YAAY,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AACpE,YAAY,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,YAAY,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,YAAY,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AAGtE,OAAO,EAAE,oBAAoB,EAAE,MAAM,iDAAiD,CAAC;AACvF,OAAO,EAAE,2BAA2B,EAAE,MAAM,2DAA2D,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
// Domain
|
|
2
|
+
// Application
|
|
3
|
+
export { Envilder } from './application/envilder.js';
|
|
4
|
+
export { EnvilderClient } from './application/envilder-client.js';
|
|
5
|
+
export { MapFileParser } from './application/map-file-parser.js';
|
|
6
|
+
export { SecretValidationError, validateSecrets, } from './application/secret-validation.js';
|
|
7
|
+
export { SecretProviderType } from './domain/secret-provider-type.js';
|
|
8
|
+
// Infrastructure (for advanced usage)
|
|
9
|
+
export { AwsSsmSecretProvider } from './infrastructure/aws/aws-ssm-secret-provider.js';
|
|
10
|
+
export { AzureKeyVaultSecretProvider } from './infrastructure/azure/azure-key-vault-secret-provider.js';
|
|
11
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/sdks/nodejs/src/index.ts"],"names":[],"mappings":"AAAA,SAAS;AAET,cAAc;AACd,OAAO,EAAE,QAAQ,EAAE,MAAM,2BAA2B,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,kCAAkC,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAC;AACjE,OAAO,EACL,qBAAqB,EACrB,eAAe,GAChB,MAAM,oCAAoC,CAAC;AAK5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AAEtE,sCAAsC;AACtC,OAAO,EAAE,oBAAoB,EAAE,MAAM,iDAAiD,CAAC;AACvF,OAAO,EAAE,2BAA2B,EAAE,MAAM,2DAA2D,CAAC"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import { type SSMClient } from '@aws-sdk/client-ssm';
|
|
2
|
+
import type { ISecretProvider } from '../../domain/ports/secret-provider.js';
|
|
3
|
+
/**
|
|
4
|
+
* {@link ISecretProvider} backed by AWS SSM Parameter Store.
|
|
5
|
+
*
|
|
6
|
+
* Parameters are retrieved with decryption enabled so that
|
|
7
|
+
* SecureString values are returned in plain text.
|
|
8
|
+
*
|
|
9
|
+
* SSM supports fetching up to 10 parameters per request,
|
|
10
|
+
* so names are chunked into batches automatically.
|
|
11
|
+
*/
|
|
12
|
+
export declare class AwsSsmSecretProvider implements ISecretProvider {
|
|
13
|
+
private readonly ssmClient;
|
|
14
|
+
constructor(ssmClient: SSMClient);
|
|
15
|
+
getSecrets(names: string[]): Promise<Map<string, string>>;
|
|
16
|
+
}
|
|
17
|
+
//# sourceMappingURL=aws-ssm-secret-provider.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"aws-ssm-secret-provider.d.ts","sourceRoot":"","sources":["../../../../../../src/sdks/nodejs/src/infrastructure/aws/aws-ssm-secret-provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwB,KAAK,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAC3E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uCAAuC,CAAC;AAI7E;;;;;;;;GAQG;AACH,qBAAa,oBAAqB,YAAW,eAAe;IAC1D,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;gBAE1B,SAAS,EAAE,SAAS;IAO1B,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CA8BhE"}
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
2
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
3
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
4
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
5
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
6
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
7
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
8
|
+
});
|
|
9
|
+
};
|
|
10
|
+
import { GetParametersCommand } from '@aws-sdk/client-ssm';
|
|
11
|
+
const SSM_BATCH_SIZE = 10;
|
|
12
|
+
/**
|
|
13
|
+
* {@link ISecretProvider} backed by AWS SSM Parameter Store.
|
|
14
|
+
*
|
|
15
|
+
* Parameters are retrieved with decryption enabled so that
|
|
16
|
+
* SecureString values are returned in plain text.
|
|
17
|
+
*
|
|
18
|
+
* SSM supports fetching up to 10 parameters per request,
|
|
19
|
+
* so names are chunked into batches automatically.
|
|
20
|
+
*/
|
|
21
|
+
export class AwsSsmSecretProvider {
|
|
22
|
+
constructor(ssmClient) {
|
|
23
|
+
if (!ssmClient) {
|
|
24
|
+
throw new Error('ssmClient cannot be null');
|
|
25
|
+
}
|
|
26
|
+
this.ssmClient = ssmClient;
|
|
27
|
+
}
|
|
28
|
+
getSecrets(names) {
|
|
29
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
30
|
+
var _a;
|
|
31
|
+
const result = new Map();
|
|
32
|
+
if (names.length === 0) {
|
|
33
|
+
return result;
|
|
34
|
+
}
|
|
35
|
+
for (const name of names) {
|
|
36
|
+
if (!(name === null || name === void 0 ? void 0 : name.trim())) {
|
|
37
|
+
throw new Error('Secret name cannot be null or whitespace');
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
for (let i = 0; i < names.length; i += SSM_BATCH_SIZE) {
|
|
41
|
+
const batch = names.slice(i, i + SSM_BATCH_SIZE);
|
|
42
|
+
const response = yield this.ssmClient.send(new GetParametersCommand({
|
|
43
|
+
Names: batch,
|
|
44
|
+
WithDecryption: true,
|
|
45
|
+
}));
|
|
46
|
+
for (const param of (_a = response.Parameters) !== null && _a !== void 0 ? _a : []) {
|
|
47
|
+
if (param.Name && param.Value != null) {
|
|
48
|
+
result.set(param.Name, param.Value);
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
return result;
|
|
53
|
+
});
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
//# sourceMappingURL=aws-ssm-secret-provider.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"aws-ssm-secret-provider.js","sourceRoot":"","sources":["../../../../../../src/sdks/nodejs/src/infrastructure/aws/aws-ssm-secret-provider.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,oBAAoB,EAAkB,MAAM,qBAAqB,CAAC;AAG3E,MAAM,cAAc,GAAG,EAAE,CAAC;AAE1B;;;;;;;;GAQG;AACH,MAAM,OAAO,oBAAoB;IAG/B,YAAY,SAAoB;QAC9B,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QACD,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAEK,UAAU,CAAC,KAAe;;;YAC9B,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;YACzC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvB,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,IAAI,EAAE,CAAA,EAAE,CAAC;oBAClB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;gBAC9D,CAAC;YACH,CAAC;YAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,cAAc,EAAE,CAAC;gBACtD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,cAAc,CAAC,CAAC;gBACjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CACxC,IAAI,oBAAoB,CAAC;oBACvB,KAAK,EAAE,KAAK;oBACZ,cAAc,EAAE,IAAI;iBACrB,CAAC,CACH,CAAC;gBAEF,KAAK,MAAM,KAAK,IAAI,MAAA,QAAQ,CAAC,UAAU,mCAAI,EAAE,EAAE,CAAC;oBAC9C,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC;wBACtC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;oBACtC,CAAC;gBACH,CAAC;YACH,CAAC;YAED,OAAO,MAAM,CAAC;QAChB,CAAC;KAAA;CACF"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import type { SecretClient } from '@azure/keyvault-secrets';
|
|
2
|
+
import type { ISecretProvider } from '../../domain/ports/secret-provider.js';
|
|
3
|
+
/**
|
|
4
|
+
* {@link ISecretProvider} backed by Azure Key Vault.
|
|
5
|
+
*
|
|
6
|
+
* Secrets are fetched in parallel. Secrets that return HTTP 404
|
|
7
|
+
* are treated as missing and silently omitted from the result.
|
|
8
|
+
*/
|
|
9
|
+
export declare class AzureKeyVaultSecretProvider implements ISecretProvider {
|
|
10
|
+
private readonly secretClient;
|
|
11
|
+
constructor(secretClient: SecretClient);
|
|
12
|
+
getSecrets(names: string[]): Promise<Map<string, string>>;
|
|
13
|
+
private fetchSecret;
|
|
14
|
+
}
|
|
15
|
+
//# sourceMappingURL=azure-key-vault-secret-provider.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"azure-key-vault-secret-provider.d.ts","sourceRoot":"","sources":["../../../../../../src/sdks/nodejs/src/infrastructure/azure/azure-key-vault-secret-provider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uCAAuC,CAAC;AAE7E;;;;;GAKG;AACH,qBAAa,2BAA4B,YAAW,eAAe;IACjE,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAe;gBAEhC,YAAY,EAAE,YAAY;IAOhC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YA4BjD,WAAW;CAW1B"}
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
2
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
3
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
4
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
5
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
6
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
7
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
8
|
+
});
|
|
9
|
+
};
|
|
10
|
+
/**
|
|
11
|
+
* {@link ISecretProvider} backed by Azure Key Vault.
|
|
12
|
+
*
|
|
13
|
+
* Secrets are fetched in parallel. Secrets that return HTTP 404
|
|
14
|
+
* are treated as missing and silently omitted from the result.
|
|
15
|
+
*/
|
|
16
|
+
export class AzureKeyVaultSecretProvider {
|
|
17
|
+
constructor(secretClient) {
|
|
18
|
+
if (!secretClient) {
|
|
19
|
+
throw new Error('secretClient cannot be null');
|
|
20
|
+
}
|
|
21
|
+
this.secretClient = secretClient;
|
|
22
|
+
}
|
|
23
|
+
getSecrets(names) {
|
|
24
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
25
|
+
const result = new Map();
|
|
26
|
+
if (names.length === 0) {
|
|
27
|
+
return result;
|
|
28
|
+
}
|
|
29
|
+
for (const name of names) {
|
|
30
|
+
if (!(name === null || name === void 0 ? void 0 : name.trim())) {
|
|
31
|
+
throw new Error('Secret name cannot be null or empty');
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
const entries = yield Promise.all(names.map((name) => __awaiter(this, void 0, void 0, function* () {
|
|
35
|
+
const value = yield this.fetchSecret(name);
|
|
36
|
+
return [name, value];
|
|
37
|
+
})));
|
|
38
|
+
for (const [name, value] of entries) {
|
|
39
|
+
if (value !== null) {
|
|
40
|
+
result.set(name, value);
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
return result;
|
|
44
|
+
});
|
|
45
|
+
}
|
|
46
|
+
fetchSecret(name) {
|
|
47
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
48
|
+
var _a;
|
|
49
|
+
try {
|
|
50
|
+
const response = yield this.secretClient.getSecret(name);
|
|
51
|
+
return (_a = response.value) !== null && _a !== void 0 ? _a : null;
|
|
52
|
+
}
|
|
53
|
+
catch (error) {
|
|
54
|
+
if (isNotFound(error)) {
|
|
55
|
+
return null;
|
|
56
|
+
}
|
|
57
|
+
throw error;
|
|
58
|
+
}
|
|
59
|
+
});
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
function isNotFound(error) {
|
|
63
|
+
return (typeof error === 'object' &&
|
|
64
|
+
error !== null &&
|
|
65
|
+
'statusCode' in error &&
|
|
66
|
+
error.statusCode === 404);
|
|
67
|
+
}
|
|
68
|
+
//# sourceMappingURL=azure-key-vault-secret-provider.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"azure-key-vault-secret-provider.js","sourceRoot":"","sources":["../../../../../../src/sdks/nodejs/src/infrastructure/azure/azure-key-vault-secret-provider.ts"],"names":[],"mappings":";;;;;;;;;AAGA;;;;;GAKG;AACH,MAAM,OAAO,2BAA2B;IAGtC,YAAY,YAA0B;QACpC,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;QACD,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAEK,UAAU,CAAC,KAAe;;YAC9B,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;YACzC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvB,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,IAAI,EAAE,CAAA,EAAE,CAAC;oBAClB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;gBACzD,CAAC;YACH,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,KAAK,CAAC,GAAG,CAAC,CAAO,IAAI,EAAE,EAAE;gBACvB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;gBAC3C,OAAO,CAAC,IAAI,EAAE,KAAK,CAAU,CAAC;YAChC,CAAC,CAAA,CAAC,CACH,CAAC;YAEF,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,OAAO,EAAE,CAAC;gBACpC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;oBACnB,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;gBAC1B,CAAC;YACH,CAAC;YAED,OAAO,MAAM,CAAC;QAChB,CAAC;KAAA;IAEa,WAAW,CAAC,IAAY;;;YACpC,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;gBACzD,OAAO,MAAA,QAAQ,CAAC,KAAK,mCAAI,IAAI,CAAC;YAChC,CAAC;YAAC,OAAO,KAAc,EAAE,CAAC;gBACxB,IAAI,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;oBACtB,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;KAAA;CACF;AAED,SAAS,UAAU,CAAC,KAAc;IAChC,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;QACzB,KAAK,KAAK,IAAI;QACd,YAAY,IAAI,KAAK;QACpB,KAAgC,CAAC,UAAU,KAAK,GAAG,CACrD,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import type { EnvilderOptions } from '../domain/envilder-options.js';
|
|
2
|
+
import type { MapFileConfig } from '../domain/map-file-config.js';
|
|
3
|
+
import type { ISecretProvider } from '../domain/ports/secret-provider.js';
|
|
4
|
+
export declare function createSecretProvider(config: MapFileConfig, options?: EnvilderOptions): ISecretProvider;
|
|
5
|
+
//# sourceMappingURL=secret-provider-factory.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secret-provider-factory.d.ts","sourceRoot":"","sources":["../../../../../src/sdks/nodejs/src/infrastructure/secret-provider-factory.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AACrE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAClE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,oCAAoC,CAAC;AAK1E,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,aAAa,EACrB,OAAO,CAAC,EAAE,eAAe,GACxB,eAAe,CAmBjB"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
import { SSMClient } from '@aws-sdk/client-ssm';
|
|
2
|
+
import { fromIni } from '@aws-sdk/credential-providers';
|
|
3
|
+
import { DefaultAzureCredential } from '@azure/identity';
|
|
4
|
+
import { SecretClient } from '@azure/keyvault-secrets';
|
|
5
|
+
import { SecretProviderType } from '../domain/secret-provider-type.js';
|
|
6
|
+
import { AwsSsmSecretProvider } from './aws/aws-ssm-secret-provider.js';
|
|
7
|
+
import { AzureKeyVaultSecretProvider } from './azure/azure-key-vault-secret-provider.js';
|
|
8
|
+
export function createSecretProvider(config, options) {
|
|
9
|
+
var _a, _b, _c;
|
|
10
|
+
const provider = (_a = options === null || options === void 0 ? void 0 : options.provider) !== null && _a !== void 0 ? _a : config.provider;
|
|
11
|
+
const profile = normalize((_b = options === null || options === void 0 ? void 0 : options.profile) !== null && _b !== void 0 ? _b : config.profile);
|
|
12
|
+
const vaultUrl = normalize((_c = options === null || options === void 0 ? void 0 : options.vaultUrl) !== null && _c !== void 0 ? _c : config.vaultUrl);
|
|
13
|
+
const isAzure = provider === SecretProviderType.Azure;
|
|
14
|
+
if (isAzure && profile) {
|
|
15
|
+
throw new Error('AWS profile cannot be used with Azure Key Vault provider');
|
|
16
|
+
}
|
|
17
|
+
if (!isAzure && vaultUrl) {
|
|
18
|
+
throw new Error('Vault URL cannot be used with AWS SSM provider');
|
|
19
|
+
}
|
|
20
|
+
if (isAzure) {
|
|
21
|
+
return createAzureProvider(vaultUrl);
|
|
22
|
+
}
|
|
23
|
+
return createAwsProvider(profile);
|
|
24
|
+
}
|
|
25
|
+
function createAzureProvider(vaultUrl) {
|
|
26
|
+
if (!(vaultUrl === null || vaultUrl === void 0 ? void 0 : vaultUrl.trim())) {
|
|
27
|
+
throw new Error('Vault URL must be provided for Azure Key Vault provider');
|
|
28
|
+
}
|
|
29
|
+
const credential = new DefaultAzureCredential();
|
|
30
|
+
const client = new SecretClient(vaultUrl, credential);
|
|
31
|
+
return new AzureKeyVaultSecretProvider(client);
|
|
32
|
+
}
|
|
33
|
+
function createAwsProvider(profile) {
|
|
34
|
+
const clientOptions = profile ? { credentials: fromIni({ profile }) } : {};
|
|
35
|
+
const client = new SSMClient(clientOptions);
|
|
36
|
+
return new AwsSsmSecretProvider(client);
|
|
37
|
+
}
|
|
38
|
+
function normalize(value) {
|
|
39
|
+
const trimmed = value === null || value === void 0 ? void 0 : value.trim();
|
|
40
|
+
return trimmed || undefined;
|
|
41
|
+
}
|
|
42
|
+
//# sourceMappingURL=secret-provider-factory.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secret-provider-factory.js","sourceRoot":"","sources":["../../../../../src/sdks/nodejs/src/infrastructure/secret-provider-factory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,OAAO,EAAE,MAAM,+BAA+B,CAAC;AACxD,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAIvD,OAAO,EAAE,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AACvE,OAAO,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AACxE,OAAO,EAAE,2BAA2B,EAAE,MAAM,4CAA4C,CAAC;AAEzF,MAAM,UAAU,oBAAoB,CAClC,MAAqB,EACrB,OAAyB;;IAEzB,MAAM,QAAQ,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,MAAM,CAAC,QAAQ,CAAC;IACtD,MAAM,OAAO,GAAG,SAAS,CAAC,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,mCAAI,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjE,MAAM,OAAO,GAAG,QAAQ,KAAK,kBAAkB,CAAC,KAAK,CAAC;IAEtD,IAAI,OAAO,IAAI,OAAO,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC9E,CAAC;IAED,IAAI,CAAC,OAAO,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED,OAAO,iBAAiB,CAAC,OAAO,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,mBAAmB,CAC1B,QAA4B;IAE5B,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,EAAE,CAAA,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,sBAAsB,EAAE,CAAC;IAChD,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IACtD,OAAO,IAAI,2BAA2B,CAAC,MAAM,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,iBAAiB,CAAC,OAA2B;IACpD,MAAM,aAAa,GAAG,OAAO,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC3E,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,aAAa,CAAC,CAAC;IAC5C,OAAO,IAAI,oBAAoB,CAAC,MAAM,CAAC,CAAC;AAC1C,CAAC;AAED,SAAS,SAAS,CAAC,KAAyB;IAC1C,MAAM,OAAO,GAAG,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,IAAI,EAAE,CAAC;IAC9B,OAAO,OAAO,IAAI,SAAS,CAAC;AAC9B,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "envilder",
|
|
3
|
-
"version": "0.9.
|
|
3
|
+
"version": "0.9.4",
|
|
4
4
|
"description": "A CLI and GitHub Action that securely centralizes your environment variables from AWS SSM or Azure Key Vault as a single source of truth",
|
|
5
5
|
"homepage": "https://envilder.com",
|
|
6
6
|
"author": {
|
|
@@ -25,9 +25,9 @@
|
|
|
25
25
|
"verify:gha": "pnpm build:gha && git diff --exit-code github-action/dist/index.js || (echo '❌ github-action/dist/index.js is not up to date. Run pnpm build:gha' && exit 1)",
|
|
26
26
|
"local:install": "pnpm build && node --loader ts-node/esm scripts/pack-and-install.ts",
|
|
27
27
|
"local:test-run": "pnpm build && node lib/envilder/apps/cli/Index.js --map=tests/sample/param-map.json --envfile=tests/sample/autogenerated.env",
|
|
28
|
-
"format": "biome format",
|
|
29
|
-
"format:
|
|
30
|
-
"lint": "secretlint \"**/*\" && biome check
|
|
28
|
+
"format": "biome check --write --unsafe && biome format --write",
|
|
29
|
+
"format:check": "biome check && biome format",
|
|
30
|
+
"lint": "secretlint \"**/*\" && biome check && tsc --noEmit",
|
|
31
31
|
"lint:fix": "biome lint --fix",
|
|
32
32
|
"test": "vitest run --reporter=verbose --coverage",
|
|
33
33
|
"test:ci": "vitest run --reporter=verbose --reporter=junit --coverage --outputFile=coverage/junit/test-results.xml",
|
|
@@ -38,7 +38,9 @@
|
|
|
38
38
|
"release-major": "pnpm version major",
|
|
39
39
|
"release-prerelease": "pnpm version prerelease",
|
|
40
40
|
"dev:run": "node --env-file=dev.env --import tsx src/envilder/apps/cli/Index.ts",
|
|
41
|
-
"
|
|
41
|
+
"env:generate": "pnpx envilder --map=secrets-map.json --envfile=.env",
|
|
42
|
+
"env:ensure": "node -e \"require('fs').existsSync('.env')||process.exit(1)\" || pnpm env:generate",
|
|
43
|
+
"docker:up": "pnpm env:ensure && docker compose -f docker-compose.yml up -d",
|
|
42
44
|
"docker:down": "docker compose -f docker-compose.yml down"
|
|
43
45
|
},
|
|
44
46
|
"keywords": [
|
|
@@ -79,6 +81,7 @@
|
|
|
79
81
|
"LICENSE",
|
|
80
82
|
"ROADMAP.md",
|
|
81
83
|
"docs/CHANGELOG.md",
|
|
84
|
+
"docs/changelogs/**",
|
|
82
85
|
"docs/SECURITY.md"
|
|
83
86
|
],
|
|
84
87
|
"type": "module",
|
|
@@ -98,14 +101,14 @@
|
|
|
98
101
|
"@biomejs/biome": "catalog:",
|
|
99
102
|
"@commitlint/cli": "^20.5.0",
|
|
100
103
|
"@commitlint/config-conventional": "^20.5.0",
|
|
101
|
-
"@secretlint/secretlint-rule-preset-recommend": "^
|
|
104
|
+
"@secretlint/secretlint-rule-preset-recommend": "^12.3.1",
|
|
102
105
|
"@testcontainers/localstack": "^11.13.0",
|
|
103
106
|
"@types/node": "catalog:",
|
|
104
107
|
"@vercel/ncc": "^0.38.4",
|
|
105
108
|
"@vitest/coverage-v8": "catalog:",
|
|
106
109
|
"glob": "^13.0.6",
|
|
107
110
|
"lefthook": "^2.1.4",
|
|
108
|
-
"secretlint": "^
|
|
111
|
+
"secretlint": "^12.3.1",
|
|
109
112
|
"testcontainers": "^11.13.0",
|
|
110
113
|
"ts-node": "catalog:",
|
|
111
114
|
"tsx": "^4.21.0",
|
|
@@ -123,6 +126,12 @@
|
|
|
123
126
|
"protobufjs",
|
|
124
127
|
"sharp",
|
|
125
128
|
"ssh2"
|
|
126
|
-
]
|
|
129
|
+
],
|
|
130
|
+
"overrides": {
|
|
131
|
+
"defu": ">=6.1.5",
|
|
132
|
+
"lodash": ">=4.18.0",
|
|
133
|
+
"vite": "^7.3.2",
|
|
134
|
+
"yaml": ">=2.8.3"
|
|
135
|
+
}
|
|
127
136
|
}
|
|
128
137
|
}
|