envpkt 0.6.9 → 0.6.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +47 -1
- package/package.json +1 -1
package/dist/cli.js
CHANGED
|
@@ -3059,6 +3059,52 @@ const runSeal = async (options) => {
|
|
|
3059
3059
|
const msg = err._tag === "IdentityNotFound" ? `not found: ${err.path}` : err.message;
|
|
3060
3060
|
console.error(`${YELLOW}Warning:${RESET} Could not unwrap agent key: ${msg}`);
|
|
3061
3061
|
}, (k) => k) : void 0;
|
|
3062
|
+
const editKeys = options.edit ? options.edit.split(",").map((k) => k.trim()).filter((k) => k.length > 0) : [];
|
|
3063
|
+
if (editKeys.length > 0) {
|
|
3064
|
+
const allSecretEntries = config.secret ?? {};
|
|
3065
|
+
const unknownKeys = editKeys.filter((k) => !(k in allSecretEntries));
|
|
3066
|
+
if (unknownKeys.length > 0) {
|
|
3067
|
+
console.error(`${RED}Error:${RESET} Unknown secret key(s): ${unknownKeys.join(", ")}`);
|
|
3068
|
+
console.error(`${DIM}Available keys: ${Object.keys(allSecretEntries).join(", ")}${RESET}`);
|
|
3069
|
+
process.exit(2);
|
|
3070
|
+
}
|
|
3071
|
+
if (!process.stdin.isTTY) {
|
|
3072
|
+
console.error(`${RED}Error:${RESET} --edit requires an interactive terminal`);
|
|
3073
|
+
process.exit(2);
|
|
3074
|
+
}
|
|
3075
|
+
const secretEntries = Object.fromEntries(editKeys.map((k) => [k, allSecretEntries[k]]));
|
|
3076
|
+
console.log(`${BOLD}Editing ${editKeys.length} secret(s)${RESET} with recipient ${CYAN}${recipient.slice(0, 20)}...${RESET}`);
|
|
3077
|
+
console.log("");
|
|
3078
|
+
const rl = await import("node:readline").then((m) => m.createInterface({
|
|
3079
|
+
input: process.stdin,
|
|
3080
|
+
output: process.stderr
|
|
3081
|
+
}));
|
|
3082
|
+
const prompt = (question) => new Promise((resolve) => {
|
|
3083
|
+
rl.question(question, (answer) => resolve(answer));
|
|
3084
|
+
});
|
|
3085
|
+
const values = {};
|
|
3086
|
+
for (const key of editKeys) {
|
|
3087
|
+
const value = await prompt(`Enter new value for ${key}: `);
|
|
3088
|
+
if (value === "") {
|
|
3089
|
+
console.error(`${YELLOW}Skipped${RESET} ${key} (empty value)`);
|
|
3090
|
+
continue;
|
|
3091
|
+
}
|
|
3092
|
+
values[key] = value;
|
|
3093
|
+
}
|
|
3094
|
+
rl.close();
|
|
3095
|
+
if (Object.keys(values).length === 0) {
|
|
3096
|
+
console.error(`${RED}Error:${RESET} No values provided`);
|
|
3097
|
+
process.exit(2);
|
|
3098
|
+
}
|
|
3099
|
+
sealSecrets(secretEntries, values, recipient).fold((err) => {
|
|
3100
|
+
console.error(`${RED}Error:${RESET} Seal failed: ${err.message}`);
|
|
3101
|
+
process.exit(2);
|
|
3102
|
+
}, (sealedMeta) => {
|
|
3103
|
+
writeSealedToml(configPath, sealedMeta);
|
|
3104
|
+
console.log(`${GREEN}Sealed${RESET} ${Object.keys(values).length} secret(s) into ${DIM}${configPath}${RESET}`);
|
|
3105
|
+
});
|
|
3106
|
+
return;
|
|
3107
|
+
}
|
|
3062
3108
|
const allSecretEntries = config.secret ?? {};
|
|
3063
3109
|
const allKeys = Object.keys(allSecretEntries);
|
|
3064
3110
|
const alreadySealed = allKeys.filter((k) => allSecretEntries[k]?.encrypted_value);
|
|
@@ -3206,7 +3252,7 @@ program.command("exec").description("Run pre-flight audit then execute a command
|
|
|
3206
3252
|
program.command("resolve").description("Resolve catalog references and output a flat, self-contained config").option("-c, --config <path>", "Path to envpkt.toml").option("-o, --output <path>", "Write resolved config to file (default: stdout)").option("--format <format>", "Output format: toml | json", "toml").option("--dry-run", "Show what would be resolved without writing").action((options) => {
|
|
3207
3253
|
runResolve(options);
|
|
3208
3254
|
});
|
|
3209
|
-
program.command("seal").description("Encrypt secret values into envpkt.toml using age — sealed packets are safe to commit to git").option("-c, --config <path>", "Path to envpkt.toml").option("--profile <profile>", "fnox profile to use for value resolution").option("--reseal", "Re-encrypt all secrets, including already sealed (for key rotation)").action(async (options) => {
|
|
3255
|
+
program.command("seal").description("Encrypt secret values into envpkt.toml using age — sealed packets are safe to commit to git").option("-c, --config <path>", "Path to envpkt.toml").option("--profile <profile>", "fnox profile to use for value resolution").option("--reseal", "Re-encrypt all secrets, including already sealed (for key rotation)").option("--edit <keys>", "Re-seal specific keys with new values (comma-separated), always prompts interactively").action(async (options) => {
|
|
3210
3256
|
await runSeal(options);
|
|
3211
3257
|
});
|
|
3212
3258
|
program.command("mcp").description("Start the envpkt MCP server (stdio transport)").option("-c, --config <path>", "Path to envpkt.toml").action((options) => {
|