nestjs-infisical 1.0.3

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+export * from './infisical.module';
+export * from './infisical.types';

package/dist/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./infisical.module"), exports);
+__exportStar(require("./infisical.types"), exports);

package/dist/infisical.loader.d.ts

@@ -0,0 +1,8 @@
+export declare function loadInfisicalSecrets(options: {
+    baseUrl: string;
+    token: string;
+    projectId: string;
+    environment: string;
+    override: boolean;
+    failFast: boolean;
+}): Promise<void>;

package/dist/infisical.loader.js

@@ -0,0 +1,33 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadInfisicalSecrets = loadInfisicalSecrets;
+const axios_1 = __importDefault(require("axios"));
+const LOG_PREFIX = '[nestjs-infisical]';
+async function loadInfisicalSecrets(options) {
+    try {
+        const response = await axios_1.default.get(`${options.baseUrl}/api/v3/secrets/raw`, {
+            headers: {
+                Authorization: `Bearer ${options.token}`,
+            },
+            params: {
+                projectId: options.projectId,
+                environment: options.environment,
+            },
+        });
+        const secrets = response.data?.secrets ?? {};
+        for (const [key, value] of Object.entries(secrets)) {
+            if (options.override || process.env[key] === undefined) {
+                process.env[key] = value;
+            }
+        }
+    }
+    catch (err) {
+        if (options.failFast) {
+            throw err;
+        }
+        console.warn(`${LOG_PREFIX} Failed to load secrets from Infisical. Continuing without secrets.`);
+    }
+}

package/dist/infisical.module.d.ts

@@ -0,0 +1,6 @@
+import { DynamicModule } from '@nestjs/common';
+import { InfisicalModuleAsyncOptions, InfisicalModuleOptions } from './infisical.types';
+export declare class InfisicalModule {
+    static forRoot(options?: InfisicalModuleOptions): DynamicModule;
+    static forRootAsync(options: InfisicalModuleAsyncOptions): DynamicModule;
+}

package/dist/infisical.module.js

@@ -0,0 +1,99 @@
+"use strict";
+var __esDecorate = (this && this.__esDecorate) || function (ctor, descriptorIn, decorators, contextIn, initializers, extraInitializers) {
+    function accept(f) { if (f !== void 0 && typeof f !== "function") throw new TypeError("Function expected"); return f; }
+    var kind = contextIn.kind, key = kind === "getter" ? "get" : kind === "setter" ? "set" : "value";
+    var target = !descriptorIn && ctor ? contextIn["static"] ? ctor : ctor.prototype : null;
+    var descriptor = descriptorIn || (target ? Object.getOwnPropertyDescriptor(target, contextIn.name) : {});
+    var _, done = false;
+    for (var i = decorators.length - 1; i >= 0; i--) {
+        var context = {};
+        for (var p in contextIn) context[p] = p === "access" ? {} : contextIn[p];
+        for (var p in contextIn.access) context.access[p] = contextIn.access[p];
+        context.addInitializer = function (f) { if (done) throw new TypeError("Cannot add initializers after decoration has completed"); extraInitializers.push(accept(f || null)); };
+        var result = (0, decorators[i])(kind === "accessor" ? { get: descriptor.get, set: descriptor.set } : descriptor[key], context);
+        if (kind === "accessor") {
+            if (result === void 0) continue;
+            if (result === null || typeof result !== "object") throw new TypeError("Object expected");
+            if (_ = accept(result.get)) descriptor.get = _;
+            if (_ = accept(result.set)) descriptor.set = _;
+            if (_ = accept(result.init)) initializers.unshift(_);
+        }
+        else if (_ = accept(result)) {
+            if (kind === "field") initializers.unshift(_);
+            else descriptor[key] = _;
+        }
+    }
+    if (target) Object.defineProperty(target, contextIn.name, descriptor);
+    done = true;
+};
+var __runInitializers = (this && this.__runInitializers) || function (thisArg, initializers, value) {
+    var useValue = arguments.length > 2;
+    for (var i = 0; i < initializers.length; i++) {
+        value = useValue ? initializers[i].call(thisArg, value) : initializers[i].call(thisArg);
+    }
+    return useValue ? value : void 0;
+};
+var __setFunctionName = (this && this.__setFunctionName) || function (f, name, prefix) {
+    if (typeof name === "symbol") name = name.description ? "[".concat(name.description, "]") : "";
+    return Object.defineProperty(f, "name", { configurable: true, value: prefix ? "".concat(prefix, " ", name) : name });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InfisicalModule = void 0;
+const common_1 = require("@nestjs/common");
+const infisical_service_1 = require("./infisical.service");
+let InfisicalModule = (() => {
+    let _classDecorators = [(0, common_1.Module)({})];
+    let _classDescriptor;
+    let _classExtraInitializers = [];
+    let _classThis;
+    var InfisicalModule = _classThis = class {
+        static forRoot(options = {}) {
+            const resolved = {
+                baseUrl: options.baseUrl ?? process.env.INFISICAL_BASE_URL,
+                token: options.token ?? process.env.INFISICAL_TOKEN,
+                projectId: options.projectId ?? process.env.INFISICAL_PROJECT_ID,
+                environment: options.environment ?? process.env.INFISICAL_ENVIRONMENT,
+                dotenv: options.dotenv,
+                override: options.override ?? true,
+                failFast: options.failFast ?? true,
+            };
+            return {
+                module: InfisicalModule,
+                providers: [
+                    {
+                        provide: 'INFISICAL_INIT',
+                        useFactory: async () => {
+                            await (0, infisical_service_1.initializeInfisical)(resolved);
+                        },
+                    },
+                ],
+            };
+        }
+        static forRootAsync(options) {
+            return {
+                module: InfisicalModule,
+                imports: options.imports,
+                providers: [
+                    {
+                        provide: 'INFISICAL_INIT',
+                        inject: options.inject ?? [],
+                        useFactory: async (...args) => {
+                            const resolved = await options.useFactory(...args);
+                            await (0, infisical_service_1.initializeInfisical)(resolved);
+                        },
+                    },
+                ],
+            };
+        }
+    };
+    __setFunctionName(_classThis, "InfisicalModule");
+    (() => {
+        const _metadata = typeof Symbol === "function" && Symbol.metadata ? Object.create(null) : void 0;
+        __esDecorate(null, _classDescriptor = { value: _classThis }, _classDecorators, { kind: "class", name: _classThis.name, metadata: _metadata }, null, _classExtraInitializers);
+        InfisicalModule = _classThis = _classDescriptor.value;
+        if (_metadata) Object.defineProperty(_classThis, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
+        __runInitializers(_classThis, _classExtraInitializers);
+    })();
+    return InfisicalModule = _classThis;
+})();
+exports.InfisicalModule = InfisicalModule;

package/dist/infisical.service.d.ts

@@ -0,0 +1,2 @@
+import { InfisicalModuleOptions } from './infisical.types';
+export declare function initializeInfisical(options: InfisicalModuleOptions): Promise<void>;

package/dist/infisical.service.js

@@ -0,0 +1,31 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.initializeInfisical = initializeInfisical;
+const infisical_loader_1 = require("./infisical.loader");
+const dotenv_1 = __importDefault(require("dotenv"));
+const LOG_PREFIX = '[nestjs-infisical]';
+async function initializeInfisical(options) {
+    const { dotenv: dotenvOptions, baseUrl, token, projectId, environment, override = true, failFast = true, } = options;
+    if (dotenvOptions !== false) {
+        dotenv_1.default.config(dotenvOptions);
+    }
+    const provided = [baseUrl, token, projectId, environment].filter(Boolean).length;
+    if (provided === 0) {
+        return;
+    }
+    if (provided !== 4) {
+        console.warn(`${LOG_PREFIX} Partial Infisical configuration detected. Secrets will not be loaded.`);
+        return;
+    }
+    await (0, infisical_loader_1.loadInfisicalSecrets)({
+        baseUrl: baseUrl,
+        token: token,
+        projectId: projectId,
+        environment: environment,
+        override,
+        failFast,
+    });
+}

package/dist/infisical.types.d.ts

@@ -0,0 +1,15 @@
+import { DotenvConfigOptions } from 'dotenv';
+import { ModuleMetadata } from '@nestjs/common';
+export interface InfisicalModuleOptions {
+    baseUrl?: string;
+    token?: string;
+    projectId?: string;
+    environment?: string;
+    dotenv?: DotenvConfigOptions | false;
+    override?: boolean;
+    failFast?: boolean;
+}
+export interface InfisicalModuleAsyncOptions extends Pick<ModuleMetadata, 'imports'> {
+    inject?: any[];
+    useFactory: (...args: any[]) => Promise<InfisicalModuleOptions> | InfisicalModuleOptions;
+}

package/dist/infisical.types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/package.json

@@ -0,0 +1,32 @@
+{
+  "name": "nestjs-infisical",
+  "version": "1.0.3",
+  "description": "CLI-free Infisical HTTP integration for NestJS",
+  "license": "MIT",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {
+    "axios": "^1.6.0",
+    "dotenv": "^16.4.0",
+    "typescript": "^5.9.3"
+  },
+  "peerDependencies": {
+    "@nestjs/common": "^9.0.0 || ^10.0.0"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "devDependencies": {
+    "@types/node": "^25.0.3"
+  }
+}

package/readme.md

@@ -0,0 +1,219 @@
+# nestjs-infisical
+
+nestjs-infisical is a **CLI-free**, **deterministic**, and **production-safe** Infisical integration for NestJS.
+
+It loads secrets **once at application startup** using the **Infisical HTTP API only** and injects them into `process.env`, making it fully compatible with `@nestjs/config`.
+
+This package is intentionally boring.
+
+---
+
+## Why This Package Exists
+
+Most Infisical integrations rely on the Infisical CLI, background agents, or runtime polling.
+
+This package exists to provide:
+
+- No CLI dependency
+- No background processes
+- No runtime mutation
+- Deterministic startup behavior
+- Works in Docker, CI, and production
+- Pure HTTP API usage
+
+If you want secrets loaded **once at boot** and then forgotten, this is for you.
+
+---
+
+## What This Package Does
+
+- Loads environment variables from `.env` using `dotenv` (optional)
+- Fetches secrets from Infisical via HTTP
+- Injects secrets into `process.env`
+- Allows `@nestjs/config` to consume them normally
+- Runs **only during application bootstrap**
+
+---
+
+## Load Order (IMPORTANT)
+
+The load order is **strict and deterministic**:
+
+```text
+dotenv (optional)
+   ↓
+Infisical HTTP API
+   ↓
+process.env
+   ↓
+@nestjs/config
+```
+
+This guarantees compatibility with `ConfigModule.forRoot()`.
+
+---
+
+## Installation
+
+```bash
+npm install nestjs-infisical
+```
+
+Node.js **>= 18** is required.
+
+---
+
+## Basic (Sync) Usage
+
+```ts
+import { Module } from '@nestjs/common';
+import { InfisicalModule } from 'nestjs-infisical';
+
+@Module({
+  imports: [
+    InfisicalModule.forRoot({
+      baseUrl: 'https://app.infisical.com',
+      token: process.env.INFISICAL_TOKEN,
+      projectId: process.env.INFISICAL_PROJECT_ID,
+      environment: 'production',
+    }),
+  ],
+})
+export class AppModule {}
+```
+
+Secrets will be injected into `process.env` before the application finishes bootstrapping.
+
+---
+
+## Async Usage (Recommended)
+
+```ts
+import { Module } from '@nestjs/common';
+import { ConfigModule, ConfigService } from '@nestjs/config';
+import { InfisicalModule } from 'nestjs-infisical';
+
+@Module({
+  imports: [
+    ConfigModule.forRoot(),
+    InfisicalModule.forRootAsync({
+      imports: [ConfigModule],
+      inject: [ConfigService],
+      useFactory: (config: ConfigService) => ({
+        baseUrl: config.get('INFISICAL_BASE_URL'),
+        token: config.get('INFISICAL_TOKEN'),
+        projectId: config.get('INFISICAL_PROJECT_ID'),
+        environment: config.get('INFISICAL_ENVIRONMENT'),
+      }),
+    }),
+  ],
+})
+export class AppModule {}
+```
+
+---
+
+## Dotenv Support
+
+This package uses the **official `dotenv` package directly**.
+
+### Enable dotenv (default)
+
+```ts
+InfisicalModule.forRoot({
+  dotenv: {
+    path: '.env.local',
+  },
+});
+```
+
+### Disable dotenv
+
+```ts
+InfisicalModule.forRoot({
+  dotenv: false,
+});
+```
+
+---
+
+## Configuration Options
+
+```ts
+interface InfisicalModuleOptions {
+  baseUrl?: string;
+  token?: string;
+  projectId?: string;
+  environment?: string;
+  dotenv?: DotenvConfigOptions | false;
+  override?: boolean;   // default: true
+  failFast?: boolean;   // default: true
+}
+```
+
+### override
+
+- `true` → Infisical secrets overwrite existing environment variables
+- `false` → Existing environment variables are preserved
+
+### failFast
+
+- `true` → Application startup fails if Infisical API fails
+- `false` → Logs a warning and continues startup
+
+---
+
+## Edge Case Behavior
+
+### No Infisical Config Provided
+
+Secrets are silently skipped. No logs, no errors.
+
+### Partial Infisical Config Provided
+
+If only some Infisical values are provided:
+
+```text
+[nestjs-infisical] Partial Infisical configuration detected. Secrets will not be loaded.
+```
+
+Secrets are skipped intentionally.
+
+### Infisical API Failure
+
+- `failFast: true` → Throws error and aborts startup
+- `failFast: false` → Logs warning and continues
+
+---
+
+## Explicitly NOT Supported
+
+This package does **not**:
+
+- Use the Infisical CLI
+- Add health checks
+- Rotate secrets
+- Poll or hot-reload secrets
+- Cache secrets
+- Add retries or backoff
+- Add decorators
+- Mutate NestJS internals
+- Run after bootstrap
+
+---
+
+## Design Philosophy
+
+- Startup-only
+- Deterministic
+- Boring
+- Predictable
+- `process.env` is the only contract
+
+If you need dynamic secrets, rotation, or runtime behavior, use a different tool.
+
+---
+
+## License
+
+MIT