playwright-ms-auth 0.0.10

package/lib/index.js

@@ -0,0 +1,17 @@
+/**
+ * @paeng/playwright-ms-auth
+ *
+ * Flexible authentication framework for Playwright tests supporting
+ * password and certificate authentication with multiple credential providers.
+ */
+export * from "./types";
+export * from "./config";
+export * from "./authenticate";
+export * from "./certAuth";
+export * from "./utils";
+export * from "./providers";
+// Re-export commonly used functions
+export { authenticate, loadStorageState } from "./authenticate";
+export { loadConfigFromEnv, validateConfig } from "./config";
+export { CredentialProviderFactory } from "./providers";
+//# sourceMappingURL=index.js.map

package/lib/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,cAAc,SAAS,CAAC;AACxB,cAAc,UAAU,CAAC;AACzB,cAAc,gBAAgB,CAAC;AAC/B,cAAc,YAAY,CAAC;AAC3B,cAAc,SAAS,CAAC;AACxB,cAAc,aAAa,CAAC;AAE5B,oCAAoC;AACpC,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC7D,OAAO,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC"}

package/lib/providers/AzureKeyVaultProvider.d.ts

@@ -0,0 +1,17 @@
+import { CredentialProvider } from "./CredentialProvider";
+import type { AzureKeyVaultConfig, CredentialResult } from "../types";
+/**
+ * Azure KeyVault credential provider
+ * Retrieves passwords or certificates from Azure KeyVault
+ */
+export declare class AzureKeyVaultProvider extends CredentialProvider {
+    private client;
+    private credential;
+    constructor(config: AzureKeyVaultConfig);
+    getProviderName(): string;
+    validateConfig(): void;
+    private getTokenCredential;
+    private getClient;
+    getCredential(): Promise<CredentialResult>;
+}
+//# sourceMappingURL=AzureKeyVaultProvider.d.ts.map

package/lib/providers/AzureKeyVaultProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AzureKeyVaultProvider.d.ts","sourceRoot":"","sources":["../../src/providers/AzureKeyVaultProvider.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,KAAK,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAGtE;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,kBAAkB;IAC3D,OAAO,CAAC,MAAM,CAA6B;IAC3C,OAAO,CAAC,UAAU,CAAgC;gBAEtC,MAAM,EAAE,mBAAmB;IAKvC,eAAe,IAAI,MAAM;IAIzB,cAAc,IAAI,IAAI;IAiBtB,OAAO,CAAC,kBAAkB;IAsB1B,OAAO,CAAC,SAAS;IAWX,aAAa,IAAI,OAAO,CAAC,gBAAgB,CAAC;CAqEjD"}

package/lib/providers/AzureKeyVaultProvider.js

@@ -0,0 +1,105 @@
+import { AzureCliCredential, AzurePowerShellCredential, ChainedTokenCredential, InteractiveBrowserCredential, AzureDeveloperCliCredential, } from "@azure/identity";
+import { SecretClient } from "@azure/keyvault-secrets";
+import { CredentialProvider } from "./CredentialProvider";
+import { log } from "../utils";
+/**
+ * Azure KeyVault credential provider
+ * Retrieves passwords or certificates from Azure KeyVault
+ */
+export class AzureKeyVaultProvider extends CredentialProvider {
+    constructor(config) {
+        super(config);
+        this.client = null;
+        this.credential = null;
+        this.validateConfig();
+    }
+    getProviderName() {
+        return "Azure KeyVault";
+    }
+    validateConfig() {
+        const config = this.config;
+        if (!config.keyVaultEndpoint) {
+            throw new Error("KeyVault endpoint is required");
+        }
+        if (!config.secretName) {
+            throw new Error("Secret name is required");
+        }
+        try {
+            new URL(config.keyVaultEndpoint);
+        }
+        catch {
+            throw new Error(`Invalid KeyVault endpoint URL: ${config.keyVaultEndpoint}`);
+        }
+    }
+    getTokenCredential() {
+        if (!this.credential) {
+            const credentials = [
+                new AzureCliCredential(),
+                new AzurePowerShellCredential(),
+                new AzureDeveloperCliCredential(),
+            ];
+            // Only add interactive browser credential if not in CI/CD
+            if (!process.env.TF_BUILD && !process.env.CI) {
+                credentials.push(new InteractiveBrowserCredential({
+                    redirectUri: "http://localhost:8080/",
+                }));
+            }
+            this.credential = new ChainedTokenCredential(...credentials);
+        }
+        return this.credential;
+    }
+    getClient() {
+        if (!this.client) {
+            const config = this.config;
+            this.client = new SecretClient(config.keyVaultEndpoint, this.getTokenCredential());
+        }
+        return this.client;
+    }
+    async getCredential() {
+        const config = this.config;
+        log(`[AzureKeyVaultProvider] Retrieving secret '${config.secretName}' from '${config.keyVaultEndpoint}'`);
+        const client = this.getClient();
+        const secret = await client.getSecret(config.secretName, {
+            version: config.secretVersion,
+        });
+        if (!secret.value) {
+            throw new Error(`Unable to retrieve secret '${config.secretName}' from KeyVault. ` +
+                `Please check permissions and ensure the secret exists.`);
+        }
+        const { expiresOn, notBefore, enabled, contentType } = secret.properties;
+        log(`[AzureKeyVaultProvider] Secret metadata: ` +
+            `enabled=${enabled ?? "unknown"}, ` +
+            `notBefore=${notBefore?.toISOString() ?? "none"}, ` +
+            `expiresOn=${expiresOn?.toISOString() ?? "none"}, ` +
+            `contentType=${contentType ?? "unknown"}`);
+        // Validate secret properties
+        if (!enabled) {
+            throw new Error(`Secret '${config.secretName}' is disabled`);
+        }
+        if (expiresOn && expiresOn.getTime() < Date.now()) {
+            throw new Error(`Secret '${config.secretName}' expired on ${expiresOn.toISOString()}`);
+        }
+        if (notBefore && notBefore.getTime() > Date.now()) {
+            throw new Error(`Secret '${config.secretName}' is not valid before ${notBefore.toISOString()}`);
+        }
+        // Determine credential type based on content type
+        if (contentType === "application/x-pkcs12") {
+            // Certificate (PFX format, base64 encoded)
+            const certificate = Buffer.from(secret.value, "base64");
+            log(`[AzureKeyVaultProvider] Retrieved certificate (${certificate.byteLength} bytes)`);
+            return {
+                type: "certificate",
+                value: certificate,
+            };
+        }
+        else {
+            // Password (plain text)
+            log(`[AzureKeyVaultProvider] Retrieved password (${secret.value.length} characters)`);
+            return {
+                type: "password",
+                value: secret.value,
+            };
+        }
+    }
+}
+//# sourceMappingURL=AzureKeyVaultProvider.js.map

package/lib/providers/AzureKeyVaultProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AzureKeyVaultProvider.js","sourceRoot":"","sources":["../../src/providers/AzureKeyVaultProvider.ts"],"names":[],"mappings":"AACA,OAAO,EACL,kBAAkB,EAClB,yBAAyB,EACzB,sBAAsB,EACtB,4BAA4B,EAC5B,2BAA2B,GAC5B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAE/B;;;GAGG;AACH,MAAM,OAAO,qBAAsB,SAAQ,kBAAkB;IAI3D,YAAY,MAA2B;QACrC,KAAK,CAAC,MAAM,CAAC,CAAC;QAJR,WAAM,GAAwB,IAAI,CAAC;QACnC,eAAU,GAA2B,IAAI,CAAC;QAIhD,IAAI,CAAC,cAAc,EAAE,CAAC;IACxB,CAAC;IAED,eAAe;QACb,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAED,cAAc;QACZ,MAAM,MAAM,GAAG,IAAI,CAAC,MAA6B,CAAC;QAClD,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QACD,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;QACnC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CACb,kCAAkC,MAAM,CAAC,gBAAgB,EAAE,CAC5D,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,kBAAkB;QACxB,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,WAAW,GAAsB;gBACrC,IAAI,kBAAkB,EAAE;gBACxB,IAAI,yBAAyB,EAAE;gBAC/B,IAAI,2BAA2B,EAAE;aAClC,CAAC;YAEF,0DAA0D;YAC1D,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBAC7C,WAAW,CAAC,IAAI,CACd,IAAI,4BAA4B,CAAC;oBAC/B,WAAW,EAAE,wBAAwB;iBACtC,CAAC,CACH,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,UAAU,GAAG,IAAI,sBAAsB,CAAC,GAAG,WAAW,CAAC,CAAC;QAC/D,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAEO,SAAS;QACf,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,MAAM,GAAG,IAAI,CAAC,MAA6B,CAAC;YAClD,IAAI,CAAC,MAAM,GAAG,IAAI,YAAY,CAC5B,MAAM,CAAC,gBAAgB,EACvB,IAAI,CAAC,kBAAkB,EAAE,CAC1B,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,MAAM,MAAM,GAAG,IAAI,CAAC,MAA6B,CAAC;QAClD,GAAG,CACD,8CAA8C,MAAM,CAAC,UAAU,WAAW,MAAM,CAAC,gBAAgB,GAAG,CACrG,CAAC;QAEF,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE;YACvD,OAAO,EAAE,MAAM,CAAC,aAAa;SAC9B,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CACb,8BAA8B,MAAM,CAAC,UAAU,mBAAmB;gBAChE,wDAAwD,CAC3D,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,MAAM,CAAC,UAAU,CAAC;QAEzE,GAAG,CACD,2CAA2C;YACzC,WAAW,OAAO,IAAI,SAAS,IAAI;YACnC,aAAa,SAAS,EAAE,WAAW,EAAE,IAAI,MAAM,IAAI;YACnD,aAAa,SAAS,EAAE,WAAW,EAAE,IAAI,MAAM,IAAI;YACnD,eAAe,WAAW,IAAI,SAAS,EAAE,CAC5C,CAAC;QAEF,6BAA6B;QAC7B,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,WAAW,MAAM,CAAC,UAAU,eAAe,CAAC,CAAC;QAC/D,CAAC;QAED,IAAI,SAAS,IAAI,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAClD,MAAM,IAAI,KAAK,CACb,WAAW,MAAM,CAAC,UAAU,gBAAgB,SAAS,CAAC,WAAW,EAAE,EAAE,CACtE,CAAC;QACJ,CAAC;QAED,IAAI,SAAS,IAAI,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAClD,MAAM,IAAI,KAAK,CACb,WACE,MAAM,CAAC,UACT,yBAAyB,SAAS,CAAC,WAAW,EAAE,EAAE,CACnD,CAAC;QACJ,CAAC;QAED,kDAAkD;QAClD,IAAI,WAAW,KAAK,sBAAsB,EAAE,CAAC;YAC3C,2CAA2C;YAC3C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;YACxD,GAAG,CACD,kDAAkD,WAAW,CAAC,UAAU,SAAS,CAClF,CAAC;YACF,OAAO;gBACL,IAAI,EAAE,aAAa;gBACnB,KAAK,EAAE,WAAW;aACnB,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,wBAAwB;YACxB,GAAG,CACD,+CAA+C,MAAM,CAAC,KAAK,CAAC,MAAM,cAAc,CACjF,CAAC;YACF,OAAO;gBACL,IAAI,EAAE,UAAU;gBAChB,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}

package/lib/providers/CredentialProvider.d.ts

@@ -0,0 +1,24 @@
+import type { CredentialResult, ProviderConfig } from "../types";
+/**
+ * Abstract base class for credential providers
+ * Implements Factory pattern for extensibility
+ */
+export declare abstract class CredentialProvider {
+    protected config: ProviderConfig;
+    constructor(config: ProviderConfig);
+    /**
+     * Retrieve the credential from the provider
+     * @returns Promise resolving to the credential
+     */
+    abstract getCredential(): Promise<CredentialResult>;
+    /**
+     * Validate the provider configuration
+     * @throws Error if configuration is invalid
+     */
+    abstract validateConfig(): void;
+    /**
+     * Get a human-readable name for logging
+     */
+    abstract getProviderName(): string;
+}
+//# sourceMappingURL=CredentialProvider.d.ts.map

package/lib/providers/CredentialProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CredentialProvider.d.ts","sourceRoot":"","sources":["../../src/providers/CredentialProvider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAEjE;;;GAGG;AACH,8BAAsB,kBAAkB;IAC1B,SAAS,CAAC,MAAM,EAAE,cAAc;gBAAtB,MAAM,EAAE,cAAc;IAE5C;;;OAGG;IACH,QAAQ,CAAC,aAAa,IAAI,OAAO,CAAC,gBAAgB,CAAC;IAEnD;;;OAGG;IACH,QAAQ,CAAC,cAAc,IAAI,IAAI;IAE/B;;OAEG;IACH,QAAQ,CAAC,eAAe,IAAI,MAAM;CACnC"}

package/lib/providers/CredentialProvider.js

@@ -0,0 +1,10 @@
+/**
+ * Abstract base class for credential providers
+ * Implements Factory pattern for extensibility
+ */
+export class CredentialProvider {
+    constructor(config) {
+        this.config = config;
+    }
+}
+//# sourceMappingURL=CredentialProvider.js.map

package/lib/providers/CredentialProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CredentialProvider.js","sourceRoot":"","sources":["../../src/providers/CredentialProvider.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,MAAM,OAAgB,kBAAkB;IACtC,YAAsB,MAAsB;QAAtB,WAAM,GAAN,MAAM,CAAgB;IAAG,CAAC;CAkBjD"}

package/lib/providers/CredentialProviderFactory.d.ts

@@ -0,0 +1,20 @@
+import { CredentialProvider } from "./CredentialProvider";
+import type { CredentialProviderType, ProviderConfig } from "../types";
+/**
+ * Factory for creating credential providers
+ * Implements Abstract Factory pattern for extensibility
+ */
+export declare class CredentialProviderFactory {
+    /**
+     * Create a credential provider based on type and configuration
+     * @param type Provider type
+     * @param config Provider-specific configuration
+     * @returns CredentialProvider instance
+     */
+    static createProvider(type: CredentialProviderType, config: ProviderConfig): CredentialProvider;
+    /**
+     * Get list of supported provider types
+     */
+    static getSupportedProviders(): CredentialProviderType[];
+}
+//# sourceMappingURL=CredentialProviderFactory.d.ts.map

package/lib/providers/CredentialProviderFactory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CredentialProviderFactory.d.ts","sourceRoot":"","sources":["../../src/providers/CredentialProviderFactory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAK1D,OAAO,KAAK,EACV,sBAAsB,EACtB,cAAc,EAKf,MAAM,UAAU,CAAC;AAElB;;;GAGG;AACH,qBAAa,yBAAyB;IACpC;;;;;OAKG;IACH,MAAM,CAAC,cAAc,CACnB,IAAI,EAAE,sBAAsB,EAC5B,MAAM,EAAE,cAAc,GACrB,kBAAkB;IAmBrB;;OAEG;IACH,MAAM,CAAC,qBAAqB,IAAI,sBAAsB,EAAE;CAGzD"}

package/lib/providers/CredentialProviderFactory.js

@@ -0,0 +1,37 @@
+import { AzureKeyVaultProvider } from "./AzureKeyVaultProvider";
+import { LocalFileProvider } from "./LocalFileProvider";
+import { EnvironmentProvider } from "./EnvironmentProvider";
+import { GitHubSecretsProvider } from "./GitHubSecretsProvider";
+/**
+ * Factory for creating credential providers
+ * Implements Abstract Factory pattern for extensibility
+ */
+export class CredentialProviderFactory {
+    /**
+     * Create a credential provider based on type and configuration
+     * @param type Provider type
+     * @param config Provider-specific configuration
+     * @returns CredentialProvider instance
+     */
+    static createProvider(type, config) {
+        switch (type) {
+            case "azure-keyvault":
+                return new AzureKeyVaultProvider(config);
+            case "local-file":
+                return new LocalFileProvider(config);
+            case "environment":
+                return new EnvironmentProvider(config);
+            case "github-secrets":
+                return new GitHubSecretsProvider(config);
+            default:
+                throw new Error(`Unsupported credential provider type: ${type}`);
+        }
+    }
+    /**
+     * Get list of supported provider types
+     */
+    static getSupportedProviders() {
+        return ["azure-keyvault", "local-file", "environment", "github-secrets"];
+    }
+}
+//# sourceMappingURL=CredentialProviderFactory.js.map

package/lib/providers/CredentialProviderFactory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CredentialProviderFactory.js","sourceRoot":"","sources":["../../src/providers/CredentialProviderFactory.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAUhE;;;GAGG;AACH,MAAM,OAAO,yBAAyB;IACpC;;;;;OAKG;IACH,MAAM,CAAC,cAAc,CACnB,IAA4B,EAC5B,MAAsB;QAEtB,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,gBAAgB;gBACnB,OAAO,IAAI,qBAAqB,CAAC,MAA6B,CAAC,CAAC;YAElE,KAAK,YAAY;gBACf,OAAO,IAAI,iBAAiB,CAAC,MAAyB,CAAC,CAAC;YAE1D,KAAK,aAAa;gBAChB,OAAO,IAAI,mBAAmB,CAAC,MAA2B,CAAC,CAAC;YAE9D,KAAK,gBAAgB;gBACnB,OAAO,IAAI,qBAAqB,CAAC,MAA6B,CAAC,CAAC;YAElE;gBACE,MAAM,IAAI,KAAK,CAAC,yCAAyC,IAAI,EAAE,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,qBAAqB;QAC1B,OAAO,CAAC,gBAAgB,EAAE,YAAY,EAAE,aAAa,EAAE,gBAAgB,CAAC,CAAC;IAC3E,CAAC;CACF"}

package/lib/providers/EnvironmentProvider.d.ts

@@ -0,0 +1,13 @@
+import { CredentialProvider } from "./CredentialProvider";
+import type { EnvironmentConfig, CredentialResult } from "../types";
+/**
+ * Environment variable credential provider
+ * Retrieves passwords or certificates from environment variables
+ */
+export declare class EnvironmentProvider extends CredentialProvider {
+    constructor(config: EnvironmentConfig);
+    getProviderName(): string;
+    validateConfig(): void;
+    getCredential(): Promise<CredentialResult>;
+}
+//# sourceMappingURL=EnvironmentProvider.d.ts.map

package/lib/providers/EnvironmentProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"EnvironmentProvider.d.ts","sourceRoot":"","sources":["../../src/providers/EnvironmentProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAGpE;;;GAGG;AACH,qBAAa,mBAAoB,SAAQ,kBAAkB;gBAC7C,MAAM,EAAE,iBAAiB;IAKrC,eAAe,IAAI,MAAM;IAIzB,cAAc,IAAI,IAAI;IAOhB,aAAa,IAAI,OAAO,CAAC,gBAAgB,CAAC;CAwCjD"}

package/lib/providers/EnvironmentProvider.js

@@ -0,0 +1,52 @@
+import { CredentialProvider } from "./CredentialProvider";
+import { log } from "../utils";
+/**
+ * Environment variable credential provider
+ * Retrieves passwords or certificates from environment variables
+ */
+export class EnvironmentProvider extends CredentialProvider {
+    constructor(config) {
+        super(config);
+        this.validateConfig();
+    }
+    getProviderName() {
+        return "Environment Variable";
+    }
+    validateConfig() {
+        const config = this.config;
+        if (!config.variableName) {
+            throw new Error("Environment variable name is required");
+        }
+    }
+    async getCredential() {
+        const config = this.config;
+        log(`[EnvironmentProvider] Reading credential from environment variable '${config.variableName}'`);
+        const value = process.env[config.variableName];
+        if (!value) {
+            throw new Error(`Environment variable '${config.variableName}' is not set or empty. ` +
+                `Please set this variable with the credential value.`);
+        }
+        // Try to detect if it's a base64 encoded certificate
+        try {
+            const decoded = Buffer.from(value, "base64");
+            // Check if it's a valid DER/PFX certificate (starts with 0x30)
+            if (decoded.length > 100 && decoded[0] === 0x30) {
+                log(`[EnvironmentProvider] Retrieved base64-encoded certificate (${decoded.byteLength} bytes)`);
+                return {
+                    type: "certificate",
+                    value: decoded,
+                };
+            }
+        }
+        catch {
+            // Not base64 or not a certificate
+        }
+        // Default to password
+        log(`[EnvironmentProvider] Retrieved password (${value.length} characters)`);
+        return {
+            type: "password",
+            value: value,
+        };
+    }
+}
+//# sourceMappingURL=EnvironmentProvider.js.map

package/lib/providers/EnvironmentProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"EnvironmentProvider.js","sourceRoot":"","sources":["../../src/providers/EnvironmentProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAE/B;;;GAGG;AACH,MAAM,OAAO,mBAAoB,SAAQ,kBAAkB;IACzD,YAAY,MAAyB;QACnC,KAAK,CAAC,MAAM,CAAC,CAAC;QACd,IAAI,CAAC,cAAc,EAAE,CAAC;IACxB,CAAC;IAED,eAAe;QACb,OAAO,sBAAsB,CAAC;IAChC,CAAC;IAED,cAAc;QACZ,MAAM,MAAM,GAAG,IAAI,CAAC,MAA2B,CAAC;QAChD,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,MAAM,MAAM,GAAG,IAAI,CAAC,MAA2B,CAAC;QAChD,GAAG,CACD,uEAAuE,MAAM,CAAC,YAAY,GAAG,CAC9F,CAAC;QAEF,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAC/C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CACb,yBAAyB,MAAM,CAAC,YAAY,yBAAyB;gBACnE,qDAAqD,CACxD,CAAC;QACJ,CAAC;QAED,qDAAqD;QACrD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;YAC7C,+DAA+D;YAC/D,IAAI,OAAO,CAAC,MAAM,GAAG,GAAG,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAChD,GAAG,CACD,+DAA+D,OAAO,CAAC,UAAU,SAAS,CAC3F,CAAC;gBACF,OAAO;oBACL,IAAI,EAAE,aAAa;oBACnB,KAAK,EAAE,OAAO;iBACf,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,kCAAkC;QACpC,CAAC;QAED,sBAAsB;QACtB,GAAG,CACD,6CAA6C,KAAK,CAAC,MAAM,cAAc,CACxE,CAAC;QACF,OAAO;YACL,IAAI,EAAE,UAAU;YAChB,KAAK,EAAE,KAAK;SACb,CAAC;IACJ,CAAC;CACF"}

package/lib/providers/GitHubSecretsProvider.d.ts

@@ -0,0 +1,13 @@
+import { CredentialProvider } from "./CredentialProvider";
+import type { GitHubSecretsConfig, CredentialResult } from "../types";
+/**
+ * GitHub Secrets credential provider
+ * Placeholder for future implementation
+ */
+export declare class GitHubSecretsProvider extends CredentialProvider {
+    constructor(config: GitHubSecretsConfig);
+    getProviderName(): string;
+    validateConfig(): void;
+    getCredential(): Promise<CredentialResult>;
+}
+//# sourceMappingURL=GitHubSecretsProvider.d.ts.map

package/lib/providers/GitHubSecretsProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"GitHubSecretsProvider.d.ts","sourceRoot":"","sources":["../../src/providers/GitHubSecretsProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,KAAK,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAGtE;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,kBAAkB;gBAC/C,MAAM,EAAE,mBAAmB;IAKvC,eAAe,IAAI,MAAM;IAIzB,cAAc,IAAI,IAAI;IAUhB,aAAa,IAAI,OAAO,CAAC,gBAAgB,CAAC;CA8CjD"}

package/lib/providers/GitHubSecretsProvider.js

@@ -0,0 +1,59 @@
+import { CredentialProvider } from "./CredentialProvider";
+import { log } from "../utils";
+/**
+ * GitHub Secrets credential provider
+ * Placeholder for future implementation
+ */
+export class GitHubSecretsProvider extends CredentialProvider {
+    constructor(config) {
+        super(config);
+        this.validateConfig();
+    }
+    getProviderName() {
+        return "GitHub Secrets";
+    }
+    validateConfig() {
+        const config = this.config;
+        if (!config.repository) {
+            throw new Error("GitHub repository is required (format: owner/repo)");
+        }
+        if (!config.secretName) {
+            throw new Error("GitHub secret name is required");
+        }
+    }
+    async getCredential() {
+        // This is a placeholder for future GitHub Secrets API integration
+        // For now, we'll check if the secret is available via environment variable
+        // (GitHub Actions automatically exposes secrets as env vars)
+        const config = this.config;
+        const envVarName = config.secretName
+            .toUpperCase()
+            .replace(/[^A-Z0-9_]/g, "_");
+        log(`[GitHubSecretsProvider] Looking for secret '${config.secretName}' in environment`);
+        const value = process.env[envVarName];
+        if (!value) {
+            throw new Error(`GitHub secret '${config.secretName}' not found in environment. ` +
+                `In GitHub Actions, secrets are exposed as environment variables.`);
+        }
+        // Try to detect if it's a base64 encoded certificate
+        try {
+            const decoded = Buffer.from(value, "base64");
+            if (decoded.length > 100 && decoded[0] === 0x30) {
+                log(`[GitHubSecretsProvider] Retrieved certificate (${decoded.byteLength} bytes)`);
+                return {
+                    type: "certificate",
+                    value: decoded,
+                };
+            }
+        }
+        catch {
+            // Not base64
+        }
+        log(`[GitHubSecretsProvider] Retrieved password (${value.length} characters)`);
+        return {
+            type: "password",
+            value: value,
+        };
+    }
+}
+//# sourceMappingURL=GitHubSecretsProvider.js.map

package/lib/providers/GitHubSecretsProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"GitHubSecretsProvider.js","sourceRoot":"","sources":["../../src/providers/GitHubSecretsProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAE/B;;;GAGG;AACH,MAAM,OAAO,qBAAsB,SAAQ,kBAAkB;IAC3D,YAAY,MAA2B;QACrC,KAAK,CAAC,MAAM,CAAC,CAAC;QACd,IAAI,CAAC,cAAc,EAAE,CAAC;IACxB,CAAC;IAED,eAAe;QACb,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAED,cAAc;QACZ,MAAM,MAAM,GAAG,IAAI,CAAC,MAA6B,CAAC;QAClD,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,kEAAkE;QAClE,2EAA2E;QAC3E,6DAA6D;QAE7D,MAAM,MAAM,GAAG,IAAI,CAAC,MAA6B,CAAC;QAClD,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU;aACjC,WAAW,EAAE;aACb,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;QAE/B,GAAG,CACD,+CAA+C,MAAM,CAAC,UAAU,kBAAkB,CACnF,CAAC;QAEF,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACtC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CACb,kBAAkB,MAAM,CAAC,UAAU,8BAA8B;gBAC/D,kEAAkE,CACrE,CAAC;QACJ,CAAC;QAED,qDAAqD;QACrD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;YAC7C,IAAI,OAAO,CAAC,MAAM,GAAG,GAAG,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAChD,GAAG,CACD,kDAAkD,OAAO,CAAC,UAAU,SAAS,CAC9E,CAAC;gBACF,OAAO;oBACL,IAAI,EAAE,aAAa;oBACnB,KAAK,EAAE,OAAO;iBACf,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,aAAa;QACf,CAAC;QAED,GAAG,CACD,+CAA+C,KAAK,CAAC,MAAM,cAAc,CAC1E,CAAC;QACF,OAAO;YACL,IAAI,EAAE,UAAU;YAChB,KAAK,EAAE,KAAK;SACb,CAAC;IACJ,CAAC;CACF"}

package/lib/providers/LocalFileProvider.d.ts

@@ -0,0 +1,13 @@
+import { CredentialProvider } from "./CredentialProvider";
+import type { LocalFileConfig, CredentialResult } from "../types";
+/**
+ * Local file credential provider
+ * Retrieves passwords or certificates from local file system
+ */
+export declare class LocalFileProvider extends CredentialProvider {
+    constructor(config: LocalFileConfig);
+    getProviderName(): string;
+    validateConfig(): void;
+    getCredential(): Promise<CredentialResult>;
+}
+//# sourceMappingURL=LocalFileProvider.d.ts.map

package/lib/providers/LocalFileProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"LocalFileProvider.d.ts","sourceRoot":"","sources":["../../src/providers/LocalFileProvider.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,KAAK,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAGlE;;;GAGG;AACH,qBAAa,iBAAkB,SAAQ,kBAAkB;gBAC3C,MAAM,EAAE,eAAe;IAKnC,eAAe,IAAI,MAAM;IAIzB,cAAc,IAAI,IAAI;IAOhB,aAAa,IAAI,OAAO,CAAC,gBAAgB,CAAC;CAmEjD"}

package/lib/providers/LocalFileProvider.js

@@ -0,0 +1,77 @@
+import { readFile } from "node:fs/promises";
+import { CredentialProvider } from "./CredentialProvider";
+import { log } from "../utils";
+/**
+ * Local file credential provider
+ * Retrieves passwords or certificates from local file system
+ */
+export class LocalFileProvider extends CredentialProvider {
+    constructor(config) {
+        super(config);
+        this.validateConfig();
+    }
+    getProviderName() {
+        return "Local File";
+    }
+    validateConfig() {
+        const config = this.config;
+        if (!config.filePath) {
+            throw new Error("File path is required for local file provider");
+        }
+    }
+    async getCredential() {
+        const config = this.config;
+        log(`[LocalFileProvider] Reading credential from '${config.filePath}'`);
+        try {
+            const fileContent = await readFile(config.filePath);
+            // Detect file type based on extension or content
+            const isTextFile = config.filePath.match(/\.(txt|pwd|password)$/i);
+            const isCertFile = config.filePath.match(/\.(pfx|p12|cer|crt|pem)$/i);
+            if (isTextFile) {
+                // Text file containing password
+                const password = fileContent.toString("utf-8").trim();
+                log(`[LocalFileProvider] Retrieved password (${password.length} characters)`);
+                return {
+                    type: "password",
+                    value: password,
+                };
+            }
+            else if (isCertFile || fileContent[0] === 0x30) {
+                // Certificate file (PFX/P12) or binary content starting with 0x30 (DER encoded)
+                log(`[LocalFileProvider] Retrieved certificate (${fileContent.byteLength} bytes)`);
+                return {
+                    type: "certificate",
+                    value: fileContent,
+                };
+            }
+            else {
+                // Try to detect if it's base64 encoded certificate
+                try {
+                    const decoded = Buffer.from(fileContent.toString("utf-8").trim(), "base64");
+                    if (decoded.length > 0 && decoded[0] === 0x30) {
+                        log(`[LocalFileProvider] Retrieved base64-encoded certificate (${decoded.byteLength} bytes)`);
+                        return {
+                            type: "certificate",
+                            value: decoded,
+                        };
+                    }
+                }
+                catch {
+                    // Not base64
+                }
+                // Default to password
+                const password = fileContent.toString("utf-8").trim();
+                log(`[LocalFileProvider] Retrieved password (${password.length} characters)`);
+                return {
+                    type: "password",
+                    value: password,
+                };
+            }
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            throw new Error(`Failed to read credential file '${config.filePath}': ${message}`);
+        }
+    }
+}
+//# sourceMappingURL=LocalFileProvider.js.map

package/lib/providers/LocalFileProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"LocalFileProvider.js","sourceRoot":"","sources":["../../src/providers/LocalFileProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAE/B;;;GAGG;AACH,MAAM,OAAO,iBAAkB,SAAQ,kBAAkB;IACvD,YAAY,MAAuB;QACjC,KAAK,CAAC,MAAM,CAAC,CAAC;QACd,IAAI,CAAC,cAAc,EAAE,CAAC;IACxB,CAAC;IAED,eAAe;QACb,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,cAAc;QACZ,MAAM,MAAM,GAAG,IAAI,CAAC,MAAyB,CAAC;QAC9C,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAyB,CAAC;QAC9C,GAAG,CAAC,gDAAgD,MAAM,CAAC,QAAQ,GAAG,CAAC,CAAC;QAExE,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAEpD,iDAAiD;YACjD,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;YACnE,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;YAEtE,IAAI,UAAU,EAAE,CAAC;gBACf,gCAAgC;gBAChC,MAAM,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;gBACtD,GAAG,CACD,2CAA2C,QAAQ,CAAC,MAAM,cAAc,CACzE,CAAC;gBACF,OAAO;oBACL,IAAI,EAAE,UAAU;oBAChB,KAAK,EAAE,QAAQ;iBAChB,CAAC;YACJ,CAAC;iBAAM,IAAI,UAAU,IAAI,WAAW,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBACjD,gFAAgF;gBAChF,GAAG,CACD,8CAA8C,WAAW,CAAC,UAAU,SAAS,CAC9E,CAAC;gBACF,OAAO;oBACL,IAAI,EAAE,aAAa;oBACnB,KAAK,EAAE,WAAW;iBACnB,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,mDAAmD;gBACnD,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CACzB,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EACpC,QAAQ,CACT,CAAC;oBACF,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;wBAC9C,GAAG,CACD,6DAA6D,OAAO,CAAC,UAAU,SAAS,CACzF,CAAC;wBACF,OAAO;4BACL,IAAI,EAAE,aAAa;4BACnB,KAAK,EAAE,OAAO;yBACf,CAAC;oBACJ,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,aAAa;gBACf,CAAC;gBAED,sBAAsB;gBACtB,MAAM,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;gBACtD,GAAG,CACD,2CAA2C,QAAQ,CAAC,MAAM,cAAc,CACzE,CAAC;gBACF,OAAO;oBACL,IAAI,EAAE,UAAU;oBAChB,KAAK,EAAE,QAAQ;iBAChB,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,MAAM,IAAI,KAAK,CACb,mCAAmC,MAAM,CAAC,QAAQ,MAAM,OAAO,EAAE,CAClE,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}

package/lib/providers/index.d.ts

@@ -0,0 +1,7 @@
+export * from "./CredentialProvider";
+export * from "./CredentialProviderFactory";
+export * from "./AzureKeyVaultProvider";
+export * from "./LocalFileProvider";
+export * from "./EnvironmentProvider";
+export * from "./GitHubSecretsProvider";
+//# sourceMappingURL=index.d.ts.map

package/lib/providers/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/providers/index.ts"],"names":[],"mappings":"AAAA,cAAc,sBAAsB,CAAC;AACrC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,yBAAyB,CAAC;AACxC,cAAc,qBAAqB,CAAC;AACpC,cAAc,uBAAuB,CAAC;AACtC,cAAc,yBAAyB,CAAC"}

package/lib/providers/index.js

@@ -0,0 +1,7 @@
+export * from "./CredentialProvider";
+export * from "./CredentialProviderFactory";
+export * from "./AzureKeyVaultProvider";
+export * from "./LocalFileProvider";
+export * from "./EnvironmentProvider";
+export * from "./GitHubSecretsProvider";
+//# sourceMappingURL=index.js.map

package/lib/providers/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/providers/index.ts"],"names":[],"mappings":"AAAA,cAAc,sBAAsB,CAAC;AACrC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,yBAAyB,CAAC;AACxC,cAAc,qBAAqB,CAAC;AACpC,cAAc,uBAAuB,CAAC;AACtC,cAAc,yBAAyB,CAAC"}