updating-secrets 1.0.3 → 1.1.0

package/dist/adapters/base.adapter.d.ts

@@ -28,4 +28,6 @@ export declare class BaseSecretsAdapter {
      * any resources passed to it in its constructor.
      */
     destroy(): void;
+    /** Load an individual secret from the adapter. No shape checking is performed here. */
+    loadSingleSecret(secretId: string): MaybePromise<unknown>;
 }

package/dist/adapters/base.adapter.js

@@ -26,4 +26,9 @@ export class BaseSecretsAdapter {
      * any resources passed to it in its constructor.
      */
     destroy() { }
+    /** Load an individual secret from the adapter. No shape checking is performed here. */
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    loadSingleSecret(secretId) {
+        throw new Error('Do not try to load a secret from the base secrets adapter.');
+    }
 }

package/dist/adapters/secrets-json-file.adapter.d.ts

@@ -52,4 +52,6 @@ export declare class SecretsJsonFileAdapter<const Secrets extends SecretDefiniti
     jsonFilePath: string, options?: PartialWithUndefined<SecretsJsonFileAdapterOptions<Secrets>>);
     /** Loads secrets from the given JSON file path. */
     loadSecrets(): Promise<any>;
+    /** Load an individual secret from the JSON file. */
+    loadSingleSecret(secretKey: string): Promise<any>;
 }

package/dist/adapters/secrets-json-file.adapter.js

@@ -51,4 +51,9 @@ export class SecretsJsonFileAdapter extends BaseSecretsAdapter {
         const fileContents = String(await this.options.fsOverride.promises.readFile(this.jsonFilePath));
         return parseWithJson5(fileContents);
     }
+    /** Load an individual secret from the JSON file. */
+    async loadSingleSecret(secretKey) {
+        const fileContents = parseWithJson5(String(await this.options.fsOverride.promises.readFile(this.jsonFilePath)));
+        return fileContents[secretKey];
+    }
 }

package/dist/adapters/static-secrets.adapter.d.ts

@@ -20,4 +20,6 @@ export declare class StaticSecretsAdapter extends BaseSecretsAdapter {
     staticSecrets: Record<string, JsonCompatibleValue>);
     /** Directly returns the static secrets given. */
     loadSecrets(): Record<string, JsonCompatibleValue>;
+    /** Load an individual secret from the static secrets given. */
+    loadSingleSecret(secretKey: string): JsonCompatibleValue;
 }

package/dist/adapters/static-secrets.adapter.js

@@ -23,4 +23,8 @@ export class StaticSecretsAdapter extends BaseSecretsAdapter {
     loadSecrets() {
         return this.staticSecrets;
     }
+    /** Load an individual secret from the static secrets given. */
+    loadSingleSecret(secretKey) {
+        return this.staticSecrets[secretKey];
+    }
 }

package/dist/secrets-definition/define-secrets.d.ts

@@ -43,7 +43,7 @@ export declare const rotatableSecretShape: Shape<{
     /** The latest up-to-date version of the secret's value. */
     current: string;
     /** The optional legacy value for the secret. Use for graceful secret rotation. */
-    legacy: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
+    legacy: Shape<import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>>;
 }>;
 /**
  * Type expansion for {@link rotatableSecretShape}.

package/dist/updating-secrets.d.ts

@@ -1,5 +1,6 @@
 import { type PartialWithUndefined, type RequiredAndNotNull, type Values } from '@augment-vir/common';
-import { type AnyDuration } from 'date-vir';
+import { type AnyDuration, type FullDate } from 'date-vir';
+import { type Shape } from 'object-shape-tester';
 import { type BaseSecretsAdapter } from './adapters/base.adapter.js';
 import { type ProcessedSecretDefinitions, type RotatableSecretValue, type SecretDefinitions, type SecretValues } from './secrets-definition/define-secrets.js';
 /**
@@ -95,6 +96,12 @@ export declare class UpdatingSecrets<const Secrets extends Readonly<SecretDefini
      */
     protected loadingSecretsPromise: Promise<SecretValues<Secrets>> | undefined;
     protected consecutiveFailureCount: number;
+    protected dynamicCache: {
+        [SecretName in string]: {
+            value: any;
+            cachedAt: FullDate;
+        };
+    };
     constructor(secrets: Readonly<Secrets>, 
     /**
      * A list of adapters to load secrets from. Order here matters: all values loaded from the
@@ -173,6 +180,13 @@ export declare class UpdatingSecrets<const Secrets extends Readonly<SecretDefini
     actualRotatableSecretValue: RotatableSecretValue): boolean;
     /** Get the latest secret values. */
     get get(): SecretValues<Secrets>;
+    /**
+     * Load a single secret dynamically, without a secret definition. The given `secretKey` varies
+     * based on the adapters in use.
+     */
+    loadDynamicSecret<const S extends Shape>(secretKey: string, shapeRequirement: S): Promise<S['runtimeType']>;
+    /** Try to load a single secret from any of the provided adapters. */
+    protected loadSecretFromAdapters<const S extends Shape>(secretKey: string, shapeRequirement: S): Promise<S['runtimeType']>;
 }
 /**
  * Processes the given {@link SecretDefinitions} so they can be easily consumed by adapters. This is
@@ -187,6 +201,6 @@ export declare function processSecrets<const Secrets extends SecretDefinitions>(
         description: string;
         whereToFind: string;
     };
-    shapeDefinition: import("object-shape-tester").Shape | undefined;
+    shapeDefinition: Shape | undefined;
     adapterConfig: NonNullable<Values<SecretDefinitions>["adapterConfig"]>;
 }>;

package/dist/updating-secrets.js

@@ -1,7 +1,7 @@
 import { assert } from '@augment-vir/assert';
-import { combineErrors, DeferredPromise, ensureError, extractErrorMessage, getObjectTypedEntries, log, makeWritable, mapObject, mapObjectValues, mergeDefinedProperties, } from '@augment-vir/common';
-import { convertDuration } from 'date-vir';
-import { assertValidShape, defineShape } from 'object-shape-tester';
+import { combineErrors, DeferredPromise, ensureError, ensureErrorAndPrependMessage, extractErrorMessage, getObjectTypedEntries, log, makeWritable, mapObject, mapObjectValues, mergeDefinedProperties, } from '@augment-vir/common';
+import { calculateRelativeDate, convertDuration, getNowInUtcTimezone, isDateAfter, } from 'date-vir';
+import { assertValidShape, checkValidShape, defineShape } from 'object-shape-tester';
 import { SecretLoadError } from './secret-load.error.js';
 const defaultOptions = {
     lazyFailure: false,
@@ -59,6 +59,7 @@ export class UpdatingSecrets {
      */
     loadingSecretsPromise;
     consecutiveFailureCount = 0;
+    dynamicCache = {};
     constructor(secrets, 
     /**
      * A list of adapters to load secrets from. Order here matters: all values loaded from the
@@ -292,6 +293,45 @@ export class UpdatingSecrets {
         }
         return this.currentSecrets;
     }
+    /**
+     * Load a single secret dynamically, without a secret definition. The given `secretKey` varies
+     * based on the adapters in use.
+     */
+    async loadDynamicSecret(secretKey, shapeRequirement) {
+        const cached = this.dynamicCache[secretKey];
+        if (cached &&
+            checkValidShape(cached.value, shapeRequirement) &&
+            !isDateAfter({
+                fullDate: getNowInUtcTimezone(),
+                relativeTo: calculateRelativeDate(cached.cachedAt, this.options.updateInterval),
+            })) {
+            return cached.value;
+        }
+        const newValue = await this.loadSecretFromAdapters(secretKey, shapeRequirement);
+        this.dynamicCache[secretKey] = {
+            value: newValue,
+            cachedAt: getNowInUtcTimezone(),
+        };
+        return newValue;
+    }
+    /** Try to load a single secret from any of the provided adapters. */
+    async loadSecretFromAdapters(secretKey, shapeRequirement) {
+        const errors = [new Error(`Secret '${secretKey}' not found in any adapters.`)];
+        for (const adapter of this.adapters) {
+            try {
+                const value = await adapter.loadSingleSecret(secretKey);
+                if (!value) {
+                    throw new Error('Secret is empty');
+                }
+                assertValidShape(value, shapeRequirement);
+                return value;
+            }
+            catch (error) {
+                errors.push(ensureErrorAndPrependMessage(error, `Failed to load secret '${secretKey}' from adapter '${adapter.adapterName}'`));
+            }
+        }
+        throw combineErrors(errors);
+    }
 }
 /**
  * Processes the given {@link SecretDefinitions} so they can be easily consumed by adapters. This is

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "updating-secrets",
-    "version": "1.0.3",
+    "version": "1.1.0",
     "description": "Automatically update secrets on an interval with support for seamless secret rotation.",
     "keywords": [
         "secrets",
@@ -44,20 +44,20 @@
         "test:update": "npm run test update"
     },
     "dependencies": {
-        "@augment-vir/assert": "^31.34.0",
-        "@augment-vir/common": "^31.34.0",
-        "date-vir": "^7.4.2",
-        "object-shape-tester": "^6.2.1",
-        "type-fest": "^4.41.0"
+        "@augment-vir/assert": "^31.48.0",
+        "@augment-vir/common": "^31.48.0",
+        "date-vir": "^8.0.0",
+        "object-shape-tester": "^6.9.3",
+        "type-fest": "^5.2.0"
     },
     "devDependencies": {
-        "@augment-vir/test": "^31.34.0",
-        "@types/node": "^24.3.1",
+        "@augment-vir/test": "^31.48.0",
+        "@types/node": "^24.10.0",
         "c8": "^10.1.3",
         "istanbul-smart-text-reporter": "^1.1.5",
         "markdown-code-example-inserter": "^3.0.3",
-        "typedoc": "^0.28.12",
-        "typescript": "^5.9.2"
+        "typedoc": "^0.28.14",
+        "typescript": "^5.9.3"
     },
     "engines": {
         "node": ">=22"