npm - vaulter-cli - Versions diffs - 0.1.3 → 0.2.0 - Mend

vaulter-cli 0.1.3 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md CHANGED Viewed

@@ -29,6 +29,12 @@ vaulter add my-openai-key
 # Remove a key
 vaulter remove my-openai-key
+# Generate a .env file from your vault
+vaulter make .env
+# Upload a local .env file to your vault
+vaulter save .env
 ```
 ## Commands
@@ -40,9 +46,40 @@ vaulter remove my-openai-key
 | `vaulter ls` | List all API keys in your vault |
 | `vaulter add <name>` | Add a new API key to your vault |
 | `vaulter remove <name-or-id>` | Remove an API key from your vault |
+| `vaulter make [file]` | Generate a .env file from your vault keys |
+| `vaulter save [file]` | Upload a local .env file to your vault |
 | `vaulter web-app` | Open the Vaulter web app in your browser |
 | `vaulter help` | Show all available commands |
+## .env Support
+### `vaulter make [file]`
+Generate a `.env` file from keys stored in your vault. You select which keys to include via an interactive checkbox. Key names are automatically converted to `UPPER_SNAKE_CASE` (e.g. "My Stripe Key" becomes `MY_STRIPE_KEY`). The output file is written with `0600` permissions.
+```bash
+# Write to .env in current directory
+vaulter make
+# Write to a specific file
+vaulter make .env.local
+# Write to a different directory
+vaulter make .env -o ./config
+```
+### `vaulter save [file]`
+Upload a local `.env` file to your vault. The file is **parsed entirely on your machine** — only the extracted key names and values are sent to the API. If any keys already exist in your vault, you'll be prompted to skip or overwrite each one individually.
+```bash
+# Upload .env from current directory
+vaulter save
+# Upload a specific file
+vaulter save .env.production
+```
 ## Authentication
 Vaulter uses browser-based device auth. Running `vaulter sign-in` opens your browser where you log in, and the CLI receives a token automatically. Credentials are stored locally at `~/.vaulter/credentials.json` with restricted file permissions.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "vaulter-cli",
-  "version": "0.1.3",
+  "version": "0.2.0",
   "description": "CLI tool for Vaulter - Secure API Key Manager",
   "author": "faris-sait",
   "repository": {

package/src/commands/add.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import inquirer from 'inquirer';
 import ora from 'ora';
 import { apiFetch } from '../lib/api.js';
-import { success, error, info, purple } from '../lib/ui.js';
+import { success, error, info, purple, tip } from '../lib/ui.js';
 export async function addKey(name) {
   console.log('');
@@ -38,6 +38,7 @@ export async function addKey(name) {
     spinner.succeed('Key added to vault!');
     console.log('');
     success(`"${name}" has been securely stored.`);
+    tip('Run `vaulter make .env` to include this key in a .env file.');
     console.log('');
   } catch (err) {
     spinner.fail('Failed to add key');

package/src/commands/help.js CHANGED Viewed

@@ -21,6 +21,8 @@ export async function showHelp() {
     { name: 'ls',                  desc: 'List all API keys in your vault' },
     { name: 'add <name>',          desc: 'Add a new API key to your vault' },
     { name: 'remove <name-or-id>', desc: 'Remove an API key from your vault' },
+    { name: 'make [file]',         desc: 'Generate a .env file from your vault keys' },
+    { name: 'save [file]',         desc: 'Upload a local .env file to your vault' },
     { name: 'web-app',             desc: 'Open the Vaulter web app in your browser' },
     { name: 'help',                desc: 'Show this help message' },
   ];

package/src/commands/ls.js CHANGED Viewed

@@ -2,7 +2,7 @@ import Table from 'cli-table3';
 import chalk from 'chalk';
 import ora from 'ora';
 import { apiFetch } from '../lib/api.js';
-import { purple, dim, error } from '../lib/ui.js';
+import { purple, dim, error, tip } from '../lib/ui.js';
 export async function listKeys() {
   const spinner = ora({ text: 'Fetching keys...', color: 'magenta' }).start();
@@ -58,6 +58,7 @@ export async function listKeys() {
     console.log(table.toString());
     console.log('');
     console.log(dim(`  ${keys.length} key(s) in your vault`));
+    tip('Run `vaulter make .env` to export keys to a .env file.');
     console.log('');
   } catch (err) {
     spinner.fail('Failed to fetch keys');

package/src/commands/make.js ADDED Viewed

@@ -0,0 +1,133 @@
+import fs from 'fs';
+import path from 'path';
+import inquirer from 'inquirer';
+import ora from 'ora';
+import { apiFetch } from '../lib/api.js';
+import { success, error, warn, dim, purple, tip } from '../lib/ui.js';
+function toEnvVarName(name) {
+  return name
+    .replace(/[\s\-\.]+/g, '_')
+    .toUpperCase()
+    .replace(/[^A-Z0-9_]/g, '')
+    .replace(/_+/g, '_')
+    .replace(/^_|_$/g, '');
+}
+export async function makeEnv(filename, options) {
+  const outputDir = options.output ? path.resolve(options.output) : process.cwd();
+  const file = filename || '.env';
+  const outputPath = path.join(outputDir, file);
+  // Check if output directory exists
+  if (options.output && !fs.existsSync(outputDir)) {
+    console.log('');
+    error(`Directory not found: ${outputDir}`);
+    console.log('');
+    return;
+  }
+  // Check if file already exists
+  if (fs.existsSync(outputPath)) {
+    console.log('');
+    const { overwrite } = await inquirer.prompt([
+      {
+        type: 'confirm',
+        name: 'overwrite',
+        message: purple(`${outputPath} already exists. Overwrite?`),
+        default: false,
+      },
+    ]);
+    if (!overwrite) {
+      warn('Cancelled.');
+      console.log('');
+      return;
+    }
+  }
+  // Fetch all keys
+  const spinner = ora({ text: 'Fetching vault keys...', color: 'magenta' }).start();
+  let keys;
+  try {
+    const data = await apiFetch('/api/keys');
+    keys = data.keys || [];
+  } catch (err) {
+    spinner.fail('Failed to fetch keys');
+    error(err.message);
+    return;
+  }
+  spinner.stop();
+  if (keys.length === 0) {
+    console.log('');
+    warn('No keys in your vault. Run `vaulter add <name>` to add one.');
+    console.log('');
+    return;
+  }
+  // Interactive checkbox to select keys
+  console.log('');
+  const { selectedKeys } = await inquirer.prompt([
+    {
+      type: 'checkbox',
+      name: 'selectedKeys',
+      message: purple('Select keys to include in .env:'),
+      choices: keys.map((k) => ({
+        name: `${k.name} ${dim(`(${k.masked_key})`)}`,
+        value: k,
+        checked: true,
+      })),
+    },
+  ]);
+  if (selectedKeys.length === 0) {
+    console.log('');
+    warn('No keys selected.');
+    console.log('');
+    return;
+  }
+  // Decrypt each selected key
+  const decryptSpinner = ora({ text: `Decrypting ${selectedKeys.length} key(s)...`, color: 'magenta' }).start();
+  const lines = [];
+  let failed = 0;
+  for (const key of selectedKeys) {
+    try {
+      const data = await apiFetch(`/api/keys/${key.id}?decrypt=true`);
+      const envName = toEnvVarName(key.name);
+      lines.push(`${envName}=${data.decrypted_key}`);
+    } catch (err) {
+      failed++;
+      decryptSpinner.text = `Decrypting... (failed: ${key.name})`;
+    }
+  }
+  decryptSpinner.stop();
+  if (lines.length === 0) {
+    console.log('');
+    error('All keys failed to decrypt.');
+    console.log('');
+    return;
+  }
+  // Write .env file with restrictive permissions
+  try {
+    fs.writeFileSync(outputPath, lines.join('\n') + '\n', { mode: 0o600 });
+  } catch (err) {
+    error(`Failed to write file: ${err.message}`);
+    return;
+  }
+  console.log('');
+  success(`${lines.length} key(s) written to ${outputPath}`);
+  if (failed > 0) {
+    warn(`${failed} key(s) failed to decrypt.`);
+  }
+  tip('Run `vaulter save .env` to upload a .env file back to your vault.');
+  console.log('');
+}

package/src/commands/save.js ADDED Viewed

@@ -0,0 +1,128 @@
+import fs from 'fs';
+import path from 'path';
+import inquirer from 'inquirer';
+import ora from 'ora';
+import { apiFetch } from '../lib/api.js';
+import { parseEnvFile } from '../lib/env-parser.js';
+import { success, error, warn, dim, purple, tip } from '../lib/ui.js';
+export async function saveEnv(filename) {
+  const file = filename || '.env';
+  const inputPath = path.resolve(file);
+  // Check file exists
+  if (!fs.existsSync(inputPath)) {
+    console.log('');
+    error(`File not found: ${inputPath}`);
+    console.log('');
+    return;
+  }
+  // Read and parse
+  const content = fs.readFileSync(inputPath, 'utf-8');
+  const { parsedKeys, warnings } = parseEnvFile(content);
+  // Show warnings
+  if (warnings.length > 0) {
+    console.log('');
+    for (const w of warnings) {
+      warn(w);
+    }
+  }
+  if (parsedKeys.length === 0) {
+    console.log('');
+    error('No valid keys found in the file.');
+    console.log('');
+    return;
+  }
+  console.log('');
+  success(`Found ${parsedKeys.length} key(s) in ${file}`);
+  // Fetch existing vault keys to detect duplicates
+  const spinner = ora({ text: 'Checking for duplicates...', color: 'magenta' }).start();
+  let existingKeys;
+  try {
+    const data = await apiFetch('/api/keys');
+    existingKeys = data.keys || [];
+  } catch (err) {
+    spinner.fail('Failed to fetch existing keys');
+    error(err.message);
+    return;
+  }
+  spinner.stop();
+  const existingNames = new Set(existingKeys.map((k) => k.name));
+  const duplicates = parsedKeys.filter((k) => existingNames.has(k.name));
+  const overwriteKeys = [];
+  // Per-key duplicate resolution
+  if (duplicates.length > 0) {
+    console.log('');
+    warn(`${duplicates.length} key(s) already exist in your vault:`);
+    console.log('');
+    for (const dup of duplicates) {
+      const { action } = await inquirer.prompt([
+        {
+          type: 'list',
+          name: 'action',
+          message: purple(`"${dup.name}" already exists. What do you want to do?`),
+          choices: [
+            { name: 'Skip', value: 'skip' },
+            { name: 'Overwrite', value: 'overwrite' },
+          ],
+        },
+      ]);
+      if (action === 'overwrite') {
+        overwriteKeys.push(dup.name);
+      }
+    }
+  }
+  // Filter: keep non-duplicates + overwrite choices
+  const keysToImport = parsedKeys.filter(
+    (k) => !existingNames.has(k.name) || overwriteKeys.includes(k.name)
+  );
+  if (keysToImport.length === 0) {
+    console.log('');
+    warn('All keys were skipped. Nothing to upload.');
+    console.log('');
+    return;
+  }
+  // Upload
+  const uploadSpinner = ora({ text: `Uploading ${keysToImport.length} key(s)...`, color: 'magenta' }).start();
+  try {
+    const result = await apiFetch('/api/keys/bulk', {
+      method: 'POST',
+      body: JSON.stringify({ keys: keysToImport, overwriteKeys }),
+    });
+    uploadSpinner.succeed('Upload complete!');
+    console.log('');
+    const imported = result.imported || keysToImport.length;
+    const overwritten = overwriteKeys.length;
+    const failed = result.failed || 0;
+    success(`${imported} key(s) saved to vault.`);
+    if (overwritten > 0) {
+      warn(`${overwritten} key(s) overwritten.`);
+    }
+    if (failed > 0) {
+      error(`${failed} key(s) failed.`);
+    }
+    tip('Run `vaulter ls` to see all your vault keys.');
+    console.log('');
+  } catch (err) {
+    uploadSpinner.fail('Failed to upload keys');
+    error(err.message);
+  }
+}

package/src/index.js CHANGED Viewed

@@ -6,6 +6,8 @@ import { signOut } from './commands/sign-out.js';
 import { listKeys } from './commands/ls.js';
 import { addKey } from './commands/add.js';
 import { removeKey } from './commands/remove.js';
+import { makeEnv } from './commands/make.js';
+import { saveEnv } from './commands/save.js';
 import { openWebApp } from './commands/web-app.js';
 import { showHelp } from './commands/help.js';
 import { printLogo } from './assets/logo.js';
@@ -65,6 +67,29 @@ program
     await removeKey(nameOrId);
   });
+program
+  .command('make [filename]')
+  .description('Generate a .env file from your vault keys')
+  .option('-o, --output <dir>', 'Output directory')
+  .action(async (filename, options) => {
+    if (!isAuthenticated()) {
+      error('Not authenticated. Run `vaulter sign-in` first.');
+      process.exit(1);
+    }
+    await makeEnv(filename, options);
+  });
+program
+  .command('save [filename]')
+  .description('Upload a local .env file to your vault')
+  .action(async (filename) => {
+    if (!isAuthenticated()) {
+      error('Not authenticated. Run `vaulter sign-in` first.');
+      process.exit(1);
+    }
+    await saveEnv(filename);
+  });
 program
   .command('web-app')
   .description('Open the Vaulter web app in your browser')

package/src/lib/env-parser.js ADDED Viewed

@@ -0,0 +1,70 @@
+/**
+ * Parse a .env file content into key-value pairs.
+ * Ported from the web app's parseEnvFile (app/page.js).
+ */
+export function parseEnvFile(content) {
+  const lines = content.split('\n');
+  const parsedKeys = [];
+  const warnings = [];
+  lines.forEach((line, index) => {
+    const trimmedLine = line.trim();
+    if (!trimmedLine) {
+      return;
+    }
+    if (trimmedLine.startsWith('#')) {
+      warnings.push(`Line ${index + 1}: Skipped comment "${trimmedLine.substring(0, 50)}${trimmedLine.length > 50 ? '...' : ''}"`);
+      return;
+    }
+    const equalIndex = trimmedLine.indexOf('=');
+    if (equalIndex === -1) {
+      warnings.push(`Line ${index + 1}: Invalid format (no = found) "${trimmedLine.substring(0, 30)}..."`);
+      return;
+    }
+    const name = trimmedLine.substring(0, equalIndex).trim();
+    let value = trimmedLine.substring(equalIndex + 1).trim();
+    if (value.length >= 2 &&
+        ((value.startsWith('"') && value.endsWith('"')) ||
+         (value.startsWith("'") && value.endsWith("'")))) {
+      value = value.slice(1, -1);
+    }
+    if (!name) {
+      warnings.push(`Line ${index + 1}: Empty key name`);
+      return;
+    }
+    if (!value) {
+      warnings.push(`Line ${index + 1}: Empty value for key "${name}"`);
+      return;
+    }
+    parsedKeys.push({ name, apiKey: value });
+  });
+  // Deduplicate — keep last occurrence
+  const nameCount = {};
+  parsedKeys.forEach(pk => {
+    nameCount[pk.name] = (nameCount[pk.name] || 0) + 1;
+  });
+  const internalDuplicates = Object.keys(nameCount).filter(name => nameCount[name] > 1);
+  if (internalDuplicates.length > 0) {
+    warnings.push(`Duplicate keys in file (last value will be used): ${internalDuplicates.join(', ')}`);
+    const seen = new Set();
+    const uniqueKeys = [];
+    for (let i = parsedKeys.length - 1; i >= 0; i--) {
+      if (!seen.has(parsedKeys[i].name)) {
+        seen.add(parsedKeys[i].name);
+        uniqueKeys.unshift(parsedKeys[i]);
+      }
+    }
+    return { parsedKeys: uniqueKeys, warnings };
+  }
+  return { parsedKeys, warnings };
+}

package/src/lib/ui.js CHANGED Viewed

@@ -25,3 +25,7 @@ export function info(msg) {
 export function warn(msg) {
   console.log(yellow('  ' + msg));
 }
+export function tip(msg) {
+  console.log(dim('  Tip: ' + msg));
+}